gay112.com/
104.21.81.228301 Moved Permanently 0 B IP 104.21.81.228:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: gay112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 22 Oct 2022 14:13:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 22 Oct 2022 15:13:23 GMT
Location: https://gay112.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SkorPajbPDnmra%2BRaXykRROoQDu8hE42W4ocIQwi3mm7NYhOE7efvh03BXyXRaDpOG1TTEpEMj84zxqe4expUsKHVDrHGVd%2FPnvM1%2BQFCkxO4lqhjqcO%2BDqNfMqU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75e2d5560a4fb50f-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c19f4a1def760c07cbc4aec1d0d6c050
6ad911a7c02f5e5fdd82fa86cae0453528d53a6d
750bba81910a4bbd78ab484ba03781a36459a0aec147d7c47424e9a9bf152b40
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "750BBA81910A4BBD78AB484BA03781A36459A0AEC147D7C47424E9A9BF152B40"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3963
Expires: Sat, 22 Oct 2022 15:19:26 GMT
Date: Sat, 22 Oct 2022 14:13:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
18.244.155.28200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.244.155.28:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash c9df6b36bf16969ac566c1b798362e4a
e56eff34815153ae019a4bf63eb9746dd9ae2e5b
33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 22 Oct 2022 13:26:15 GMT
Expires: Sat, 22 Oct 2022 14:26:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 2198d73d723eb37fb611b71c9a3c8382.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: kpfg_VZ3cXaZuNfrrtMwlbHeTXOQfiKeOwsvHpcTSJwU2BeNp13nSw==
Age: 2828
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cecd3b2e0cd07173ee1fb63b0a744119
774e0935fffd5bb39799c040098e32c3dc88702f
78c2c60f2d752f572f1711e23aa3f82d5e5bce1940064405f6f989886f6315df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78C2C60F2D752F572F1711E23AA3F82D5E5BCE1940064405F6F989886F6315DF"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3954
Expires: Sat, 22 Oct 2022 15:19:17 GMT
Date: Sat, 22 Oct 2022 14:13:23 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 32fa200a22be3199690ff2692ebe8518
3f6c7fd81d3b9d022f66199105e802470fc92c2c
1b4cbdbaaa07ae6a7b631b075d0786a6953546fc4bd95b12b49d34d6a50abcee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=166644
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:23 GMT
Etag: "6353e277-117"
Expires: Mon, 24 Oct 2022 12:30:47 GMT
Last-Modified: Sat, 22 Oct 2022 12:30:47 GMT
Server: nginx
Content-Length: 279
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: APj+yvcoV94J/KhMVscqgCr+Ly0VpQzOL6SOe12aYEsgjzR0Ax/Y8LOOuXC7zZmZd5eB5nP72Ow=
x-amz-request-id: 0WJ0HC1PS0REGXMD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 22 Oct 2022 13:37:35 GMT
age: 2148
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 14:13:23 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
gay112.com/
104.21.81.228302 Found 279 B IP 104.21.81.228:0
Hash 32fa200a22be3199690ff2692ebe8518
3f6c7fd81d3b9d022f66199105e802470fc92c2c
1b4cbdbaaa07ae6a7b631b075d0786a6953546fc4bd95b12b49d34d6a50abcee
GET / HTTP/1.1
Host: gay112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 22 Oct 2022 14:13:24 GMT
content-type: text/html; charset=UTF-8
location: /no/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rKK%2BkULClBo5%2Fh0VwIyH7BaVtAbxxUuCGWxEMdOGlX81pnpiU4XYgSCvdlmnebUn%2B%2Bz2Dv4NnnPlNcQV%2BKfSJLGu3oLGmsUCiSlQHnsaZmM3pSPjq4cQG8Qe8nt%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e2d558de621c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 2.9 kB IP 142.250.74.35:0
Hash aac46306cdc25543b458ee84eee05285
7bd9fdb1f88f62482469ffe61935fb2c4892491a
0027b1b7c50a734509c3bf63bb151b92ee8be889129db4057cc1ece32c4cc383
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 35 kB IP 142.250.74.35:0
Hash bd26d44070190b2e78c5802c4e7345bd
d793aa526080317db2caadae7f2021937afbb32b
455cd7f20795a96e5918d705f7f04ce5d5864a37df3b2305dd5942801997474b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 794a6d2df00fc15e8b4ed6ff4992525e
f8d67c7fd506709d7232298859fe2b3daf374f29
02d38690754b5d99178d576fe6df6c1ca881a2bbd806a75c633c371fac0221da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 316 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 8b5afe379239246183b9e1973138b0c6
123b96241f975a1b83bf6a07ac27781eb545fd47
ab003f4134a18d0f29f8522a80b79e3176a9e56e6a5e857ed8b62ca6f89f13f5
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 14:13:24 GMT
Content-Type: application/ocsp-response
Content-Length: 316
Connection: keep-alive
Last-Modified: Wed, 19 Oct 2022 16:12:18 GMT
Expires: Wed, 26 Oct 2022 16:12:17 GMT
Etag: "123b96241f975a1b83bf6a07ac27781eb545fd47"
Cache-Control: max-age=352132,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e2d55b48f3b51e-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22d48cac54c92565a05d9cd6312d257a
e6b1e2af2bec3bf3e55bea44fa2494d0ac8c1e85
4d4e9c2a070585ca0af7ebe2857c33033e19792ce3d74b3fd39d37acbdbb3d07
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D4E9C2A070585CA0AF7EBE2857C33033E19792CE3D74B3FD39D37ACBDBB3D07"
Last-Modified: Thu, 20 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3904
Expires: Sat, 22 Oct 2022 15:18:28 GMT
Date: Sat, 22 Oct 2022 14:13:24 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 09f1d552877c07059a3c8debf4187f12
5832bc57522a3fda9a0fec7288076db87d4560c5
de8ad3e1d71f1e4f709bed37590b5e0cdb520db9a246e57d212036af8cfc0f18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4565ff52fc858b04afb8c31fe50972c4
1a072ddb8a70f79a57831bffe19fc2690717b357
270ebcdc9bdd8c647394510f6d67e3c20f0718bfbdbc9de552926be1ee9d4807
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "270EBCDC9BDD8C647394510F6D67E3C20F0718BFBDBC9DE552926BE1EE9D4807"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13090
Expires: Sat, 22 Oct 2022 17:51:34 GMT
Date: Sat, 22 Oct 2022 14:13:24 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 09f1d552877c07059a3c8debf4187f12
5832bc57522a3fda9a0fec7288076db87d4560c5
de8ad3e1d71f1e4f709bed37590b5e0cdb520db9a246e57d212036af8cfc0f18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.244.155.28200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.244.155.28:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Pragma, Content-Length, Content-Type, ETag, Retry-After, Cache-Control, Last-Modified, Backoff, Expires
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 22 Oct 2022 14:03:50 GMT
Cache-Control: max-age=3600
Expires: Sat, 22 Oct 2022 14:07:38 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8f636bf03a771a87b28d04c076408cc2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: NYR-_kpw9arN8y0glO9UcHhneEwGqpmtQHaRynUdZCRGqaqgHJHkjg==
Age: 574
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gay112.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 239956
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/cabin/v26/u-4X0qWljRw-PfU81xCKCpdpbgZJl6XFpfEd7eA9BIxxkbqDH7alxw.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/cabin/v26/u-4X0qWljRw-PfU81xCKCpdpbgZJl6XFpfEd7eA9BIxxkbqDH7alxw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15168, version 1.0\012- data
Hash 1598ebfa232c5514a99a8af0405cc9a6
d81db409924496627326925cffa27d465c24de3d
45a8badf06824c87461905a8b1871fc3ca3eb5934cee490deadad743ebf99661
GET /s/cabin/v26/u-4X0qWljRw-PfU81xCKCpdpbgZJl6XFpfEd7eA9BIxxkbqDH7alxw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gay112.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15168
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 18 Oct 2022 21:17:15 GMT
expires: Wed, 18 Oct 2023 21:17:15 GMT
cache-control: public, max-age=31536000
age: 320169
last-modified: Fri, 24 Jun 2022 18:41:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
videotxxx.com/videos/18018333/how-chinese-guys-enjoy-boys-porn/?promo=38830
62.122.168.133302 Moved Temporarily 145 B URL HTTP/1.1 videotxxx.com/videos/18018333/how-chinese-guys-enjoy-boys-porn/?promo=38830
IP 62.122.168.133:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8f44bacdcf4f730bc8a23bffdb52bf2c
d0ce633b7a9edb873911e993ed2621e40082a6fc
8887002d60cef2c1d9d2d25e50d06f9f2badcaa11b5b50577a1cba5dd4f3d0e8
GET /videos/18018333/how-chinese-guys-enjoy-boys-porn/?promo=38830 HTTP/1.1
Host: videotxxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.21.2
Date: Sat, 22 Oct 2022 14:13:24 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: https://txxx.com/videos/18018333/how-chinese-guys-enjoy-boys-porn/?promo=38830
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gay112.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 239956
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
news-debipa.com/code/https.js?uid=166797&site=8051289&banadu=0&sub1=undefined&sub2=undefined
149.7.16.209200 OK 8.8 kB URL HTTP/2 news-debipa.com/code/https.js?uid=166797&site=8051289&banadu=0&sub1=undefined&sub2=undefined
IP 149.7.16.209:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (8813), with no line terminators
Hash b5d819f1f4677f1809b3443ee88bcf54
d3e8de4b9ab07cab2be7dbc8f7c694d292e386b2
a1e1e80be97a4901965b1c4b2ade4ae34bc4362be6931ee64c57737f900a600f
Analyzer Verdict Alert quad9 Sinkholed
GET /code/https.js?uid=166797&site=8051289&banadu=0&sub1=undefined&sub2=undefined HTTP/1.1
Host: news-debipa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 14:13:24 GMT
content-type: application/javascript
content-length: 8813
last-modified: Tue, 18 Oct 2022 06:02:52 GMT
etag: "634e418c-226d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/icon?family=Material+Icons
142.250.74.10200 OK 17 kB URL HTTP/2 fonts.googleapis.com/icon?family=Material+Icons
IP 142.250.74.10:0
Hash 80385d062825c64b37849af1cf481352
64a6069aebd1f5ab673ef5feaee9d4d08e7be84d
07fc4e12a18a30d164486771ea3d608f6e7a3554627fc264aae33314e93d9dcb
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 22 Oct 2022 14:13:24 GMT
date: Sat, 22 Oct 2022 14:13:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 09f1d552877c07059a3c8debf4187f12
5832bc57522a3fda9a0fec7288076db87d4560c5
de8ad3e1d71f1e4f709bed37590b5e0cdb520db9a246e57d212036af8cfc0f18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
in.tubecorporate.com/in/tcc/?promo=38830&mc=1858225680&dc=1947809007&tc=577709842
62.122.173.28200 OK 25 kB URL HTTP/2 in.tubecorporate.com/in/tcc/?promo=38830&mc=1858225680&dc=1947809007&tc=577709842
IP 62.122.173.28:0
Hash ce244a0ad4de2e4574a82b5729fbe39b
89080fee2871fd906db3807419dcd5505de11c5a
9bf0f3d65d0a8d44a322182ea0ea1d85f5b333f4329eaa992d2e1cb859c3408e
GET /in/tcc/?promo=38830&mc=1858225680&dc=1947809007&tc=577709842 HTTP/1.1
