xfantazy.com/video/5edc59d923629346a514272b
172.64.163.22302 Found 0 B URL HTTP/1.1 xfantazy.com/video/5edc59d923629346a514272b
IP 172.64.163.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/5edc59d923629346a514272b HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 29 Nov 2022 21:55:28 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/5edc59d923629346a514272b
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6JCIkcVycSbEwhntLUkQpyH1MkdiQMQVd2urMGMGrzUCwHSzpRXqDDRwYl8xeKh6L%2BW7UdWus9Hhc7O6L6g2PsnU5fI%2FVDH85B9ERBYsIqTMDkeAcGxPxMkZGisVS4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 771e96798891775c-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8477
Expires: Wed, 30 Nov 2022 00:16:46 GMT
Date: Tue, 29 Nov 2022 21:55:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10658
Expires: Wed, 30 Nov 2022 00:53:07 GMT
Date: Tue, 29 Nov 2022 21:55:29 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 55 B IP 93.184.220.29:0
File type HTML document, ASCII text
Hash 9f073354411bbaf7a319b1519f10b4b7
571498f38548829bf186f49f5be9d5fa6e689a68
4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3335
Content-Type: text/html
Date: Tue, 29 Nov 2022 21:55:29 GMT
Etag: "638650c5-37"
Last-Modified: Tue, 29 Nov 2022 18:34:45 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 55
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LnUtbEOt9k5MOIY1NKziUqLYHDOYDW8SfoM1AVfpodbGJvWIT5C3LIb6FKzcydCK8E2z7d9glyw=
x-amz-request-id: KWPAJHVTK73QRD4T
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 21:45:37 GMT
age: 592
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 21:19:38 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2151
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 216.58.211.3:0
Hash 244a9ddefe887c66490c5380f4b4c080
e7c2b81e225c3e98a34b2cc88c31407e6d7cb9ff
c40f8e20b0ae8aa0ea8627a7894b8eb4078df4f986fabf4f044643ee86b01064
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:29 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 21:08:56 GMT
cache-control: public,max-age=3600
age: 2793
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 216.58.211.3:0
Hash 244a9ddefe887c66490c5380f4b4c080
e7c2b81e225c3e98a34b2cc88c31407e6d7cb9ff
c40f8e20b0ae8aa0ea8627a7894b8eb4078df4f986fabf4f044643ee86b01064
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:29 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6001
Cache-Control: max-age=132680
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:29 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 10:46:49 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash f50fd635895870df33a17fe377a6a038
dd65dfbbc810b095432cfd59f971af04a9e31ab7
ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.162.22200 OK 11 kB URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (38842), with no line terminators
Hash 554e2e541e3052691ffb63c3e4b2fc7d
1328959229197f3434644f81f08b857ec9827fe9
a7ad6defc5ccc7a9ec26a20d957db77e9f0b0a33961e17d06db83071007db3b4
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-183501656f3"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2989908
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lqy802Wm1e26m2bAKG0vnQiJ6XSmldl5vG10pl9reOYgMFQWXkTuLo8zpxoyIAGfLSFmBXGyvNC4L%2F2RYVgevXVF5tZA9jx9CSN8WOiBM5S9pT3GkzAIdoTacYWjZgY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967decb471f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/XSkCbHNR49n1Rz20Zwl5P/pages/video.js
172.64.162.22200 OK 8.3 kB URL HTTP/2 xfantazy.com/_next/static/XSkCbHNR49n1Rz20Zwl5P/pages/video.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (22910), with no line terminators
Hash 12b7b648fc7a60c41ad8a25449039a5e
d1d676f7079b7453081ce9095e0ef3c01feaf22d
34603e2e17621244677ace67a6d53d1320d22085f251e21bf491e7c17ae8bdde
GET /_next/static/XSkCbHNR49n1Rz20Zwl5P/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-1835016572f"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 6262812
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0DmUmu%2BlnJS7KACZ2W4VJUM9K9Hkawuf2DmdvdKQkV9QHAEQmiJVKccbPgC0FcLBEShBNOf2aGK422HFaMkibjQBzC7HuBKgOY%2BibvBeRKoUuB%2B3W2oBljwGRC3QGrY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967dec2e71f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.40200 OK 54 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.40:0
File type ASCII text, with very long lines (15971)
Hash 8c1e43f72208b3303c651e9828dc8edc
93e7ab0f888d96aa395dc86d5081f233d0809946
df6306d857712f4eeb2ea46aeb635da05804a4f60f6b44e2d5e3de86c0c123b1
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 29 Nov 2022 21:55:29 GMT
expires: Tue, 29 Nov 2022 21:55:29 GMT
cache-control: private, max-age=900
last-modified: Tue, 29 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54357
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:56 GMT
expires: Thu, 23 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 526893
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:15 GMT
expires: Thu, 23 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 526874
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash f50fd635895870df33a17fe377a6a038
dd65dfbbc810b095432cfd59f971af04a9e31ab7
ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.39.94.191101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.94.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0jLBjixrqj8i+pIFCCinmg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: I5O4ELH+dsA010Q7bGMGBtURX/8=
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.162.22200 OK 279 B URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.162.22:0
Hash fe58fb8f7d5837568d4480d31ec4d1c5
cdc4351995771a0fe9a628cade93ebac3f8263cb
d8acd575a4bc3047b8cfe69245144ffe4d68084ccfc9860f6633200817cada91
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"620-17e057a0516"
last-modified: Wed, 29 Dec 2021 09:16:29 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 28481972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FyyjPUFRuKiwhg70ntpcVb%2FuPkCZJ9iRk8eqgoxlQCqrAKVZKVbg%2B6Qf8TEDzyF5UoHgjZqk8Tjmcmv99WmeP6WCavFuznJjpnrcWih%2FrWlV4W9A1w8V0GzygFKgsKw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967decb871f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.106200 OK 21 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.106:0
File type ASCII text, with very long lines (1325)
Hash 91fca80ea14bbbe27c9d33c8472a2c25
bc28385192215876404d089540e6d2ec9d8fb9bb
a433ecbc0e8e67ce41a54b3bf3e88fb07eca1cb2234728524d9653974ca98cb1
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 29 Nov 2022 21:55:29 GMT
date: Tue, 29 Nov 2022 21:55:29 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash fe58fb8f7d5837568d4480d31ec4d1c5
cdc4351995771a0fe9a628cade93ebac3f8263cb
d8acd575a4bc3047b8cfe69245144ffe4d68084ccfc9860f6633200817cada91
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6251
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:30 GMT
Last-Modified: Tue, 29 Nov 2022 20:11:19 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
172.64.162.22200 OK 11 kB URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (40085), with no line terminators
Hash 72f4b61a2c4397dabfad987b090d1786
975b53ec6dacba1ca011a2a0d6e7330845b2abff
39c150a4c68ac5a55b7dc062e949fa07a758e4af281f4e6656ef1c50862b66d8
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-1835015f14e"
last-modified: Sun, 18 Sep 2022 10:12:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2989909
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iOfTU7y9uPSbMj6I08kyA9RyrHeb3T85ps%2FZxaiE1WB%2B90VtzSf0mG7ZXON%2BtJW4%2F8OGM4RPLVleJfZAgb%2BwdmuH0ISezWWFOnb6qSMz8NhyYGKdqFIU5LbKSR2ka%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967decb571f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
172.64.162.22200 OK 503 kB URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 503 kB (503369 bytes)
Hash 472338a93633468eb8b258b8a2f79fba
99d066c8d814ec169ce7f1c27aa9bb2a840972a3
865fbd45dfa4485b3f7e5c239aa751cdc39c0f909be9e055f7262ebc5cd3820e
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-1826d2bb0af"
last-modified: Fri, 05 Aug 2022 08:42:36 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 10069884
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2BBSfDPaobHtz8Tompcfr05LwksmeVAXYbkWYF6ER9bt0nntekmIz3WjuunMwvOGOw147C88GcZaJs2jeGvOfdIyTCDyNT8VaeCm%2Fx2FB5iu2R00WveFBSX7EZtu%2BNw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967decb371f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0bb3c7af5aafd933e34696e41548b96d
4dfb44527e16a13f92d0baa0cff97af9d413a6ee
5117d7fa27dd53b257b7555b3a2500d4dca5a0ab0fc6def40068b4f13fd4989c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5117D7FA27DD53B257B7555B3A2500D4DCA5A0AB0FC6DEF40068B4F13FD4989C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5976
Expires: Tue, 29 Nov 2022 23:35:06 GMT
Date: Tue, 29 Nov 2022 21:55:30 GMT
Connection: keep-alive
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 1.8 kB URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 0a7325472cd570527c1486be0acdc28b
3547e487254d3662dda0d1cdf9c0db47b2a97389
b48bef66aa8541b90e9c4db67c835fbbf6c5cd4bd75bf531149866cabb4d671d
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:30 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Sat, 03 Dec 2022 18:07:09 GMT
ETag: "11d8aa08e432323714f3bd2d4cb125c0f44f37f7"
Last-Modified: Tue, 29 Nov 2022 18:07:10 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2919
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771e96856da40b49-OSL
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37161), with no line terminators
Hash d5bdd82a45f60a54118a07d8c88e8d3a
7be40bbb734a0d74dc887d183f99352a2f544516
21d34ccd7d610ce04017344a455c6d786e64c443a7e796dccf320eaac66c5c36
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 29 Nov 2022 21:55:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2144461663f34e0482305e0f40085ef3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4d3a16f9e1450135cd408e6e348fc728
91f58a3ea8b34fcbc55a4c4b8f7a2771e1125628
517a5939ed6272c2c3d76ba3cd2ab7771e672ad0dff722a59d7e81c4eef50c4a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "517A5939ED6272C2C3D76BA3CD2AB7771E672AD0DFF722A59D7E81C4EEF50C4A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17031
Expires: Wed, 30 Nov 2022 02:39:21 GMT
Date: Tue, 29 Nov 2022 21:55:30 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1007%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215529%3Aet%3A1669758930%3Ac%3A1%3Arn%3A995164499%3Arqn%3A1%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C108%2C305%2C0%2C238%2C0%2C%2C234%2C4%2C%2C%2C%2C961%3Ans%3A1669758927820%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758930%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1007%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215529%3Aet%3A1669758930%3Ac%3A1%3Arn%3A995164499%3Arqn%3A1%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C108%2C305%2C0%2C238%2C0%2C%2C234%2C4%2C%2C%2C%2C961%3Ans%3A1669758927820%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758930%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 5a4c6b2d4b2273ad245a2c28918265d8
ea3e868f18f1f9ac1223f38347de222a91515130
206fd386634ef6ea19f4c9e372346708516a3643993fb630713ca74ea4c669b5
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1007%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215529%3Aet%3A1669758930%3Ac%3A1%3Arn%3A995164499%3Arqn%3A1%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C108%2C305%2C0%2C238%2C0%2C%2C234%2C4%2C%2C%2C%2C961%3Ans%3A1669758927820%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758930%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1007%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215529%3Aet%3A1669758930%3Ac%3A1%3Arn%3A995164499%3Arqn%3A1%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C108%2C305%2C0%2C238%2C0%2C%2C234%2C4%2C%2C%2C%2C961%3Ans%3A1669758927820%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758930%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 29 Nov 2022 21:55:30 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=3417207491669758930; Expires=Wed, 29-Nov-2023 21:55:30 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3417207491669758930; Expires=Wed, 29-Nov-2023 21:55:30 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1985683271669758930; Path=/; SameSite=None; Secure
i=Qk50YIEmsdeTFApX43bBBkin3Tyx173xRn8zEEV1n2sXeYSGe5evj4XVjbTeWsjrs0/322G69KNInA5IiP3WFltVVq8=; Expires=Fri, 26-Nov-2032 21:55:30 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1701294930.yc.1669758930#1701294930.yrts.1669758930#1701294930.yrtsi.1669758930; Expires=Wed, 29-Nov-2023 21:55:30 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 21:55:30 GMT
last-modified: Tue, 29-Nov-2022 21:55:30 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2114
Expires: Tue, 29 Nov 2022 22:30:44 GMT
Date: Tue, 29 Nov 2022 21:55:30 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A791286057%3Arqn%3A3%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A791286057%3Arqn%3A3%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A791286057%3Arqn%3A3%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 21:55:31 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 21:55:31 GMT
last-modified: Tue, 29-Nov-2022 21:55:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A85103218%3Arqn%3A2%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A85103218%3Arqn%3A2%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A85103218%3Arqn%3A2%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 21:55:31 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 21:55:31 GMT
last-modified: Tue, 29-Nov-2022 21:55:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A323102811%3Arqn%3A6%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A323102811%3Arqn%3A6%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A323102811%3Arqn%3A6%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 21:55:31 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 21:55:31 GMT
last-modified: Tue, 29-Nov-2022 21:55:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A869169922%3Arqn%3A5%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A869169922%3Arqn%3A5%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A869169922%3Arqn%3A5%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 21:55:31 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 21:55:31 GMT
last-modified: Tue, 29-Nov-2022 21:55:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 2.3 kB URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 1efd67e5436de19c873140eceb701ff2
d1e511897d468d4320e4b9cf9c8a7bcb0fc3b0a4
2cdab1f752482f66200f47218afbd5b82e7cd8d9e68dd1abe0186691f8c50903
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=146489
Date: Tue, 29 Nov 2022 21:55:31 GMT
Etag: "63860997-1d7"
Expires: Thu, 01 Dec 2022 14:37:00 GMT
Last-Modified: Tue, 29 Nov 2022 13:31:03 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OHa9TzUtoxVDKONyQibvyqNm3rKwG8caXHkM5WdFf94i-XwVRB_Gog==
Age: 3957
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A63079765%3Arqn%3A4%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A63079765%3Arqn%3A4%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A63079765%3Arqn%3A4%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 108
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 21:55:31 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 21:55:31 GMT
last-modified: Tue, 29-Nov-2022 21:55:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A1017564866%3Arqn%3A7%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A1017564866%3Arqn%3A7%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215530%3Aet%3A1669758930%3Ac%3A1%3Arn%3A1017564866%3Arqn%3A7%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669758927820%3Arqnl%3A1%3Ast%3A1669758930&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 21:55:31 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 21:55:31 GMT
last-modified: Tue, 29-Nov-2022 21:55:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14711
Expires: Wed, 30 Nov 2022 02:00:42 GMT
Date: Tue, 29 Nov 2022 21:55:31 GMT
Connection: keep-alive
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 8ef63f87defe4ccd1756231f5067390d
a26bb9c1cd3abd53e2bffbecf3e545d33be03222
7af0be0a4651d5fde0cafaecfedbced454a8d0813d345f4977acaca6803000ce
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=dfe350ea-46fc-47c9-9dd7-c738d31c993c:2:1; expires=Fri, 26 Nov 2032 21:55:31 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37161), with no line terminators
Hash 0f231e2f590ab5ff81132c3632d026a3
fa2fcb13bca1c43fe67b9006b96bd4a692c58cab
b5728d0c4675dbfe9476fd2b42139ae2257bc66e8df790312ac7560c558f1b4c
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d5308665dcdde9efaef2b7e856f386f3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 8ef63f87defe4ccd1756231f5067390d
a26bb9c1cd3abd53e2bffbecf3e545d33be03222
7af0be0a4651d5fde0cafaecfedbced454a8d0813d345f4977acaca6803000ce
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=dfe350ea-46fc-47c9-9dd7-c738d31c993c:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6161
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 21:55:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6161
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 21:55:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6161
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 21:55:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 1.4 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2a45449c34dfb18f80b038f0b6cf00b0
7170098e53ee2936affc2b41993e95da43fc80cc
bc11e71914b52d004c7ae88b03a8a09e8685fdd9b7e988f9212344e04864965d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6161
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 21:55:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:18:11 GMT
age: 67040
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4058fd62595d15c58b3d3266de9865a
d0dff35eb78f129b5da407043037bcf9c27e55c0
ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qh3WqWdBmMG3fzchn3OvxbEpwm2wl_CXi105CL4uJda47N9ZX3CyLA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 09:01:36 GMT
age: 46435
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.202.23200 OK 37 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.202.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 3d24110bb21058de24ec3fbe9e667fcd
4381aefe9a9e6410bfe1c5949b3ff81cf1cc45e9
256cf1e2d9613e2de23dc2880897dc16e59144e2e23cb1c4e68777a8899ce79e
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:31 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 9d68e9755b9f0601ad251363be7c76b3
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 29 Nov 2022 21:55:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ti2yKcdYMildqc%2FuYeDwNDDNAA82Q8jwFFaJybCnbndXlT4Sf%2B4%2FKhWAfj8NEEx6Eef4%2F%2BikT4fvUAqee4J4IHuJ%2FCjCCS8jJfbipyeOJx7nPaBzEL0WxYLu1aH3J16vad46XdU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e968688a872b2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2a5c8d4113d282600462749315f2c4f
e2b4d2e15bb7c086333c0da438873e4c139ba931
9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4417
x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnGEcRIAMFaXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wqEe45jzMOryT-E-vThc39-cLiZudKF4gn6cS3LBmeaJ2amJF5GPIA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:46:58 GMT
age: 513
etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cce27a1fe8c0222811a5ce0e7f89e1cb
28c165bac8cf68cd1b0763c311aece00672cb3a5
4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9376
x-amzn-requestid: c52b3092-90d2-4289-b6e0-ab99c9d4710a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPmz3EVUoAMFWUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382eb4b-39f46c89238eff696e9f2dba;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 04:44:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ofQEhaEiX1vE25a_1xHeab9Px9zgGpk8omlX_aHmLE1oN1aZTPzWxQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 10:09:32 GMT
age: 42359
etag: "28c165bac8cf68cd1b0763c311aece00672cb3a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 22:01:55 GMT
age: 86016
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69b69b0fb6e8dd0eac55330b49dd8c36
2688c9875044357c219fdcd50a1a6f6ed981d63c
da4bdb173e154f6efccff351307104d2119a39369faa86bf2f10c868b674ebb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA4BDB173E154F6EFCCFF351307104D2119A39369FAA86BF2F10C868B674EBB1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2639
Expires: Tue, 29 Nov 2022 22:39:30 GMT
Date: Tue, 29 Nov 2022 21:55:31 GMT
Connection: keep-alive
reproductiontape.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.137.52200 OK 29 kB URL HTTP/1.1 reproductiontape.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 6ce3d7f63a2e3d00a0f826d09ddb85f5
98bd27a00caa806ff0cff82ab27575b2fe80c424
da8a5e75a675b0fe5114df4c17feb105f59a3ecd4bf617de63cd98f7729ade48
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dfd8837854888206b1efec3ef9bf24c3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 21:55:31 GMT
access-control-allow-origin: *
etag: "6384bff1-2b"
expires: Tue, 29 Nov 2022 22:55:31 GMT
accept-ranges: bytes
last-modified: Mon, 28 Nov 2022 17:04:33 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
reproductiontape.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.137.52200 OK 29 kB URL HTTP/1.1 reproductiontape.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 23260c556daeff18dd73420ac93bb921
ae12a54765f726b8182b9b376cfa949ebfd23536
2750101c40e94746c188433d8aba03f488500b5b258aecc903005158da1b9b33
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 583539d92226c5563a55436403627d92
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=2073755338.1669758930&jid=1495259590&gjid=1861771451&_gid=1571213497.1669758930&_u=YGBAiEABBAAAAEAAI~&z=967000956
74.125.131.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=2073755338.1669758930&jid=1495259590&gjid=1861771451&_gid=1571213497.1669758930&_u=YGBAiEABBAAAAEAAI~&z=967000956
IP 74.125.131.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=2073755338.1669758930&jid=1495259590&gjid=1861771451&_gid=1571213497.1669758930&_u=YGBAiEABBAAAAEAAI~&z=967000956 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 29 Nov 2022 21:55:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/_next/static/XSkCbHNR49n1Rz20Zwl5P/pages/_app.js
172.64.162.22200 OK 38 kB URL HTTP/2 xfantazy.com/_next/static/XSkCbHNR49n1Rz20Zwl5P/pages/_app.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash bd40dd6923e2a415ba5ce541b8184fc5
469a5205c5b9d3c80d1b6558b43b1fedc9b89824
3dcb50c4c81cc24ddfe426138167122a59fe03cb58f929b039c87f15df5b2a7e
GET /_next/static/XSkCbHNR49n1Rz20Zwl5P/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-1835016572b"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 6262775
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PszgUH7d82gqQb6HTL%2BQaydbNF1g7ESdjPiYWC5JDoaISjIp0FWoUyisXL4ICaha8yXM8Qsc3KoNCKF3NWqdmI1kXVyLp%2Fxrfxd7zq%2BDIpXWygS%2FwLDWPUgoQABYNbA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967decb071f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 1.2 kB URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
Hash 63e4bcd642bfe68809677d493fee6fe7
a1489e5af30e2ae1b1ae96b5b6b722a0b8e51609
5912f433aab8d77c0e18e9ece2289bd7a7e48915a9e26162f88695014914e843
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=dfe350ea-46fc-47c9-9dd7-c738d31c993c:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e070a2e472bf49ff35a7ac2946f41432
9631586d77f0490e24b120c15f242ba3d3605e83
c36e0fbc295a7addbaebcf0a1063dace45c4298077b48628f7ec38a3dd6f73e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C36E0FBC295A7ADDBAEBCF0A1063DACE45C4298077B48628F7EC38A3DD6F73E9"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8804
Expires: Wed, 30 Nov 2022 00:22:15 GMT
Date: Tue, 29 Nov 2022 21:55:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e522c74f3ef0d1b719e47988f1db4c72
d1cae72d7ec41694df696ff175041d043cb9dbf6
2ac181bff12c5547ab34600033ef12150ce0031b5e3885ec0f6e94640b1010ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2AC181BFF12C5547AB34600033EF12150CE0031B5E3885EC0F6E94640B1010EC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12429
Expires: Wed, 30 Nov 2022 01:22:41 GMT
Date: Tue, 29 Nov 2022 21:55:32 GMT
Connection: keep-alive
reproductiontape.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
173.233.137.52200 OK 4.5 kB URL HTTP/1.1 reproductiontape.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
IP 173.233.137.52:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6140), with no line terminators
Hash c4b4886c4f4ef8e4fdc58a392e76515b
3078c10d30ca972180b690dc50611398ae606bc9
bec36a98a3309f84428c2610cbd5b15a70a0bc06e546b9ff58a38a14c6596d4e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:31 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Wed, 30 Nov 2022 21:55:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 30 Nov 2022 21:55:31 GMT; secure; SameSite=None
uncs=1; expires=Wed, 30 Nov 2022 21:55:31 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 30 Nov 2022 21:55:31 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 30 Nov 2022 21:55:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d60e95b26b766eec5ca2b203cf644cf1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
reproductiontape.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
173.233.137.52200 OK 4.0 kB URL HTTP/1.1 reproductiontape.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
IP 173.233.137.52:0
File type JSON data\012- , ASCII text, with very long lines (5712), with no line terminators
Hash 148e7feeef6d8e69b56e51887e876e81
30bf7cc4b7f58920dbe28dbcd27bd14834cf1f53
06122c4baafd45731d8b6972ab6646ca22904b070c5c34b3160d60f2e077f873
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:31 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Wed, 30 Nov 2022 21:55:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 30 Nov 2022 21:55:31 GMT; secure; SameSite=None
uncs=1; expires=Wed, 30 Nov 2022 21:55:31 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 30 Nov 2022 21:55:31 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 30 Nov 2022 21:55:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1134b734e922ad2fca920ecab76f6f68
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
veilsuccessfully.com/pixel/purst?dl=0&th=0&sc=0&rs=2888&rd=2888&fd=839&bv=22.10.v.10&tmpl=136
173.233.137.44200 OK 0 B URL HTTP/1.1 veilsuccessfully.com/pixel/purst?dl=0&th=0&sc=0&rs=2888&rd=2888&fd=839&bv=22.10.v.10&tmpl=136
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2888&rd=2888&fd=839&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: veilsuccessfully.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tallysaturatesnare.com/pixel/purst?dl=0&th=0&sc=0&rs=2915&rd=2915&fd=520&bv=22.10.v.10&tmpl=136
192.243.59.20200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/purst?dl=0&th=0&sc=0&rs=2915&rd=2915&fd=520&bv=22.10.v.10&tmpl=136
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2915&rd=2915&fd=520&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 29 Nov 2022 21:55:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
d192r5l88wrng7.cloudfront.net/?rwlrd=961956
54.230.245.4200 OK 112 kB URL HTTP/2 d192r5l88wrng7.cloudfront.net/?rwlrd=961956
IP 54.230.245.4:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Size 112 kB (112497 bytes)
Hash 6f428484c3c6ea101da94b691689f120
2f90afe15b350bfd0a45383d41f521b1f9acfa09
3ef8308c0a08568611669bc8230803e030d9d10d148bfc402dcf69508951722a
GET /?rwlrd=961956 HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 112497
date: Tue, 29 Nov 2022 21:55:31 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GK4HsRZFH0tPwTzERCj9OEtUoud4uEsPtjXUgOpOMFLD81C0-I1mkA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 38bb14620de55e1982559251c0ebeac9
2a0778a21ec60d9f3cfdf4d5772123a4149729d1
ada2027e8be54e2bb79d0a88473871db54ba9f329a0034cac5413d80d80af1a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADA2027E8BE54E2BB79D0A88473871DB54BA9F329A0034CAC5413D80D80AF1A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Tue, 29 Nov 2022 22:41:02 GMT
Date: Tue, 29 Nov 2022 21:55:32 GMT
Connection: keep-alive
reproductiontape.com/ren.gif?sid=H4sIAAAAAAAC%2F1RS32tcRRue0%2FaDD6Og0hsv1MUbFWRzzv5Isi0SjDUlGJPYVnI9Z86c3TGzM4eZM3s260VDCiUXohu88fLk2aShWoq980Yom95IQOjpheSiUf8Godeym4XoCzPvM%2FO8A8%2FzvnN3z50SH46erH2me0JKOl0v%2B6X31oWKdGZLK7dKgV%2F2r5bWhZqpXS11R5vpXAn8etl%2Fv3Sdsw09XfED3w%2F8oLQoDI91d3rMQiQPGkG54ZdrlXJQr6Fr%2Fnu2zoOlHqLOKXkdIir%2B1%2Fr1EQQbQrV%2FusbtRqqTDz5pO0lTbdCJDr9QG0pnCu1zGBsPsTqcVEPbgpDvL0Crw4kD6M7%2ByAFCURDv9wChOpzIRNg5OFMaSnCFMJpC1hmCyyEEHYLpOxDRUwKwCCurUO17K9pkdPOMpSO2IJde%2FA2RFeTS88tQ7YcLUnRLN7V0qdDKohvnEN0hRHOIxB0h7XkQ2RFYug0R%2FUamXyxDtfdXrdQQUT52L8QQIh5C8j6o9eBGS3hwsQeXeGhHJyVab8S%2BPxuHcbU6V2OMVauM1edmonpUrc3FPhwbyesjTfpgsg9mtpCYLWyI3YKQ7X0Y9xi2lcNGHmxaEO%2FzLXSiHBknyCxBRgkyQZClBFknP4ikrdj8XiStC4NJrkxyNR%2FotLlHD3Ta5IrsJafktVFzvFduv4sNflKqBDGvNup%2BXAsq3K%2FMsGo1DsIZxvlMUOUhhRU5hL0w9tsTBXmrPoVEFOT%2F848R0iNYeQQmXgV1b4Jmg9mKD9oa1OZ89NTPiqbOUNniVKYtq51hvMykCxHpHEl6CemmtydPyRvjgV358GVwdjz%2FpPfX9YeXvwIzORKT40vxhKApdwY3dEb2b%2BjMkkerSSraokdHw7yZ0pRf%2FOFTvplpEy1ds%2F37H7ERMYIPbnGbLlMVCdW05McFEUXcLGrDOPllya7zcM3Z1oIzyiXLax8vLrUTw60VWg1BxVP7NZgoyEs734y%2F6dvvKAgzhHE52u6YTAJCD8GSLdjkXL3VBEae14SJh8zlA1MJzy%2BlKEjl2%2BeQ%2FHh%2Bd%2Fv%2Bd1N%2F%2FgEa5rD8Xw%2FP8Z7dQdN4oOkdqHaOjsnRkTmo7MO6i4M0Mcfzz6rjQCi9QSiNtx9KI3fP2mvFSYnXYz%2FmfoWHcSOMZ6kfNeJaI6SNgM%2BGdRogtQW7e%2FvZPwAAAP%2F%2FAQAA%2F%2F%2FYLRp3ggQAAA%3D%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 reproductiontape.com/ren.gif?sid=H4sIAAAAAAAC%2F1RS32tcRRue0%2FaDD6Og0hsv1MUbFWRzzv5Isi0SjDUlGJPYVnI9Z86c3TGzM4eZM3s260VDCiUXohu88fLk2aShWoq980Yom95IQOjpheSiUf8Godeym4XoCzPvM%2FO8A8%2FzvnN3z50SH46erH2me0JKOl0v%2B6X31oWKdGZLK7dKgV%2F2r5bWhZqpXS11R5vpXAn8etl%2Fv3Sdsw09XfED3w%2F8oLQoDI91d3rMQiQPGkG54ZdrlXJQr6Fr%2Fnu2zoOlHqLOKXkdIir%2B1%2Fr1EQQbQrV%2FusbtRqqTDz5pO0lTbdCJDr9QG0pnCu1zGBsPsTqcVEPbgpDvL0Crw4kD6M7%2ByAFCURDv9wChOpzIRNg5OFMaSnCFMJpC1hmCyyEEHYLpOxDRUwKwCCurUO17K9pkdPOMpSO2IJde%2FA2RFeTS88tQ7YcLUnRLN7V0qdDKohvnEN0hRHOIxB0h7XkQ2RFYug0R%2FUamXyxDtfdXrdQQUT52L8QQIh5C8j6o9eBGS3hwsQeXeGhHJyVab8S%2BPxuHcbU6V2OMVauM1edmonpUrc3FPhwbyesjTfpgsg9mtpCYLWyI3YKQ7X0Y9xi2lcNGHmxaEO%2FzLXSiHBknyCxBRgkyQZClBFknP4ikrdj8XiStC4NJrkxyNR%2FotLlHD3Ta5IrsJafktVFzvFduv4sNflKqBDGvNup%2BXAsq3K%2FMsGo1DsIZxvlMUOUhhRU5hL0w9tsTBXmrPoVEFOT%2F848R0iNYeQQmXgV1b4Jmg9mKD9oa1OZ89NTPiqbOUNniVKYtq51hvMykCxHpHEl6CemmtydPyRvjgV358GVwdjz%2FpPfX9YeXvwIzORKT40vxhKApdwY3dEb2b%2BjMkkerSSraokdHw7yZ0pRf%2FOFTvplpEy1ds%2F37H7ERMYIPbnGbLlMVCdW05McFEUXcLGrDOPllya7zcM3Z1oIzyiXLax8vLrUTw60VWg1BxVP7NZgoyEs734y%2F6dvvKAgzhHE52u6YTAJCD8GSLdjkXL3VBEae14SJh8zlA1MJzy%2BlKEjl2%2BeQ%2FHh%2Bd%2Fv%2Bd1N%2F%2FgEa5rD8Xw%2FP8Z7dQdN4oOkdqHaOjsnRkTmo7MO6i4M0Mcfzz6rjQCi9QSiNtx9KI3fP2mvFSYnXYz%2FmfoWHcSOMZ6kfNeJaI6SNgM%2BGdRogtQW7e%2FvZPwAAAP%2F%2FAQAA%2F%2F%2FYLRp3ggQAAA%3D%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RS32tcRRue0%2FaDD6Og0hsv1MUbFWRzzv5Isi0SjDUlGJPYVnI9Z86c3TGzM4eZM3s260VDCiUXohu88fLk2aShWoq980Yom95IQOjpheSiUf8Godeym4XoCzPvM%2FO8A8%2FzvnN3z50SH46erH2me0JKOl0v%2B6X31oWKdGZLK7dKgV%2F2r5bWhZqpXS11R5vpXAn8etl%2Fv3Sdsw09XfED3w%2F8oLQoDI91d3rMQiQPGkG54ZdrlXJQr6Fr%2Fnu2zoOlHqLOKXkdIir%2B1%2Fr1EQQbQrV%2FusbtRqqTDz5pO0lTbdCJDr9QG0pnCu1zGBsPsTqcVEPbgpDvL0Crw4kD6M7%2ByAFCURDv9wChOpzIRNg5OFMaSnCFMJpC1hmCyyEEHYLpOxDRUwKwCCurUO17K9pkdPOMpSO2IJde%2FA2RFeTS88tQ7YcLUnRLN7V0qdDKohvnEN0hRHOIxB0h7XkQ2RFYug0R%2FUamXyxDtfdXrdQQUT52L8QQIh5C8j6o9eBGS3hwsQeXeGhHJyVab8S%2BPxuHcbU6V2OMVauM1edmonpUrc3FPhwbyesjTfpgsg9mtpCYLWyI3YKQ7X0Y9xi2lcNGHmxaEO%2FzLXSiHBknyCxBRgkyQZClBFknP4ikrdj8XiStC4NJrkxyNR%2FotLlHD3Ta5IrsJafktVFzvFduv4sNflKqBDGvNup%2BXAsq3K%2FMsGo1DsIZxvlMUOUhhRU5hL0w9tsTBXmrPoVEFOT%2F848R0iNYeQQmXgV1b4Jmg9mKD9oa1OZ89NTPiqbOUNniVKYtq51hvMykCxHpHEl6CemmtydPyRvjgV358GVwdjz%2FpPfX9YeXvwIzORKT40vxhKApdwY3dEb2b%2BjMkkerSSraokdHw7yZ0pRf%2FOFTvplpEy1ds%2F37H7ERMYIPbnGbLlMVCdW05McFEUXcLGrDOPllya7zcM3Z1oIzyiXLax8vLrUTw60VWg1BxVP7NZgoyEs734y%2F6dvvKAgzhHE52u6YTAJCD8GSLdjkXL3VBEae14SJh8zlA1MJzy%2BlKEjl2%2BeQ%2FHh%2Bd%2Fv%2Bd1N%2F%2FgEa5rD8Xw%2FP8Z7dQdN4oOkdqHaOjsnRkTmo7MO6i4M0Mcfzz6rjQCi9QSiNtx9KI3fP2mvFSYnXYz%2FmfoWHcSOMZ6kfNeJaI6SNgM%2BGdRogtQW7e%2FvZPwAAAP%2F%2FAQAA%2F%2F%2FYLRp3ggQAAA%3D%3D HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a677da95ca5e62e87cba2447956d685
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9fbd71f67201a0428c19d6a726c89bf
ab8f474825fca13772639ab689c0f190ef2ee7d1
fdced6c4d035e8f40e719aaa50eb9ad071c404e78f71f99a3c2e7bf886283c91
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FDCED6C4D035E8F40E719AAA50EB9AD071C404E78F71F99A3C2E7BF886283C91"
Last-Modified: Tue, 29 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7924
Expires: Wed, 30 Nov 2022 00:07:36 GMT
Date: Tue, 29 Nov 2022 21:55:32 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9fbd71f67201a0428c19d6a726c89bf
ab8f474825fca13772639ab689c0f190ef2ee7d1
fdced6c4d035e8f40e719aaa50eb9ad071c404e78f71f99a3c2e7bf886283c91
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FDCED6C4D035E8F40E719AAA50EB9AD071C404E78F71F99A3C2E7BF886283C91"
Last-Modified: Tue, 29 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7924
Expires: Wed, 30 Nov 2022 00:07:36 GMT
Date: Tue, 29 Nov 2022 21:55:32 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9fbd71f67201a0428c19d6a726c89bf
ab8f474825fca13772639ab689c0f190ef2ee7d1
fdced6c4d035e8f40e719aaa50eb9ad071c404e78f71f99a3c2e7bf886283c91
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FDCED6C4D035E8F40E719AAA50EB9AD071C404E78F71F99A3C2E7BF886283C91"
Last-Modified: Tue, 29 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7924
Expires: Wed, 30 Nov 2022 00:07:36 GMT
Date: Tue, 29 Nov 2022 21:55:32 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/5d/1e/66/5d1e6654b79f5bf053b789353432e45e/1613739250.html
45.133.44.3200 OK 536 B URL HTTP/2 cdn.barscreative1.com/sb/au/5d/1e/66/5d1e6654b79f5bf053b789353432e45e/1613739250.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e7c1b8081a5ce5a1f2f8c740d342b703
0b98998237df52150d4c4228c9e857cca72152b8
2b828d404d752df16a954c5d01f3ce4851f72a5686763e27ab7b3c0eab9f6e3c
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/5d/1e/66/5d1e6654b79f5bf053b789353432e45e/1613739250.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:32 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 12:54:16 GMT
etag: W/"602fb4f8-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 29 Nov 2022 22:55:32 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 40ce48359a1c3a5f1a0347a5e1aa6cbe
50e7a1e47058334ce76d640feca3cfd616e69c18
f72a564ba72dccd6b3b12d077276ed88cf244d8439c1980eecefef9c2948baec
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F72A564BA72DCCD6B3B12D077276ED88CF244D8439C1980EECEFEF9C2948BAEC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10425
Expires: Wed, 30 Nov 2022 00:49:18 GMT
Date: Tue, 29 Nov 2022 21:55:33 GMT
Connection: keep-alive
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:33 GMT
content-length: 0
set-cookie: nauid=KSWuJ8BqwxVtgq9llh0r; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:33 GMT
content-length: 0
set-cookie: nauid=hGyd5TGVSlQT0ecd6ujU; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:33 GMT
content-length: 0
set-cookie: nauid=0dW0zOzHI6RbF8gZMJPl; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:33 GMT
content-length: 0
set-cookie: nauid=pSNQ66KIKXOvDw7qitgP; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9fbd71f67201a0428c19d6a726c89bf
ab8f474825fca13772639ab689c0f190ef2ee7d1
fdced6c4d035e8f40e719aaa50eb9ad071c404e78f71f99a3c2e7bf886283c91
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FDCED6C4D035E8F40E719AAA50EB9AD071C404E78F71F99A3C2E7BF886283C91"
Last-Modified: Tue, 29 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7923
Expires: Wed, 30 Nov 2022 00:07:36 GMT
Date: Tue, 29 Nov 2022 21:55:33 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215531%3Aet%3A1669758931%3Ac%3A1%3Arn%3A976744962%3Arqn%3A9%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669758927820%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669758931&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215531%3Aet%3A1669758931%3Ac%3A1%3Arn%3A976744962%3Arqn%3A9%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669758927820%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669758931&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215531%3Aet%3A1669758931%3Ac%3A1%3Arn%3A976744962%3Arqn%3A9%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669758927820%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669758931&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 21:55:33 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 21:55:33 GMT
last-modified: Tue, 29-Nov-2022 21:55:33 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9023f7c58094afb6679b8203371347f2
e4e0913494d8ef22785d0ac1ea37a6ccd07e7814
d8b439484d97223421026fbf662741696bb6e573273bfd2cff066b1c1e08e871
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D8B439484D97223421026FBF662741696BB6E573273BFD2CFF066B1C1E08E871"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10705
Expires: Wed, 30 Nov 2022 00:53:58 GMT
Date: Tue, 29 Nov 2022 21:55:33 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9023f7c58094afb6679b8203371347f2
e4e0913494d8ef22785d0ac1ea37a6ccd07e7814
d8b439484d97223421026fbf662741696bb6e573273bfd2cff066b1c1e08e871
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D8B439484D97223421026FBF662741696BB6E573273BFD2CFF066B1C1E08E871"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10705
Expires: Wed, 30 Nov 2022 00:53:58 GMT
Date: Tue, 29 Nov 2022 21:55:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6345f845bbd2c2950fe27f4a0faf2353
27e0ccd4d3d81cb9382dcdbd3e8f61b19a674d76
68579d0b5925d3df0cdbc6acf7fe94428b15cea08e93a549308a104762511dd5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68579D0B5925D3DF0CDBC6ACF7FE94428B15CEA08E93A549308A104762511DD5"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8673
Expires: Wed, 30 Nov 2022 00:20:06 GMT
Date: Tue, 29 Nov 2022 21:55:33 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215531%3Aet%3A1669758931%3Ac%3A1%3Arn%3A728011132%3Arqn%3A8%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669758927820%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758931%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215531%3Aet%3A1669758931%3Ac%3A1%3Arn%3A728011132%3Arqn%3A8%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669758927820%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758931%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215531%3Aet%3A1669758931%3Ac%3A1%3Arn%3A728011132%3Arqn%3A8%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669758927820%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758931%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 21:55:33 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 21:55:33 GMT
last-modified: Tue, 29-Nov-2022 21:55:33 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9023f7c58094afb6679b8203371347f2
e4e0913494d8ef22785d0ac1ea37a6ccd07e7814
d8b439484d97223421026fbf662741696bb6e573273bfd2cff066b1c1e08e871