Host: in.tubecorporate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gay112.com/
Origin: https://gay112.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:24 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 832.0=1; expires=Sun, 23 Oct 2022 14:13:23 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fecd12689ba4c6aa556814b7fac0d344
a3005f6333ce5201a73e2857c764a1b0091a91d5
83e0fb564f86df4300e8fc4b5baaf0ed13102c384922d388e02620fb3363a842
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6567
Cache-Control: max-age=157368
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:24 GMT
Etag: "6353a495-1d7"
Expires: Mon, 24 Oct 2022 09:56:12 GMT
Last-Modified: Sat, 22 Oct 2022 08:06:45 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d4ecf776d5d3f1b1981b72ab386395e2
88175940a4fd99b75a1cdf9efb4feadf2847c07f
2ba24c00a50920fd966a42f331db80f6cce277f58a3a13fc79fba14a3728147c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5043
Cache-Control: max-age=130302
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:24 GMT
Etag: "635340cf-117"
Expires: Mon, 24 Oct 2022 02:25:06 GMT
Last-Modified: Sat, 22 Oct 2022 01:01:03 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0cd835e38551dbe2895b8df8eb095031
3f39e45765b86fd164c26f77933c038bfb6c0c77
b6f83f6582a69c1a777fe1a1b3039abe3881cfe05dc04896110682446724b294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6F83F6582A69C1A777FE1A1B3039ABE3881CFE05DC04896110682446724B294"
Last-Modified: Thu, 20 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3237
Expires: Sat, 22 Oct 2022 15:07:21 GMT
Date: Sat, 22 Oct 2022 14:13:24 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d4ecf776d5d3f1b1981b72ab386395e2
88175940a4fd99b75a1cdf9efb4feadf2847c07f
2ba24c00a50920fd966a42f331db80f6cce277f58a3a13fc79fba14a3728147c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5043
Cache-Control: max-age=130302
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:24 GMT
Etag: "635340cf-117"
Expires: Mon, 24 Oct 2022 02:25:06 GMT
Last-Modified: Sat, 22 Oct 2022 01:01:03 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
7e63ede8c9.2932cceca4.com/73aa36b5b81dd501a4dee81d344f1a5d.js
45.133.44.24200 OK 35 kB URL HTTP/2 7e63ede8c9.2932cceca4.com/73aa36b5b81dd501a4dee81d344f1a5d.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 8c400c072e188ec224cd5e8b6efbeb44
72dd4e75f6a804bfdd940bc1d13942b38c47217a
25c9d7ffc1ee9e5ebe0d2466fd6c21c6fe876fccf8ee328a261e63a273052ebd
Analyzer Verdict Alert quad9 Sinkholed
GET /73aa36b5b81dd501a4dee81d344f1a5d.js HTTP/1.1
Host: 7e63ede8c9.2932cceca4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gay112.com
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:24 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 17 Oct 2022 13:00:02 GMT
etag: W/"634d51d2-16dc3"
content-encoding: gzip
expires: Sat, 22 Oct 2022 14:18:24 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
87.250.251.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.251.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (731)
Hash 64adf2282f72dc350e916cb82af41ab7
d5c10f65a7ac0cce6eb0c78df805965a9a3ad017
4942011d5f3623476ceff936e757245d89ce2af664558a7031497d370a3d3771
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73219
date: Sat, 22 Oct 2022 14:13:25 GMT
access-control-allow-origin: *
etag: "6351126c-11e03"
expires: Sat, 22 Oct 2022 15:13:25 GMT
last-modified: Thu, 20 Oct 2022 12:18:36 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.41.246.187101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.246.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fJrrNWVhuk2GMiGKBOJuqw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: u54y8vfsDfdRRU3b0Lm1H2JXLwo=
news-debipa.com/sw.js
149.7.16.209200 OK 4.0 kB IP 149.7.16.209:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (3964), with no line terminators
Hash 7c60cc903a18857a61023bde734a757b
d53632ffe44847e798eeb6fcaacc3b3584e4a23d
dff87b88fb2ffccdadc8d3c04ffe475d848247456fa7c5b95328ccc14e7a48ea
Analyzer Verdict Alert quad9 Sinkholed
GET /sw.js HTTP/1.1
Host: news-debipa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 14:13:25 GMT
content-type: application/javascript
content-length: 3964
last-modified: Tue, 30 Aug 2022 09:40:34 GMT
etag: "630ddb12-f7c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
7e63ede8c9.2932cceca4.com/6b632003bafeab0b8618010e044b2de5/27953?version_name=d
45.133.44.24200 OK 6.1 kB URL HTTP/2 7e63ede8c9.2932cceca4.com/6b632003bafeab0b8618010e044b2de5/27953?version_name=d
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 7084cc9c92267e0dce1f1c5befa833cc
2bde7146f58f9f2643f8fe724b80267362d3a772
81270b7cbc26675a95988c4f2b17c2e2043eaf56398e5954350e22cf0d63562c
Analyzer Verdict Alert quad9 Sinkholed
GET /6b632003bafeab0b8618010e044b2de5/27953?version_name=d HTTP/1.1
Host: 7e63ede8c9.2932cceca4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gay112.com
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:25 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 22 Oct 2022 14:18:25 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 94ee541bb392e5675c1e24c94c197f8b
bce18b05a24f5e2c6743cbbe849a733091586176
82f791c205847646216d72b4ce65bc3587ca69d1da17a3a2afb477640822c4dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-MVMB4DG
142.250.74.168200 OK 40 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MVMB4DG
IP 142.250.74.168:0
File type ASCII text, with very long lines (2198)
Hash fcdb4ff9960562c2cd95eb06e97d3a00
c3fc75bc173c29b5fab6ec6499127fbbcc2551e6
620d56fdd90f4bbbb9a2ad12c0540c70e13d2a6e573830e73802743f716e1c0e
GET /gtm.js?id=GTM-MVMB4DG HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 22 Oct 2022 14:13:25 GMT
expires: Sat, 22 Oct 2022 14:13:25 GMT
cache-control: private, max-age=900
last-modified: Sat, 22 Oct 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 39474
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-MDKJT8
142.250.74.168200 OK 41 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MDKJT8
IP 142.250.74.168:0
File type ASCII text, with very long lines (1820)
Hash 00a300c19a3434afc1079ea899e4d081
b0b44d96253fd98445e19c0ba5a512447ccd88fd
6c4aadd4cc19fa0c3631d53ea91f4194c508e0e81077362377bac656d6bf0fdd
GET /gtm.js?id=GTM-MDKJT8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 22 Oct 2022 14:13:25 GMT
expires: Sat, 22 Oct 2022 14:13:25 GMT
cache-control: private, max-age=900
last-modified: Sat, 22 Oct 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 40586
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 94ee541bb392e5675c1e24c94c197f8b
bce18b05a24f5e2c6743cbbe849a733091586176
82f791c205847646216d72b4ce65bc3587ca69d1da17a3a2afb477640822c4dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f19986b4bb8a3720461fd0ee1e2076f2
b823af91de782f7e11ee4b7308c4607394779c0d
b8178dba6d9edab1d4eb40fc9bdfd07a3a4cd0def671aa297e0a7f0010dba723
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8178DBA6D9EDAB1D4EB40FC9BDFD07A3A4CD0DEF671AA297E0A7F0010DBA723"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4093
Expires: Sat, 22 Oct 2022 15:21:38 GMT
Date: Sat, 22 Oct 2022 14:13:25 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sat, 22 Oct 2022 14:18:25 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
mc.yandex.ru/watch/88852221/1?wmode=7&page-url=https%3A%2F%2Fgay112.com%2Fno%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1192%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A829220940798%3Ahid%3A431956918%3Az%3A0%3Ai%3A20221022141339%3Aet%3A1666448020%3Ac%3A1%3Arn%3A150071822%3Arqn%3A1%3Au%3A1666448020635152036%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C64%2C3%2C577%2C0%2C%2C357%2C64%2C%2C%2C%2C1141%3Ans%3A1666448017935%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448020%3At%3AGay112.com%20-%20best%20free%20gay%20porn%20videos.&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
87.250.251.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/88852221/1?wmode=7&page-url=https%3A%2F%2Fgay112.com%2Fno%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1192%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A829220940798%3Ahid%3A431956918%3Az%3A0%3Ai%3A20221022141339%3Aet%3A1666448020%3Ac%3A1%3Arn%3A150071822%3Arqn%3A1%3Au%3A1666448020635152036%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C64%2C3%2C577%2C0%2C%2C357%2C64%2C%2C%2C%2C1141%3Ans%3A1666448017935%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448020%3At%3AGay112.com%20-%20best%20free%20gay%20porn%20videos.&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash 00f218146353623292ff9ff59a68d10c
236bb24588aabf725f6decc609b58fb0ae98cea9
9b8b6ea8a957569b025fd579d3fa57d0edfe106b37e26a961083e25493ddad76
GET /watch/88852221/1?wmode=7&page-url=https%3A%2F%2Fgay112.com%2Fno%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1192%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A829220940798%3Ahid%3A431956918%3Az%3A0%3Ai%3A20221022141339%3Aet%3A1666448020%3Ac%3A1%3Arn%3A150071822%3Arqn%3A1%3Au%3A1666448020635152036%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C64%2C3%2C577%2C0%2C%2C357%2C64%2C%2C%2C%2C1141%3Ans%3A1666448017935%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448020%3At%3AGay112.com%20-%20best%20free%20gay%20porn%20videos.&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gay112.com
Referer: https://gay112.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Sat, 22 Oct 2022 14:13:25 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://gay112.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 22-Oct-2022 14:13:25 GMT
last-modified: Sat, 22-Oct-2022 14:13:25 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
a.realsrv.com/ads.js
205.185.216.10200 OK 974 B IP 205.185.216.10:0
File type ASCII text, with very long lines (2475), with no line terminators
Hash f2e9f79e4bd643ca1264fca98531c71e
7acaa14a18676a38bdc3043d0e016e8cfacb275a
db8cf84b422102aa8bc89c36a569921dc69ed556703a96ca44434d2fe98af57b
GET /ads.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 14:13:25 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 974
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"f4fddb85b686269b678e3caf766"
X-HW: 1666448005.dop013.sk1.t,1666448005.cds238.sk1.shn,1666448005.dop013.sk1.t,1666448005.cds013.sk1.c
Access-Control-Allow-Origin: *, *
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
216.58.207.195200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Hash 7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://txxx.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:26:57 GMT