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D8B439484D97223421026FBF662741696BB6E573273BFD2CFF066B1C1E08E871"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10705
Expires: Wed, 30 Nov 2022 00:53:58 GMT
Date: Tue, 29 Nov 2022 21:55:33 GMT
Connection: keep-alive
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5d%2F1e%2F66%2F5d1e6654b79f5bf053b789353432e45e%2F1613739250.html&l=1274&fd=126
173.233.137.52200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5d%2F1e%2F66%2F5d1e6654b79f5bf053b789353432e45e%2F1613739250.html&l=1274&fd=126
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5d%2F1e%2F66%2F5d1e6654b79f5bf053b789353432e45e%2F1613739250.html&l=1274&fd=126 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reproductiontape.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3l0vrgeVvYgoc1SQSff8ZDLuIRjXSDQmcXcl5%2Bqq6kk51V1NVff0ZEAMWVj2pBO8qKfON8mGaBD3KgjS8SIBwV5EctgoevLiRdirMpOB6IOq91V9r%2BD73qu7u%2BkZcZHS07V39EAqRWeaVbfy0rqMuM5sZeV2xXOr7vXKuoxmG9cr%2FfFmeq96brPqvlx5U7Cunqm5nut6rldZlEYEuj8zYSHjo7ZXbbvVRq3qNRvom%2F%2BfberAUge8d0aeheTlExs%2FPIBkBaLw6xvCdhMdv%2FJGmCqaaIMeP3gv6kY6ixBewMA4CKKDaTW0LQn59BJ0dDB1AN3bGzuAL0vi%2FOLBjw6mMuH39s%2BV%2Bgoigs%2BvIusVEKqApAWYvgPJfyIA41hZRRTeX9Emo5vnLB2zJbny%2BG%2FIrCRXHl1DFH61oGS%2FckurNJE6sugHOWS%2FgOwUiNNjJAMHMjsGS7Yh%2BY9k5vEyonBv1SoNyfOJeykLyKCAEkNQ6yAdL%2BkgDRyksYOQn1Zosx24bivwg3p9rsEYq9cZa87N8iavN%2BYCFykbyxsiiYdgaghmthCbLXTlTknI9h5M%2Bh3sRg7LHdikJM67W%2BjxHJkgyCxBRgkySZAlBFkv3%2BfK1mx%2Bnyub%2Bt4016a5no900tml%2BzrpiIjsxmfkmUlz%2FnrqG3TFaYXWgnbbDTy30Zp1Zz3W8trcYx6ldVoTjNdgZQ5pL038DmRJrj3%2FO%2BLxxD74Bz49hlXHYPJp0PQF0GzUqrmgG6PGnItBdNQPaJTQwWaV6RBc54iTK0g2nV11Rp6b6Gif%2FAHBTuYPPxvH52AmR2xyvC%2B%2FJ%2Bioe6ObOiN7N3VmyYPVOJGhHNDxAG8lNBGXv3hbbGba8KUbdnj4GhsTY3h0W9hkmUZcRh1LvlyQnAuzqA0T5Nsluy78tdRuLKQmSuPltdcXl8LYCGuljgpQWRLy0Z9gsiRPdt%2BafM4Xf25BmgImzRGmJ2QakLoAi7dg4wv9VhMYdVHjxw6yNB%2BZmn9xqWRJah8%2FghIn8zvbh59c%2Fe1XUD%2BHFf95eIF37T10jAOa3EEU5uiZHD2Vg6ohbHp5lMTmZP5hfRLwlTPylXH2fGXUznmDrTytiGbgBsKtCT9o%2B0GLurwdNNo%2BbXui5Teph8SW7O6HD%2F8FAAD%2F%2FwEAAP%2F%2FPKNtt3gEAAA%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 reproductiontape.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3l0vrgeVvYgoc1SQSff8ZDLuIRjXSDQmcXcl5%2Bqq6kk51V1NVff0ZEAMWVj2pBO8qKfON8mGaBD3KgjS8SIBwV5EctgoevLiRdirMpOB6IOq91V9r%2BD73qu7u%2BkZcZHS07V39EAqRWeaVbfy0rqMuM5sZeV2xXOr7vXKuoxmG9cr%2FfFmeq96brPqvlx5U7Cunqm5nut6rldZlEYEuj8zYSHjo7ZXbbvVRq3qNRvom%2F%2BfberAUge8d0aeheTlExs%2FPIBkBaLw6xvCdhMdv%2FJGmCqaaIMeP3gv6kY6ixBewMA4CKKDaTW0LQn59BJ0dDB1AN3bGzuAL0vi%2FOLBjw6mMuH39s%2BV%2Bgoigs%2BvIusVEKqApAWYvgPJfyIA41hZRRTeX9Emo5vnLB2zJbny%2BG%2FIrCRXHl1DFH61oGS%2FckurNJE6sugHOWS%2FgOwUiNNjJAMHMjsGS7Yh%2BY9k5vEyonBv1SoNyfOJeykLyKCAEkNQ6yAdL%2BkgDRyksYOQn1Zosx24bivwg3p9rsEYq9cZa87N8iavN%2BYCFykbyxsiiYdgaghmthCbLXTlTknI9h5M%2Bh3sRg7LHdikJM67W%2BjxHJkgyCxBRgkySZAlBFkv3%2BfK1mx%2Bnyub%2Bt4016a5no900tml%2BzrpiIjsxmfkmUlz%2FnrqG3TFaYXWgnbbDTy30Zp1Zz3W8trcYx6ldVoTjNdgZQ5pL038DmRJrj3%2FO%2BLxxD74Bz49hlXHYPJp0PQF0GzUqrmgG6PGnItBdNQPaJTQwWaV6RBc54iTK0g2nV11Rp6b6Gif%2FAHBTuYPPxvH52AmR2xyvC%2B%2FJ%2Bioe6ObOiN7N3VmyYPVOJGhHNDxAG8lNBGXv3hbbGba8KUbdnj4GhsTY3h0W9hkmUZcRh1LvlyQnAuzqA0T5Nsluy78tdRuLKQmSuPltdcXl8LYCGuljgpQWRLy0Z9gsiRPdt%2BafM4Xf25BmgImzRGmJ2QakLoAi7dg4wv9VhMYdVHjxw6yNB%2BZmn9xqWRJah8%2FghIn8zvbh59c%2Fe1XUD%2BHFf95eIF37T10jAOa3EEU5uiZHD2Vg6ohbHp5lMTmZP5hfRLwlTPylXH2fGXUznmDrTytiGbgBsKtCT9o%2B0GLurwdNNo%2BbXui5Teph8SW7O6HD%2F8FAAD%2F%2FwEAAP%2F%2FPKNtt3gEAAA%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3l0vrgeVvYgoc1SQSff8ZDLuIRjXSDQmcXcl5%2Bqq6kk51V1NVff0ZEAMWVj2pBO8qKfON8mGaBD3KgjS8SIBwV5EctgoevLiRdirMpOB6IOq91V9r%2BD73qu7u%2BkZcZHS07V39EAqRWeaVbfy0rqMuM5sZeV2xXOr7vXKuoxmG9cr%2FfFmeq96brPqvlx5U7Cunqm5nut6rldZlEYEuj8zYSHjo7ZXbbvVRq3qNRvom%2F%2BfberAUge8d0aeheTlExs%2FPIBkBaLw6xvCdhMdv%2FJGmCqaaIMeP3gv6kY6ixBewMA4CKKDaTW0LQn59BJ0dDB1AN3bGzuAL0vi%2FOLBjw6mMuH39s%2BV%2Bgoigs%2BvIusVEKqApAWYvgPJfyIA41hZRRTeX9Emo5vnLB2zJbny%2BG%2FIrCRXHl1DFH61oGS%2FckurNJE6sugHOWS%2FgOwUiNNjJAMHMjsGS7Yh%2BY9k5vEyonBv1SoNyfOJeykLyKCAEkNQ6yAdL%2BkgDRyksYOQn1Zosx24bivwg3p9rsEYq9cZa87N8iavN%2BYCFykbyxsiiYdgaghmthCbLXTlTknI9h5M%2Bh3sRg7LHdikJM67W%2BjxHJkgyCxBRgkySZAlBFkv3%2BfK1mx%2Bnyub%2Bt4016a5no900tml%2BzrpiIjsxmfkmUlz%2FnrqG3TFaYXWgnbbDTy30Zp1Zz3W8trcYx6ldVoTjNdgZQ5pL038DmRJrj3%2FO%2BLxxD74Bz49hlXHYPJp0PQF0GzUqrmgG6PGnItBdNQPaJTQwWaV6RBc54iTK0g2nV11Rp6b6Gif%2FAHBTuYPPxvH52AmR2xyvC%2B%2FJ%2Bioe6ObOiN7N3VmyYPVOJGhHNDxAG8lNBGXv3hbbGba8KUbdnj4GhsTY3h0W9hkmUZcRh1LvlyQnAuzqA0T5Nsluy78tdRuLKQmSuPltdcXl8LYCGuljgpQWRLy0Z9gsiRPdt%2BafM4Xf25BmgImzRGmJ2QakLoAi7dg4wv9VhMYdVHjxw6yNB%2BZmn9xqWRJah8%2FghIn8zvbh59c%2Fe1XUD%2BHFf95eIF37T10jAOa3EEU5uiZHD2Vg6ohbHp5lMTmZP5hfRLwlTPylXH2fGXUznmDrTytiGbgBsKtCT9o%2B0GLurwdNNo%2BbXui5Teph8SW7O6HD%2F8FAAD%2F%2FwEAAP%2F%2FPKNtt3gEAAA%3D HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4c4da22adb8c015a2ca6d820683c149c
Strict-Transport-Security: max-age=0; includeSubdomains
cutopporting.com/cGNxREdfXBI3eiYlNzQdJg8dHgEyNhApPwA7NyAxKTQrHh8nV1cwLhReSHJ1QFJFYjcZB0x1YQMXEDAyA15AYi4eBR55YQZeQGp0RE1CdWlBRQR5dlYXASUgTVJXNDMED0x1cUZaRnF/SVBAcHZC
104.21.33.48204 No Content 0 B URL HTTP/2 cutopporting.com/cGNxREdfXBI3eiYlNzQdJg8dHgEyNhApPwA7NyAxKTQrHh8nV1cwLhReSHJ1QFJFYjcZB0x1YQMXEDAyA15AYi4eBR55YQZeQGp0RE1CdWlBRQR5dlYXASUgTVJXNDMED0x1cUZaRnF/SVBAcHZC
IP 104.21.33.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cGNxREdfXBI3eiYlNzQdJg8dHgEyNhApPwA7NyAxKTQrHh8nV1cwLhReSHJ1QFJFYjcZB0x1YQMXEDAyA15AYi4eBR55YQZeQGp0RE1CdWlBRQR5dlYXASUgTVJXNDMED0x1cUZaRnF/SVBAcHZC HTTP/1.1
Host: cutopporting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 21:55:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNgyZ%2BInCMgVuGL%2B5T%2Fdk1hHDvi0XtEL6%2BE8Kq78QcVtqOJDz8M2fqTCfwHZ8si7sCKny%2BNueWN7v4ypWxh%2Fc3Uy8yLdiCt4UXCQGHFd5ef6dAJ18MAc3hUPTEbSqhhw7uV%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e96960bb1b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
arthwhilearthu.com/eWVwdnEYBxMbThhYElAECwlNU0M/QEIwFUhcQgREFV1IAQMXAkdYEhUKBRIXCwoeAl8XAARTQz8zKjAzKConJzkpH0UQJgEkRTgwKwElGzcJITY8MjYMPiEyETcENzQWNTUlEj4HNjspHQwiMjA/CRcSHSwjMxwVDS0HMzo0V0A/IB4wQDsWKzQhHyAeMxdPKzMxRRIwKCxFJh0OJCEfJAEnMR09Mg8cIDI4M0EvH0A3IxszSCZBJDwzHxwuMDgWHj8JATImMkUSLTYsJCAyMS4nPCMaMxkBMiY1EkwzQTwgHTI+QSAvPxc9MEA0ISE8Ki02LCQwDF0vEi8cJh4oOB07IDkVVDNHID0rJDgiOlU2HzceESUgJjsCMzAjLwEnPzs4AkAfPy9dPD45LwwWRycsPyhCOygNNgIoKEMaBR4XFU0mAhIQByAkThY
108.157.214.70200 OK 1.2 kB URL HTTP/2 arthwhilearthu.com/eWVwdnEYBxMbThhYElAECwlNU0M/QEIwFUhcQgREFV1IAQMXAkdYEhUKBRIXCwoeAl8XAARTQz8zKjAzKConJzkpH0UQJgEkRTgwKwElGzcJITY8MjYMPiEyETcENzQWNTUlEj4HNjspHQwiMjA/CRcSHSwjMxwVDS0HMzo0V0A/IB4wQDsWKzQhHyAeMxdPKzMxRRIwKCxFJh0OJCEfJAEnMR09Mg8cIDI4M0EvH0A3IxszSCZBJDwzHxwuMDgWHj8JATImMkUSLTYsJCAyMS4nPCMaMxkBMiY1EkwzQTwgHTI+QSAvPxc9MEA0ISE8Ki02LCQwDF0vEi8cJh4oOB07IDkVVDNHID0rJDgiOlU2HzceESUgJjsCMzAjLwEnPzs4AkAfPy9dPD45LwwWRycsPyhCOygNNgIoKEMaBR4XFU0mAhIQByAkThY
IP 108.157.214.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3034), with no line terminators
Hash 26aadd1d81359531f4545a8413312c11
7d9e8b320e7a5649cd496cecdf8c8bee40549c4e
5883db0e44fa07baea1471fff78085f08426035360ff3a43a45dfcac4af2f648
GET /eWVwdnEYBxMbThhYElAECwlNU0M/QEIwFUhcQgREFV1IAQMXAkdYEhUKBRIXCwoeAl8XAARTQz8zKjAzKConJzkpH0UQJgEkRTgwKwElGzcJITY8MjYMPiEyETcENzQWNTUlEj4HNjspHQwiMjA/CRcSHSwjMxwVDS0HMzo0V0A/IB4wQDsWKzQhHyAeMxdPKzMxRRIwKCxFJh0OJCEfJAEnMR09Mg8cIDI4M0EvH0A3IxszSCZBJDwzHxwuMDgWHj8JATImMkUSLTYsJCAyMS4nPCMaMxkBMiY1EkwzQTwgHTI+QSAvPxc9MEA0ISE8Ki02LCQwDF0vEi8cJh4oOB07IDkVVDNHID0rJDgiOlU2HzceESUgJjsCMzAjLwEnPzs4AkAfPy9dPD45LwwWRycsPyhCOygNNgIoKEMaBR4XFU0mAhIQByAkThY HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1186
date: Tue, 29 Nov 2022 21:55:33 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5e29eae3156522edc7886df59287259c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: xhAGoXslLvMnWDMSzlI36GI59uR9rQsCQ5ImwIhkDXMEnznCP_50pw==
X-Firefox-Spdy: h2
cutopporting.com/d0FWRFVYfjU3aCEqGDQCGi08IGQPMQMTbA8ZASg3LgkMIDQxdXAwPBN8b3JkTnRgYiUeJWt3Z1EyIiUhAjJrdmVHdnAtOxEua3VzAXxmam1ZcGVqZVE0a3VzAzE3I2hGZyYwIRt8Z3JjTnZjfGxEcGVyYQ
104.21.33.48204 No Content 0 B URL HTTP/2 cutopporting.com/d0FWRFVYfjU3aCEqGDQCGi08IGQPMQMTbA8ZASg3LgkMIDQxdXAwPBN8b3JkTnRgYiUeJWt3Z1EyIiUhAjJrdmVHdnAtOxEua3VzAXxmam1ZcGVqZVE0a3VzAzE3I2hGZyYwIRt8Z3JjTnZjfGxEcGVyYQ
IP 104.21.33.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d0FWRFVYfjU3aCEqGDQCGi08IGQPMQMTbA8ZASg3LgkMIDQxdXAwPBN8b3JkTnRgYiUeJWt3Z1EyIiUhAjJrdmVHdnAtOxEua3VzAXxmam1ZcGVqZVE0a3VzAzE3I2hGZyYwIRt8Z3JjTnZjfGxEcGVyYQ HTTP/1.1
Host: cutopporting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 21:55:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0JoQV26ZdzfvEQLOG%2FQQhDMv3U1RaoyZ2fmoK8tBPwuV8%2Fj%2BPSc3%2FQB0S%2F7qkI7pDM5fQpahfQ9utZ2ODK8TxdOzFt5%2Bnt6EIf9NGUZzijZGQGFXp%2BsxLuWdntamvn2pYiQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e96960badb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
arthwhilearthu.com/ZVVxZFAENxIJbwRoE0IlFzlMQWIjcEMiNFRsQxZlCW1JEyILMkZKMwk6BAA2FzofEH4LMAVBYiM7IyI4HzY2KT4rLUEzCCEUCSJgVDQSCSAhBCciOSgyMAIUMQcdKTk0PjoNYAQaHSEpJi9JIQUkZSUlPDwNIQ4oKgQ0MT8qB0E8CAgcSCwCKzAVPGQ2EzAiZQcTJCIRCz5ALBEKHjogATYDJyETBwNAJQILDx4zJwYeOg4nBhcJJjgEPjwBFlcTADVgIwEQCTgyBAgiOAQ+PCwTDCUENmEzBDMKYScEMxApBxMrIBkyEwA1JywDKDMjHAQnKigBPlwqCjc7KwsWJwAwKCoBAiANBlc0NC4RMGYnCwEJAyMAFFE0MAMJDBsGEAYwBDsUAVUDPwAYURIlMhlDPwILPhVoMDAXCyAYLmITBj0QYyweAA
108.157.214.70200 OK 1.2 kB URL HTTP/2 arthwhilearthu.com/ZVVxZFAENxIJbwRoE0IlFzlMQWIjcEMiNFRsQxZlCW1JEyILMkZKMwk6BAA2FzofEH4LMAVBYiM7IyI4HzY2KT4rLUEzCCEUCSJgVDQSCSAhBCciOSgyMAIUMQcdKTk0PjoNYAQaHSEpJi9JIQUkZSUlPDwNIQ4oKgQ0MT8qB0E8CAgcSCwCKzAVPGQ2EzAiZQcTJCIRCz5ALBEKHjogATYDJyETBwNAJQILDx4zJwYeOg4nBhcJJjgEPjwBFlcTADVgIwEQCTgyBAgiOAQ+PCwTDCUENmEzBDMKYScEMxApBxMrIBkyEwA1JywDKDMjHAQnKigBPlwqCjc7KwsWJwAwKCoBAiANBlc0NC4RMGYnCwEJAyMAFFE0MAMJDBsGEAYwBDsUAVUDPwAYURIlMhlDPwILPhVoMDAXCyAYLmITBj0QYyweAA
IP 108.157.214.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash 1f0b76bf9d05a7276783f268731a8428
764cef6349685afd915033f124e3e5d2dbc565e3
72acd74877ff7a2372e42e9ce3867cfb8850e3690ce5818ce4cba78f12b55057
GET /ZVVxZFAENxIJbwRoE0IlFzlMQWIjcEMiNFRsQxZlCW1JEyILMkZKMwk6BAA2FzofEH4LMAVBYiM7IyI4HzY2KT4rLUEzCCEUCSJgVDQSCSAhBCciOSgyMAIUMQcdKTk0PjoNYAQaHSEpJi9JIQUkZSUlPDwNIQ4oKgQ0MT8qB0E8CAgcSCwCKzAVPGQ2EzAiZQcTJCIRCz5ALBEKHjogATYDJyETBwNAJQILDx4zJwYeOg4nBhcJJjgEPjwBFlcTADVgIwEQCTgyBAgiOAQ+PCwTDCUENmEzBDMKYScEMxApBxMrIBkyEwA1JywDKDMjHAQnKigBPlwqCjc7KwsWJwAwKCoBAiANBlc0NC4RMGYnCwEJAyMAFFE0MAMJDBsGEAYwBDsUAVUDPwAYURIlMhlDPwILPhVoMDAXCyAYLmITBj0QYyweAA HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1181
date: Tue, 29 Nov 2022 21:55:33 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5e29eae3156522edc7886df59287259c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: tcyQIZ_MZ-My0C8Wu_eCGVNaIrB9CjIIIKI2yQr9bGyLl3pZH6qd8Q==
X-Firefox-Spdy: h2
cutopporting.com/TjQwOUthC1NKdhpxAVUEC0wFX3oLelRhM39icQh7KGxIWg99RxZNIioJCQ95fgUCHzsnUA0Ic2hHRFg/O0cNCG0nWlZWdmhCDQhlfhoCF3loQQ0IbTpEUV52fxJATT8iCQEPfXcDBQFyfQUDDn0
104.21.33.48204 No Content 0 B URL HTTP/2 cutopporting.com/TjQwOUthC1NKdhpxAVUEC0wFX3oLelRhM39icQh7KGxIWg99RxZNIioJCQ95fgUCHzsnUA0Ic2hHRFg/O0cNCG0nWlZWdmhCDQhlfhoCF3loQQ0IbTpEUV52fxJATT8iCQEPfXcDBQFyfQUDDn0
IP 104.21.33.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TjQwOUthC1NKdhpxAVUEC0wFX3oLelRhM39icQh7KGxIWg99RxZNIioJCQ95fgUCHzsnUA0Ic2hHRFg/O0cNCG0nWlZWdmhCDQhlfhoCF3loQQ0IbTpEUV52fxJATT8iCQEPfXcDBQFyfQUDDn0 HTTP/1.1
Host: cutopporting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 21:55:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e7lLV6pSuI79EKY%2BBZi77sH%2Bcjb9gZfKkwgFHalXEoPslWOODj6Xgwrnmk2UniA%2B0izIE%2BuBqNzIilM2JV8eA%2BJuY6PXpHgRldhCBPyy270RL7tRj5aZxNSiSA4%2BIkJV0eIb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e96961bc4b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=947
173.233.137.52200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=947
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=947 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 40ce48359a1c3a5f1a0347a5e1aa6cbe
50e7a1e47058334ce76d640feca3cfd616e69c18
f72a564ba72dccd6b3b12d077276ed88cf244d8439c1980eecefef9c2948baec
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F72A564BA72DCCD6B3B12D077276ED88CF244D8439C1980EECEFEF9C2948BAEC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10425
Expires: Wed, 30 Nov 2022 00:49:18 GMT
Date: Tue, 29 Nov 2022 21:55:33 GMT
Connection: keep-alive
cutopporting.com/popunder.gif
104.21.33.48200 OK 35 B URL HTTP/2 cutopporting.com/popunder.gif
IP 104.21.33.48:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: cutopporting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 13690
last-modified: Tue, 29 Nov 2022 18:07:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5SBUFXbktgT%2BvurfMR0Irt8GcmPb2qXaYhXSQ9Vu2FSTFN2RmDRQjYQcvtaJVb9UHtIRKEuM6Zjpk0JfZlqBHpWJofMcjtOjaPOqSXxXFUPrczmLwKMx3n4qjNaQv7vGE734"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e96961bbfb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
172.64.108.13200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
IP 172.64.108.13:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1238662
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z4AbVY%2Fo1oY8ikH75Dv62nPrfEo7LyGMZKvTljeGFJiyitEIhzAUaWIEAVETQNmMmYjBZbzosYUFLJDDg%2F%2FnQmSuMNHxzu6w%2B77vIqaZfqsnIcfbjfQzufgC%2FyK%2B9Qaf4hXSZM5TG9Wc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e96971d7a072a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9023f7c58094afb6679b8203371347f2
e4e0913494d8ef22785d0ac1ea37a6ccd07e7814
d8b439484d97223421026fbf662741696bb6e573273bfd2cff066b1c1e08e871
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D8B439484D97223421026FBF662741696BB6E573273BFD2CFF066B1C1E08E871"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10705
Expires: Wed, 30 Nov 2022 00:53:58 GMT
Date: Tue, 29 Nov 2022 21:55:33 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 55 B IP 93.184.220.29:0
File type HTML document, ASCII text
Hash 9f073354411bbaf7a319b1519f10b4b7
571498f38548829bf186f49f5be9d5fa6e689a68
4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5705
Content-Type: text/html
Date: Tue, 29 Nov 2022 21:55:33 GMT
Etag: "638651bf-37"
Last-Modified: Tue, 29 Nov 2022 18:38:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 55
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8f12114c5e4071a91936f049f8234c94
61ddffbc7f1154cc8a5fe6fabbd976fe71027d6f
5b700cd09f0aa11ec03e2fe0cba0d92444cf70a880eecc5825e99636a6fbab4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8f12114c5e4071a91936f049f8234c94
61ddffbc7f1154cc8a5fe6fabbd976fe71027d6f
5b700cd09f0aa11ec03e2fe0cba0d92444cf70a880eecc5825e99636a6fbab4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cloudimagesb.com/si/a5/d9/c0/a5d9c0712d47dec60831362fa254b3e2/1669388502.png
45.133.44.10200 OK 76 kB URL HTTP/2 cdn.cloudimagesb.com/si/a5/d9/c0/a5d9c0712d47dec60831362fa254b3e2/1669388502.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 43fb624febca734b137b3fbff47d71c0
8b8d429494d314b9b822df5de2469a7c956214f3
16139ff8be9ad5ac2b476df153e23355e5296bbfccb9816ae83cbc3976aefe0b
GET /si/a5/d9/c0/a5d9c0712d47dec60831362fa254b3e2/1669388502.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: image/png
content-length: 75990
server: nginx/1.17.6
last-modified: Fri, 25 Nov 2022 15:01:51 GMT
etag: "6380d8df-128d6"
expires: Thu, 01 Dec 2022 21:55:33 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
arthwhilearthu.com/d0NMaDkWIS8FBhZ+Lk5MBS9xTQsxZn4uXUZ6fhoMG3t0H0sZJHtGWhssOQxfBSwiHBcZJjhNCzEPKC8MBg4LIWE2Eh4/YSYCBCxeRiEdBEEWAhoyajUBIA59NhEYKk4mBAUCCQcBGiF8PSoZP38Qdwc+TjUGCykBMhV9UWo0NB48YUcVBSsIJgIfPkk6EQ4hWzUVKC54JgoULwkyEgoPWhQFJAtvIjQoDn41cw8qVTELHgFREQsgImsvBSMxfyVzDSxVTxUOWE0uAg0feCRyKylsRxENP1EhEQIDTS4CDj1dNgU7LWtHID88Tj0QCC5REgUaLQskcmEPeDICBiRuLwUYOn8DBg0tTSUbChhhNTsvLnslFR0lVQ8iDT5zMht9B3slcxYNfTEoHS1oEAUfLV0wCAobeCFyPA1tMhUqOmhRKT8HVwd+IVxdIRAPXQkHCwM
108.157.214.70200 OK 1.2 kB URL HTTP/2 arthwhilearthu.com/d0NMaDkWIS8FBhZ+Lk5MBS9xTQsxZn4uXUZ6fhoMG3t0H0sZJHtGWhssOQxfBSwiHBcZJjhNCzEPKC8MBg4LIWE2Eh4/YSYCBCxeRiEdBEEWAhoyajUBIA59NhEYKk4mBAUCCQcBGiF8PSoZP38Qdwc+TjUGCykBMhV9UWo0NB48YUcVBSsIJgIfPkk6EQ4hWzUVKC54JgoULwkyEgoPWhQFJAtvIjQoDn41cw8qVTELHgFREQsgImsvBSMxfyVzDSxVTxUOWE0uAg0feCRyKylsRxENP1EhEQIDTS4CDj1dNgU7LWtHID88Tj0QCC5REgUaLQskcmEPeDICBiRuLwUYOn8DBg0tTSUbChhhNTsvLnslFR0lVQ8iDT5zMht9B3slcxYNfTEoHS1oEAUfLV0wCAobeCFyPA1tMhUqOmhRKT8HVwd+IVxdIRAPXQkHCwM
IP 108.157.214.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Hash 130089b4108bdc21202068c2c3c1e785
cf1d1e6e79bf8f378c68bf1fb9d9c0777638ed3d
4048aebcdbb303ad31e62a2a2a21716976d24164864954a12ee88ecaeb734d34
GET /d0NMaDkWIS8FBhZ+Lk5MBS9xTQsxZn4uXUZ6fhoMG3t0H0sZJHtGWhssOQxfBSwiHBcZJjhNCzEPKC8MBg4LIWE2Eh4/YSYCBCxeRiEdBEEWAhoyajUBIA59NhEYKk4mBAUCCQcBGiF8PSoZP38Qdwc+TjUGCykBMhV9UWo0NB48YUcVBSsIJgIfPkk6EQ4hWzUVKC54JgoULwkyEgoPWhQFJAtvIjQoDn41cw8qVTELHgFREQsgImsvBSMxfyVzDSxVTxUOWE0uAg0feCRyKylsRxENP1EhEQIDTS4CDj1dNgU7LWtHID88Tj0QCC5REgUaLQskcmEPeDICBiRuLwUYOn8DBg0tTSUbChhhNTsvLnslFR0lVQ8iDT5zMht9B3slcxYNfTEoHS1oEAUfLV0wCAobeCFyPA1tMhUqOmhRKT8HVwd+IVxdIRAPXQkHCwM HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1187
date: Tue, 29 Nov 2022 21:55:33 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5e29eae3156522edc7886df59287259c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: dHU6wcDF8nFcQtW_DTo3adwy9aSB1CcvIAkLazsdJ04_779cI9h3tA==
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215531%3Aet%3A1669758931%3Ac%3A1%3Arn%3A728011132%3Arqn%3A8%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669758927820%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758931%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 65 kB URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215531%3Aet%3A1669758931%3Ac%3A1%3Arn%3A728011132%3Arqn%3A8%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669758927820%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758931%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 87430aa60e4fe605f0d87d7017e3cf31
e1025f730c3d0bd208cb6a356531a4e38a383d84
c7a1680fdc7106832194d6778708487878fe653929d55a8a55a35ea57aa1f499
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215531%3Aet%3A1669758931%3Ac%3A1%3Arn%3A728011132%3Arqn%3A8%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669758927820%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758931%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&charset=utf-8&hittoken=1669758930_01825921a80df17190c5f5c94f401a3c8e4c2471810132b30e02d4f124beeb31&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A982867011317%3Ahid%3A1025371997%3Az%3A0%3Ai%3A20221129215531%3Aet%3A1669758931%3Ac%3A1%3Arn%3A728011132%3Arqn%3A8%3Au%3A1669758930259550724%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669758927820%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669758931%3At%3ATessa%20Winters%20-%20Letting%20him%20Cum%20in%20me%20NEW%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 29 Nov 2022 21:55:33 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=245739631669758933; Expires=Wed, 29-Nov-2023 21:55:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=245739631669758933; Expires=Wed, 29-Nov-2023 21:55:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1567333311669758933; Path=/; SameSite=None; Secure
i=3uFVnys+zbVtj921UgFcmCR4fd3WNek1elkm8DCAx/GvwcW0mWwy+/apgeJwUpTp+1UDg6lU2DnNgV7rZa1jNl0PrZM=; Expires=Fri, 26-Nov-2032 21:55:29 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1701294933.yc.1669758933#1701294933.yrts.1669758933#1701294933.yrtsi.1669758933; Expires=Wed, 29-Nov-2023 21:55:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 21:55:33 GMT