expires: Thu, 19 Oct 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 240388
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
syndication.realsrv.com/ads-iframe-display.php?idzone=693913&output=noscript&type=300x250
95.211.229.246200 OK 1.2 kB URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=693913&output=noscript&type=300x250
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1208)
Hash ac632f75838a23a2614eb3bb80b0fa03
e68420ac465488aee9f14104bdffa73fd9192ee4
45a70996cd4de4d9fa644cfd19d72e5c6fcdcc668efef74b34823a757a4da8e8
GET /ads-iframe-display.php?idzone=693913&output=noscript&type=300x250 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Oct 2022 14:13:25 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226353fa85dd1035.347219853908525682%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:25 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/ads-iframe-display.php?idzone=693925&output=noscript&type=300x250
95.211.229.246200 OK 1.3 kB URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=693925&output=noscript&type=300x250
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1208)
Hash bb50a6025516ed814d77c24eb1122fff
818968e8b3da136acfd31d6db9c89eebbdb63a73
ddf6df6773ebed1056c8aa386a7a0dd2f443cae3cf9c1f1b0239f4c9c1f021e0
GET /ads-iframe-display.php?idzone=693925&output=noscript&type=300x250 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Oct 2022 14:13:25 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226353fa85dd0115.819510263508375897%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:25 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmroemnxgxaaasboomageicxbmsbocnxgxaaacxalacgeioslmrxbrnxgxaaacxalacgeicxbmsbxcnxgxaaaccrsxogeicxbmsbcenxgxaaaceamomgeislsaroornxgxaaasmacsrgeicxbmsboenxgxaaasboomageimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaaaceamomgeimcclsoeenxgxaasamsoccgeimcclosconxgxaaaebloxbgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaareealbcgeioslmrxlsnxgxaaassrmelgeicaormbbonxgxaareeamrcgeioslmrxlrnxgxaaacsxosageimcclsxscnxgxaaacsxosageimrerbmbbnxgxaasmeceesgeialbsereanxgxaacsxbrblgeialbserebnxgxaaaceamomgeiccmblmmcnxgxaaaoxlcxageimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaaaexxasogeimrblelmbnxgxaasblsoxxgeimcclossanxgxaaacxalacgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaacllaxbogeimccloscenxgxaaslcsrobgeimcclsxacnxgxaaslcsrobgeicaormlebnxgxaacxeermsgeimcersxranxgxaacxeermsgeisaeeasslnxgxaacxeermsgeimcersxacnxgxaacxeermsgeimcersxrenxgxaacxeermsgeiccmblmmbnxgxaaasocoaageiccmblmmanxgxaaasocoamgeislsarosxnxgxaacsremoegeiabeocmsbnxgxaacmobeeageimcclsxcanxgxaacmobexrgeimaecobxanxgxaacmobexrgeimcclsxsbnxgxaacmcrlolgeiccmblmmonxgxaaasesrmegeialbserxonxgxaaaosmcebgeimcclossbnxgxaacbmrobbgeicaormlxbnxgxaaaoleblmgeimcclsxobnxgxaarooxcesgeimcclsxbcnxgxaacllaxbogeimrblelxanxgxaacllaxbogeimaecsxccnxgxaacllaxbogeimaecsxcanxgxaacllaxbogeimrblxeeanxgxaacllaxbogeicaormbbcnxgxaaaolemcxgeicaormlxenxgxaareeaabrgeimcclsxsenxgxaaaceamomgeimcclsxlcnxgxaarexcoelgeirbabxabbnxgxaarxbccllgeicaxsscmbnxgxaaaebrrolgeimcclsxlanxgxaarooxcesgeialbserxenxgxaarxcelaxgeimccloscanxgxaaasaomlmgeimcclsxaonxgxaaasbblsmgeimrblxeeonxgxaarooxcesgeimcclsxlbnxgxaaasbblsmgeimcclsxlonxgxaaacsxosageiclsmrrmanxgxaarlemcoegeiclsmrbxonxgxaarlemcoegeiclsmarocnxgxaarlemcoegeiclsmarcanxgxaarlemcoegeimaecsecbnxgxaaaexxasogeicaormlxcnxgxaaaolemcxgeicaormbmbnxgxaaaoleblmgeimxlbmoconogxaaasaomlmgxcceimxlbmosanogxaaasacacmgxcceimxxrecsanxgxaaasmerlcgxcceimrblbaaenxgxaaasmorrogxcceimrbacxaanxgxaaasmorrsgxcceimrsreamcnxgxaaasmobxogxcceimxlbmxlenogxaaasmolbogxcceicbbmelronxgxaaasmolbogxcceirbrlcacenxgxaaasmolbogxcceimxlbmoscnagxaaasmssoegxcceicxxolxlmnxgxaaasmssoxgxcceimasrbcmenxgxaaasmrxssgxcceimraeelabnxgxaaasmasargxcceimraeelaanxgxaaasmasargxcceimcssmlrcnsgxaaasmacsrgxcceimxcbrxmanxgxaaasmaaxmgxcceimxlbalcensgxaaasmabxsgxcceimaoolemenxgxaaasmmoomgxcceimxlbmosoncgxaaasmbebegxcceimcssmlronsgxaaasbeoxlgxcceimasbmcocnxgxaaasbeoxlgxcceimrerbbeonxgxaaasbeoxlgeicxmecmcanxgxaaasbeooegxcceimexexabbnxgxaaasbeoorgxcceimxlbmxlonogxaaasberxbgxcceimxcbrxlcnxgxaaasboomrgxcceimasbmcxbnxgxaaasboomrgxcceimasbmcsonxgxaaasboomagxcceimcssmlrensgxaaasboomagxcceialrexexbnsgxaaasboomagxcceimasbmcobnxgxaaasboomagxcceialrexeoonxgxaaasboomagxcceimcoaxmxcncgxaaasboomagxcceimxcbrxobnogxaaasbssxegxcceiccmmllebnxgxaaaceamomgeimrsreabonsgxaaasbrcblgxcceialbmlecenxgxaaasbaermgxcceimxcbrxcenxgxaaasbaermgxcceimrxmbacbnxgxaaasbaermgxcceimxcbrxbenxgxaaasbmeemgxcceialxosmbanxgxaaasbmeebgxcceimasbmcsenxgxaaasbmeebgxcceimasbmcoenxgxaaasbmeebgxcceimasbmcoanxgxaaasbmslrgxcceimasbmcoonxgxaaasbmslagxcceimrcscrsanxgxaaasbmrxagxcceimclxlloanxgxaaasbblsmgxcceiccmmlleanxgxaaasbblsmgeimaecsxxcnxgxaaasbblsmgeimaecseaonxgxaaasbblsmgeimeembecenxgxaaasblecagxcceicloaxxacnxgxaaasbloobgxcceimrbxmxmanxgxaaasbloobgxcceimeembescnxgxaaasblsrmgxcceicloaxxmonxgxaaasleelsgxcceialbmmbbenogxaaasleelsgxcceimeembesonxgxaaaslecscgxcceiraclralcnxgxaaaslxsxrgxcceicmarxbbonsgxaaaslxsxrgxcceimaxecocbnxgxaaaslxclsgxcceimxlbalsbnogxaaaslcrbogxcceiceecmorsnxgxaaaslcrblgxcceimxxerrxenxgxaaaslclaegxcceimrmaobxanogxaaaslclaegxcceimxlbmxbbnogxaaaslroaagxcceimxlbmxlcnrgxaaaslroamgxcceimsacexoonxgxaaaslroamgxcceimrsreabensgxaaacexmargxcceimxlbalscnogxaaacexlcmgxcceimocolroanogxaaacexlcmgxcceimrracoranxgxaaaceoarcgxcceimaelrlbenxgxaaacesbmlgxcceimrsreaabnxgxaaacesbmlgxcceicloaxxaanxgxaaacecblsgxcceimxeoxsbensgxaaaceamomgxcceimcclsxronxgxaaaceamomgeimcclosscnxgxaaaceamomgeicloaxxabnxgxaaaceamomgxcceimaelrlmonxgxaaacelllegxcceimaelrlbonxgxaaacelllegxcceimrmaoboenogxaaacxexcagxcceimexlaeobnxgxaaacxexlmgxcceicloaxxmenxgxaaacxexlmgxcceimaelrlmanxgxaaacxeroagxcceimrsreamanxgxaaacxeroagxcceimaxmeblcnxgxaaacxeroagxcceimrsreambnxgxaaacxeroagxcceimxxerrecnxgxaaacxsrblgxcceialcaercenxgxaaacxsrblgxcceimrcscosbnxgxaaacxrsmsgxcceialbbebsbnxgxaaacxrcabgxcceialbbebsanxgxaaacxrcabgxcceimasaxrxenxgxaaacxalacgxcceimasclocenxgxaaacxalacgeimrracoaenxgxaaacxalargxcceimasaxrxanxgxaaacxalaagxcceicloaecoenxgxaaacoecemgxcceimxeoxsacnxgxaaacoxrmmgxcceialbmmbbonxgxaaacomeoogxcceimxlbmoobnogxaaacomeoogxcceimxeemleenxgxaaacsxosagxcceixaoossalnrgxaaacsxosmgxcceimasaxrsenxgxaaacsxosmgxcceimxcbrxscnxgxaaacsbalcgxcceimxcbrxlonogxaaacslsoxgxcceimaoxcscanxgxaaacceooxgxcceimaoxcscbnxgxaaacceooxgxcceialbbebrenxgxaaacceamlgxcceimemlxbocnsgxaaacceamlgxcceimrracoaonxgxaaaccebaegxcceimxreaomcnxgxaaaccelsbgxcceimeelaclanogxaaaccxcamgxcceixaoosscrncgxaaaccccsxgxcceimrxccosanogxaaacccrsbgxcceimrxccosonxgxaaacccrsbgxcceimrxccosbnxgxaaacccrsbgxcceimxlbmosenrgxaaaccrsxogxcceirreacmsbnxgxaaaccrsxogxcceimxcbrxmbnxgxaaaccrsxogxcceimxxerrebnxgxaaaccrsxogxcceimascsseonxgxaaaccmblcgxcce; expires=Sun, 23 Oct 2022 14:13:25 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/ads-iframe-display.php?idzone=693921&output=noscript&type=300x250
95.211.229.246200 OK 1.2 kB URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=693921&output=noscript&type=300x250
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1208)
Hash 7237aa589f1d25f26d2b3b11ef9fdf8c
893f1b8b819c72f6371cf0234977d40d2e62753d
6347e5120f5bcd6a532987b4ac148845014e7c061624d3d4b3c36e25c2b8cf55
GET /ads-iframe-display.php?idzone=693921&output=noscript&type=300x250 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Oct 2022 14:13:25 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226353fa85dd5339.941495081838614393%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:25 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
mc.yandex.ru/metrika/watch.js
87.250.251.119200 OK 58 kB URL HTTP/2 mc.yandex.ru/metrika/watch.js
IP 87.250.251.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash 863ae6e88783cade8486e7654cef5032
41b3be16aceaff4da656e350abe65baa64d854e1
c093971edf8f84095a2b1bc4586838ab2eb5f8cfacced2f44b57605ef319b653
GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 57597
date: Sat, 22 Oct 2022 14:13:25 GMT
access-control-allow-origin: *
etag: "6351126c-e0fd"
expires: Sat, 22 Oct 2022 15:13:25 GMT
last-modified: Thu, 20 Oct 2022 12:18:36 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 22 Oct 2022 14:13:25 GMT
access-control-allow-origin: *
etag: "6351126c-2b"
expires: Sat, 22 Oct 2022 15:13:25 GMT
accept-ranges: bytes
last-modified: Thu, 20 Oct 2022 12:18:36 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
syndication.realsrv.com/ads-iframe-display.php?idzone=3069158&output=img&type=728x90
95.211.229.246302 Found 0 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=3069158&output=img&type=728x90
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads-iframe-display.php?idzone=3069158&output=img&type=728x90 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226353fa85dd5339.941495081838614393%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 14:13:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226353fa85dd5339.941495081838614393%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:26 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
img_click_3069158=https%3A%2F%2Fsyndication.realsrv.com%2Fclick.php%3Fdata%3DH4sIAAAAAAAAA0WS3W6DMAyFn4bLoiR2QnK5aerNLvYIlQuhQ1vJFFLWTn74hd_KkTj2d.xYgJYVWoksSiH5M6WfoYCXQh3zSaUfD2NoyjpccypbZaw_Nwdran1A601WFR6ADDpLWmg6F3Cs6frTNQW8FdXrpKm79KdcqN4KZUaKG5skpS484RBusfYLHWJ9.gxD6unqF_rlH78hrs1bMpNEl2Epz2qZ1SW_3TTp_ZK_0O9g0juo8zL72slfQnw8Wbj1KT5WuiYzaUO8UlrAqteOYa1SnW70fZoL27rboH70ccivYDilSPVX11.yhVmwNMYgWiEMp_v9Pn0BdrJ0okRVSo1coQJnnGEQxkltWQvLjJKBpc4DBFfK3l2elIMNaGjJ6qbRAK50KNHlBmnBGonggJUGRM5ewXN3fszJFJAtCtWusm9a0W7OKXB3m1mNij_eudFn1WJLbaVk_nUkGCkbUmfUFZBv3T_7y6.LfQIAAA--; expires=Sat, 22 Oct 2022 14:28:26 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/802424/37f351dcba12644206e5619b14d813aa0ea393a6.jpg
X-Robots-Tag: noindex, follow
r3.o.lencr.org/
23.36.77.32200 OK 6.4 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a9364e0a30c52d2211d6831214956d0f
5433aeb16e6114792a1cfabaebe371fa8890c360
c83cd09bb9005315f58ea6b42614103d332e84159df778c51532d7997b919d5d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4093
Expires: Sat, 22 Oct 2022 15:21:39 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 66 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 840047218f316f2e4e0bddfee34f5877
843e48524a52f5563bfb626aed6d3cb3016f489d
ed56beb6d310a2efdda4285ed451c50c0bacadfbceb208def2580d3b34008127
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4093
Expires: Sat, 22 Oct 2022 15:21:39 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a361cef05d531426819a2bffd8ab1e47