last-modified: Tue, 29-Nov-2022 21:55:33 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.108.13200 OK 5.9 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.108.13:0
Hash 9bde8e72120bf64208b42e6d26af7b64
c473e8679533aa3248b3e53f553a44bca2d3f6d0
cc9d1ea46271fd2733303a8ee1b9dc335f22da17928603dfd0519edf5063931d
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1238644
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kaj30RiBeLHzUgqays4UO7KicsKGVQ5RIVdmFfd7qZr6vUgFxJJ9oLmIonhE%2BOwmodpK3C7en3oXxU5qMl%2BBp1HjXWSNiR7fyo5OLArjZckKtDq0HJhn78UEQGM0OC4rax1vA7bmRzZ1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e9696eb427447-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash cae3b817cfd9770ef060dfe232035092
becd0e4b310e3440816c078df74a100a1eb022e3
a1879fc180e78b4c4e8425cdc3f887d85752b7c50380ae99ea953b61b8e3651e
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 29 Nov 2022 21:55:33 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S688594711%3A1669758933705070&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuKGaODkyOtIzH-gNYHn15fzupoCf-DyHZpEd0xcuH2spqzfrIw_6Q4S3SM4W_h1imAJXZFOw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-R5LMvAIIy7QkcqfKAIUNVQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:Hn9e_k1g5MD3oiiUnZ4zUAE7fIxzJg:JE9utsLo1WAueAyy;Path=/;Expires=Thu, 28-Nov-2024 21:55:33 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
arthwhilearthu.com/utx?cb=bd9bn3L2apn6&top=xfantazy.com&tid=961956
108.157.214.70204 No Content 0 B URL HTTP/2 arthwhilearthu.com/utx?cb=bd9bn3L2apn6&top=xfantazy.com&tid=961956
IP 108.157.214.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=bd9bn3L2apn6&top=xfantazy.com&tid=961956 HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 21:55:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 29 Nov 2022 21:56:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5e29eae3156522edc7886df59287259c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: Zr-BLb0R2ZQuIF6hMy2SS3yAKkOWEWmxwvn9Ha6i1CmwrTn-iu6N3Q==
X-Firefox-Spdy: h2
arthwhilearthu.com/utx?cb=yMBTbb0c8PFo&top=xfantazy.com&tid=962014
108.157.214.70204 No Content 0 B URL HTTP/2 arthwhilearthu.com/utx?cb=yMBTbb0c8PFo&top=xfantazy.com&tid=962014
IP 108.157.214.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=yMBTbb0c8PFo&top=xfantazy.com&tid=962014 HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 21:55:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 29 Nov 2022 21:56:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5e29eae3156522edc7886df59287259c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: cPzXEXd26GBdSbUdgf9zou87RGM6MAx_54hEo4eoR7il_nSvgIH5jg==
X-Firefox-Spdy: h2
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fjs%2Fscript.js&l=444&fd=1038
173.233.137.52200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fjs%2Fscript.js&l=444&fd=1038
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fjs%2Fscript.js&l=444&fd=1038 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash abd55ecd24d357a9f02612558f723a90
6a1e6963864f0b53ddc6205d35225e6cf0bcbeec
195fa531e0462be58d5c62ebbe6060e147c94bdb1d38ff46c341c74e0ab2671a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fanimate.css&l=79245&fd=1042
173.233.137.52200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fanimate.css&l=79245&fd=1042
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fanimate.css&l=79245&fd=1042 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.3200 OK 1.8 kB URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash d1a1ae70dc1bb5b2716e6362fa9e2c81
677f66beebe18a777e31e5407bbf5385843bd976
90ed49a0df5895d63341ff2cbd4cf1489d697b1e218f43a265cf0bf69d04d114
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 29 Nov 2022 22:55:33 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/nRFhzcGMnNx0WXDAxF01acmpDQVFiMgAfDTRlMiQkKi0aOlEyCz8EUA0TAlYXPjxOQEUoOR0XXmI9HRNedX4SFAF5bFUFAnk1HAoKKDQSVVECbV1ARnZoWwcKKjwcBxBhakMeF2FqQ0FTamhWQyFhakMHCipuR1VQBn1BQBtybFZDIWFqQwIVYWsyQVNxdk-NZRnZoFBUALzdWQiV2aEJAU3VoQlVRdD4aAgYiNwtVUQJpQ0VNdH4GTVI
54.230.245.4200 OK 186 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/nRFhzcGMnNx0WXDAxF01acmpDQVFiMgAfDTRlMiQkKi0aOlEyCz8EUA0TAlYXPjxOQEUoOR0XXmI9HRNedX4SFAF5bFUFAnk1HAoKKDQSVVECbV1ARnZoWwcKKjwcBxBhakMeF2FqQ0FTamhWQyFhakMHCipuR1VQBn1BQBtybFZDIWFqQwIVYWsyQVNxdk-NZRnZoFBUALzdWQiV2aEJAU3VoQlVRdD4aAgYiNwtVUQJpQ0VNdH4GTVI
IP 54.230.245.4:0
File type ASCII text, with no line terminators
Hash 8e71cde19619603ef6d1b1913d0d382a
3634d8c1a2213895ce037aee0d440d650bfc3efd
7e3ceff5008695a21867fda6780995ad15af6c09c64bea355e6c504519138df8
GET /nRFhzcGMnNx0WXDAxF01acmpDQVFiMgAfDTRlMiQkKi0aOlEyCz8EUA0TAlYXPjxOQEUoOR0XXmI9HRNedX4SFAF5bFUFAnk1HAoKKDQSVVECbV1ARnZoWwcKKjwcBxBhakMeF2FqQ0FTamhWQyFhakMHCipuR1VQBn1BQBtybFZDIWFqQwIVYWsyQVNxdk-NZRnZoFBUALzdWQiV2aEJAU3VoQlVRdD4aAgYiNwtVUQJpQ0VNdH4GTVI HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://arthwhilearthu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 186
date: Tue, 29 Nov 2022 21:55:33 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PDvDKcTTPk2b76u6Tp8_kyQgXjXsaShbqpyJOB-emCMH6APcntR5-A==
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
172.64.108.13200 OK 238 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP 172.64.108.13:0
Hash be1214416c58c1ca992894fa546a3ef0
8ac5945b181e06e5efd487ec986d8bea1b5e77d6
89638eccd8cdd96b05d6c23f8273432ed071124dded2f31f924a14d2de558b4c
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1238644
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uZgY%2BHA4%2BQWaYvyqdZR9t6fVGR7InTFnIisTXH9nrFkGz0IZy38Sgcu0SfVrmHJRYK%2FvYwAk2V5YfOEvdiL6yPETzqJrEX3nW6s4%2BmPMej0gE1skgBmDM3ZmrU6oWb9X9skpGnlMJf0o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e9697bc8a7447-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=102
173.233.137.52200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=102
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=102 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=126
173.233.137.52200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=126
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=126 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fstyle.css&l=6334&fd=1079
173.233.137.52200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fstyle.css&l=6334&fd=1079
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fstyle.css&l=6334&fd=1079 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=46
173.233.137.52200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=46
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=46 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
d192r5l88wrng7.cloudfront.net/LdG5qMGIXAQRWXQAHDg1bQlxaAVZSBBlfDARTBwQGIj0pBVIEJiUWFg4KVwBEGA8EV19SCwRTX0VIC1QASVpMRBIbBVdFAQIXG0EQFgccFhcVUwdfGB0CBlFHRihfHlJRXFoYFR0ADl8VB0tYAAwAS1gAU0RAWhVRNktYABUdAFwER0csTwJSDFheFVE2S1-gAEAJLWXFTRFtEAEtRXFpXBxcFBRVQMlxaAVJEX1oBR0ZeDFkQEQgFSEdGKFsAV1peTEVfRQ
54.230.245.4200 OK 583 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/LdG5qMGIXAQRWXQAHDg1bQlxaAVZSBBlfDARTBwQGIj0pBVIEJiUWFg4KVwBEGA8EV19SCwRTX0VIC1QASVpMRBIbBVdFAQIXG0EQFgccFhcVUwdfGB0CBlFHRihfHlJRXFoYFR0ADl8VB0tYAAwAS1gAU0RAWhVRNktYABUdAFwER0csTwJSDFheFVE2S1-gAEAJLWXFTRFtEAEtRXFpXBxcFBRVQMlxaAVJEX1oBR0ZeDFkQEQgFSEdGKFsAV1peTEVfRQ
IP 54.230.245.4:0
File type ASCII text, with very long lines (819), with no line terminators
Hash d8ed8ea01d340ca9f8215329ac6a2fde
edb9fbc8586307a40611e8f7a526c1656ebb34ce
7e9bce5980a6595d47749d3fd0380eab15958acbb21abc666f86ade1e788caee
GET /LdG5qMGIXAQRWXQAHDg1bQlxaAVZSBBlfDARTBwQGIj0pBVIEJiUWFg4KVwBEGA8EV19SCwRTX0VIC1QASVpMRBIbBVdFAQIXG0EQFgccFhcVUwdfGB0CBlFHRihfHlJRXFoYFR0ADl8VB0tYAAwAS1gAU0RAWhVRNktYABUdAFwER0csTwJSDFheFVE2S1-gAEAJLWXFTRFtEAEtRXFpXBxcFBRVQMlxaAVJEX1oBR0ZeDFkQEQgFSEdGKFsAV1peTEVfRQ HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://arthwhilearthu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 583
date: Tue, 29 Nov 2022 21:55:33 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tEWhxVI661ZXu6QJSdH47k-dJLbm2xOjq-adrdTmQ5YlFzBVXhPBtA==
X-Firefox-Spdy: h2
arthwhilearthu.com/floater?cs=NlQ0cW4DYAFCVg9mAEJcAGEAQ1k&abt=0&red=1&sm=83&k=xfantazy%20tessa%20winters%20letting&v=0.8.13.0&sts=0&prn=1&emb=0&tid=961956&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_ZRKS=1669758932482&crc=1
108.157.214.70200 OK 887 B URL HTTP/2 arthwhilearthu.com/floater?cs=NlQ0cW4DYAFCVg9mAEJcAGEAQ1k&abt=0&red=1&sm=83&k=xfantazy%20tessa%20winters%20letting&v=0.8.13.0&sts=0&prn=1&emb=0&tid=961956&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_ZRKS=1669758932482&crc=1
IP 108.157.214.70:0
File type ASCII text, with very long lines (1230), with no line terminators
Hash 3a0eaf816ea34ce994bd49c23ae37f98
c772481825e6dccd34882d0699a2ee4a68b87155
3142a7228039d7780617d7b04b7197f19c52e9addbc4c5603ba354f95c14430c
GET /floater?cs=NlQ0cW4DYAFCVg9mAEJcAGEAQ1k&abt=0&red=1&sm=83&k=xfantazy%20tessa%20winters%20letting&v=0.8.13.0&sts=0&prn=1&emb=0&tid=961956&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5edc59d923629346a514272b&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_ZRKS=1669758932482&crc=1 HTTP/1.1
Host: arthwhilearthu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 887
date: Tue, 29 Nov 2022 21:55:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=7f127abb-ceb8-4103-a7d6-e4cc00ffc681
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5e29eae3156522edc7886df59287259c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: qWSAvWIAlpZMbRlJWqtqiSveW_KXdcnyWbx4L0BqfTcYgEn6KgZc1w==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash c4d9bada5f275432ee52bc8e20400dc0
1ffe803d60e7cb74bc9a1e6722950d03a3c342cd
2481c6cb423e76b181e3695eb38787792e9ab9b05cdf83961a74f9adb24c04c4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 15:14:23 GMT
Expires: Tue, 06 Dec 2022 15:14:22 GMT
Etag: "1ffe803d60e7cb74bc9a1e6722950d03a3c342cd"
Cache-Control: max-age=580127,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e969a8b8a1c06-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash c4d9bada5f275432ee52bc8e20400dc0
1ffe803d60e7cb74bc9a1e6722950d03a3c342cd
2481c6cb423e76b181e3695eb38787792e9ab9b05cdf83961a74f9adb24c04c4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 15:14:23 GMT
Expires: Tue, 06 Dec 2022 15:14:22 GMT
Etag: "1ffe803d60e7cb74bc9a1e6722950d03a3c342cd"
Cache-Control: max-age=580127,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e969a89ffb4ee-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash c4d9bada5f275432ee52bc8e20400dc0
1ffe803d60e7cb74bc9a1e6722950d03a3c342cd
2481c6cb423e76b181e3695eb38787792e9ab9b05cdf83961a74f9adb24c04c4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 15:14:23 GMT
Expires: Tue, 06 Dec 2022 15:14:22 GMT
Etag: "1ffe803d60e7cb74bc9a1e6722950d03a3c342cd"
Cache-Control: max-age=580127,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e969a8d15b518-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c7c907e6b4f7400b48dbd691c64c8d84
d552e47576f72311387bb6cebb7baf245ed8cf07
0820efdc8aef46bff2d42a7d41f612026c73332cb1dda4356a9e858c2b81a81a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0820EFDC8AEF46BFF2D42A7D41F612026C73332CB1DDA4356A9E858C2B81A81A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4999
Expires: Tue, 29 Nov 2022 23:18:53 GMT
Date: Tue, 29 Nov 2022 21:55:34 GMT
Connection: keep-alive
reproductiontape.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbs?c=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reproductiontape.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3l0vrgeVvYgoc1SQSXfPTGbGPSyuayQak7i7knN1VfWknOqupqp7ejIghiwse9IJXtRT502yIRrEvQqCTLxIQLAXkRw2ip68eBH2qsxkIPqh6r%2Bq9wve%2B7%2Fu7mSnxEVGT1bf0QOpFJ1rVN3KS2sy5jq3leXbFc%2BtulcrazKer1%2Bt9Ceb6b3quY2q%2B3LlTcG6es53Pdf1XK%2ByII0IdX9uykImh22v2nardb%2FqNerom%2F%2BfbebAUge8d0qeheTlE%2Bs%2FPIBkY8TR1zeE7aY6eeWNKFM01QY9vv9e3I11HiM6h6FxEMb7s2poWxLy6QXoeH%2FmALq3O3GAQJbE%2BcVDEO%2FPZCLo7Z0pDRREjIBfRt4bQ6gxJB2D6TuQ%2FCcCMI7lFcTR%2FWVtcrpxxtIJW5JLj%2F%2BGzEty6dEVxNFX15XsV25plaVSxxb9sIDsjyE7YyTZEdKBA5kfgaVbkPxHMvd4CXG0u2KVhuTF1L2UY8hwDCWGoNZBNlnSQRY6yBIHET%2Bp0EY7dN1mGIS1WqvOGKvVGGu05nmD1%2Bqt0EXGJvKGSJMhmBqCmU0kZhNduV0SsrULk30Hu17Acgc2LYnz7iZ6vEAuCHJLkFOCXBLkKUHeK%2Fa4sr4t7nNls8CbZX%2BWa8VIp50duqfTjojJTnJKnpk256%2BnvkFXnFSoH7bbbui59ea8O%2B%2BxptfmHvMorVFfMO7DygLSXpj6HciSXHn%2BdySTiX3wDwJ6BKuOwOTToNkLoPmo6bug66N6y8UgPuyHNE7pYKPKdASuCyTpJaQbzo46Jc9NdbSP%2F4Bgx9cOPpvE52CmQGIKvC%2B%2FJ%2Bioe6ObOie7N3VuyYOVJJWRHNDJAG%2BlNBUXv3hbbOTa8MUbdnjwGpsQE3h4W9h0icZcxh1LvrwuORdmQRsmyLeLdk0Eq5ldv56ZOEuWVl9fWIwSI6yVOh6DypKQj%2F4EkyV5svvW9HO%2B%2BHMT0oxhsgJRdkxmAanHYMkmbHKu32oCo85rgsRBnhUj4wfnl0qWxP%2F4EZQ4vra9dfDJ5d9%2BBQ0KWPGfh%2Bd4x95Dxzig6R3EUYGeKdBTBagawmYXR2lijq89rE0DgXJGgTLObqCM2j5rsJUnlYZXF62g1WScB4Jxr%2BnXWjXX9TmvN9vCayO1Jbv74cN%2FAQAA%2F%2F8BAAD%2F%2Fyir41F4BAAA
173.233.137.52200 OK 7 B URL HTTP/1.1 reproductiontape.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3l0vrgeVvYgoc1SQSXfPTGbGPSyuayQak7i7knN1VfWknOqupqp7ejIghiwse9IJXtRT502yIRrEvQqCTLxIQLAXkRw2ip68eBH2qsxkIPqh6r%2Bq9wve%2B7%2Fu7mSnxEVGT1bf0QOpFJ1rVN3KS2sy5jq3leXbFc%2BtulcrazKer1%2Bt9Ceb6b3quY2q%2B3LlTcG6es53Pdf1XK%2ByII0IdX9uykImh22v2nardb%2FqNerom%2F%2BfbebAUge8d0qeheTlE%2Bs%2FPIBkY8TR1zeE7aY6eeWNKFM01QY9vv9e3I11HiM6h6FxEMb7s2poWxLy6QXoeH%2FmALq3O3GAQJbE%2BcVDEO%2FPZCLo7Z0pDRREjIBfRt4bQ6gxJB2D6TuQ%2FCcCMI7lFcTR%2FWVtcrpxxtIJW5JLj%2F%2BGzEty6dEVxNFX15XsV25plaVSxxb9sIDsjyE7YyTZEdKBA5kfgaVbkPxHMvd4CXG0u2KVhuTF1L2UY8hwDCWGoNZBNlnSQRY6yBIHET%2Bp0EY7dN1mGIS1WqvOGKvVGGu05nmD1%2Bqt0EXGJvKGSJMhmBqCmU0kZhNduV0SsrULk30Hu17Acgc2LYnz7iZ6vEAuCHJLkFOCXBLkKUHeK%2Fa4sr4t7nNls8CbZX%2BWa8VIp50duqfTjojJTnJKnpk256%2BnvkFXnFSoH7bbbui59ea8O%2B%2BxptfmHvMorVFfMO7DygLSXpj6HciSXHn%2BdySTiX3wDwJ6BKuOwOTToNkLoPmo6bug66N6y8UgPuyHNE7pYKPKdASuCyTpJaQbzo46Jc9NdbSP%2F4Bgx9cOPpvE52CmQGIKvC%2B%2FJ%2Bioe6ObOie7N3VuyYOVJJWRHNDJAG%2BlNBUXv3hbbOTa8MUbdnjwGpsQE3h4W9h0icZcxh1LvrwuORdmQRsmyLeLdk0Eq5ldv56ZOEuWVl9fWIwSI6yVOh6DypKQj%2F4EkyV5svvW9HO%2B%2BHMT0oxhsgJRdkxmAanHYMkmbHKu32oCo85rgsRBnhUj4wfnl0qWxP%2F4EZQ4vra9dfDJ5d9%2BBQ0KWPGfh%2Bd4x95Dxzig6R3EUYGeKdBTBagawmYXR2lijq89rE0DgXJGgTLObqCM2j5rsJUnlYZXF62g1WScB4Jxr%2BnXWjXX9TmvN9vCayO1Jbv74cN%2FAQAA%2F%2F8BAAD%2F%2Fyir41F4BAAA
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3l0vrgeVvYgoc1SQSXfPTGbGPSyuayQak7i7knN1VfWknOqupqp7ejIghiwse9IJXtRT502yIRrEvQqCTLxIQLAXkRw2ip68eBH2qsxkIPqh6r%2Bq9wve%2B7%2Fu7mSnxEVGT1bf0QOpFJ1rVN3KS2sy5jq3leXbFc%2BtulcrazKer1%2Bt9Ceb6b3quY2q%2B3LlTcG6es53Pdf1XK%2ByII0IdX9uykImh22v2nardb%2FqNerom%2F%2BfbebAUge8d0qeheTlE%2Bs%2FPIBkY8TR1zeE7aY6eeWNKFM01QY9vv9e3I11HiM6h6FxEMb7s2poWxLy6QXoeH%2FmALq3O3GAQJbE%2BcVDEO%2FPZCLo7Z0pDRREjIBfRt4bQ6gxJB2D6TuQ%2FCcCMI7lFcTR%2FWVtcrpxxtIJW5JLj%2F%2BGzEty6dEVxNFX15XsV25plaVSxxb9sIDsjyE7YyTZEdKBA5kfgaVbkPxHMvd4CXG0u2KVhuTF1L2UY8hwDCWGoNZBNlnSQRY6yBIHET%2Bp0EY7dN1mGIS1WqvOGKvVGGu05nmD1%2Bqt0EXGJvKGSJMhmBqCmU0kZhNduV0SsrULk30Hu17Acgc2LYnz7iZ6vEAuCHJLkFOCXBLkKUHeK%2Fa4sr4t7nNls8CbZX%2BWa8VIp50duqfTjojJTnJKnpk256%2BnvkFXnFSoH7bbbui59ea8O%2B%2BxptfmHvMorVFfMO7DygLSXpj6HciSXHn%2BdySTiX3wDwJ6BKuOwOTToNkLoPmo6bug66N6y8UgPuyHNE7pYKPKdASuCyTpJaQbzo46Jc9NdbSP%2F4Bgx9cOPpvE52CmQGIKvC%2B%2FJ%2Bioe6ObOie7N3VuyYOVJJWRHNDJAG%2BlNBUXv3hbbOTa8MUbdnjwGpsQE3h4W9h0icZcxh1LvrwuORdmQRsmyLeLdk0Eq5ldv56ZOEuWVl9fWIwSI6yVOh6DypKQj%2F4EkyV5svvW9HO%2B%2BHMT0oxhsgJRdkxmAanHYMkmbHKu32oCo85rgsRBnhUj4wfnl0qWxP%2F4EZQ4vra9dfDJ5d9%2BBQ0KWPGfh%2Bd4x95Dxzig6R3EUYGeKdBTBagawmYXR2lijq89rE0DgXJGgTLObqCM2j5rsJUnlYZXF62g1WScB4Jxr%2BnXWjXX9TmvN9vCayO1Jbv74cN%2FAQAA%2F%2F8BAAD%2F%2Fyir41F4BAAA HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 34b74828d670a477f4784f8b6ec66ed4
Strict-Transport-Security: max-age=0; includeSubdomains
static-cache.k2s.cc/thumbnail/J7vBtCLwmKju_z2f_w/w320h240/0.jpeg
188.72.235.185200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J7vBtCLwmKju_z2f_w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 9a70712414c62227a368474fb488ebd9
2ed96aee058367a08e7698284b7cf91a8dcf000c
3aea4c979b6f6485e89b5ab5ff4bfa1048b6e7c710831240e654269e6ab1981e
GET /thumbnail/J7vBtCLwmKju_z2f_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: image/jpeg
content-length: 14804
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cLmX6STyzKnl-m-S-w/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cLmX6STyzKnl-m-S-w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 75d23d7bfc25c733a13f328f0343be95
b964e5f5493d8f1745cb1bf8c24fb1554bda5281
6a5d8a5cff5a95894943f37e3c77733547e7dd1c1c42116d311d0e34a610f861
GET /thumbnail/cLmX6STyzKnl-m-S-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: image/jpeg
content-length: 11410
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ceTHvHH3ya66rW3G_Q/w320h240/0.jpeg
188.72.235.185200 OK 6.7 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ceTHvHH3ya66rW3G_Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 1c92f9156c98898564bb232cd6437364
2b2fbcd8388eaa5c58e21eb53c16954081181b11
2777c86761a11ac8848f3eab61a543bafdfb333357a1437b8f498b5ff7c29721
GET /thumbnail/ceTHvHH3ya66rW3G_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: image/jpeg
content-length: 6742
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I-yS7iKvzPvoqjvF_w/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I-yS7iKvzPvoqjvF_w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 739e17a0ae53dc3dec4a81e292ae5569
90a425d71ddfa49a96b232ab81a2e29d609c5ec2
fc9f896e28f1c1476a91ee1c34133fc97c1861f6d6992a5695722c175972288f
GET /thumbnail/I-yS7iKvzPvoqjvF_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: image/jpeg
content-length: 11560
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I7iWvyenzv_kqzmU-g/w320h240/0.jpeg
188.72.235.185200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I7iWvyenzv_kqzmU-g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 46e8e4a60bffaecc52a95107a795cd9d
af419b23e6192e020ca8f165f6493ac01b5dc006
c70601aa6de5efc1ce6136ef5fd6ae3257e0109a58dd6cbbdc94f984af771569
GET /thumbnail/I7iWvyenzv_kqzmU-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: image/jpeg
content-length: 12709
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JezB63aiwvzv8T-R-Q/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JezB63aiwvzv8T-R-Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 6f5db8d8e9afcd3ec8c5a66461420556
80bee39250480b917c2297bb17ff53f0d9a28a88
1176b30f8932320a7dab2c5d0319000dc19d82767bc6dd69274262b3b68d67b8
GET /thumbnail/JezB63aiwvzv8T-R-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: image/jpeg
content-length: 11106
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash c4d9bada5f275432ee52bc8e20400dc0
1ffe803d60e7cb74bc9a1e6722950d03a3c342cd
2481c6cb423e76b181e3695eb38787792e9ab9b05cdf83961a74f9adb24c04c4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 15:14:23 GMT
Expires: Tue, 06 Dec 2022 15:14:22 GMT
Etag: "1ffe803d60e7cb74bc9a1e6722950d03a3c342cd"
Cache-Control: max-age=580127,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e969a8ea31bfa-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash c4d9bada5f275432ee52bc8e20400dc0
1ffe803d60e7cb74bc9a1e6722950d03a3c342cd
2481c6cb423e76b181e3695eb38787792e9ab9b05cdf83961a74f9adb24c04c4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 15:14:23 GMT
Expires: Tue, 06 Dec 2022 15:14:22 GMT
Etag: "1ffe803d60e7cb74bc9a1e6722950d03a3c342cd"
Cache-Control: max-age=580127,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e969a9b81b512-OSL
static-cache.k2s.cc/thumbnail/JenFuCOgyqnk_DuQ-A/w320h240/0.jpeg
188.72.235.185200 OK 9.8 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JenFuCOgyqnk_DuQ-A/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 2fce097b29f95f6bd40257b55bbeee71
d63732f713bd348dd91efc3a002930254953ad62