9c8050ffd0de58005705219ec70b6e4352e35b5e
0c3c48b96adb7c1dc8a8c3771878dcbab80bbbb9f2d6998038bf5d43831b578b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8856
x-amzn-requestid: 84cc5c28-b71f-4ada-9d3b-e67e820cd080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzHcsoAMFuNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-6b44e77726dc2003052ce387;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qZ8wiQp_Cnx6_fT-TrOCKmkrcpYHyhByOvYpgE9XWkA0VUGxjs6cSw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:06:06 GMT
age: 58040
etag: "9c8050ffd0de58005705219ec70b6e4352e35b5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
34.120.237.76200 OK 133 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
IP 34.120.237.76:0
Size 133 kB (133216 bytes)
Hash 02b15dc927376826a6af8aedb3edd414
b6383ec7328b0baeac02bb34ff16ba12b4d92cdc
508070eb439e0e80d448db9dfd15239c24aaf1a9288f59c20f83cf8969d89a1b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vP9aRT8xL5F2kf36A-lMaIQ9FSAEUGo8jmx9y63iIBDdyWYujkXXPw==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:05:57 GMT
age: 58049
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
IP 34.120.237.76:0
Hash 4bb920b3781778420742bf0fa991e5b9
f53144cb045891accae9803f9a1241382d74c8ec
834aebc349714c657dc86c9ab3de280a15a806bb22c4dcf9b7fb50a5a29624c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5517
x-amzn-requestid: 560e0ccc-0551-461d-98fd-f94d9a026fb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pSExDIAMFpMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-0420e4ac6cceec1749a44819;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TDa1YZjZ70BYwTbiiaBV1J1WVtzXpAZ1j-wKfsviXvhbhnc8f0Huiw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:02:32 GMT
age: 58254
etag: "aef2208c82085b4dc8472ee28bc63b9a8832fe0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f65d4c-2c16-4111-887b-bcae5238faa2.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f65d4c-2c16-4111-887b-bcae5238faa2.png
IP 34.120.237.76:0
Hash 775b7fa9496e74c0ace4821847c82178
588ae3a892aa9491ca0c70e0ea41f08f8f987f67
4a5c900a9abc552720369a1283f88cbf531327bc1f68e16b8dc4375904bfb29d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f65d4c-2c16-4111-887b-bcae5238faa2.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12012
x-amzn-requestid: f0a1e367-d30e-488c-82d6-005eb15a21c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-TLE1MoAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310e0-27ce063b550723635109ca7b;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:36:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VEMcF0HdB5O2-7cLAZGGI4XmWu5RDySUzD9owOQv_T02ZmV8pRpSLQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:25:48 GMT
age: 56858
etag: "c6cf8d68ae9c8c76f072576bca1c271ae70f7525"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
34.120.237.76200 OK 41 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
IP 34.120.237.76:0
Hash d6aaa7aa81f06624c4d4b5561ad8277e
83f0f3f60a1465f2991e3bca56cecef270eaf348
b135088ff6b3844a74337d1a15dd26696423e5f7aa2b881f3caaf783978f0dd0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11151
x-amzn-requestid: 5c32e307-f2a7-4050-a96f-a47667ec4752
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-NEFTKoAMFsSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b9-2fc77f394ca297126abaed94;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JOZwwfasalOC-qk9FERBCqhR9jOp1svTRJxaA40zR6p6yta1_W1dVA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:06:07 GMT
age: 58039
etag: "381edb4758da428db5ffe884f8fb38bf11044f69"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/802424/37f351dcba12644206e5619b14d813aa0ea393a6.jpg
185.76.9.19200 OK 20 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/802424/37f351dcba12644206e5619b14d813aa0ea393a6.jpg
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 728x90, components 3\012- data
Hash 726bfb778f8072bcfd5c17a637fa449b
37f351dcba12644206e5619b14d813aa0ea393a6
7573118f5900b3f082e04f60af9e65de8c0c8fe2bdaae3fed2b23351ca175384
GET /library/802424/37f351dcba12644206e5619b14d813aa0ea393a6.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://txxx.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:26 GMT
content-type: image/jpeg
content-length: 19528
last-modified: Wed, 06 Jul 2022 07:25:02 GMT
etag: "62c538ce-4c48"
expires: Thu, 13 Jul 2023 16:26:54 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689345888
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ34TZf/ps6DAA
x-77-nzt-ray: d3OOBXWGilc
x-cache: HIT
x-age: 8638118
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ea2e2bdcb4a65edaaae420bcbf2d3ec0
e74e87601241d053f305b40117f281364292ebc9
1c6e6d7d1e633acadf08e91915230ab0997b25b29be8d86d83fcfbe3d2f8d310
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C6E6D7D1E633ACADF08E91915230AB0997B25B29BE8D86D83FCFBE3D2F8D310"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4612
Expires: Sat, 22 Oct 2022 15:30:18 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
tn.txxx.tube/contents/videos_sources/18018000/18018333/screenshots/1.jpg
45.133.44.25200 OK 134 kB URL HTTP/2 tn.txxx.tube/contents/videos_sources/18018000/18018333/screenshots/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, baseline, precision 8, 1280x720, components 3\012- data
Size 134 kB (133476 bytes)
Hash 636e15f6089514ca3509b95df00aad71
5e8aee60dbb7d9657e5d4ef20053b39412dd2e5e
dc19d5989982efdcd24210ccc643ebefbd50c423a675d0cd76016d785f69af34
GET /contents/videos_sources/18018000/18018333/screenshots/1.jpg HTTP/1.1
Host: tn.txxx.tube
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:26 GMT
content-type: image/jpeg
content-length: 133476
server: nginx/1.21.2
last-modified: Wed, 16 Feb 2022 03:22:12 GMT
etag: "620c6de4-20964"
cache-control: max-age=7776000
expires: Fri, 20 Jan 2023 14:13:26 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=27953
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=27953
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=27953 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://gay112.com/
Origin: https://gay112.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://gay112.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
notification.tubecup.net/tags?tag_id=27953&timezone_olson=UTC&version_name=d
168.119.25.62204 No Content 0 B URL HTTP/2 notification.tubecup.net/tags?tag_id=27953&timezone_olson=UTC&version_name=d
IP 168.119.25.62:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tags?tag_id=27953&timezone_olson=UTC&version_name=d HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gay112.com
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:26 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
mc.yandex.ru/watch/23578849/1?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lrqrbrm2kkwjok7410bw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1120188296166%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A738896488%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C%2C%2C%2C1419%3Ans%3A1666448018939%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3A-%20Porn%20video%20%7C%20TXXX.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
87.250.251.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/23578849/1?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lrqrbrm2kkwjok7410bw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1120188296166%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A738896488%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C%2C%2C%2C1419%3Ans%3A1666448018939%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3A-%20Porn%20video%20%7C%20TXXX.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash 4fd57d4bbe2d43dddac8b606f0803b7d
0a0c10e135d96808f01ad9093da44b9d899fbf48
298e2a40597b9a7193bf453d46506e6d67ab69519b688544d9ff69efe259eeaa
GET /watch/23578849/1?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lrqrbrm2kkwjok7410bw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1120188296166%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A738896488%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C%2C%2C%2C1419%3Ans%3A1666448018939%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3A-%20Porn%20video%20%7C%20TXXX.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://txxx.com
Referer: https://txxx.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Sat, 22 Oct 2022 14:13:26 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://txxx.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 22-Oct-2022 14:13:26 GMT
last-modified: Sat, 22-Oct-2022 14:13:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ads.exoclick.com/ads.js
205.185.216.42200 OK 974 B IP 205.185.216.42:0
File type ASCII text, with very long lines (2476), with no line terminators
Hash 92af51b4341a31ff621022c2a648c05e
3761459319128e7349981f338926abcd89ba58e0
6dd1f44f60b3c9584b3d9a54af5348c3fc36c7e13585f593f205ed42a0fa7e9f
GET /ads.js HTTP/1.1
Host: ads.exoclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 974
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"8f3c7314efe500b41baba9f571b"
X-HW: 1666448006.dop209.sk1.t,1666448006.cds262.sk1.shn,1666448006.cds262.sk1.c
Access-Control-Allow-Origin: *, *
fp.metricswpsh.com/fp?tag_id=755
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=755
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=755 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://txxx.com/
Origin: https://txxx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://txxx.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
fp.metricswpsh.com/fp?tag_id=27953
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=27953
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash 385c7e32f4fd5f782bf7322d18fb7b5f
21115556dc98645bb7863cc39c3f9bb1ed476bf9
cee2406edd81fa642839b0764a956dd43167b36763764e2aa9d9fbef5a869e9f
POST /fp?tag_id=27953 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22287
Origin: https://gay112.com
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 22 Oct 2022 14:13:26 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://gay112.com
Set-Cookie: id=13716696623982734741; Expires=Sun, 22 Oct 2023 14:13:26 GMT; Secure; SameSite=None
Vary: Origin
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 486041f54c6f06e421e986f7f673d7f9
abd3969eb267280bc8fcb5915b1949f0da71a8a7
6bab182362fd718de8498d1647d21f68982aefee43a2fa43c9b107424786d9fe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BAB182362FD718DE8498D1647D21F68982AEFEE43A2FA43C9B107424786D9FE"