829e893c3ec40992e9c9de2cd58f0415d6f243e574c349530622c25f2a19003d
GET /thumbnail/JenFuCOgyqnk_DuQ-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: image/jpeg
content-length: 9848
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d76a7n6nzv_v8T2T9w/w320h240/0.jpeg
188.72.235.185200 OK 9.5 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d76a7n6nzv_v8T2T9w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 00837482181a77aaa84093b1123599ca
6c9c06ead40437f040567771ed9f5d40325ed24c
8a18e7b0db16e86d1a6f12d7d7fb5c3739784531f04e49bf7eec1c6266648b5f
GET /thumbnail/d76a7n6nzv_v8T2T9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: image/jpeg
content-length: 9493
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
reproductiontape.com/impr.gif?sid=H4sIAAAAAAAC%2F1RS32tcRRue0%2FaDD6ug0hsv1MUbFWRzfuwmuy0SrDUlGJPYVnI9Z2bO7pjZM4eZc%2FZs1ouGFEouRDd44%2BXJs0lDtRR7541QNr2RgNDTC8lFo%2F4NQq9lNwvRF2beZ%2BZ5B57nfefubnZCXGT0ePUz3ZdK0Zl61a28tyZjrnNbWb5V8dyqe6WyJuPZ2pVKb7yZ7mXPrVfd9yvXBVvXM77rua7nepUFaUSkezMTFjJ50PSqTbda86tevYae%2Be%2FZZg4sdcC7J%2BR1SF7%2Br%2F3rI0g2Qtz56Zqw66lOPvikkymaaoMuP%2FgiXo91HqNzBiPjIIoPptXQtiTk%2B3PQ8cHUAXR3b%2BwAoSyJ87uHMD6YykTY3T9VGiqIGCG%2FiLw7glAjSDoC03cg%2BVMCMI7lFcSde8va5HTjlKVjtiQXXvwNmZfkwvNLiDsPryrZq9zUKkulji16UQHZG0G2RkiyQ6R9BzI%2FBEu3IPlvZObFEuLO3opVGpIXE%2FdSjiCjEZQYgFoH2XhJB1nkIEscdPhxhdabkevORWEUBI0aYywIGKs3ZnmdB7VG5CJjY3kDpMkATA3AzCYSs4l1uVMSsrUHkz2GbRew3IFNS%2BJ8vokuL5ALgtwS5JQglwR5SpB3i32urG%2BLe1zZLPSm2Z%2FmoBjqtLVL93XaEjHZTU7Ia%2BPmOK%2Fcfhfr4rjie5EImnU3qnm%2BcP1ZFgSRF84yIWa9QIQUVhaQ9tzEb1%2BW5K36RSSyJP%2Bff4yQHsKqQzD5Kmj2Jmg%2BnPNd0Paw1nDRj3%2BOaZoZqtqCqrRtdWaYqDKVheC6QJJeQLrh7KoT8sZkYJc%2FfBmCHc0%2F6f91%2FeGlr8BMgcQU%2BFI%2BIWip7eENnZO9Gzq35NFKksqO7NPxMG%2BmNBXnf%2FhUbOTa8MVrdnD%2FIzYmxvDBLWHTJRpzGbcs%2BfGq5FyYBW2YIL8s2jURrma2fTUzcZYsrX68sNhJjLBW6ngEKp%2Far8FkSV7a%2FmbyTd9%2BJ4Y0I5isQCc7ItOA1COwZBM2OVNvNYFRZzVh4iDPiqHxw7NLJUvif%2FscShzN72zd%2F%2B7in3%2BAhgWs%2BNfDM7xrt9EyDmh6B3GnQNcU6KoCVA1gs%2FPDNDFH88%2BCSSBUzjBUxtkLlVE7p%2B218rhS92qiETbmGOehYNyb84NG4Lo%2B57W5pvCaSG3J7t5%2B9g8AAAD%2F%2FwEAAP%2F%2FzCWUkYIEAAA%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 reproductiontape.com/impr.gif?sid=H4sIAAAAAAAC%2F1RS32tcRRue0%2FaDD6ug0hsv1MUbFWRzfuwmuy0SrDUlGJPYVnI9Z2bO7pjZM4eZc%2FZs1ouGFEouRDd44%2BXJs0lDtRR7541QNr2RgNDTC8lFo%2F4NQq9lNwvRF2beZ%2BZ5B57nfefubnZCXGT0ePUz3ZdK0Zl61a28tyZjrnNbWb5V8dyqe6WyJuPZ2pVKb7yZ7mXPrVfd9yvXBVvXM77rua7nepUFaUSkezMTFjJ50PSqTbda86tevYae%2Be%2FZZg4sdcC7J%2BR1SF7%2Br%2F3rI0g2Qtz56Zqw66lOPvikkymaaoMuP%2FgiXo91HqNzBiPjIIoPptXQtiTk%2B3PQ8cHUAXR3b%2BwAoSyJ87uHMD6YykTY3T9VGiqIGCG%2FiLw7glAjSDoC03cg%2BVMCMI7lFcSde8va5HTjlKVjtiQXXvwNmZfkwvNLiDsPryrZq9zUKkulji16UQHZG0G2RkiyQ6R9BzI%2FBEu3IPlvZObFEuLO3opVGpIXE%2FdSjiCjEZQYgFoH2XhJB1nkIEscdPhxhdabkevORWEUBI0aYywIGKs3ZnmdB7VG5CJjY3kDpMkATA3AzCYSs4l1uVMSsrUHkz2GbRew3IFNS%2BJ8vokuL5ALgtwS5JQglwR5SpB3i32urG%2BLe1zZLPSm2Z%2FmoBjqtLVL93XaEjHZTU7Ia%2BPmOK%2Fcfhfr4rjie5EImnU3qnm%2BcP1ZFgSRF84yIWa9QIQUVhaQ9tzEb1%2BW5K36RSSyJP%2Bff4yQHsKqQzD5Kmj2Jmg%2BnPNd0Paw1nDRj3%2BOaZoZqtqCqrRtdWaYqDKVheC6QJJeQLrh7KoT8sZkYJc%2FfBmCHc0%2F6f91%2FeGlr8BMgcQU%2BFI%2BIWip7eENnZO9Gzq35NFKksqO7NPxMG%2BmNBXnf%2FhUbOTa8MVrdnD%2FIzYmxvDBLWHTJRpzGbcs%2BfGq5FyYBW2YIL8s2jURrma2fTUzcZYsrX68sNhJjLBW6ngEKp%2Far8FkSV7a%2FmbyTd9%2BJ4Y0I5isQCc7ItOA1COwZBM2OVNvNYFRZzVh4iDPiqHxw7NLJUvif%2FscShzN72zd%2F%2B7in3%2BAhgWs%2BNfDM7xrt9EyDmh6B3GnQNcU6KoCVA1gs%2FPDNDFH88%2BCSSBUzjBUxtkLlVE7p%2B218rhS92qiETbmGOehYNyb84NG4Lo%2B57W5pvCaSG3J7t5%2B9g8AAAD%2F%2FwEAAP%2F%2FzCWUkYIEAAA%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RS32tcRRue0%2FaDD6ug0hsv1MUbFWRzfuwmuy0SrDUlGJPYVnI9Z2bO7pjZM4eZc%2FZs1ouGFEouRDd44%2BXJs0lDtRR7541QNr2RgNDTC8lFo%2F4NQq9lNwvRF2beZ%2BZ5B57nfefubnZCXGT0ePUz3ZdK0Zl61a28tyZjrnNbWb5V8dyqe6WyJuPZ2pVKb7yZ7mXPrVfd9yvXBVvXM77rua7nepUFaUSkezMTFjJ50PSqTbda86tevYae%2Be%2FZZg4sdcC7J%2BR1SF7%2Br%2F3rI0g2Qtz56Zqw66lOPvikkymaaoMuP%2FgiXo91HqNzBiPjIIoPptXQtiTk%2B3PQ8cHUAXR3b%2BwAoSyJ87uHMD6YykTY3T9VGiqIGCG%2FiLw7glAjSDoC03cg%2BVMCMI7lFcSde8va5HTjlKVjtiQXXvwNmZfkwvNLiDsPryrZq9zUKkulji16UQHZG0G2RkiyQ6R9BzI%2FBEu3IPlvZObFEuLO3opVGpIXE%2FdSjiCjEZQYgFoH2XhJB1nkIEscdPhxhdabkevORWEUBI0aYywIGKs3ZnmdB7VG5CJjY3kDpMkATA3AzCYSs4l1uVMSsrUHkz2GbRew3IFNS%2BJ8vokuL5ALgtwS5JQglwR5SpB3i32urG%2BLe1zZLPSm2Z%2FmoBjqtLVL93XaEjHZTU7Ia%2BPmOK%2Fcfhfr4rjie5EImnU3qnm%2BcP1ZFgSRF84yIWa9QIQUVhaQ9tzEb1%2BW5K36RSSyJP%2Bff4yQHsKqQzD5Kmj2Jmg%2BnPNd0Paw1nDRj3%2BOaZoZqtqCqrRtdWaYqDKVheC6QJJeQLrh7KoT8sZkYJc%2FfBmCHc0%2F6f91%2FeGlr8BMgcQU%2BFI%2BIWip7eENnZO9Gzq35NFKksqO7NPxMG%2BmNBXnf%2FhUbOTa8MVrdnD%2FIzYmxvDBLWHTJRpzGbcs%2BfGq5FyYBW2YIL8s2jURrma2fTUzcZYsrX68sNhJjLBW6ngEKp%2Far8FkSV7a%2FmbyTd9%2BJ4Y0I5isQCc7ItOA1COwZBM2OVNvNYFRZzVh4iDPiqHxw7NLJUvif%2FscShzN72zd%2F%2B7in3%2BAhgWs%2BNfDM7xrt9EyDmh6B3GnQNcU6KoCVA1gs%2FPDNDFH88%2BCSSBUzjBUxtkLlVE7p%2B218rhS92qiETbmGOehYNyb84NG4Lo%2B57W5pvCaSG3J7t5%2B9g8AAAD%2F%2FwEAAP%2F%2FzCWUkYIEAAA%3D HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2f37b9690b804a47b86ea7771067d983
Strict-Transport-Security: max-age=0; includeSubdomains
reproductiontape.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbs?c=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.3 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash e6988413f544fa796800d516410f8923
582d4f62d2ad80a4e73880fbaa575ab87bd1da19
a749e4e7a99cd12c683661f45b7103c9f34a544af8ed74ff9bf2d02c7db37e3f
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pSNQ66KIKXOvDw7qitgP
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/master.spot.js
8.254.252.214200 OK 13 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/master.spot.js
IP 8.254.252.214:0
File type ASCII text, with very long lines (28267)
Hash 2302d49bf491a9778085df04b4da3cf0
5ef4ce33d0fd46d9c5d399ed7f15f0d9031a92ad
0591e83eaf13b272e80594297303e0435272faed43520f07773da71e989c4135
GET /sdk/v1/master.spot.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: application/javascript
content-length: 12771
last-modified: Wed, 23 Nov 2022 12:53:01 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"637e17ad-890f"
age: 550266
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/master.spot.js
8.254.252.214304 Not Modified 0 B URL HTTP/2 cdn.tsyndicate.com/sdk/v1/master.spot.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/master.spot.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 23 Nov 2022 12:53:01 GMT
If-None-Match: W/"637e17ad-890f"
TE: trailers
HTTP/2 304 Not Modified
date: Tue, 29 Nov 2022 21:55:34 GMT
last-modified: Wed, 23 Nov 2022 12:53:01 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"637e17ad-890f"
age: 550266
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/master.spot.js
8.254.252.214304 Not Modified 0 B URL HTTP/2 cdn.tsyndicate.com/sdk/v1/master.spot.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/master.spot.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 23 Nov 2022 12:53:01 GMT
If-None-Match: W/"637e17ad-890f"
TE: trailers
HTTP/2 304 Not Modified
date: Tue, 29 Nov 2022 21:55:34 GMT
last-modified: Wed, 23 Nov 2022 12:53:01 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"637e17ad-890f"
age: 550266
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1465), with no line terminators
Hash 11ed44d8fe62275125427829b2a0c078
68fa4412096d6922bef2c4550d20ab91bef7120f
a23b8e459fc0a467be66afe7e76836e3bcc7d110dd8f00d5e08d97d46ce75ac0
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263867fd69498b3.39647552813068210%22%3B%7D; expires=Thu, 28-Nov-2024 21:55:34 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1462), with no line terminators
Hash 85114314570d9f4bc6f968dd5dcc2f3a
d5922a8a95e45ddbf0c607e9761a39f198890982
8b56cc6278c359bb469f105c53f8e28d16634a1bc0504ba8f8a184430ec577d6
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263867fd6946037.887052551222918335%22%3B%7D; expires=Thu, 28-Nov-2024 21:55:34 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 5.3 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, Unicode text, UTF-8 text, with very long lines (1644)
Hash f81bd64a2c96d210a8d835a78e63dc3e
f66adfea420a9059ae8408b68e2638e890e2dedb
32f0bdcbbbbcdf066abe484960253f2e5207f8c14209ffd5f3351fd75268001f
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pSNQ66KIKXOvDw7qitgP
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1469), with no line terminators
Hash 40279a9830361215992b57d2350a7214
ed98e9ce9e8c6b1df9d22abd2df6d6b8bd1a1ca4
c5e1712dfc707b83ae285c84a0fccd3f97184989c00bfa10dade518023d33091
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263867fd6949b89.31434687735365594%22%3B%7D; expires=Thu, 28-Nov-2024 21:55:34 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1461), with no line terminators
Hash 1a546766db8a636139d65f89ab3d0fe7
c39a33edf030010cc8d84978d6a15d9bb60b5c33
a78ec54a1915bde9d7f01906ee51c10e8fb2fc41627c19417d6f9d4f721af409
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263867fd69bef37.947111924111559487%22%3B%7D; expires=Thu, 28-Nov-2024 21:55:34 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash cf621a2c658ca82c452d69f85bdadf90
a8311a6ede1c0c84749340078fb899e40ad68030
c91a617756a469d7c8db9646d809699d0967043547213e8aca0059adcf5434e5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 17:56:30 GMT
Expires: Mon, 05 Dec 2022 17:56:29 GMT
Etag: "a8311a6ede1c0c84749340078fb899e40ad68030"
Cache-Control: max-age=503454,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e969d4e90b4ee-OSL
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.9 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 3cbc7993ea4828864058facc160539b8
57227f6f39befcd6ff677fd8e9f277add8a425de
3b0fa49f498a831f3079aa50f423f2cad6190708ae59fa944230857ca9694544
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pSNQ66KIKXOvDw7qitgP
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDMQz8lf7AGr0sWTk31xZS8gHeFzmEFJIspKCPr3dTcqsGwWgk2SMCog6xI39D3eW8YwnH5JCEEmaJj89DCMal3pdrPZ+mer6fbt/LdZjScF76YHOjEllVXMMNgDXEimZvKrRkVrYSlk2pYGtCcEADZRZZWQLAKBD74yGOX+9NcC0UGBQM8KAMja9G1l1pHB7rvs4jmFmuygxe2W2ASYRGzeozz+tg1PSvdXgigQJvn/0JwShMQtHhq5BoAbG16+3nMkS8xp/I2wPNtchqt90+2GxoI9beoWqebYKBS8XSi/fTL21csvF6AQAA
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDMQz8lf7AGr0sWTk31xZS8gHeFzmEFJIspKCPr3dTcqsGwWgk2SMCog6xI39D3eW8YwnH5JCEEmaJj89DCMal3pdrPZ+mer6fbt/LdZjScF76YHOjEllVXMMNgDXEimZvKrRkVrYSlk2pYGtCcEADZRZZWQLAKBD74yGOX+9NcC0UGBQM8KAMja9G1l1pHB7rvs4jmFmuygxe2W2ASYRGzeozz+tg1PSvdXgigQJvn/0JwShMQtHhq5BoAbG16+3nMkS8xp/I2wPNtchqt90+2GxoI9beoWqebYKBS8XSi/fTL21csvF6AQAA
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDMQz8lf7AGr0sWTk31xZS8gHeFzmEFJIspKCPr3dTcqsGwWgk2SMCog6xI39D3eW8YwnH5JCEEmaJj89DCMal3pdrPZ+mer6fbt/LdZjScF76YHOjEllVXMMNgDXEimZvKrRkVrYSlk2pYGtCcEADZRZZWQLAKBD74yGOX+9NcC0UGBQM8KAMja9G1l1pHB7rvs4jmFmuygxe2W2ASYRGzeozz+tg1PSvdXgigQJvn/0JwShMQtHhq5BoAbG16+3nMkS8xp/I2wPNtchqt90+2GxoI9beoWqebYKBS8XSi/fTL21csvF6AQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263867fd6946037.887052551222918335%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263867fd6946037.887052551222918335%22%3B%7D; expires=Thu, 28 Nov 2024 21:55:34 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263867fd6946037.887052551222918335%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 28 Nov 2024 21:55:34 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOS2pDMQy8Si+Qh/62s263LaTkAH6OQxahhXwghTl8/ZKSXTWbkUYjjZDIinkl5YVj7b5WQ+Gp0GQysRvePzYwxle9XE/1eOj1eDmcv6+n1qd2vM7QVJJkeISVQElEGrCUI4jgNBTV0JSRPIVkHiJBQQPiarawiYiRCW/bDbafr2NQIgsYAiW6idPgS5DFa4PTbfE773rLPXV21yTVWs2dtCVJdb93XRZRp3+j0wMThd9//fVQNhUTrPjZGEYR7nI9/3w14Ln+gN8PjNBmS1pk9phbjNJdkM0ld5/Z2l6DODh+AeqmUdJ5AQAA
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOS2pDMQy8Si+Qh/62s263LaTkAH6OQxahhXwghTl8/ZKSXTWbkUYjjZDIinkl5YVj7b5WQ+Gp0GQysRvePzYwxle9XE/1eOj1eDmcv6+n1qd2vM7QVJJkeISVQElEGrCUI4jgNBTV0JSRPIVkHiJBQQPiarawiYiRCW/bDbafr2NQIgsYAiW6idPgS5DFa4PTbfE773rLPXV21yTVWs2dtCVJdb93XRZRp3+j0wMThd9//fVQNhUTrPjZGEYR7nI9/3w14Ln+gN8PjNBmS1pk9phbjNJdkM0ld5/Z2l6DODh+AeqmUdJ5AQAA
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VOS2pDMQy8Si+Qh/62s263LaTkAH6OQxahhXwghTl8/ZKSXTWbkUYjjZDIinkl5YVj7b5WQ+Gp0GQysRvePzYwxle9XE/1eOj1eDmcv6+n1qd2vM7QVJJkeISVQElEGrCUI4jgNBTV0JSRPIVkHiJBQQPiarawiYiRCW/bDbafr2NQIgsYAiW6idPgS5DFa4PTbfE773rLPXV21yTVWs2dtCVJdb93XRZRp3+j0wMThd9//fVQNhUTrPjZGEYR7nI9/3w14Ln+gN8PjNBmS1pk9phbjNJdkM0ld5/Z2l6DODh+AeqmUdJ5AQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263867fd6946037.887052551222918335%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263867fd6946037.887052551222918335%22%3B%7D; expires=Thu, 28 Nov 2024 21:55:34 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263867fd6946037.887052551222918335%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 28 Nov 2024 21:55:34 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo7+es263LaTkALbjkEVoIR9IQYevnZTsqtmMNPqMCIhWiCvKL2hr1TVLZEwZklBClXj/2IRgfJXL9VSOh16Ol8P5+3pqPbXjtQZ7dlpCzSRbZAdgC/HFDCAUhsJs7Eu4utGCQ4TggAFSFpksAWAsEG/bTWw/X0ch20KBQcEAN1IYfBqZszI43Ob8zjqjo+Rutbbsxart3EuRuh+cZ2OU9K91eCCBjQfnsb9CMAqTUKzwmUiMgLjL5fzz1SKe7Q/ofcFwLTLthnbpvTVt4lX7zpC8dy81Zy17VvwFC1h6THoBAAA=
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo7+es263LaTkALbjkEVoIR9IQYevnZTsqtmMNPqMCIhWiCvKL2hr1TVLZEwZklBClXj/2IRgfJXL9VSOh16Ol8P5+3pqPbXjtQZ7dlpCzSRbZAdgC/HFDCAUhsJs7Eu4utGCQ4TggAFSFpksAWAsEG/bTWw/X0ch20KBQcEAN1IYfBqZszI43Ob8zjqjo+Rutbbsxart3EuRuh+cZ2OU9K91eCCBjQfnsb9CMAqTUKzwmUiMgLjL5fzz1SKe7Q/ofcFwLTLthnbpvTVt4lX7zpC8dy81Zy17VvwFC1h6THoBAAA=
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo7+es263LaTkALbjkEVoIR9IQYevnZTsqtmMNPqMCIhWiCvKL2hr1TVLZEwZklBClXj/2IRgfJXL9VSOh16Ol8P5+3pqPbXjtQZ7dlpCzSRbZAdgC/HFDCAUhsJs7Eu4utGCQ4TggAFSFpksAWAsEG/bTWw/X0ch20KBQcEAN1IYfBqZszI43Ob8zjqjo+Rutbbsxart3EuRuh+cZ2OU9K91eCCBjQfnsb9CMAqTUKzwmUiMgLjL5fzz1SKe7Q/ofcFwLTLthnbpvTVt4lX7zpC8dy81Zy17VvwFC1h6THoBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263867fd6948435.387245911637445777%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 21:55:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263867fd6948435.387245911637445777%22%3B%7D; expires=Thu, 28 Nov 2024 21:55:34 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263867fd6948435.387245911637445777%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 28 Nov 2024 21:55:34 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/css/animate.css
172.64.108.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/css/animate.css
IP 172.64.108.13:0
Hash 62a2d711ae50c50c81df83d2fb643ad8
91dce573e37a833d3ad08391fb708155b6a62af5
afb1445a556a687d5b1af9ad91739f7e45700017670e7ccefe7f080cc2047fe6
GET /sb/ssp/utility/social-media/whatsapp/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1238144
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6IiphDFa%2F8DppPR1UoCrhQhUu7PMp408Hm312R5e4By0zY0%2F1nOFXem0U3I7eb1w7rfxghuvd4v15ZiYIKSwAfjOoDD876Qg%2BMWNnDW63%2BPim3SuAp%2B5UmbdUvGLma5chkgGAK60Skow"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e9696aae47447-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/js/script.js
172.64.108.13200 OK 230 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/js/script.js
IP 172.64.108.13:0
Hash 944979fc0da28ba128232ebfd313d971
df2a3b41d264dc0109885285502e051b5becb39c
9cc8c594514a9cb2a3d3bc225a4a39ae6f09f4628b524207535f771f920bdb33
GET /sb/ssp/utility/social-media/whatsapp/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1238144
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XPDcsvOh5h7qn%2Bi1XUB85%2FPaA7Fx3fnsZsf%2B7auPm%2Fv9o0tGnWKuzPThAx4nnv%2B%2BGuQly1m0SgPKYS8RhMkdQGsFkRCN%2FkiY70gYmSCUuxJgqfSXZOPaBG%2Fy0ODK3MvFuFOP0xfCJNVx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e9696aae07447-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/379728/e4f1be041510ae6126c9c59fcaa312da299ef8cb.webp
185.76.9.14200 OK 25 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/379728/e4f1be041510ae6126c9c59fcaa312da299ef8cb.webp
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9810eb98c65abe98afab4610f227f28e
e4f1be041510ae6126c9c59fcaa312da299ef8cb
948c917d548a5b9a8af87add54a87e080d4c38ae71a96329fff68da64d8256ac
GET /library/379728/e4f1be041510ae6126c9c59fcaa312da299ef8cb.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: image/webp
content-length: 24924
last-modified: Thu, 16 Jun 2022 09:31:47 GMT
etag: "62aaf883-615c"
expires: Tue, 29 Aug 2023 12:12:59 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1693312955
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1NSQ//m8t5AA
x-77-nzt-ray: c0a4cc2832e4ac21d67f866343b1d432
x-cache: HIT
x-age: 7981979
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
142.250.74.35200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 12:29:21 GMT
expires: Fri, 24 Nov 2023 12:29:21 GMT
cache-control: public, max-age=31536000
age: 465973
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f54e2da19cb0973c888f9e514176764d
4981f0709423db7c1df0030deab7d37836a74e14
b1f92cb7c5a840f2cd8eae510fffefcaf28035997e8c5a57bcaabfcd834e64bb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5529
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:35 GMT
Last-Modified: Tue, 29 Nov 2022 20:23:26 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15443
Expires: Wed, 30 Nov 2022 02:12:58 GMT
Date: Tue, 29 Nov 2022 21:55:35 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f54e2da19cb0973c888f9e514176764d
4981f0709423db7c1df0030deab7d37836a74e14
b1f92cb7c5a840f2cd8eae510fffefcaf28035997e8c5a57bcaabfcd834e64bb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5529
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:35 GMT
Last-Modified: Tue, 29 Nov 2022 20:23:26 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15443
Expires: Wed, 30 Nov 2022 02:12:58 GMT
Date: Tue, 29 Nov 2022 21:55:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15443
Expires: Wed, 30 Nov 2022 02:12:58 GMT
Date: Tue, 29 Nov 2022 21:55:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15443
Expires: Wed, 30 Nov 2022 02:12:58 GMT
Date: Tue, 29 Nov 2022 21:55:35 GMT
Connection: keep-alive
static-cache.k2s.cc/thumbnail/JeWbvCKgyPjvqj7BrQ/w320h240/0.jpeg
188.72.235.185404 Not Found 23 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JeWbvCKgyPjvqj7BrQ/w320h240/0.jpeg
IP 188.72.235.185:0
Hash 79f4b3575bfe190ec969dae42b715f22
29a2a70cb3ea3127a9a11f24bbe1e8b28259edaf
b7b5ec9203187a97cb1a2e17e84c4fa68d21bdc7307d7870048b0d9cd52a2558
GET /thumbnail/JeWbvCKgyPjvqj7BrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: openresty
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: application/json
access-control-allow-origin: *
X-Firefox-Spdy: h2
adxadserv.com/ascripts/gcr.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/gcr.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (48738)
Hash 4bcc622fafa6d39f3d41ee9e46b585f5
f4870a326a8c0f449cbcd79673406ac1d5e6f6c8
c7ef60433000d6807163ee4643bd7774e783e4d0711513d134ae008f04f4a8e9
GET /ascripts/gcr.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 16 Dec 2021 16:04:11 GMT
ETag: W/"61bb637b-1434f"
Expires: Wed, 30 Nov 2022 08:33:12 GMT
Cache-Control: max-age=86400, public
X-77-NZT: Abk73hFlk5P/D7wAAA
X-77-NZT-Ray: f4787b27ce5c5648d77f866312664707
X-Cache: HIT
X-Age: 48143
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
cams.gratis/banner/300x250.php?site=xfanta
172.64.106.26200 OK 1.4 kB URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.106.26:0
Hash 791e69b27e714724884c0ff4642945c3
1cf790e87307316f15dcba77aede656d0ad1fefe
2c5419913359e7a34ca4097bcd6c466432189ddbee203d137648ecf1065767a1
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PgeyuucidxoaFeNX3wgf0Fif9dKjzxGmQk2u%2BcfAO41igkPq5WmeamuxH6cRS9ijSUqpp5VrdLbZFduaPBsUsh3xVWYoFCjQhk6pvHv3beAEsnm8iaELjDFJXHd94A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e969fdeb876c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f04bddedc7da1b072da78e0d6dc0f86a