Last-Modified: Sat, 22 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16193
Expires: Sat, 22 Oct 2022 18:43:19 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0ed63d16e1e0bf426b64f905a0998af
336e3956555eab4b7daa0ba6d8e84c5d06dc3dcb
a49ae379894e8148c12649ffb5d83afe340258b0bbe16616abfa705d888ff402
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A49AE379894E8148C12649FFB5D83AFE340258B0BBE16616ABFA705D888FF402"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4774
Expires: Sat, 22 Oct 2022 15:33:00 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
97ccf9596e.441a8a5527.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjM4ODMwLCJ1c2VyX2lkIjoiMzU0NDQ2OTgwMzUxMTMwMDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzLjAiLCJ0YWdfaWQiOjc1NSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJIb3clMkNDaGluZXNlJTJDR3V5cyUyQ0Vuam95JTJDQm95cyUyQ1Bvcm4lMkNQb3JuJTJDdmlkZW8lMkNUWFhYLmNvbSUyQ3R4eHguY29tJTJDcG9ybiUyQ3R1YmUlMkN4eHglMkN0dWJlJTJDZnJlZSUyQ3Bvcm4lMkN2aWRlb3MlMkNmcmVlJTJDcG9ybiUyQ3h4eCUyQ21vdmllcyUyQ3h4eCUyQ3R1YmUlMkN2aWRlbyUyQ2ZyZWUlMkN4eHglMkN2aWRpbyUyQ2NsaXBzJTJDeHh4dHViZSUyQ1dhdGNoJTJDZnJlZSUyQyUyMkhvdyUyQ0NoaW5lc2UlMkNHdXlzJTJDRW5qb3klMkNCb3lzJTJDUG9ybiUyMiUyQ3Bvcm4lMkN2aWRlbyUyQ2NhdGVnb3J5JTJDb24lMkNUeHh4LmNvbSUyQ0hvbWVtYWRlJTJDZnVjayUyQ3ZpZGVvcyUyQ0ZyZWUlMkNhbWF0ZXVyJTJDcG9ybiUyQ29uJTJDVHh4eC5jb20lMjAifQ==
45.133.44.24200 OK 0 B URL HTTP/2 97ccf9596e.441a8a5527.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjM4ODMwLCJ1c2VyX2lkIjoiMzU0NDQ2OTgwMzUxMTMwMDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzLjAiLCJ0YWdfaWQiOjc1NSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJIb3clMkNDaGluZXNlJTJDR3V5cyUyQ0Vuam95JTJDQm95cyUyQ1Bvcm4lMkNQb3JuJTJDdmlkZW8lMkNUWFhYLmNvbSUyQ3R4eHguY29tJTJDcG9ybiUyQ3R1YmUlMkN4eHglMkN0dWJlJTJDZnJlZSUyQ3Bvcm4lMkN2aWRlb3MlMkNmcmVlJTJDcG9ybiUyQ3h4eCUyQ21vdmllcyUyQ3h4eCUyQ3R1YmUlMkN2aWRlbyUyQ2ZyZWUlMkN4eHglMkN2aWRpbyUyQ2NsaXBzJTJDeHh4dHViZSUyQ1dhdGNoJTJDZnJlZSUyQyUyMkhvdyUyQ0NoaW5lc2UlMkNHdXlzJTJDRW5qb3klMkNCb3lzJTJDUG9ybiUyMiUyQ3Bvcm4lMkN2aWRlbyUyQ2NhdGVnb3J5JTJDb24lMkNUeHh4LmNvbSUyQ0hvbWVtYWRlJTJDZnVjayUyQ3ZpZGVvcyUyQ0ZyZWUlMkNhbWF0ZXVyJTJDcG9ybiUyQ29uJTJDVHh4eC5jb20lMjAifQ==
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjM4ODMwLCJ1c2VyX2lkIjoiMzU0NDQ2OTgwMzUxMTMwMDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzLjAiLCJ0YWdfaWQiOjc1NSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJIb3clMkNDaGluZXNlJTJDR3V5cyUyQ0Vuam95JTJDQm95cyUyQ1Bvcm4lMkNQb3JuJTJDdmlkZW8lMkNUWFhYLmNvbSUyQ3R4eHguY29tJTJDcG9ybiUyQ3R1YmUlMkN4eHglMkN0dWJlJTJDZnJlZSUyQ3Bvcm4lMkN2aWRlb3MlMkNmcmVlJTJDcG9ybiUyQ3h4eCUyQ21vdmllcyUyQ3h4eCUyQ3R1YmUlMkN2aWRlbyUyQ2ZyZWUlMkN4eHglMkN2aWRpbyUyQ2NsaXBzJTJDeHh4dHViZSUyQ1dhdGNoJTJDZnJlZSUyQyUyMkhvdyUyQ0NoaW5lc2UlMkNHdXlzJTJDRW5qb3klMkNCb3lzJTJDUG9ybiUyMiUyQ3Bvcm4lMkN2aWRlbyUyQ2NhdGVnb3J5JTJDb24lMkNUeHh4LmNvbSUyQ0hvbWVtYWRlJTJDZnVjayUyQ3ZpZGVvcyUyQ0ZyZWUlMkNhbWF0ZXVyJTJDcG9ybiUyQ29uJTJDVHh4eC5jb20lMjAifQ== HTTP/1.1
Host: 97ccf9596e.441a8a5527.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:26 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
97ccf9596e.441a8a5527.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIzODAxMDY1Njk3NzE2MjI0MCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzLjAiLCJ0YWdfaWQiOjI3OTUzLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNTEsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIn0=
45.133.44.24200 OK 0 B URL HTTP/2 97ccf9596e.441a8a5527.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIzODAxMDY1Njk3NzE2MjI0MCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzLjAiLCJ0YWdfaWQiOjI3OTUzLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNTEsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIn0=
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIzODAxMDY1Njk3NzE2MjI0MCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzLjAiLCJ0YWdfaWQiOjI3OTUzLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNTEsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIn0= HTTP/1.1
Host: 97ccf9596e.441a8a5527.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gay112.com
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:26 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=755
157.90.84.242200 OK 27 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=755
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash 2cd25adc22db1c6c33b1a8dd18839731
74506dc5a10743c8b46e396a5a71f31af635cad3
ffbf619ef2934f55c28c9b1ce27b56c168f1da1058b9f53908b883d0b8f48719
POST /fp?tag_id=755 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22285
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 22 Oct 2022 14:13:26 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://txxx.com
Set-Cookie: id=2795450338379963373; Expires=Sun, 22 Oct 2023 14:13:26 GMT; Secure; SameSite=None
Vary: Origin
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8f597b247b2227c56740f49e90730b72
5f0a5fcb52069fdf0886eed8031ca3ffd3031ea8
d0f98fcb3e3b0d37dddaa7ca4ed5829801e1b87a1a1210598f0c4f96cee330c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0F98FCB3E3B0D37DDDAA7CA4ED5829801E1B87A1A1210598F0C4F96CEE330C2"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4837
Expires: Sat, 22 Oct 2022 15:34:03 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e41035fa3f1950b1b3427871eb6f3928
7555b3b05db61407f174b68462c0dca3d6b736cb
4142bd7351fef376c5b35edcb193a1575b878cdbb6aa47e9ce74119775fc3fa7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4142BD7351FEF376C5B35EDCB193A1575B878CDBB6AA47E9CE74119775FC3FA7"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7922
Expires: Sat, 22 Oct 2022 16:25:28 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 33 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 097bb713154d1398b354a329c66ad2ca
cf769dc0e10920fbffa58bdc1870535f6b1bffb5
19c6c71eb6fcc0a3cb422ff34128ea2dafb4c1fdc6600a22e7713c44f5ac3038
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8B87AD7203A966559F8D13DF1CF7285D5E51588E218C11C01177BCC484A75E7"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4199
Expires: Sat, 22 Oct 2022 15:23:25 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 35 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3d37de18ed8751ddf98a90c8c7f6d265
1754d495a399f83bab245f4c5bb79946f6c4cc87
99e2f826c30f3057e478d65a2d17be0f91f5484229148ffae56991ca9ebc6b53
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1D77B584207917B5E65B957947EF8426A66B586A2AFCAA11BE8377ACC0DDCDDB"
Last-Modified: Fri, 21 Oct 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6689
Expires: Sat, 22 Oct 2022 16:04:55 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sat, 22 Oct 2022 14:18:26 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
12112336.pix-cdn.org/dli/whatshot.svg
45.133.44.25200 OK 1.1 kB URL HTTP/2 12112336.pix-cdn.org/dli/whatshot.svg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (652), with CRLF line terminators
Hash 92d4b3c9db72fefd9d6d927ec40be29b
efb550da28d7b18d7e2beb7698577415fde2b24f
7ad9fcb297f4600edf827b026deca9e0ed695be37ab46ac2d9fee35040611130
GET /dli/whatshot.svg HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:26 GMT
content-type: image/svg+xml
content-length: 1064
server: nginx/1.12.2
last-modified: Tue, 16 Jun 2020 16:25:10 GMT
etag: "5ee8f266-428"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e7c4c640169626a1c4861fb6ec295919
42ebdab2c047100fc1bb051bfcc6422cdc760304
38dc4c3e97d8e2c1a0b8e1e3e80ddf340e4e00b1948d6145473daf2649ed5102
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "38DC4C3E97D8E2C1A0B8E1E3E80DDF340E4E00B1948D6145473DAF2649ED5102"
Last-Modified: Thu, 20 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5326
Expires: Sat, 22 Oct 2022 15:42:12 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e81221bff8dc56fda65d3a3a078541cb
5aeb6a05de1c81132221bb327e2afbbb7e4e35f9
f38605a7d08eed878561525e71a68145fbeb93d5c0ffb0ad7de18267e0eb9409
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F38605A7D08EED878561525E71A68145FBEB93D5C0FFB0AD7DE18267E0EB9409"
Last-Modified: Thu, 20 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3049
Expires: Sat, 22 Oct 2022 15:04:15 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e81221bff8dc56fda65d3a3a078541cb
5aeb6a05de1c81132221bb327e2afbbb7e4e35f9
f38605a7d08eed878561525e71a68145fbeb93d5c0ffb0ad7de18267e0eb9409
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F38605A7D08EED878561525E71A68145FBEB93D5C0FFB0AD7DE18267E0EB9409"
Last-Modified: Thu, 20 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3049
Expires: Sat, 22 Oct 2022 15:04:15 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e81221bff8dc56fda65d3a3a078541cb
5aeb6a05de1c81132221bb327e2afbbb7e4e35f9
f38605a7d08eed878561525e71a68145fbeb93d5c0ffb0ad7de18267e0eb9409
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F38605A7D08EED878561525E71A68145FBEB93D5C0FFB0AD7DE18267E0EB9409"
Last-Modified: Thu, 20 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3049
Expires: Sat, 22 Oct 2022 15:04:15 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
mc.yandex.ru/watch/23578849?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lrqrbrm2kkwjok7410bw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1120188296166%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A738896488%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C%2C%2C%2C1419%3Ans%3A1666448018939%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3A-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 99 kB URL HTTP/2 mc.yandex.ru/watch/23578849?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lrqrbrm2kkwjok7410bw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1120188296166%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A738896488%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C%2C%2C%2C1419%3Ans%3A1666448018939%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3A-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
Hash b91bfb6c635bdc37cb90c9d24418bbc9
5cbad5118f0b3186c83963e1dc5aa34e924ded55
747787cbe1bb5c90e544e5d94d14811c751d6f7a92af586be2665f8d2dcd66a1
GET /watch/23578849?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lrqrbrm2kkwjok7410bw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1120188296166%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A738896488%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C%2C%2C%2C1419%3Ans%3A1666448018939%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3A-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/23578849/1?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lrqrbrm2kkwjok7410bw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1120188296166%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A738896488%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C%2C%2C%2C1419%3Ans%3A1666448018939%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3A-%20Porn%20video%20%7C%20TXXX.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 22 Oct 2022 14:13:26 GMT