902d8de2b573ad545e0ed7a5943215b9f16e0240
4d2ed7ebbcafd992622f9f0d40f559e29f33eaa3be1d1a186b945372681d26f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1577
Cache-Control: max-age=170751
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:35 GMT
Etag: "638671ad-117"
Expires: Thu, 01 Dec 2022 21:21:26 GMT
Last-Modified: Tue, 29 Nov 2022 20:55:09 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669758933583&t_i=1669758933959&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=fb1eaad4-aa58-4325-afa1-dac44868f1b3&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=8cddadaf-7030-11ed-a3c4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1669758933959&fpid=&feid_sa=1669758933959&sid_sa=1669758933959&feid=382f5855d42afac26b1fa158acc35ab1&sid=556a76cf9941872d6d95e4f1cacd554e&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.301
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669758933583&t_i=1669758933959&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=fb1eaad4-aa58-4325-afa1-dac44868f1b3&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=8cddadaf-7030-11ed-a3c4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1669758933959&fpid=&feid_sa=1669758933959&sid_sa=1669758933959&feid=382f5855d42afac26b1fa158acc35ab1&sid=556a76cf9941872d6d95e4f1cacd554e&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.301
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669758933583&t_i=1669758933959&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=fb1eaad4-aa58-4325-afa1-dac44868f1b3&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=8cddadaf-7030-11ed-a3c4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1669758933959&fpid=&feid_sa=1669758933959&sid_sa=1669758933959&feid=382f5855d42afac26b1fa158acc35ab1&sid=556a76cf9941872d6d95e4f1cacd554e&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.301 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Length: 0
Connection: keep-alive
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 29 Nov 2022 21:55:35 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7nToRsEVqPWQBW; SameSite=None; Secure; path=/; expires=Wed, 30-Nov-22 20:55:35 GMT; HttpOnly
server: cloudflare
cf-ray: 771e96a17d45b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e08d591fdfeacb411c36ea2e5c853a4e
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8690a15483aba8cddee46283bde7e37e
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 72d0070916838df0c19f09fd95384592
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=dfe350ea-46fc-47c9-9dd7-c738d31c993c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9049e531f242f1d7a009bad9bf1e6720
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=323452,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e96a1e8c0b512-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.210200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.210:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=9c761fc4-4899-480e-b79c-46215deeea04; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 23024672
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f04bddedc7da1b072da78e0d6dc0f86a
902d8de2b573ad545e0ed7a5943215b9f16e0240
4d2ed7ebbcafd992622f9f0d40f559e29f33eaa3be1d1a186b945372681d26f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1577
Cache-Control: max-age=170751
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:35 GMT
Etag: "638671ad-117"
Expires: Thu, 01 Dec 2022 21:21:26 GMT
Last-Modified: Tue, 29 Nov 2022 20:55:09 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.210304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=f68d0436-673c-4a86-9154-db4476eec16f; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Tue, 29 Nov 2022 21:55:35 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 23024672
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=323452,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e96a1ee73b4ee-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.210304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=f68d0436-673c-4a86-9154-db4476eec16f; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Tue, 29 Nov 2022 21:55:35 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 23024672
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.210304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=f68d0436-673c-4a86-9154-db4476eec16f; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Tue, 29 Nov 2022 21:55:35 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 23024672
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
104.18.59.150200 OK 310 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP 104.18.59.150:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b7b5d7ece0e432076aa1f55df57ec0ba
286bf9e2d5610e24a70f64cbcf64047cdc55c3a1
a1525585b4548183b6ae7c58c9eb53b7e61a2292793cd302b98272069f64efb3
GET /widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: text/html
last-modified: Wed, 16 Nov 2022 07:56:27 GMT
expires: Tue, 29 Nov 2022 21:55:26 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 10
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e96a20dfeb506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 22a78101cb7948836e30bd8fb6ac1e91
320e36a7fb5ebf4c118334e5629c4325ef1ffe8f
49e021274b13d426bf7c43c4cdbbd0adc5da5e17e6732865ebba2a6827be7544
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3638
Cache-Control: max-age=98255
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:35 GMT
Etag: "63854e71-13a"
Expires: Thu, 01 Dec 2022 01:13:10 GMT
Last-Modified: Tue, 29 Nov 2022 00:12:33 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 314
tsyndicate.com/do2/gtpedNcWKkqbcJr5gX4hNBaeGvryR5tY/master?w=1280&h=1024&tz=0&count=5
136.243.130.121200 OK 2.9 kB URL HTTP/2 tsyndicate.com/do2/gtpedNcWKkqbcJr5gX4hNBaeGvryR5tY/master?w=1280&h=1024&tz=0&count=5
IP 136.243.130.121:0
ASN #24940 Hetzner Online GmbH
Hash 640fc61a24d65bda1ca370cb6546ab5d
1c0f6d359c5b4d56e852f9f6bc22437b137098b2
c6a918561b15b440b66796b6c391da9db0f10c5cfafde679adeed5fee5106991
GET /do2/gtpedNcWKkqbcJr5gX4hNBaeGvryR5tY/master?w=1280&h=1024&tz=0&count=5 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.naturalhealthsource.club
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 7b12af2edbc75aa3
set-cookie: ts_uid=9c761fc4-4899-480e-b79c-46215deeea04; expires=Mon, 29 May 2023 21:55:35 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg; expires=Wed, 30 Nov 2022 21:55:35 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=323452,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e96a1ea021bfa-OSL
ocsp.digicert.com/
93.184.220.29200 OK 1.1 kB IP 93.184.220.29:0
File type gzip compressed data, max compression\012- data
Hash b8145bccc5fe39c8da460dd0731e44cf
9edb914be17bf983e5de2da837b3188a258e696e
ff83d6bac23b298dce2edcc07750a668a41d7e421766403bc4cf48143d5da0d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5619
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:35 GMT
Etag: "638651bf-37"
Last-Modified: Tue, 29 Nov 2022 18:38:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 312
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=323452,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e96a1ecc91c06-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=323452,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771e96a1eb06b518-OSL
adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669758933583&t_i=1669758933958&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=e578a3cd-7a7f-4f57-981a-841ec71943fd&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=e2a368ac520d68e752a8399eb5c3df34&sid=d7f30bf8b670f33f32700a8532e5e8ca&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%228cddadaf-7030-11ed-a3c4-e25a5bb9767f%22%7D&t_op=0.646&cb=gl.cb.pv
185.98.53.29200 OK 65 B URL HTTP/1.1 adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669758933583&t_i=1669758933958&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=e578a3cd-7a7f-4f57-981a-841ec71943fd&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=e2a368ac520d68e752a8399eb5c3df34&sid=d7f30bf8b670f33f32700a8532e5e8ca&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%228cddadaf-7030-11ed-a3c4-e25a5bb9767f%22%7D&t_op=0.646&cb=gl.cb.pv
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 5e10177cf0eb069a5da2530779edb181
6472de6bf4d58f30bccd65e2741aff27d059aef0
ef52942e01d0582398e3e94ed77c6649d2af3cee1f7c2c52058b59f86aa4bc1c
GET /t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669758933583&t_i=1669758933958&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=e578a3cd-7a7f-4f57-981a-841ec71943fd&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=e2a368ac520d68e752a8399eb5c3df34&sid=d7f30bf8b670f33f32700a8532e5e8ca&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%228cddadaf-7030-11ed-a3c4-e25a5bb9767f%22%7D&t_op=0.646&cb=gl.cb.pv HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: text/javascript
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=0ff752324f0d0a97c98dd28f9acb615e; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.adxadserv.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9b1f0617b0309088d02ea5b20d789e68
e8884bb864c0bfaffc9761ff57b522c63a6b0e17
1fc53b57ceb235094e8ca967036f44fa3814d4ef3c24bbd94efcecb68aa8360c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6578
Cache-Control: max-age=109880
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:35 GMT
Etag: "6385705d-118"
Expires: Thu, 01 Dec 2022 04:26:55 GMT
Last-Modified: Tue, 29 Nov 2022 02:37:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:35 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10617726
X-HW: 1669758935.dop212.sk1.t,1669758935.cds213.sk1.shn,1669758935.cds213.sk1.c
Access-Control-Allow-Origin: *
a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=MCcIdfhL11Dda8y1OAtyaxsOXdWyGVjqqS4UDTGfpgh3xwDSp5O65XKCJbr43EAy9tOfLFNvgtlCrn9jRR9-hNeK3T39Rk8wZbmkCwKbw5xH_gUIDRUi
66.254.114.171200 OK 8.9 kB URL HTTP/2 a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=MCcIdfhL11Dda8y1OAtyaxsOXdWyGVjqqS4UDTGfpgh3xwDSp5O65XKCJbr43EAy9tOfLFNvgtlCrn9jRR9-hNeK3T39Rk8wZbmkCwKbw5xH_gUIDRUi
IP 66.254.114.171:0
Hash 0e7aeb0d9d65fc147c336d67fa473ddb
0b5634dc187cbebfb38b3218b23da827935a2d08
fe1f5170b4c61ce623df5a2596af6c78eb836edca58a05e8bd223dfd1a128512
GET /get/10010248?time=1592494928726&atc=425995&apb=MCcIdfhL11Dda8y1OAtyaxsOXdWyGVjqqS4UDTGfpgh3xwDSp5O65XKCJbr43EAy9tOfLFNvgtlCrn9jRR9-hNeK3T39Rk8wZbmkCwKbw5xH_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KEmOGf9cNGiIE9KMyAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7041; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 63867FD7-42FE72AB01BB29B3-394C7EA
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 55 B IP 93.184.220.29:0
File type HTML document, ASCII text
Hash 9f073354411bbaf7a319b1519f10b4b7
571498f38548829bf186f49f5be9d5fa6e689a68
4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5424
Content-Type: text/html
Date: Tue, 29 Nov 2022 21:55:35 GMT
Etag: "638651c5-37"
Last-Modified: Tue, 29 Nov 2022 18:39:01 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 55
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 07ab0b5d68f2487481977366e8e41c0b
d5c8549c93944e4f7d954b6cb6b2596e02de3183
c49905b27d10ae6f8709ab9d2fbc270dd6615f315e4550a9fdb42bc159087125
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3522
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:35 GMT
Last-Modified: Tue, 29 Nov 2022 20:56:53 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 312
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 5.0 kB URL HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:0
File type ASCII text, with very long lines (5027), with no line terminators
Hash 5e5817bcf4c82c7c85d1d88636d221ce
b5c32cc6c931c33c1297884016e13d3b9a5bf261
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:35 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10715017
X-HW: 1669758935.dop213.sk1.t,1669758935.cds219.sk1.shn,1669758935.cds219.sk1.c
Access-Control-Allow-Origin: *
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash b509f746b32ff82d0c6bfde178e5e139
6cf9f4496159f370c817728e6b9455254dd323b8
90007e1a1f55c50b82188a5e899f42455e3be92d6250e70bb7e8683c40257ac3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=167504
Date: Tue, 29 Nov 2022 21:55:35 GMT
Etag: "63865409-1d7"
Expires: Thu, 01 Dec 2022 20:27:19 GMT
Last-Modified: Tue, 29 Nov 2022 18:48:41 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oNTYhIPQRIwvtKsOrgbZ4EBVwuLsVV6B1YxVw7N1ghByV7i2PbTqHA==
Age: 5918
hw-cdn2.ang-content.com/a7/creatives/24/124/814208/1027236/1027236_logo.png
205.185.208.20200 OK 3.2 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/24/124/814208/1027236/1027236_logo.png
IP 205.185.208.20:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 4c291fddf374f420d3645fe505286658
6539ef9a49e9a2af5c91f21ccfd8c404be9a56d7
530eeb89457746b4902702ebce75ce75a441f7812a48109aa585204c80cdef03
GET /a7/creatives/24/124/814208/1027236/1027236_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:35 GMT
Connection: Keep-Alive
ETag: "1648065983"
Content-Length: 3236
Content-Type: image/png
Last-Modified: Wed, 23 Mar 2022 20:06:23 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10448779
X-HW: 1669758935.dop213.sk1.t,1669758935.cds219.sk1.shn,1669758935.dop213.sk1.t,1669758935.cds242.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/1/1322/814319/1030750/1030750_logo.png
205.185.208.20200 OK 390 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/1/1322/814319/1030750/1030750_logo.png
IP 205.185.208.20:0
File type PNG image data, 900 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 390 kB (389601 bytes)
Hash 2571a0045b1aed9a31d99690e42a7bdc
c8f0a6f412dc184c809bf511fb0c6a999cc4b510
0586aacd6012b6f0db98b2aa373aa415db44c54fefcd69e6d404545e232d0e9c
GET /a7/creatives/1/1322/814319/1030750/1030750_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:35 GMT
Connection: Keep-Alive
ETag: "1651764414"
Content-Length: 389601
Content-Type: image/png
Last-Modified: Thu, 05 May 2022 15:26:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10568207
X-HW: 1669758935.dop066.sk1.t,1669758935.cds243.sk1.shn,1669758935.dop066.sk1.t,1669758935.cds205.sk1.c
Access-Control-Allow-Origin: *
roomimg.stream.highwebmedia.com/riw/ronny_ponny.jpg?1669758930
104.19.241.83200 OK 9.4 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/ronny_ponny.jpg?1669758930
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash 6486b729bbb624c4c3af02563726eb12
b330d5a00e7dad39decc03be08261dc3ff24cc3a
15d43d6f04d46165e586b37c5c67e713a0da68659cc79d36b21ac6991b1185b1
GET /riw/ronny_ponny.jpg?1669758930 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: image/jpeg
content-length: 9439
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9491
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 18
last-modified: Tue, 29 Nov 2022 21:55:17 GMT
expires: Tue, 29 Nov 2022 21:56:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rYYA1G%2FrG01wQqvnd6KrcV7tjK1ambFx189lLNr7soMC5Leck4%2Btvh07GMB7%2Fpd4RRQ0m%2BmHS0s%2F9E649SBcj7tjpCi59JOGqhbTUUd87VaZ1JtVbdPqvTCxdv6rv23mZnc0vkwOTySr%2BbJDBhSpo4s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=FWhGCTdvkxc_9ZaLjrdw8wEblfNcs7r_Cc3Jekug0WQ-1669758935781-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 771e96a49eb0b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hw-cdn2.ang-content.com/a7/creatives/1/1322/814271/1028051/1028051_logo.png
205.185.208.20200 OK 62 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/1/1322/814271/1028051/1028051_logo.png
IP 205.185.208.20:0
Hash d604a978ccd1062b2d3ba484dd07e8fc
0b9189ec87f142e4205403dcbaff6009b37605d5
daaa9d7e52590e1c02b7654b5be00c0451e02b5bee551a0c88430e114542d404
GET /a7/creatives/1/1322/814271/1028051/1028051_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:35 GMT
Connection: Keep-Alive
ETag: "1648748302"
Content-Length: 61941
Content-Type: image/png
Last-Modified: Thu, 31 Mar 2022 17:38:22 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10757791
X-HW: 1669758935.dop203.sk1.shc,1669758935.dop203.sk1.t,1669758935.cds024.sk1.c
Access-Control-Allow-Origin: *
roomimg.stream.highwebmedia.com/riw/oksanafedorova.jpg?1669758930
104.19.241.83200 OK 8.4 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/oksanafedorova.jpg?1669758930
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 959x960, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 5fc3fe967fc51b4987344317b10cbe20
585f0e1a5b805307e16520d91204e7da6aacc8c2
c6a9fcaea1644990b5ac880d25c7a89cda65c65274df7875801102a1b445b7cd
GET /riw/oksanafedorova.jpg?1669758930 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: image/jpeg
content-length: 8425
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3
last-modified: Tue, 29 Nov 2022 21:55:32 GMT
expires: Tue, 29 Nov 2022 21:56:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yq%2FGmg6PaHNYekzWwwX0nMiZ1840diKkSzdx8%2FeLtGJ%2F9zNAYH7PMx9WlL7O8bW268t4t4hN3BMFgvoYdlwUBcn8de6Aj%2F3rzokRFaK0aicTCANWLXiQPXpGTk5IZErffApZ9AAw463IC23BUJD0yLI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=ETYzcjxjidDQiYNHmYc7L5XrsEjZ04hKDbhyXDzul8o-1669758935783-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 771e96a49eb3b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/stacimarierose.jpg?1669758930
104.19.241.83200 OK 13 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/stacimarierose.jpg?1669758930
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash 87c31d8dad5fec1fdc27e215ffe18b69
848ea89ce2134bcf5828f53290c288bfc0408b5a
85d8a88237a637c4b6d83366c6240bcaea47280227f176fc6786cd1c9cbe61ac
GET /riw/stacimarierose.jpg?1669758930 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: image/jpeg
content-length: 12614
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=12624
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5
last-modified: Tue, 29 Nov 2022 21:55:30 GMT
expires: Tue, 29 Nov 2022 21:56:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Pdg2flAufuQDNGxlS%2BhV3rihGV02%2BO9zfMDIMRtu%2FDVy%2BSVn7gIOB4LT%2F8trEqDsC0qs%2BLbhFdlBUGI9k1w54UpaAt50RK04upPVSaxIQxbH0ur96tQPeoWWZO7J3lcjAgBrHsIXWfHf5Tp71uCDqo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=qcg8OWuvZYJKYDETDRqf6Q.MOOpKwTZ6QCYrmXK5gNE-1669758935787-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 771e96a49eb5b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9b1f0617b0309088d02ea5b20d789e68
e8884bb864c0bfaffc9761ff57b522c63a6b0e17
1fc53b57ceb235094e8ca967036f44fa3814d4ef3c24bbd94efcecb68aa8360c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6578
Cache-Control: max-age=109880
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:35 GMT
Etag: "6385705d-118"
Expires: Thu, 01 Dec 2022 04:26:55 GMT
Last-Modified: Tue, 29 Nov 2022 02:37:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 782 B IP 93.184.220.29:0
Hash f91fe7a70d94da883a0f879a6f6cd0d5
e86cda1686944cbfc84ade1e23dd3e14e2d4916a
54696e0b88c8bd09e4c5ff34c2c3b8b155d07a43239ad17fa2835859e595b501
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5424
Content-Type: text/html
Date: Tue, 29 Nov 2022 21:55:35 GMT
Etag: "638651c5-37"
Last-Modified: Tue, 29 Nov 2022 18:39:01 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 55
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1884a4ade12c2ef628a9623c1fd248bb
b1eceac8025050b7fe53f220508b07f725b20ad9
ef7fe89e2c627256472fc2c904c22d3f4c409e86f6272149d55150b8be09b8a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF7FE89E2C627256472FC2C904C22D3F4C409E86F6272149D55150B8BE09B8A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2965
Expires: Tue, 29 Nov 2022 22:45:00 GMT
Date: Tue, 29 Nov 2022 21:55:35 GMT
Connection: keep-alive
analitits.com/t/xfeid?cb=gl.cb.xf
31.220.24.19200 OK 65 B URL HTTP/1.1 analitits.com/t/xfeid?cb=gl.cb.xf
IP 31.220.24.19:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash a4e549a3ff7a330111f40b3cc1167ea8
27db2bfb6e19aed121a0d57004cd1069a5c122e5
efc7b453a9f11b035e750ccd83b2b699eb7b77cf598295c46133e597316831eb
GET /t/xfeid?cb=gl.cb.xf HTTP/1.1
Host: analitits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 29 Nov 2022 21:55:35 GMT
Content-Type: application/octet-stream
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=a6bb2fcb9fc18e0d0dc32ac7698d85c5; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.analitits.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e4744053ab86a0cc9aeba533de294fa2
3ad41c8f2216d8976ee9e86b461e70a0c45fc474
10c0e138cd634b4da89241719bd6903f106b29171a0775b433792e8915a0c6f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6254
Cache-Control: max-age=121812
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:36 GMT
Etag: "6385a03e-117"
Expires: Thu, 01 Dec 2022 07:45:48 GMT
Last-Modified: Tue, 29 Nov 2022 06:01:34 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
webpick-cdn.s3-us-west-2.amazonaws.com/getlaid.jpeg
3.5.78.197200 OK 9.3 kB URL HTTP/1.1 webpick-cdn.s3-us-west-2.amazonaws.com/getlaid.jpeg
IP 3.5.78.197:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash e73bda30c82b74c32e5f03e4ed4e4bb1
e2b381468138921e418865ca53fd7b91ab8febb8
e6a18e81d67bc6cfadbe2c86c78b99c0e01644cdeafb48144663121b629ea227
GET /getlaid.jpeg HTTP/1.1
Host: webpick-cdn.s3-us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: n646JGAKGPjyL6FYOR4yloNmeVlrSOWryqP4BQmvowOnoMEfRMyMyTeBq3ziC1vI4nzQBSOIgchldSOnev4XCA==
x-amz-request-id: 3ZWFHMDGGFG2AA0Q
Date: Tue, 29 Nov 2022 21:55:36 GMT
Last-Modified: Thu, 25 Jun 2020 08:18:14 GMT
ETag: "e73bda30c82b74c32e5f03e4ed4e4bb1"
x-amz-meta-s3b-last-modified: 20200625T081632Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 9313
img.strpst.com/thumbs/1669758361/90342407
104.18.63.124200 OK 31 kB URL HTTP/2 img.strpst.com/thumbs/1669758361/90342407
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash bc01df0ad2bdc9ec5833002f8c6e7a8e
528965ff0e0e80391c52303f29f461a7106f0e77
f12bb97eafc0f18050f7144521a87be175a18ef0c85d22c5a352899620c14665
GET /thumbs/1669758361/90342407 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:36 GMT
content-type: image/jpeg
content-length: 31380
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: PUT, POST, GET, DELETE, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=32883, status=webp_bigger
etag: "4aaeef69a8b2f00c2cdd52d4830cd9c2"
last-modified: Tue, 29 Nov 2022 21:45:26 GMT
cf-cache-status: HIT
age: 429
expires: Tue, 29 Nov 2022 21:56:36 GMT
cache-control: public, max-age=60
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e96a61a03b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e4744053ab86a0cc9aeba533de294fa2
3ad41c8f2216d8976ee9e86b461e70a0c45fc474
10c0e138cd634b4da89241719bd6903f106b29171a0775b433792e8915a0c6f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6254
Cache-Control: max-age=121812
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 21:55:36 GMT
Etag: "6385a03e-117"
Expires: Thu, 01 Dec 2022 07:45:48 GMT
Last-Modified: Tue, 29 Nov 2022 06:01:34 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUyCEmTI4YN8a0sIGDYwsaYmrEaIFDzI0yLG2YiUHDBo0bYWDAmCHiYZg6YzLSQBljTA2jLcLcIHkSRg4zSWuQoZE0x9SPMsjMkFEGR0-IZOwstJHDhoyHcOqIoSgjB4yKEOHAWYjjBo0ZD-fAmaiDBgwbNWo4fdhGL1-_gFXCHdNmbl8agf_6JGOG4kMxbtwslFG3JEjCbjDqkHFjBlm0bUKPrUEDbp0YGdHQoQNnjo4XL8K4MEgntIsxb9q8OFOGzosYOmHUMD3jB500bcr0aJhDBo2PkFnPiMGljk4ZNsLQGdNjaGQb3b-HhyOmxxAhWvIgQSLmSx08KL_Q-DImTBAxMSRhRhBJnOGGFV_kwUYWNLxxhBpWXTHGEnVQcYYWTbwRRRFnpGFEFlBUlwUWSbRRxxp5SNHCHTPkoMQXcExxhBFfwFDHFViUgYQcbkRBRRRC0FHFEGHUEIYeT9gRxxtmkFHDFUHEoIUSVqRBRRBBfLHGhXXYYMcbTuDxxRlVJEGEFFWk8RUcbWz20BtsuikCGcFlpJsb4tUhRxhsEMQnHWjM8YaeY5TxGxtqfdUfX1ts1wVacgQ1GgyXVaYDDC689ZAcdjjW0EN11KGmDiIUWlcYOOCwUhgxyBDGSTjMcEMLACKFw0wxmCHDGDm0lANPD6XhmAgfueCWCzTI4EJDNHwlxxfCZlTssckuy9pXdYSRUYZ6pMEGG2G8UEOmIKBwRRpu0HnHHCA4QQUIyGW6AwjnumHTvHjcCwKnDCmXaQogHFHGGGu88YIMb-mEXAwgGJGGHGWY8QYex_kLg6KSiuDEE1-98ewYGW_8FRsZF-HEVwfZ8QXEbFBUww03xEqSTpsauFkNdT2U8hdiyEEXDjqXoXIbb5CxGQ42wEWGHG8shJcIbyjUF6QT57EQDZtGHNtstd2Wmwt40qEnn36yAaighBo6BqJivPDVHRm1isPFD6ERNwzWfTUHpxkxTYd4HrdQhxtp0NGUC2SM0SrKGR_0ReKLW9QmQzaQdQPOvzokAh1tyEBR5TlcXtIMgrU62cpl6PWFeJ9bjjnpPonB15wR_2T2miQvRGmposHQhwIBAQ%3D%3D&s=9d5c39b4b6a10b8b166a13e2840f1fa48c4563551fae9640a6136e881d0d6db71669758935&w=t&r=1&d=512&priv=false
136.243.51.171200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUyCEmTI4YN8a0sIGDYwsaYmrEaIFDzI0yLG2YiUHDBo0bYWDAmCHiYZg6YzLSQBljTA2jLcLcIHkSRg4zSWuQoZE0x9SPMsjMkFEGR0-IZOwstJHDhoyHcOqIoSgjB4yKEOHAWYjjBo0ZD-fAmaiDBgwbNWo4fdhGL1-_gFXCHdNmbl8agf_6JGOG4kMxbtwslFG3JEjCbjDqkHFjBlm0bUKPrUEDbp0YGdHQoQNnjo4XL8K4MEgntIsxb9q8OFOGzosYOmHUMD3jB500bcr0aJhDBo2PkFnPiMGljk4ZNsLQGdNjaGQb3b-HhyOmxxAhWvIgQSLmSx08KL_Q-DImTBAxMSRhRhBJnOGGFV_kwUYWNLxxhBpWXTHGEnVQcYYWTbwRRRFnpGFEFlBUlwUWSbRRxxp5SNHCHTPkoMQXcExxhBFfwFDHFViUgYQcbkRBRRRC0FHFEGHUEIYeT9gRxxtmkFHDFUHEoIUSVqRBRRBBfLHGhXXYYMcbTuDxxRlVJEGEFFWk8RUcbWz20BtsuikCGcFlpJsb4tUhRxhsEMQnHWjM8YaeY5TxGxtqfdUfX1ts1wVacgQ1GgyXVaYDDC689ZAcdjjW0EN11KGmDiIUWlcYOOCwUhgxyBDGSTjMcEMLACKFw0wxmCHDGDm0lANPD6XhmAgfueCWCzTI4EJDNHwlxxfCZlTssckuy9pXdYSRUYZ6pMEGG2G8UEOmIKBwRRpu0HnHHCA4QQUIyGW6AwjnumHTvHjcCwKnDCmXaQogHFHGGGu88YIMb-mEXAwgGJGGHGWY8QYex_kLg6KSiuDEE1-98ewYGW_8FRsZF-HEVwfZ8QXEbFBUww03xEqSTpsauFkNdT2U8hdiyEEXDjqXoXIbb5CxGQ42wEWGHG8shJcIbyjUF6QT57EQDZtGHNtstd2Wmwt40qEnn36yAaighBo6BqJivPDVHRm1isPFD6ERNwzWfTUHpxkxTYd4HrdQhxtp0NGUC2SM0SrKGR_0ReKLW9QmQzaQdQPOvzokAh1tyEBR5TlcXtIMgrU62cpl6PWFeJ9bjjnpPonB15wR_2T2miQvRGmposHQhwIBAQ%3D%3D&s=9d5c39b4b6a10b8b166a13e2840f1fa48c4563551fae9640a6136e881d0d6db71669758935&w=t&r=1&d=512&priv=false
IP 136.243.51.171:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUyCEmTI4YN8a0sIGDYwsaYmrEaIFDzI0yLG2YiUHDBo0bYWDAmCHiYZg6YzLSQBljTA2jLcLcIHkSRg4zSWuQoZE0x9SPMsjMkFEGR0-IZOwstJHDhoyHcOqIoSgjB4yKEOHAWYjjBo0ZD-fAmaiDBgwbNWo4fdhGL1-_gFXCHdNmbl8agf_6JGOG4kMxbtwslFG3JEjCbjDqkHFjBlm0bUKPrUEDbp0YGdHQoQNnjo4XL8K4MEgntIsxb9q8OFOGzosYOmHUMD3jB500bcr0aJhDBo2PkFnPiMGljk4ZNsLQGdNjaGQb3b-HhyOmxxAhWvIgQSLmSx08KL_Q-DImTBAxMSRhRhBJnOGGFV_kwUYWNLxxhBpWXTHGEnVQcYYWTbwRRRFnpGFEFlBUlwUWSbRRxxp5SNHCHTPkoMQXcExxhBFfwFDHFViUgYQcbkRBRRRC0FHFEGHUEIYeT9gRxxtmkFHDFUHEoIUSVqRBRRBBfLHGhXXYYMcbTuDxxRlVJEGEFFWk8RUcbWz20BtsuikCGcFlpJsb4tUhRxhsEMQnHWjM8YaeY5TxGxtqfdUfX1ts1wVacgQ1GgyXVaYDDC689ZAcdjjW0EN11KGmDiIUWlcYOOCwUhgxyBDGSTjMcEMLACKFw0wxmCHDGDm0lANPD6XhmAgfueCWCzTI4EJDNHwlxxfCZlTssckuy9pXdYSRUYZ6pMEGG2G8UEOmIKBwRRpu0HnHHCA4QQUIyGW6AwjnumHTvHjcCwKnDCmXaQogHFHGGGu88YIMb-mEXAwgGJGGHGWY8QYex_kLg6KSiuDEE1-98ewYGW_8FRsZF-HEVwfZ8QXEbFBUww03xEqSTpsauFkNdT2U8hdiyEEXDjqXoXIbb5CxGQ42wEWGHG8shJcIbyjUF6QT57EQDZtGHNtstd2Wmwt40qEnn36yAaighBo6BqJivPDVHRm1isPFD6ERNwzWfTUHpxkxTYd4HrdQhxtp0NGUC2SM0SrKGR_0ReKLW9QmQzaQdQPOvzokAh1tyEBR5TlcXtIMgrU62cpl6PWFeJ9bjjnpPonB15wR_2T2miQvRGmposHQhwIBAQ%3D%3D&s=9d5c39b4b6a10b8b166a13e2840f1fa48c4563551fae9640a6136e881d0d6db71669758935&w=t&r=1&d=512&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=f68d0436-673c-4a86-9154-db4476eec16f; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:36 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcsFEjTI0YYmS0iAEDRo0WNGaYMdNCDEgxLcrkGGMjRw0ZMcJsNCPiYZg6YzLSoOFyTA2jLXTawIESRg6WHsnQSJpDao4YMsjMkFEGR0-IZOwsrGlDxkM4dcRQlJEDRkWIcOAsxHEj5cM5cCbqoAGDYw2nD9vg1cvXb4y3Y9rI3Stjxk0aPsnwZPhQjBs3C2XcyCFDBg2zItq4wahD84yaZ0WT5kjjbZ0YGdHQoQNnjo4XL8K4MEhntIsxb9q8OFOGzguSJWucnvGDTpo2ZXo05EzjKo0aNVLG4FKnpAwbYeiM6fHZsWfu3sHDEdMjypUsMLJkWUIGT44lTa7UgJKGCA4jIF0hRh5K3KDFG2joYQQOWhCRRhlptHDRFEQchUQTSpRBhRlWIIFDFUnUgQYORcgRR044WJEEDG9AEUYeetyAAx5ikJHHEDKYoQQONNwxhRlZyFEEHkfolIOIckxhgxpm1GCDEkzoEYQNcNygBBVsMGHEHWE8scYXZ4BIhBRVpPEVHG1k9tAbaKopAhnBZaSbG-HVIUcYbBCEJx1ozPGGnWOU8RsbaX01RngLbTFDDF2cJUdQpcFQ2WQwuODWQ3LYsVhDD9VRh5k6iBAoXWHggEMMSWEVBko4zHBDSzEghYMZh5khwxg54CBGDjN8lcZiIlzlQlsufOZCQzR8JccXv2YkLLHGIvtVHWFk1MQbeqTBBhthvFCDpSCgcEUabsB5xxwgOEEFCCRZugMI47phAw3v4jHvu5kyZJKlKYBwRBljrPHGCzK4VRJJMYBgRBpylGHGG3gcty8MhkIqghNPfPXGsmNYjPFXbFhchBNfHWTHFw2zQVENN8h4Gg4lYXoGZqXVQNdDJn8hhhxz4YBzGSe38QYZmeFgw1tkyPHGQjOsqdBejkKcx0KQidDwZAPNVtttublAJx124qknG3z6CaigYxAqxgtf3ZERVjB_hcbbMHj21RyZZqQ0HeFt3EIdbqRBR1MukDEGViVbfNAXhiNuUZoM2VDTDTbz6pAIdLQhA0WS50A5Dpa71TRYKJeB1xeIRj555Y75JIZebzr8E9lnhryQpKKSBkMfCgQE&s=54881fc34d6369b8bd19850607f7a5ba512730ac65b5ca2e5aa288f9691cb8e01669758935&w=t&r=1&d=467&priv=false
136.243.51.171200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcsFEjTI0YYmS0iAEDRo0WNGaYMdNCDEgxLcrkGGMjRw0ZMcJsNCPiYZg6YzLSoOFyTA2jLXTawIESRg6WHsnQSJpDao4YMsjMkFEGR0-IZOwsrGlDxkM4dcRQlJEDRkWIcOAsxHEj5cM5cCbqoAGDYw2nD9vg1cvXb4y3Y9rI3Stjxk0aPsnwZPhQjBs3C2XcyCFDBg2zItq4wahD84yaZ0WT5kjjbZ0YGdHQoQNnjo4XL8K4MEhntIsxb9q8OFOGzguSJWucnvGDTpo2ZXo05EzjKo0aNVLG4FKnpAwbYeiM6fHZsWfu3sHDEdMjypUsMLJkWUIGT44lTa7UgJKGCA4jIF0hRh5K3KDFG2joYQQOWhCRRhlptHDRFEQchUQTSpRBhRlWIIFDFUnUgQYORcgRR044WJEEDG9AEUYeetyAAx5ikJHHEDKYoQQONNwxhRlZyFEEHkfolIOIckxhgxpm1GCDEkzoEYQNcNygBBVsMGHEHWE8scYXZ4BIhBRVpPEVHG1k9tAbaKopAhnBZaSbG-HVIUcYbBCEJx1ozPGGnWOU8RsbaX01RngLbTFDDF2cJUdQpcFQ2WQwuODWQ3LYsVhDD9VRh5k6iBAoXWHggEMMSWEVBko4zHBDSzEghYMZh5khwxg54CBGDjN8lcZiIlzlQlsufOZCQzR8JccXv2YkLLHGIvtVHWFk1MQbeqTBBhthvFCDpSCgcEUabsB5xxwgOEEFCCRZugMI47phAw3v4jHvu5kyZJKlKYBwRBljrPHGCzK4VRJJMYBgRBpylGHGG3gcty8MhkIqghNPfPXGsmNYjPFXbFhchBNfHWTHFw2zQVENN8h4Gg4lYXoGZqXVQNdDJn8hhhxz4YBzGSe38QYZmeFgw1tkyPHGQjOsqdBejkKcx0KQidDwZAPNVtttublAJx124qknG3z6CaigYxAqxgtf3ZERVjB_hcbbMHj21RyZZqQ0HeFt3EIdbqRBR1MukDEGViVbfNAXhiNuUZoM2VDTDTbz6pAIdLQhA0WS50A5Dpa71TRYKJeB1xeIRj555Y75JIZebzr8E9lnhryQpKKSBkMfCgQE&s=54881fc34d6369b8bd19850607f7a5ba512730ac65b5ca2e5aa288f9691cb8e01669758935&w=t&r=1&d=467&priv=false
IP 136.243.51.171:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcsFEjTI0YYmS0iAEDRo0WNGaYMdNCDEgxLcrkGGMjRw0ZMcJsNCPiYZg6YzLSoOFyTA2jLXTawIESRg6WHsnQSJpDao4YMsjMkFEGR0-IZOwsrGlDxkM4dcRQlJEDRkWIcOAsxHEj5cM5cCbqoAGDYw2nD9vg1cvXb4y3Y9rI3Stjxk0aPsnwZPhQjBs3C2XcyCFDBg2zItq4wahD84yaZ0WT5kjjbZ0YGdHQoQNnjo4XL8K4MEhntIsxb9q8OFOGzguSJWucnvGDTpo2ZXo05EzjKo0aNVLG4FKnpAwbYeiM6fHZsWfu3sHDEdMjypUsMLJkWUIGT44lTa7UgJKGCA4jIF0hRh5K3KDFG2joYQQOWhCRRhlptHDRFEQchUQTSpRBhRlWIIFDFUnUgQYORcgRR044WJEEDG9AEUYeetyAAx5ikJHHEDKYoQQONNwxhRlZyFEEHkfolIOIckxhgxpm1GCDEkzoEYQNcNygBBVsMGHEHWE8scYXZ4BIhBRVpPEVHG1k9tAbaKopAhnBZaSbG-HVIUcYbBCEJx1ozPGGnWOU8RsbaX01RngLbTFDDF2cJUdQpcFQ2WQwuODWQ3LYsVhDD9VRh5k6iBAoXWHggEMMSWEVBko4zHBDSzEghYMZh5khwxg54CBGDjN8lcZiIlzlQlsufOZCQzR8JccXv2YkLLHGIvtVHWFk1MQbeqTBBhthvFCDpSCgcEUabsB5xxwgOEEFCCRZugMI47phAw3v4jHvu5kyZJKlKYBwRBljrPHGCzK4VRJJMYBgRBpylGHGG3gcty8MhkIqghNPfPXGsmNYjPFXbFhchBNfHWTHFw2zQVENN8h4Gg4lYXoGZqXVQNdDJn8hhhxz4YBzGSe38QYZmeFgw1tkyPHGQjOsqdBejkKcx0KQidDwZAPNVtttublAJx124qknG3z6CaigYxAqxgtf3ZERVjB_hcbbMHj21RyZZqQ0HeFt3EIdbqRBR1MukDEGViVbfNAXhiNuUZoM2VDTDTbz6pAIdLQhA0WS50A5Dpa71TRYKJeB1xeIRj555Y75JIZebzr8E9lnhryQpKKSBkMfCgQE&s=54881fc34d6369b8bd19850607f7a5ba512730ac65b5ca2e5aa288f9691cb8e01669758935&w=t&r=1&d=467&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=f68d0436-673c-4a86-9154-db4476eec16f; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:36 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUwRFGzJgYM8a0mBFjDI0WNGiAbIGDjBkzLWTQmEHmoxkxN3LkuCHiYZg6YzLeECMjRpgYNMK0GHMjRgyUZmCIxJFzRgsbY2CQSUmmKdIcPSGSsbPQRg4bMh7CqSOGoowcMCpChANnIdWZD-fAmahjBg4Yf-E-bKOXLw0YNmrE2PlwTJu6OmjIqKHToVgzC2XgeCjGjZvMf2PgqGG5jRuMOmTcmGFWrWnUiVU-rBMjIxo6dODM0fHiRRgXBumcdjHmTZsXZ8rQeREDRlwYMnH8oJOmTZkeDXPIzEFDO1UZNrjUcQ4-DJ0xPSRTzlFDPHkbYeCI6XHni5wkbuxYUdOESpQaTqRhgx1k4MBEC1kggcYNbihRBRlfKGEGHmusUYcdX-SghRNWyNCCHGyIkQQZeBTBBA02aPEGHEFUYd0MWrDBxhBUGJEEGja0QEUbGZqxBoNI0LCEEAaWYYQZOBhxxR1M4QBFFWkMcccMbAiBRx0yZDHFF2dUkQQRUkAZFhxtUPTQimUy9BAZxmX0mxvm1SFHGGwQRCcdaMzxhpxjlEEcG2yFNYZ5C21BUhdqyRGUDjC44JxcYmDGqKNyyWEHZA3NVkcaGZlhQ0swzJSjDauJlBQOOebQ0ElkiJHSDTaUUcZHNmD2UBqQiaCqC3C5IJkLq4Ylxxe4ZrRrr78GO1sYGTXxhh5pyBjGCzU4CgIKV6ThBpt3zAGCE1SA0JyjO4CQrRs20FAuHumWaylDMFQLQwogHDHrGm-8IMNzz8UAghFpyFGGGW_gwVy8jgq6qAhOPBHWG8OOsXDDYbGxcBFOhHUQhgKzQVENN9yAA2t_wfCQHGd8lloNVK1ZBoZiyGHXZiJs_EUbb5ABmg1ykSHHGwvNcKZCkSVacB4L0XDywLbhphtvvrkAJx1y0mknG3jqyaefYwAqxgth3ZFRDJrBEBYaY0NHQ1hzWJrRz3SYB3ELdbiRBh1XyeBCTWRrvPBBX_AtQ1h0pBmDDWbdwHIOM1hW-OAMIb7T4o3DMIPJYtlXhl5fEBp54pRb9nLnbCBEB9GG0oAoRGLwVfPAP2E9psULYT4GajD0oUBA&s=5242dce3089cfabe1c8b49e06df36e53800471bcc4fbdda2aa5e647b5e454ed01669758935&w=t&r=1&d=428&priv=false
136.243.51.171200 OK 1.3 kB URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUwRFGzJgYM8a0mBFjDI0WNGiAbIGDjBkzLWTQmEHmoxkxN3LkuCHiYZg6YzLeECMjRpgYNMK0GHMjRgyUZmCIxJFzRgsbY2CQSUmmKdIcPSGSsbPQRg4bMh7CqSOGoowcMCpChANnIdWZD-fAmahjBg4Yf-E-bKOXLw0YNmrE2PlwTJu6OmjIqKHToVgzC2XgeCjGjZvMf2PgqGG5jRuMOmTcmGFWrWnUiVU-rBMjIxo6dODM0fHiRRgXBumcdjHmTZsXZ8rQeREDRlwYMnH8oJOmTZkeDXPIzEFDO1UZNrjUcQ4-DJ0xPSRTzlFDPHkbYeCI6XHni5wkbuxYUdOESpQaTqRhgx1k4MBEC1kggcYNbihRBRlfKGEGHmusUYcdX-SghRNWyNCCHGyIkQQZeBTBBA02aPEGHEFUYd0MWrDBxhBUGJEEGja0QEUbGZqxBoNI0LCEEAaWYYQZOBhxxR1M4QBFFWkMcccMbAiBRx0yZDHFF2dUkQQRUkAZFhxtUPTQimUy9BAZxmX0mxvm1SFHGGwQRCcdaMzxhpxjlEEcG2yFNYZ5C21BUhdqyRGUDjC44JxcYmDGqKNyyWEHZA3NVkcaGZlhQ0swzJSjDauJlBQOOebQ0ElkiJHSDTaUUcZHNmD2UBqQiaCqC3C5IJkLq4Ylxxe4ZrRrr78GO1sYGTXxhh5pyBjGCzU4CgIKV6ThBpt3zAGCE1SA0JyjO4CQrRs20FAuHumWaylDMFQLQwogHDHrGm-8IMNzz8UAghFpyFGGGW_gwVy8jgq6qAhOPBHWG8OOsXDDYbGxcBFOhHUQhgKzQVENN9yAA2t_wfCQHGd8lloNVK1ZBoZiyGHXZiJs_EUbb5ABmg1ykSHHGwvNcKZCkSVacB4L0XDywLbhphtvvrkAJx1y0mknG3jqyaefYwAqxgth3ZFRDJrBEBYaY0NHQ1hzWJrRz3SYB3ELdbiRBh1XyeBCTWRrvPBBX_AtQ1h0pBmDDWbdwHIOM1hW-OAMIb7T4o3DMIPJYtlXhl5fEBp54pRb9nLnbCBEB9GG0oAoRGLwVfPAP2E9psULYT4GajD0oUBA&s=5242dce3089cfabe1c8b49e06df36e53800471bcc4fbdda2aa5e647b5e454ed01669758935&w=t&r=1&d=428&priv=false
IP 136.243.51.171:0
ASN #24940 Hetzner Online GmbH
Hash 71a5798387480ca79bab342aa80d4db7
1f9e0dfb4167d31c6f2e8700fabb3af38a4702bc
a9d6470203ee5112f1c8156c088afe0234080b0e702437b2651d7504a46276c6
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUwRFGzJgYM8a0mBFjDI0WNGiAbIGDjBkzLWTQmEHmoxkxN3LkuCHiYZg6YzLeECMjRpgYNMK0GHMjRgyUZmCIxJFzRgsbY2CQSUmmKdIcPSGSsbPQRg4bMh7CqSOGoowcMCpChANnIdWZD-fAmahjBg4Yf-E-bKOXLw0YNmrE2PlwTJu6OmjIqKHToVgzC2XgeCjGjZvMf2PgqGG5jRuMOmTcmGFWrWnUiVU-rBMjIxo6dODM0fHiRRgXBumcdjHmTZsXZ8rQeREDRlwYMnH8oJOmTZkeDXPIzEFDO1UZNrjUcQ4-DJ0xPSRTzlFDPHkbYeCI6XHni5wkbuxYUdOESpQaTqRhgx1k4MBEC1kggcYNbihRBRlfKGEGHmusUYcdX-SghRNWyNCCHGyIkQQZeBTBBA02aPEGHEFUYd0MWrDBxhBUGJEEGja0QEUbGZqxBoNI0LCEEAaWYYQZOBhxxR1M4QBFFWkMcccMbAiBRx0yZDHFF2dUkQQRUkAZFhxtUPTQimUy9BAZxmX0mxvm1SFHGGwQRCcdaMzxhpxjlEEcG2yFNYZ5C21BUhdqyRGUDjC44JxcYmDGqKNyyWEHZA3NVkcaGZlhQ0swzJSjDauJlBQOOebQ0ElkiJHSDTaUUcZHNmD2UBqQiaCqC3C5IJkLq4Ylxxe4ZrRrr78GO1sYGTXxhh5pyBjGCzU4CgIKV6ThBpt3zAGCE1SA0JyjO4CQrRs20FAuHumWaylDMFQLQwogHDHrGm-8IMNzz8UAghFpyFGGGW_gwVy8jgq6qAhOPBHWG8OOsXDDYbGxcBFOhHUQhgKzQVENN9yAA2t_wfCQHGd8lloNVK1ZBoZiyGHXZiJs_EUbb5ABmg1ykSHHGwvNcKZCkSVacB4L0XDywLbhphtvvrkAJx1y0mknG3jqyaefYwAqxgth3ZFRDJrBEBYaY0NHQ1hzWJrRz3SYB3ELdbiRBh1XyeBCTWRrvPBBX_AtQ1h0pBmDDWbdwHIOM1hW-OAMIb7T4o3DMIPJYtlXhl5fEBp54pRb9nLnbCBEB9GG0oAoRGLwVfPAP2E9psULYT4GajD0oUBA&s=5242dce3089cfabe1c8b49e06df36e53800471bcc4fbdda2aa5e647b5e454ed01669758935&w=t&r=1&d=428&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=f68d0436-673c-4a86-9154-db4476eec16f; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:36 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMGFMjDAwxNnC0mOFRRgsaZsqYaYEjRw0bLXLQCBNDBhkbZW7KMCPiYZg6YzKaOSijhgwaJmPEgBHmpJgZM1qIsRk1R4ySYWzcmGEjjIyeEMnYWWgjhw0ZD-HUEUNRRg4YFSHCgbMQxw0aMx7OgTNRxwwcMADjwPGwzd6-NGDYqGHUxsMxbejqQFojh0ufZHjqkEFYhBg3bhZyhouDcWE3GDdvLZu2DWqyNWjErRMjIxo6dODM0fHiRRgXBumgdjHmTZsXZ8rQebEULoyjOH7QSdOmTI-GOY7KzG5Xhg0udWA870pnTA_KlmuAF-89DBwxPZDAmKOFxpczLZCMERIGixMiTrhRxBoy3DDHEFakAQUcbQTxhBN3LLHGGE2QMYYcZUjRghpYXAGDFng8YUQaasihRhZQCJGDFkdc0WAb_pHBBg5q4IBHG1AY4QQTZ6xxxBBQ4DFFHFcwwcQNZRhBxhlU1JDHDHlowYYTUMyQoBw30HFfFUkQIUUVaYDFIEUPvTEmQw-RYVxGv7kRBh11yBEGGwTNSQcac7wR5xhlEMfGWmCN8eZCW8wQQxdpyRGUDjC4IF5cYmjWKFwPyWGHZA09VEcdYeogQg5j3GBDDGaMQcNJLeWAKgxlSHUDqCed1dBBZRQEAw1gpSHZpzG48JYLSLnQEK6VfqFrRlb52miww4JVRxgZNfGGHmmwwUYYL9TgKAgoXJGGG2reMQcITlABwlKO7gCCt27YQIO6eLirrqUMwaAtDCmAcEQZY6zxxgsyOOdcDCCMiKEZb-DBnL2OBrqoCE48AdYbcnwxxsMRg8XGw0U4AdZBdnyBIRsU1XDDDThwBRgMlZ4R2mY12JVmGSGLIUddnYH8RRtvkCEaDqOmKccbC-UlwhsKTZZownksREOlKtmGm268-eaCm3DKSWdBbNyZ5559jvGnGC-AdUdGNQEGFhpoP0esCHNYmtHQdLxJcQt1uJEGHS0Y5YKFNX388EFfAP6VRW1QZENZN8ScwwwOiUBHG18xtHgOjbcEuXOYiVzGXl8MajnjjkP-EM2hs4EQHUkXSgOiEInRlwgHmfFT12JuvBDLIoyRGgx9KBAQ&s=8038ff01713377b9a731bddd78d2dbcf036782200474a8b4805b8b0539e32dba1669758935&w=t&r=1&d=521&priv=false
136.243.51.171200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMGFMjDAwxNnC0mOFRRgsaZsqYaYEjRw0bLXLQCBNDBhkbZW7KMCPiYZg6YzKaOSijhgwaJmPEgBHmpJgZM1qIsRk1R4ySYWzcmGEjjIyeEMnYWWgjhw0ZD-HUEUNRRg4YFSHCgbMQxw0aMx7OgTNRxwwcMADjwPGwzd6-NGDYqGHUxsMxbejqQFojh0ufZHjqkEFYhBg3bhZyhouDcWE3GDdvLZu2DWqyNWjErRMjIxo6dODM0fHiRRgXBumgdjHmTZsXZ8rQebEULoyjOH7QSdOmTI-GOY7KzG5Xhg0udWA870pnTA_KlmuAF-89DBwxPZDAmKOFxpczLZCMERIGixMiTrhRxBoy3DDHEFakAQUcbQTxhBN3LLHGGE2QMYYcZUjRghpYXAGDFng8YUQaasihRhZQCJGDFkdc0WAb_pHBBg5q4IBHG1AY4QQTZ6xxxBBQ4DFFHFcwwcQNZRhBxhlU1JDHDHlowYYTUMyQoBw30HFfFUkQIUUVaYDFIEUPvTEmQw-RYVxGv7kRBh11yBEGGwTNSQcac7wR5xhlEMfGWmCN8eZCW8wQQxdpyRGUDjC4IF5cYmjWKFwPyWGHZA09VEcdYeogQg5j3GBDDGaMQcNJLeWAKgxlSHUDqCed1dBBZRQEAw1gpSHZpzG48JYLSLnQEK6VfqFrRlb52miww4JVRxgZNfGGHmmwwUYYL9TgKAgoXJGGG2reMQcITlABwlKO7gCCt27YQIO6eLirrqUMwaAtDCmAcEQZY6zxxgsyOOdcDCCMiKEZb-DBnL2OBrqoCE48AdYbcnwxxsMRg8XGw0U4AdZBdnyBIRsU1XDDDThwBRgMlZ4R2mY12JVmGSGLIUddnYH8RRtvkCEaDqOmKccbC-UlwhsKTZZownksREOlKtmGm268-eaCm3DKSWdBbNyZ5559jvGnGC-AdUdGNQEGFhpoP0esCHNYmtHQdLxJcQt1uJEGHS0Y5YKFNX388EFfAP6VRW1QZENZN8ScwwwOiUBHG18xtHgOjbcEuXOYiVzGXl8MajnjjkP-EM2hs4EQHUkXSgOiEInRlwgHmfFT12JuvBDLIoyRGgx9KBAQ&s=8038ff01713377b9a731bddd78d2dbcf036782200474a8b4805b8b0539e32dba1669758935&w=t&r=1&d=521&priv=false
IP 136.243.51.171:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMGFMjDAwxNnC0mOFRRgsaZsqYaYEjRw0bLXLQCBNDBhkbZW7KMCPiYZg6YzKaOSijhgwaJmPEgBHmpJgZM1qIsRk1R4ySYWzcmGEjjIyeEMnYWWgjhw0ZD-HUEUNRRg4YFSHCgbMQxw0aMx7OgTNRxwwcMADjwPGwzd6-NGDYqGHUxsMxbejqQFojh0ufZHjqkEFYhBg3bhZyhouDcWE3GDdvLZu2DWqyNWjErRMjIxo6dODM0fHiRRgXBumgdjHmTZsXZ8rQebEULoyjOH7QSdOmTI-GOY7KzG5Xhg0udWA870pnTA_KlmuAF-89DBwxPZDAmKOFxpczLZCMERIGixMiTrhRxBoy3DDHEFakAQUcbQTxhBN3LLHGGE2QMYYcZUjRghpYXAGDFng8YUQaasihRhZQCJGDFkdc0WAb_pHBBg5q4IBHG1AY4QQTZ6xxxBBQ4DFFHFcwwcQNZRhBxhlU1JDHDHlowYYTUMyQoBw30HFfFUkQIUUVaYDFIEUPvTEmQw-RYVxGv7kRBh11yBEGGwTNSQcac7wR5xhlEMfGWmCN8eZCW8wQQxdpyRGUDjC4IF5cYmjWKFwPyWGHZA09VEcdYeogQg5j3GBDDGaMQcNJLeWAKgxlSHUDqCed1dBBZRQEAw1gpSHZpzG48JYLSLnQEK6VfqFrRlb52miww4JVRxgZNfGGHmmwwUYYL9TgKAgoXJGGG2reMQcITlABwlKO7gCCt27YQIO6eLirrqUMwaAtDCmAcEQZY6zxxgsyOOdcDCCMiKEZb-DBnL2OBrqoCE48AdYbcnwxxsMRg8XGw0U4AdZBdnyBIRsU1XDDDThwBRgMlZ4R2mY12JVmGSGLIUddnYH8RRtvkCEaDqOmKccbC-UlwhsKTZZownksREOlKtmGm268-eaCm3DKSWdBbNyZ5559jvGnGC-AdUdGNQEGFhpoP0esCHNYmtHQdLxJcQt1uJEGHS0Y5YKFNX388EFfAP6VRW1QZENZN8ScwwwOiUBHG18xtHgOjbcEuXOYiVzGXl8MajnjjkP-EM2hs4EQHUkXSgOiEInRlwgHmfFT12JuvBDLIoyRGgx9KBAQ&s=8038ff01713377b9a731bddd78d2dbcf036782200474a8b4805b8b0539e32dba1669758935&w=t&r=1&d=521&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=f68d0436-673c-4a86-9154-db4476eec16f; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:36 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkyFFGTIwyMG60CCOGDI4WNGhEHGkDho2REWHAaGgGxpgyZkQ8DFNnTMaUHsfUEDryho2TNGDkMDOyBhkaI3M8zRFDBpkZMsrg0AmRjJ2FNnLYkPEQTh0xFGXkmLkTDpyFOG7QmPFwDpyJOpLaqFFD6cM2dvHq5Rujoogxbd7mpcHX5U4yORk-FOPGzUIZcXFQvfHXDUYdMm7MCFu2jWewNWgYrhMjIxo6dODM0fHiRRgXBul4djHmTZsXZ8rQeRFDJowao2f8oJOmTZkeDXPIoEGVceoZMbjUkSnDRhg6Y3qkbGxDO3fvcMT0qIPmips0N6IgwYOlyhArc2xEkRGmhQwpauihRhPMMQHHF0Y4EcUVcWhhhxw1xACFDXNMocUdTbxhRw14SBRWE0TA8IQZM-Rxxhg80QGDFi2MoUcMSUQBRRpMIWHFE1IIgYUUNCghhhRzJBFEHXPEUcQUGspxRBppKIFDG2ZQEUQMbzyhhhupCaGHEV-cUUUSREhRRRpcwdHGZQ-9YSaaIpDhW0a3ufFdHXKEwQZBdtKBxhxv0HkTb2ycxRWKeG2BXRdlyeETaDBMFhkMLrAlghx2KNbQQ3XUQaYOh2l1Qxg44BDDSFX1RwMOM4gUVA0t4GBGYWbIMEYOOIiRwwxcpaGYRjG4sJYLNMjgQkM0cCXHF7pmRJWvkAY7bGpc1RFGRhnqkQYbbITxQg2RgoDCFWm44eYdc4DgBBUgFBfpDiCA64YNNLCLB7zsUsrQcZGmAMIRZYyxxhsvyDCTTMXFAIIRaciB0xt4EIcvDIMuKoITT3D1xrFjSEwxV2xIXIQTXB1kxxcKs0FRDTfcgOpRMj0kxxmWgVZDXA-J_IUYcsCFQ81ljNzGG2RchoMNhpEhxxsL0SXCGwrllSjDeSxEg8s4uQabbLTZ5oKcdNBpJ55s6Mmnn2UAetYLXN2RUVU4QPwQGmvDMB1Xc1Ca0dF0fHdxC3W8RwdKkJIxRlUhS3zQF4ITbtGZDNkQ1g0z3-qQCHS0IQNFjucAuWYz9BWD0gaRXIZdX3yH-eORd76TGHi1iRNPYZfZ8UKNHvYZDH0oEBA%3D&s=f6992e97c66f7e04a3f5a4efc9c14f6d375762d93cd6e3b72b89859a7ee713fa1669758935&w=t&r=1&d=455&priv=false