access-control-allow-origin: https://txxx.com
set-cookie: yandexuid=5175686771666448006; Expires=Sun, 22-Oct-2023 14:13:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=5175686771666448006; Expires=Sun, 22-Oct-2023 14:13:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1763788791666448006; Path=/; SameSite=None; Secure
i=OsxJSr4bpKuSO8nVy5SgWz0JZOaczfiaxp/HpMOmygqQyYj/PjpILoM3/BQEy4T3qY0/x20aLaqU+99SGswcYgvfwcw=; Expires=Tue, 19-Oct-2032 14:13:21 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1697984006.yrts.1666448006#1697984006.yrtsi.1666448006; Expires=Sun, 22-Oct-2023 14:13:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 22-Oct-2022 14:13:26 GMT
last-modified: Sat, 22-Oct-2022 14:13:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
vast.yomeno.xyz/prepare
109.206.191.198204 No Content 0 B IP 109.206.191.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /prepare HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://txxx.com/
Origin: https://txxx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:26 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://txxx.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-type: text/plain; charset=utf-8
content-length: 0
X-Firefox-Spdy: h2
vast.yomeno.xyz/prepare
109.206.191.198204 No Content 0 B IP 109.206.191.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prepare HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1052
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:26 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://txxx.com
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:26 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6e0deaac8d18e4f95c7898fcff84e94f
b9bdb7ebdeadf238c2b0da24b5f4fa94ff56ef05
1995a286be87efb9c9d822a2e77044b799c0274f7503da5ee2bbcd188f841cee
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1995A286BE87EFB9C9D822A2E77044B799C0274F7503DA5EE2BBCD188F841CEE"
Last-Modified: Fri, 21 Oct 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13281
Expires: Sat, 22 Oct 2022 17:54:47 GMT
Date: Sat, 22 Oct 2022 14:13:26 GMT
Connection: keep-alive
vast.yomeno.xyz/vast
109.206.191.198204 No Content 0 B IP 109.206.191.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /vast HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://txxx.com/
Origin: https://txxx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:26 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://txxx.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-type: text/plain; charset=utf-8
content-length: 0
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
mc.yandex.ru/watch/88852221?wmode=7&page-url=https%3A%2F%2Fgay112.com%2Fno%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1192%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A829220940798%3Ahid%3A431956918%3Az%3A0%3Ai%3A20221022141339%3Aet%3A1666448020%3Ac%3A1%3Arn%3A150071822%3Arqn%3A1%3Au%3A1666448020635152036%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C64%2C3%2C577%2C0%2C%2C357%2C64%2C%2C%2C%2C1141%3Ans%3A1666448017935%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448020%3At%3AGay112.com%20-%20best%20free%20gay%20porn%20videos.&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 64 kB URL HTTP/2 mc.yandex.ru/watch/88852221?wmode=7&page-url=https%3A%2F%2Fgay112.com%2Fno%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1192%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A829220940798%3Ahid%3A431956918%3Az%3A0%3Ai%3A20221022141339%3Aet%3A1666448020%3Ac%3A1%3Arn%3A150071822%3Arqn%3A1%3Au%3A1666448020635152036%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C64%2C3%2C577%2C0%2C%2C357%2C64%2C%2C%2C%2C1141%3Ans%3A1666448017935%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448020%3At%3AGay112.com%20-%20best%20free%20gay%20porn%20videos.&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type gzip compressed data, from Unix\012- data
Hash db7f7008be1bf7a5cafb9f8fc652bece
8dab96ce2855c5042e42a19490b225b20a3ac366
bea79cab40a12c42d9e4aaf384ac7242d498a848820a2e20587ca624a6e4c8ab
GET /watch/88852221?wmode=7&page-url=https%3A%2F%2Fgay112.com%2Fno%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1192%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A829220940798%3Ahid%3A431956918%3Az%3A0%3Ai%3A20221022141339%3Aet%3A1666448020%3Ac%3A1%3Arn%3A150071822%3Arqn%3A1%3Au%3A1666448020635152036%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C64%2C3%2C577%2C0%2C%2C357%2C64%2C%2C%2C%2C1141%3Ans%3A1666448017935%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448020%3At%3AGay112.com%20-%20best%20free%20gay%20porn%20videos.&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gay112.com
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/88852221/1?wmode=7&page-url=https%3A%2F%2Fgay112.com%2Fno%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1192%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A829220940798%3Ahid%3A431956918%3Az%3A0%3Ai%3A20221022141339%3Aet%3A1666448020%3Ac%3A1%3Arn%3A150071822%3Arqn%3A1%3Au%3A1666448020635152036%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C64%2C3%2C577%2C0%2C%2C357%2C64%2C%2C%2C%2C1141%3Ans%3A1666448017935%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448020%3At%3AGay112.com%20-%20best%20free%20gay%20porn%20videos.&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 22 Oct 2022 14:13:25 GMT
access-control-allow-origin: https://gay112.com
set-cookie: yandexuid=729403771666448005; Expires=Sun, 22-Oct-2023 14:13:25 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=729403771666448005; Expires=Sun, 22-Oct-2023 14:13:25 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1398313421666448005; Path=/; SameSite=None; Secure
i=nO6gQG8u7DUTtEZp75muEAjKKKYbvsXs95HbEpq4hexFWD5Qj1RRL7X87ysp7EC2RYn57ipc/CZNEfnciNcnVBe+y3A=; Expires=Tue, 19-Oct-2032 14:13:23 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1697984005.yrts.1666448005#1697984005.yrtsi.1666448005; Expires=Sun, 22-Oct-2023 14:13:25 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 22-Oct-2022 14:13:25 GMT
last-modified: Sat, 22-Oct-2022 14:13:25 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.25200 OK 26 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (61695), with no line terminators
Hash 542cf406213beec8d636bae1b6cd3780
ac82a872103378bad04706391c0b4c659d28fca1
58629dd4376e0ce069027bf0873d0d235345d2f9dad26bf028e79d55ee6fe5fe
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:26 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 21 Oct 2022 15:29:11 GMT
etag: W/"6352bac7-f1b6"
content-encoding: gzip
expires: Sat, 22 Oct 2022 14:18:26 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash afa33a9ee08dfc638e9571dffe9c1079
13b918e03618a408222fd7e47e6e0705cd56b68c
5581f29fbb78dd57a72f349ad0d7525989af583e828901f8de986473cae53e93
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5581F29FBB78DD57A72F349AD0D7525989AF583E828901F8DE986473CAE53E93"
Last-Modified: Fri, 21 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7744
Expires: Sat, 22 Oct 2022 16:22:31 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
5c0276acfe.9a363a4900.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b77f7b77d21a15e131941f0c7f527e
b8d3443781e3a4a264770015bd69fd1b7c038fb5
a1825255c5102391ac15efbe4cbf4f823f7b2d76b068ee4596a85fa076d9ffa5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1825255C5102391AC15EFBE4CBF4F823F7B2D76B068EE4596A85FA076D9FFA5"
Last-Modified: Wed, 19 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5995
Expires: Sat, 22 Oct 2022 15:53:22 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b77f7b77d21a15e131941f0c7f527e
b8d3443781e3a4a264770015bd69fd1b7c038fb5
a1825255c5102391ac15efbe4cbf4f823f7b2d76b068ee4596a85fa076d9ffa5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1825255C5102391AC15EFBE4CBF4F823F7B2D76B068EE4596A85FA076D9FFA5"
Last-Modified: Wed, 19 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5995
Expires: Sat, 22 Oct 2022 15:53:22 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b77f7b77d21a15e131941f0c7f527e
b8d3443781e3a4a264770015bd69fd1b7c038fb5
a1825255c5102391ac15efbe4cbf4f823f7b2d76b068ee4596a85fa076d9ffa5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1825255C5102391AC15EFBE4CBF4F823F7B2D76B068EE4596A85FA076D9FFA5"
Last-Modified: Wed, 19 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5995
Expires: Sat, 22 Oct 2022 15:53:22 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b77f7b77d21a15e131941f0c7f527e
b8d3443781e3a4a264770015bd69fd1b7c038fb5
a1825255c5102391ac15efbe4cbf4f823f7b2d76b068ee4596a85fa076d9ffa5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1825255C5102391AC15EFBE4CBF4F823F7B2D76B068EE4596A85FA076D9FFA5"
Last-Modified: Wed, 19 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5995
Expires: Sat, 22 Oct 2022 15:53:22 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
nereserv.com/in/dip?site=native-push&wl=1&event_id=3701e9da-851b-45bd-b566-e6bd4073dd47&subid=2020051113&sid=3535497042&spot_id=20724&created_at=2022-10-22&timezone=0&ver=7.9.2&is_native=1
168.119.25.22200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=3701e9da-851b-45bd-b566-e6bd4073dd47&subid=2020051113&sid=3535497042&spot_id=20724&created_at=2022-10-22&timezone=0&ver=7.9.2&is_native=1
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=3701e9da-851b-45bd-b566-e6bd4073dd47&subid=2020051113&sid=3535497042&spot_id=20724&created_at=2022-10-22&timezone=0&ver=7.9.2&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gay112.com
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=d3f22dc5-278a-4dcf-8824-5d10b240ee38&subid=1406986554&sid=2376143767&spot_id=360&created_at=2022-10-22&timezone=0&ver=7.9.2&is_native=1
168.119.25.22200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=d3f22dc5-278a-4dcf-8824-5d10b240ee38&subid=1406986554&sid=2376143767&spot_id=360&created_at=2022-10-22&timezone=0&ver=7.9.2&is_native=1
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=d3f22dc5-278a-4dcf-8824-5d10b240ee38&subid=1406986554&sid=2376143767&spot_id=360&created_at=2022-10-22&timezone=0&ver=7.9.2&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ab6de09242.441a8a5527.com/in/multy