136.243.51.171200 OK 2.3 kB URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkyFFGTIwyMG60CCOGDI4WNGhEHGkDho2REWHAaGgGxpgyZkQ8DFNnTMaUHsfUEDryho2TNGDkMDOyBhkaI3M8zRFDBpkZMsrg0AmRjJ2FNnLYkPEQTh0xFGXkmLkTDpyFOG7QmPFwDpyJOpLaqFFD6cM2dvHq5Rujoogxbd7mpcHX5U4yORk-FOPGzUIZcXFQvfHXDUYdMm7MCFu2jWewNWgYrhMjIxo6dODM0fHiRRgXBul4djHmTZsXZ8rQeRFDJowao2f8oJOmTZkeDXPIoEGVceoZMbjUkSnDRhg6Y3qkbGxDO3fvcMT0qIPmips0N6IgwYOlyhArc2xEkRGmhQwpauihRhPMMQHHF0Y4EcUVcWhhhxw1xACFDXNMocUdTbxhRw14SBRWE0TA8IQZM-Rxxhg80QGDFi2MoUcMSUQBRRpMIWHFE1IIgYUUNCghhhRzJBFEHXPEUcQUGspxRBppKIFDG2ZQEUQMbzyhhhupCaGHEV-cUUUSREhRRRpcwdHGZQ-9YSaaIpDhW0a3ufFdHXKEwQZBdtKBxhxv0HkTb2ycxRWKeG2BXRdlyeETaDBMFhkMLrAlghx2KNbQQ3XUQaYOh2l1Qxg44BDDSFX1RwMOM4gUVA0t4GBGYWbIMEYOOIiRwwxcpaGYRjG4sJYLNMjgQkM0cCXHF7pmRJWvkAY7bGpc1RFGRhnqkQYbbITxQg2RgoDCFWm44eYdc4DgBBUgFBfpDiCA64YNNLCLB7zsUsrQcZGmAMIRZYyxxhsvyDCTTMXFAIIRaciB0xt4EIcvDIMuKoITT3D1xrFjSEwxV2xIXIQTXB1kxxcKs0FRDTfcgOpRMj0kxxmWgVZDXA-J_IUYcsCFQ81ljNzGG2RchoMNhpEhxxsL0SXCGwrllSjDeSxEg8s4uQabbLTZ5oKcdNBpJ55s6Mmnn2UAetYLXN2RUVU4QPwQGmvDMB1Xc1Ca0dF0fHdxC3W8RwdKkJIxRlUhS3zQF4ITbtGZDNkQ1g0z3-qQCHS0IQNFjucAuWYz9BWD0gaRXIZdX3yH-eORd76TGHi1iRNPYZfZ8UKNHvYZDH0oEBA%3D&s=f6992e97c66f7e04a3f5a4efc9c14f6d375762d93cd6e3b72b89859a7ee713fa1669758935&w=t&r=1&d=455&priv=false
IP 136.243.51.171:0
ASN #24940 Hetzner Online GmbH
Hash 72a99a39787074180a63b2b80f6c15cc
c8ed700ed38dfd298cb7214126d5d5fa97776b8b
9016d9908edca1c509a20c2fded7d701f9fbbfe76b246372d5540245b4df9c13
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkyFFGTIwyMG60CCOGDI4WNGhEHGkDho2REWHAaGgGxpgyZkQ8DFNnTMaUHsfUEDryho2TNGDkMDOyBhkaI3M8zRFDBpkZMsrg0AmRjJ2FNnLYkPEQTh0xFGXkmLkTDpyFOG7QmPFwDpyJOpLaqFFD6cM2dvHq5Rujoogxbd7mpcHX5U4yORk-FOPGzUIZcXFQvfHXDUYdMm7MCFu2jWewNWgYrhMjIxo6dODM0fHiRRgXBul4djHmTZsXZ8rQeRFDJowao2f8oJOmTZkeDXPIoEGVceoZMbjUkSnDRhg6Y3qkbGxDO3fvcMT0qIPmips0N6IgwYOlyhArc2xEkRGmhQwpauihRhPMMQHHF0Y4EcUVcWhhhxw1xACFDXNMocUdTbxhRw14SBRWE0TA8IQZM-Rxxhg80QGDFi2MoUcMSUQBRRpMIWHFE1IIgYUUNCghhhRzJBFEHXPEUcQUGspxRBppKIFDG2ZQEUQMbzyhhhupCaGHEV-cUUUSREhRRRpcwdHGZQ-9YSaaIpDhW0a3ufFdHXKEwQZBdtKBxhxv0HkTb2ycxRWKeG2BXRdlyeETaDBMFhkMLrAlghx2KNbQQ3XUQaYOh2l1Qxg44BDDSFX1RwMOM4gUVA0t4GBGYWbIMEYOOIiRwwxcpaGYRjG4sJYLNMjgQkM0cCXHF7pmRJWvkAY7bGpc1RFGRhnqkQYbbITxQg2RgoDCFWm44eYdc4DgBBUgFBfpDiCA64YNNLCLB7zsUsrQcZGmAMIRZYyxxhsvyDCTTMXFAIIRaciB0xt4EIcvDIMuKoITT3D1xrFjSEwxV2xIXIQTXB1kxxcKs0FRDTfcgOpRMj0kxxmWgVZDXA-J_IUYcsCFQ81ljNzGG2RchoMNhpEhxxsL0SXCGwrllSjDeSxEg8s4uQabbLTZ5oKcdNBpJ55s6Mmnn2UAetYLXN2RUVU4QPwQGmvDMB1Xc1Ca0dF0fHdxC3W8RwdKkJIxRlUhS3zQF4ITbtGZDNkQ1g0z3-qQCHS0IQNFjucAuWYz9BWD0gaRXIZdX3yH-eORd76TGHi1iRNPYZfZ8UKNHvYZDH0oEBA%3D&s=f6992e97c66f7e04a3f5a4efc9c14f6d375762d93cd6e3b72b89859a7ee713fa1669758935&w=t&r=1&d=455&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=f68d0436-673c-4a86-9154-db4476eec16f; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:36 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.194.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 29 Nov 2022 21:55:36 GMT
via: 1.1 varnish
x-served-by: cache-bma1682-BMA
x-cache: HIT
x-cache-hits: 29
x-timer: S1669758936.120228,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
104.16.94.42200 OK 6.0 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
IP 104.16.94.42:0
File type ASCII text, with very long lines (24522), with no line terminators
Hash 78d50c02e7af6509e859aa92e6ae5d5a
3a93cb450d37149f4edbd4aac268362acdc57111
e3714a94b2ece870777081f191e8105ea3ca96b95ed6f7ebb7f6d8418a4ce831
GET /CACHE/css/output.ef7436bc2788.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29618
etag: W/"ade681e2fa92be6f93f43294ddc58941"
last-modified: Thu, 17 Nov 2022 16:34:23 GMT
x-amz-id-2: azvjfLhsZQz0cag4muV1nCoqw4kMQf5PSauhF7VXnYrO6hWxTMgQHmT8X4/+31fVT28kfu+Uu6Q=
x-amz-meta-s3cmd-attrs: md5:ade681e2fa92be6f93f43294ddc58941
x-amz-request-id: X33R15MJ639RYB32
cf-cache-status: HIT
age: 1055941
expires: Thu, 29 Dec 2022 21:55:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6o7ZesgoHlRoeUFTQNcx341%2BwOxs5vbTsyIKVWkGEnIHa72SebHRKqjLq1KFjtArAZpU4kbwa0SQsaokoa%2BZZ540CUjtJgz8LwV3XdVxtUbMcZDju3jL9UC4sKvGODhc7oJ2%2BB5izLYp39n5HyBx3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=33nJF_isnhiy7u4BF41Sz6c5bICz.J1BqjS11KvyXnc-1669758935731-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 771e96a44a500b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1199&ck=1&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1199&ck=1&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1199&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1680
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 21:55:36 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 771e96a84fec0b39-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
pogothere.xyz/asd100.bin
172.64.198.35200 OK 0 B IP 172.64.198.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2141
last-modified: Tue, 29 Nov 2022 21:19:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Q1%2FToL7uTXWDB%2Bvi2jDmBoc63aQ6%2FG0YbUajZacClY8uujmNkKYRbaG8TOFJVAj%2BiPAruqCchE9ZCmRjAwn%2F8MTasshAza%2B7EGOSIirMKLVpxFjEDc59bg6QvSxzGSZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e969629a271f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.18200 OK 0 B URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1669892989
server: CDN77-Turbo
x-77-nzt: AblMCQ0Z+nr/WcYNAA
x-77-nzt-ray: c0a4cc284cec4522d67f8663e1520d36
x-cache: HIT
x-age: 902745
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
104.18.101.40200 OK 0 B URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP 104.18.101.40:0
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=ybvdt5L0_apKGTqCQKZ776c.9w2PQ2qU8NwDExFYW50-1669758935-0-AZG7m240fCKf2PRpho5nJbOKBZg7A8Y/BMmqifFXCkh10JOWn8Ot/LI3YP9O08bxlAEWRV/M6zMNYxQGA/gm3VU=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Thu, 29-Dec-2022 21:55:35 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrdf48fdc4-6224-40eb-922f-b45f0a8b5fa4:1p08Zj:T_7pFmzyt0HT7oWqoApyzTvI_qA; Domain=.chaturbate.com; expires=Sun, 24-Aug-2025 21:55:35 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 771e96a24d850b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.162.22:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-183501608b0"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2989909
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0NyOY43DBDK5E8n49mIzI1odgU3xeWthOpemCkEovbYOOdP8OwzAG9S%2FsRSLqVHkVi2k7Rf1xBHugVsptY8ldr7zRMSYXNmar%2BfjAFeUekcXHfbWXdmho0%2Ff%2F3aRC18%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967decb771f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pSNQ66KIKXOvDw7qitgP
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/static/logo-tv-light.svg
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.162.22:0
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Sun, 18 Sep 2022 10:07:55 GMT
etag: W/"101b-18350119cac"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t3u70AanPhzkPKHIu5WmEPKgBpKPz9i66sDdIyxeHiGp%2Botwchd7JvFGSXIcWuAD%2BzNMGVicugw76vsbeE4jcAlKCYholNOzzZGQR8DuYIPpu8FnuLdLSrkAffXL2po%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967e3cc071f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.adtng.com/get/10005363?time=1592491455431&atc=423524&apb=rf88hxXkmxziBhvZltcNJ81slWlyMnkHTDVpArzmuAWeWKepTyJTnmduLz3uCUj6zg7X_tekiQhSLDWjU260xnaqWobJYnFIjZGF7IJpaYcuQrRxWhRa8fDR_gUIDRUi
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=423524&apb=rf88hxXkmxziBhvZltcNJ81slWlyMnkHTDVpArzmuAWeWKepTyJTnmduLz3uCUj6zg7X_tekiQhSLDWjU260xnaqWobJYnFIjZGF7IJpaYcuQrRxWhRa8fDR_gUIDRUi
IP 66.254.114.171:0
GET /get/10005363?time=1592491455431&atc=423524&apb=rf88hxXkmxziBhvZltcNJ81slWlyMnkHTDVpArzmuAWeWKepTyJTnmduLz3uCUj6zg7X_tekiQhSLDWjU260xnaqWobJYnFIjZGF7IJpaYcuQrRxWhRa8fDR_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KFmOGf9d7kHIqGOFfAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7040; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 63867FD7-42FE72AB01BB29B3-394C7FC
X-Firefox-Spdy: h2
tsyndicate.com/do2/4K7esoiMRbdmWXtGu7Vp9FjsD2M7K5vE/master?w=1280&h=1024&tz=0&count=10
136.243.130.121200 OK 0 B URL HTTP/2 tsyndicate.com/do2/4K7esoiMRbdmWXtGu7Vp9FjsD2M7K5vE/master?w=1280&h=1024&tz=0&count=10
IP 136.243.130.121:0
ASN #24940 Hetzner Online GmbH
GET /do2/4K7esoiMRbdmWXtGu7Vp9FjsD2M7K5vE/master?w=1280&h=1024&tz=0&count=10 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.naturalhealthsource.club
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 71a8ad6016438147
set-cookie: ts_uid=ce87a881-a12a-4837-b1c5-8f11f2c98b93; expires=Mon, 29 May 2023 21:55:35 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOG7gyBHjBgsZN3LIkEFDRhcWIsYUPMgixkURZTbGsGEjBw4aNWbMqNGRpEmUKmt06aMg; expires=Wed, 30 Nov 2022 21:55:35 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/css/style.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/css/style.css
IP 172.64.108.13:0
GET /sb/ssp/utility/social-media/whatsapp/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: text/css
last-modified: Fri, 27 Aug 2021 12:30:40 GMT
etag: W/"6128daf0-18be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1238144
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U6pfGkRKjckAiSz1MrBXyEAVvVPstdFJm8Rhvg83ZD62%2BDflG8Zii9XrWClCJYE9bSrjchox4VQ5lCGbcr5n6Vi%2BCOaHhsYsj5sr15AxH%2B0Ob07d00ISW%2FRyalsDVWW6rmiQV%2FZ08KhM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e9696fb487447-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.162.22:0
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-1835016572f"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2989919
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=95nWbfld%2FKL6YN%2FmlBvastfyN%2BB6DGmClQdkt9LeqSeO5ScJ9rL3kQNzEId9Zzi7XLx9mE5I2E8oHH5FZDNjV3572rBfoGsGZbBbNq%2Fw9NF5KeYgq81WYzTBooCPNuA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967decbc71f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pSNQ66KIKXOvDw7qitgP
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pSNQ66KIKXOvDw7qitgP
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
tsyndicate.com/do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5
136.243.130.121200 OK 0 B URL HTTP/2 tsyndicate.com/do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5
IP 136.243.130.121:0
ASN #24940 Hetzner Online GmbH
GET /do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.naturalhealthsource.club
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 9be956b93c62015f
set-cookie: ts_uid=f68d0436-673c-4a86-9154-db4476eec16f; expires=Mon, 29 May 2023 21:55:35 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsJEDB40aM2Y47KMg; expires=Wed, 30 Nov 2022 21:55:35 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.162.22:0
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"4f4a-17c56c3aeb1"
last-modified: Wed, 06 Oct 2021 18:00:37 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 29824249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=egPr43oY%2FeGbAdd2TL13ro8r9oBLqD1XRP9Un%2FI50DZwd8BI%2FYaia3XK9t1%2BRfJ%2BOYzWTm8sfeBJq2tGMjwzSFkJbWAe7GZ9GFXf%2BcynRzEprjGh%2BdRlILGpzdNBPjc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967decb671f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pSNQ66KIKXOvDw7qitgP
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 0 B URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.22200 OK 0 B URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.22:0
ASN #60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: application/javascript
etag: W/"f26c91d131ffc1bbddb296d644e"
expires: Tue, 29 Nov 2022 13:18:12 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669760335
server: CDN77-Turbo
x-77-nzt: AblMCRSTur3/tyQAAA
x-77-nzt-ray: af5856307795b5b5d67f86634551e517
x-cache: HIT
x-age: 9399
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
a.adtng.com/get/10005363?time=1592491455431&atc=445506&apb=cXxe5eXArMpmZCXPdks2MTJWhzlOA754M58cc_DN4dXHW_1-PR_OXVkte9dpWCBY9MWPS02G8yQNV1RufYa5yjdhV_TZUULJ2Ln7Xmi6Y5dq_RzdJpfG_wpI_gUIDRUi
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=445506&apb=cXxe5eXArMpmZCXPdks2MTJWhzlOA754M58cc_DN4dXHW_1-PR_OXVkte9dpWCBY9MWPS02G8yQNV1RufYa5yjdhV_TZUULJ2Ln7Xmi6Y5dq_RzdJpfG_wpI_gUIDRUi
IP 66.254.114.171:0
GET /get/10005363?time=1592491455431&atc=445506&apb=cXxe5eXArMpmZCXPdks2MTJWhzlOA754M58cc_DN4dXHW_1-PR_OXVkte9dpWCBY9MWPS02G8yQNV1RufYa5yjdhV_TZUULJ2Ln7Xmi6Y5dq_RzdJpfG_wpI_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KEmOGf9cNtSImyGd9Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7041; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 63867FD7-42FE72AB01BB29B3-394C7FD
X-Firefox-Spdy: h2
a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=hp3wCh-ErfdXvFczDvbv9fAT2ZJhNDxsILRqg2Rx4L1eC8SE6Q-eFuuGUJ2h1QVQ7j3ruJH-tpaagS3ql07_c5RsyoIHkDLkcQ8hbFBlsgWJ_gUIDRUi
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=hp3wCh-ErfdXvFczDvbv9fAT2ZJhNDxsILRqg2Rx4L1eC8SE6Q-eFuuGUJ2h1QVQ7j3ruJH-tpaagS3ql07_c5RsyoIHkDLkcQ8hbFBlsgWJ_gUIDRUi
IP 66.254.114.171:0
GET /get/10010248?time=1592494928726&atc=425995&apb=hp3wCh-ErfdXvFczDvbv9fAT2ZJhNDxsILRqg2Rx4L1eC8SE6Q-eFuuGUJ2h1QVQ7j3ruJH-tpaagS3ql07_c5RsyoIHkDLkcQ8hbFBlsgWJ_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KImOGf9cFESVPuet9Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7079; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 63867FD7-42FE72AB01BB29B3-394C7FF
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.94.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 1124892
expires: Thu, 29 Dec 2022 21:55:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Av4dU1uZFjU2fkNx9lE37Vebo6W67rWTXc%2B3gEngU17a%2FdvGfLnTZjXafiS5SeoP7NW08H1K3oPQmNseQQRTLqAfYhjOpyClNVMpbJOyVllEY37hPZJeyWnwPrSDZVC5SqTX2d4IP%2B0zQuDuBnboZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=HWnyXVDEbfGm8bEqe_LVh8s0CouQzvMXC5sooQgQwsk-1669758935733-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 771e96a44a5d0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/video/5edc59d923629346a514272b
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/video/5edc59d923629346a514272b
IP 172.64.162.22:0
GET /video/5edc59d923629346a514272b HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=9wf6x9yq8090iat1l7ioeze; Domain=xfantazy.com; Path=/; Expires=Mon, 29 Nov 2032 21:55:29 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Tue, 06 Dec 2022 21:55:29 GMT
experiment-save-to-button-2=0; Path=/; Expires=Tue, 06 Dec 2022 21:55:29 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r1Z%2FblZwQZPEtIU3aNF2AX2IX4Gro6qd%2BuYPoelLpIZqgmgMQoYtLXqmEI6G52zegaHGOQbdpWHZKhzGEjZCjGjgO3L6WtiQTyEIKRglE6dEcJMxjGgdGlx%2B9eNtdXU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967b6fe071f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP 172.64.162.22:0
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5edc59d923629346a514272b
Cookie: visitorId=9wf6x9yq8090iat1l7ioeze; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-18350162900"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4562496
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OTvy0FGemu9iU8GhbE7xX%2F%2BS07gQ2s1jSmACakHNdHqqWy8G5l5h7R2LPS6MdE0vdd4oWYMlQwM4rvEqq74ZwRC2x83xSuOrgDaCaFIBEBl0U2rk8BHemFkRD%2Fgh09c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771e967decb971f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pSNQ66KIKXOvDw7qitgP
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
IP 172.64.108.13:0
GET /sb/chat/mob/ssp/v2/new/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:58 GMT
etag: W/"62ceb706-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1238662
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RnR2s%2BudXAz%2FIqQLh%2BfvvRFZk1EouOkXZoT%2BNnZrlvFOUR7IssaoNv8JeY3FUouVIiL3hjBnskrvJyKX3I8ZP9amDKDNUcquGZIssSW373GOhsiGbfVUriCFOi60M2UbDH4cFHU5i9M4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e96971d7f072a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.101.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.101.40:0
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Sun, 04-Dec-2022 21:55:35 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Thu, 29-Dec-2022 21:55:35 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Wed, 30-Nov-2022 03:55:35 GMT; Max-Age=21600; Path=/
sbr=sec:sbr01fbdd0c-87cc-4813-9fb8-cd9cf6d2f645:1p08Zj:PAmFw6gX9vii8FHAJJ4ksxsDOZ4; Domain=.chaturbate.com; expires=Sun, 24-Aug-2025 21:55:35 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=ybvdt5L0_apKGTqCQKZ776c.9w2PQ2qU8NwDExFYW50-1669758935-0-AZG7m240fCKf2PRpho5nJbOKBZg7A8Y/BMmqifFXCkh10JOWn8Ot/LI3YP9O08bxlAEWRV/M6zMNYxQGA/gm3VU=; path=/; expires=Tue, 29-Nov-22 22:25:35 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 771e96a12c390b4d-OSL
X-Firefox-Spdy: h2
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 21:55:30 GMT
content-type: application/javascript
last-modified: Sat, 22 Oct 2022 11:28:35 GMT
etag: W/"6353d3e3-1cfaf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a52c33748955378f279062b7fc7ef91e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: l-dDW6x0TN5-_DpwP75OYIbH4UFTW0BVKuiumiZ0-LSCE712I2NRSA==
age: 2983101
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/img/close.svg
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/img/close.svg
IP 172.64.108.13:0
GET /sb/ssp/utility/social-media/whatsapp/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 21:55:33 GMT
content-type: image/svg+xml
last-modified: Thu, 11 Feb 2021 15:19:43 GMT
etag: W/"60254b0f-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1238645
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hf3bEKgXiDfJ4o0FBUSMlm8WKQY790XLSphUr6T2iWGuD%2BODYCIONBBlc5bz9UNnMqPiou9bV4tyvOQJT4LcKPugr%2BKwySCet5xRoeJGFpVMNh%2Fd%2BpuDqAAxrwW5CV87%2B6DK5NY0W%2Fq6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771e9696cd07072a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.adtng.com/get/10005363?time=1592491455431&atc=445506&apb=Q19cetI9HfKIb2WjctskdvFIJyji4Cdz80x92SePPiB42x0Rr9HRddSW5sxIH7K3dArhRLpzkF1Xpn8LUpX_96iykTya7ByUdGPpELILzbhOJwppLdLiene2_gUIDRUi
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=445506&apb=Q19cetI9HfKIb2WjctskdvFIJyji4Cdz80x92SePPiB42x0Rr9HRddSW5sxIH7K3dArhRLpzkF1Xpn8LUpX_96iykTya7ByUdGPpELILzbhOJwppLdLiene2_gUIDRUi
IP 66.254.114.171:0
GET /get/10005363?time=1592491455431&atc=445506&apb=Q19cetI9HfKIb2WjctskdvFIJyji4Cdz80x92SePPiB42x0Rr9HRddSW5sxIH7K3dArhRLpzkF1Xpn8LUpX_96iykTya7ByUdGPpELILzbhOJwppLdLiene2_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 21:55:35 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KImOGf9cGxiX4iVXBAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7079; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 63867FD7-42FE72AB01BB29B3-394C7F4
X-Firefox-Spdy: h2