168.119.25.22204 No Content 49 kB URL HTTP/2 ab6de09242.441a8a5527.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d8cb1286c7fef4ca6bbbdb6290cb302c
d8c8bb665049225f87dc5e5c5e19302826f6c7f8
e58a255dc7d3caa1c054371bae82420609bb2fe9d67431f708e54ca87d1baef0
OPTIONS /in/multy HTTP/1.1
Host: ab6de09242.441a8a5527.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://txxx.com/
Origin: https://txxx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:27 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ab6de09242.441a8a5527.com/in/multy
168.119.25.22204 No Content 0 B URL HTTP/2 ab6de09242.441a8a5527.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: ab6de09242.441a8a5527.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://gay112.com/
Origin: https://gay112.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:27 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5bdee55e5000befcaaa9b25b6aef4979
b06ac173650c4c3f26f744d7f3c8babcb448e703
1d77b584207917b5e65b957947ef8426a66b586a2afcaa11be8377acc0ddcddb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1D77B584207917B5E65B957947EF8426A66B586A2AFCAA11BE8377ACC0DDCDDB"
Last-Modified: Fri, 21 Oct 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6688
Expires: Sat, 22 Oct 2022 16:04:55 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
148445f6c5.f31686f828.com/in/multy?spot_size=5&spot_id=18641&subid=38830&label=1&session_id=ade65037-3b75-4d24-a4f9-39235d3c7b62&cpa=3bde3660-5bd1-48be-a522-d3c70640eb5c&ver=6.12.0&adblock=0&ad_type=native&iw=-16&ih=-16&iframe=1&mm=0&pr=gay112.com&user_keywords=How%2CChinese%2CGuys%2CEnjoy%2CBoys%2CPorn%2CPorn%2Cvideo%2CTXXX.com%2Ctxxx.com%2Cporn%2Ctube%2Cxxx%2Ctube%2Cfree%2Cporn%2Cvideos%2Cfree%2Cporn%2Cxxx%2Cmovies%2Cxxx%2Ctube%2Cvideo%2Cfree%2Cxxx%2Cvidio%2Cclips%2Cxxxtube%2CWatch%2Cfree%2C%22How%2CChinese%2CGuys%2CEnjoy%2CBoys%2CPorn%22%2Cporn%2Cvideo%2Ccategory%2Con%2CTxxx.com%2CHomemade%2Cfuck%2Cvideos%2CFree%2Camateur%2Cporn%2Con%2CTxxx.com%20&tag_ab=c&user_fp=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&campaign=
104.21.89.249200 OK 31 kB URL HTTP/2 148445f6c5.f31686f828.com/in/multy?spot_size=5&spot_id=18641&subid=38830&label=1&session_id=ade65037-3b75-4d24-a4f9-39235d3c7b62&cpa=3bde3660-5bd1-48be-a522-d3c70640eb5c&ver=6.12.0&adblock=0&ad_type=native&iw=-16&ih=-16&iframe=1&mm=0&pr=gay112.com&user_keywords=How%2CChinese%2CGuys%2CEnjoy%2CBoys%2CPorn%2CPorn%2Cvideo%2CTXXX.com%2Ctxxx.com%2Cporn%2Ctube%2Cxxx%2Ctube%2Cfree%2Cporn%2Cvideos%2Cfree%2Cporn%2Cxxx%2Cmovies%2Cxxx%2Ctube%2Cvideo%2Cfree%2Cxxx%2Cvidio%2Cclips%2Cxxxtube%2CWatch%2Cfree%2C%22How%2CChinese%2CGuys%2CEnjoy%2CBoys%2CPorn%22%2Cporn%2Cvideo%2Ccategory%2Con%2CTxxx.com%2CHomemade%2Cfuck%2Cvideos%2CFree%2Camateur%2Cporn%2Con%2CTxxx.com%20&tag_ab=c&user_fp=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&campaign=
IP 104.21.89.249:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (30844)
Hash 5a2b96188d014bcd76aec03cced6b8db
119ec47da96cf62d9524f072e803292960f3adb5
a0205cedfe7f71b176b5d71efae245d43e45cd722b3d332d30ff5f681d4551e0
GET /in/multy?spot_size=5&spot_id=18641&subid=38830&label=1&session_id=ade65037-3b75-4d24-a4f9-39235d3c7b62&cpa=3bde3660-5bd1-48be-a522-d3c70640eb5c&ver=6.12.0&adblock=0&ad_type=native&iw=-16&ih=-16&iframe=1&mm=0&pr=gay112.com&user_keywords=How%2CChinese%2CGuys%2CEnjoy%2CBoys%2CPorn%2CPorn%2Cvideo%2CTXXX.com%2Ctxxx.com%2Cporn%2Ctube%2Cxxx%2Ctube%2Cfree%2Cporn%2Cvideos%2Cfree%2Cporn%2Cxxx%2Cmovies%2Cxxx%2Ctube%2Cvideo%2Cfree%2Cxxx%2Cvidio%2Cclips%2Cxxxtube%2CWatch%2Cfree%2C%22How%2CChinese%2CGuys%2CEnjoy%2CBoys%2CPorn%22%2Cporn%2Cvideo%2Ccategory%2Con%2CTxxx.com%2CHomemade%2Cfuck%2Cvideos%2CFree%2Camateur%2Cporn%2Con%2CTxxx.com%20&tag_ab=c&user_fp=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&campaign= HTTP/1.1
Host: 148445f6c5.f31686f828.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: application/json; charset=utf-8
content-length: 30852
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NfPj7DR0xX4Zrr%2BfIo%2B6zVWwu3QG4Lu6Try%2FfkDAKKGT4uByEPqdJOQzbq46usH46YjP8N2bNNF4w2Bo8IYMRqoWBYw9F%2FMzqBlk%2F7AGAUUMVzjAGqUloUKQJx2Saiq%2BmOBkQJvOwF01YP3W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e2d56b4d7e0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/23578849/1?page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&charset=utf-8&hittoken=1666448006_63e09bee5671823238fd9f5b245c5667174e62073cccf72606b8d0e12aebb63e&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A8lrqrbrm2kkwjok7410bw%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1120188296166%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141341%3Aet%3A1666448021%3Arn%3A180570174%3Arqn%3A2%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1638%2C1638%2C0%2C%3Ans%3A1666448018939%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1666448021&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22source%22%3Anull%2C%22promo%22%3A38830%7D
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/23578849/1?page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&charset=utf-8&hittoken=1666448006_63e09bee5671823238fd9f5b245c5667174e62073cccf72606b8d0e12aebb63e&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A8lrqrbrm2kkwjok7410bw%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1120188296166%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141341%3Aet%3A1666448021%3Arn%3A180570174%3Arqn%3A2%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1638%2C1638%2C0%2C%3Ans%3A1666448018939%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1666448021&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22source%22%3Anull%2C%22promo%22%3A38830%7D
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/23578849/1?page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&charset=utf-8&hittoken=1666448006_63e09bee5671823238fd9f5b245c5667174e62073cccf72606b8d0e12aebb63e&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A8lrqrbrm2kkwjok7410bw%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1120188296166%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141341%3Aet%3A1666448021%3Arn%3A180570174%3Arqn%3A2%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1638%2C1638%2C0%2C%3Ans%3A1666448018939%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1666448021&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22source%22%3Anull%2C%22promo%22%3A38830%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 22 Oct 2022 14:13:27 GMT
access-control-allow-origin: https://txxx.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 22-Oct-2022 14:13:27 GMT
last-modified: Sat, 22-Oct-2022 14:13:27 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
185.76.9.19200 OK 23 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 0218fde94a8b193f44b891088bfa4ba2
b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e
ceedb17a60e83c765f7252dcffacc02538ae1bc7ba3efa7e492542d655a52c32
GET /library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: image/jpeg
content-length: 23055
last-modified: Fri, 03 Jul 2020 08:30:09 GMT
etag: "5efeec91-5a0f"
expires: Fri, 30 Jun 2023 18:46:52 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195228
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1BJ7X/a12VAA
x-77-nzt-ray: UD3QnxDYCr0
x-cache: HIT
x-age: 9788779
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDJ8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGZhYmE5OGNmZTBhYjAzMTRhNTUzM2E0ZjNlNjBiZTQ1
95.211.229.247302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDJ8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGZhYmE5OGNmZTBhYjAzMTRhNTUzM2E0ZjNlNjBiZTQ1
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDJ8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGZhYmE5OGNmZTBhYjAzMTRhNTUzM2E0ZjNlNjBiZTQ1 HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226353fa875f1723.984504112562830989%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:27 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
X-Robots-Tag: noindex, follow
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA3NSwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTM3LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDc1LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDc1IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTUzNX19
162.55.139.130200 OK 2.3 kB URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA3NSwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTM3LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDc1LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDc1IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTUzNX19
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1625)
Hash 125690586cea2bcd0d11f08e44276b21
aa9d96e6e10062c077dd5e2eda2c4bb6c14187e4
cc1908aa1bd0a48a97dd50362f78adc4b6fdec46af8c91fdefffd494969d00f9
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA3NSwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTM3LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDc1LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDc1IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTUzNX19 HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA3NCwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTM1LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDc0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDc0IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU0Nn19
162.55.139.130200 OK 2.2 kB URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA3NCwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTM1LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDc0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDc0IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU0Nn19
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1622)
Hash 090828996f56b43839c8d4a32377f95d
5983acc80f2a715d23bf557e9f3e9023ab893075
5ad3eae2de3f9aaf84b54e8d75e3f2ad1a4346fc47ff3cf71a700fd5b0f3d26e
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA3NCwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTM1LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDc0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDc0IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU0Nn19 HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMzkxOTEyMzkwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6NDcxNjEsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjI2OSwic3RyYXRhZ2VtIjpudWxsLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTgsImJ0eXBlIjowfSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiNDcxNjEiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vZ2F5MTEyLmNvbS9uby8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgiLCJmcCI6bnVsbH0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTYwOH19
162.55.139.130200 OK 1.9 kB URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMzkxOTEyMzkwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6NDcxNjEsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjI2OSwic3RyYXRhZ2VtIjpudWxsLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTgsImJ0eXBlIjowfSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiNDcxNjEiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vZ2F5MTEyLmNvbS9uby8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgiLCJmcCI6bnVsbH0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTYwOH19
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2272)
Hash 399ebca630f6ba283d72d3bd4d86b424
f562a2a6bf59bf0300d28a2579e2b7b0f5c68b88
d9a654ac73ddde986d4a02eab1f30557f5e3d03423b2e5449ec06a1adecc74b0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMzkxOTEyMzkwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6NDcxNjEsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjI2OSwic3RyYXRhZ2VtIjpudWxsLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTgsImJ0eXBlIjowfSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiNDcxNjEiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vZ2F5MTEyLmNvbS9uby8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgiLCJmcCI6bnVsbH0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTYwOH19 HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDN8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGZiYjExZWM1NzI2MTM2Yzc3YWFmM2EzMDUzMmI2NWZh
95.211.229.247302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDN8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGZiYjExZWM1NzI2MTM2Yzc3YWFmM2EzMDUzMmI2NWZh
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDN8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGZiYjExZWM1NzI2MTM2Yzc3YWFmM2EzMDUzMmI2NWZh HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226353fa87659497.99569916325007585%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:27 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
X-Robots-Tag: noindex, follow
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d33f2e8b15d60d47afd8cbdeae23a666
1f62d350e0d975d3c26d094c4cf1b8bea4015d55
2deff67485255af17356b403f6fcfa2a490e954074308a1c07fabbd7ad276529
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2DEFF67485255AF17356B403F6FCFA2A490E954074308A1C07FABBD7AD276529"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4574
Expires: Sat, 22 Oct 2022 15:29:41 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDJ8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGZhYmE5OGNmZTBhYjAzMTRhNTUzM2E0ZjNlNjBiZTQ1
95.211.229.247302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDJ8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGZhYmE5OGNmZTBhYjAzMTRhNTUzM2E0ZjNlNjBiZTQ1
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDJ8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGZhYmE5OGNmZTBhYjAzMTRhNTUzM2E0ZjNlNjBiZTQ1 HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226353fa87659497.99569916325007585%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226353fa87659497.99569916325007585%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:27 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
X-Robots-Tag: noindex, follow
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe09c8e70524fab63110dddd902e07c4
9e25fca8bd2e64d53cfd14c2baa55dd8b016fd01
5046dce1508f1b73f62b90205ad79b36b47c778a232a19587315365c3d5bfbad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5046DCE1508F1B73F62B90205AD79B36B47C778A232A19587315365C3D5BFBAD"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4228
Expires: Sat, 22 Oct 2022 15:23:55 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9jYzcyMTE2ODNhZTI2NTYyYzJkZjYzNzc1NWYzMTE4NjhmMzdjOGVhLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTR8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDV8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDdkMDFjZjIyMTk2YWI2YzU2NmYzMjBlMzlmZmM4YTg2
95.211.229.247302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9jYzcyMTE2ODNhZTI2NTYyYzJkZjYzNzc1NWYzMTE4NjhmMzdjOGVhLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTR8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDV8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDdkMDFjZjIyMTk2YWI2YzU2NmYzMjBlMzlmZmM4YTg2
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9jYzcyMTE2ODNhZTI2NTYyYzJkZjYzNzc1NWYzMTE4NjhmMzdjOGVhLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTR8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDV8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDdkMDFjZjIyMTk2YWI2YzU2NmYzMjBlMzlmZmM4YTg2 HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226353fa877935b8.64472556779361988%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:27 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
X-Robots-Tag: noindex, follow
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk3LCJzcGFjZWlkIjozMTA4OSwidHlwZSI6InBvcCIsImlkem9uZSI6MzA2OTE1OCwiYWRfdGFncyI6IkdheSUyQ0FzaWFuJTJDQmFyZWJhY2slMkNIRCUyQ0RlZXB0aHJvYXQlMkNDdW1zaG90IiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMzg4MzAiLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjozMTA4OSwibXVsdGlwbGUiOmZhbHNlLCJpc19pZnJhbWUiOnRydWUsInJlZmRvbWFpbiI6ImdheTExMi5jb20iLCJwbCI6MTIsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU2fSwiYmFubmVyIjp7InciOjcyOCwiaCI6OTB9fV0sInNpdGUiOnsiaWQiOiIzMTA4OSIsImNhdCI6WyJJQUIyNSJdLCJwYWdlIjoiaHR0cHM6Ly9nYXkxMTIuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiJ9LCJleHQiOnsiZHQiOjE2NjY0NDgwMjE1NDl9fQ==
162.55.139.130200 OK 1.5 kB URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk3LCJzcGFjZWlkIjozMTA4OSwidHlwZSI6InBvcCIsImlkem9uZSI6MzA2OTE1OCwiYWRfdGFncyI6IkdheSUyQ0FzaWFuJTJDQmFyZWJhY2slMkNIRCUyQ0RlZXB0aHJvYXQlMkNDdW1zaG90IiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMzg4MzAiLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjozMTA4OSwibXVsdGlwbGUiOmZhbHNlLCJpc19pZnJhbWUiOnRydWUsInJlZmRvbWFpbiI6ImdheTExMi5jb20iLCJwbCI6MTIsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU2fSwiYmFubmVyIjp7InciOjcyOCwiaCI6OTB9fV0sInNpdGUiOnsiaWQiOiIzMTA4OSIsImNhdCI6WyJJQUIyNSJdLCJwYWdlIjoiaHR0cHM6Ly9nYXkxMTIuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiJ9LCJleHQiOnsiZHQiOjE2NjY0NDgwMjE1NDl9fQ==
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash 62d608c784b9e542e54236a49b5f5d8f
9a21bffe00545061c86530a3b4e28525bf092aa2
1f1b2a676c19ae04ae9dcb5dc00c2cc23b0af50bd274b099283a6a7fd1e6481b
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk3LCJzcGFjZWlkIjozMTA4OSwidHlwZSI6InBvcCIsImlkem9uZSI6MzA2OTE1OCwiYWRfdGFncyI6IkdheSUyQ0FzaWFuJTJDQmFyZWJhY2slMkNIRCUyQ0RlZXB0aHJvYXQlMkNDdW1zaG90IiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMzg4MzAiLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjozMTA4OSwibXVsdGlwbGUiOmZhbHNlLCJpc19pZnJhbWUiOnRydWUsInJlZmRvbWFpbiI6ImdheTExMi5jb20iLCJwbCI6MTIsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU2fSwiYmFubmVyIjp7InciOjcyOCwiaCI6OTB9fV0sInNpdGUiOnsiaWQiOiIzMTA4OSIsImNhdCI6WyJJQUIyNSJdLCJwYWdlIjoiaHR0cHM6Ly9nYXkxMTIuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiJ9LCJleHQiOnsiZHQiOjE2NjY0NDgwMjE1NDl9fQ== HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
2a1570b5da.d20e8fc61a.com/get/
94.130.197.134200 OK 1.5 kB URL HTTP/2 2a1570b5da.d20e8fc61a.com/get/
IP 94.130.197.134:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (1483), with no line terminators
Hash e01a59f94a8502eca79bc9f4e9be66fb
a781b914f060a535cf89f74b1bac8cc10c209914
23fb015ab613023176879285eccdc9e2ad619136d36d763d8e99a69b21b60f9a
Analyzer Verdict Alert quad9 Sinkholed
POST /get/ HTTP/1.1
Host: 2a1570b5da.d20e8fc61a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://txxx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://txxx.com
Content-Length: 596
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: application/json
content-length: 1483
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDR8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGQxM2QzZjc3OTgxNDA0OGIyZjI2NWQ1Y2EwMjZmMWJj
95.211.229.247302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDR8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGQxM2QzZjc3OTgxNDA0OGIyZjI2NWQ1Y2EwMjZmMWJj
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTE0NjU0fDQyNzg1NjZ8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDc1fEVVUnxVU0R8MS4wMjAzfDF8MzR8fDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDR8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGQxM2QzZjc3OTgxNDA0OGIyZjI2NWQ1Y2EwMjZmMWJj HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226353fa87659497.99569916325007585%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226353fa87659497.99569916325007585%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:27 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
X-Robots-Tag: noindex, follow
s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3Tm54bU9URTVOelEwT1dSbU16Z3haVEF4T1RBMk5qSXlOVFJtTnpjeVpUUmpNZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w1OTk5MTh8ODY5MjcxfDM5MzY4NTl8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDcwfFVTRHxVU0R8MXwxfDM0fHwxfE5PUnx8MjB8NHwxfHwyMzQ5ODgwNTgzfDAyZjA1OGJkNTI1YjJhODViNWIzYTlhM2Y1MzAyYWFmfDF8MHx0eHh4LmNvbXwwfDB8MHwwLjAyfDF8MHxleGNoYW5nZV9uYXRpdmVfYWR8MHwwfDMxNDMyNDJ8LTF8MHwzMTQzMjQ0fHx8M3wxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3w3MDBiMTQwMjEwOWUzOGYyYzk4NmQzMmVkMDExNjZkYw--
95.211.229.247302 Found 48 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3Tm54bU9URTVOelEwT1dSbU16Z3haVEF4T1RBMk5qSXlOVFJtTnpjeVpUUmpNZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w1OTk5MTh8ODY5MjcxfDM5MzY4NTl8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDcwfFVTRHxVU0R8MXwxfDM0fHwxfE5PUnx8MjB8NHwxfHwyMzQ5ODgwNTgzfDAyZjA1OGJkNTI1YjJhODViNWIzYTlhM2Y1MzAyYWFmfDF8MHx0eHh4LmNvbXwwfDB8MHwwLjAyfDF8MHxleGNoYW5nZV9uYXRpdmVfYWR8MHwwfDMxNDMyNDJ8LTF8MHwzMTQzMjQ0fHx8M3wxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3w3MDBiMTQwMjEwOWUzOGYyYzk4NmQzMmVkMDExNjZkYw--
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash f39173a3705a694b68ccf6000cc97c4e
bf33485d4efc25ffbc9683ffd4c5e038fe120b88
a04f7613b0d58e352dc69a9b61b1f1656ef372bfba39f62be03979de6402d39f
GET /cimp.php?data=TVRZMk5qUTBPREF3Tm54bU9URTVOelEwT1dSbU16Z3haVEF4T1RBMk5qSXlOVFJtTnpjeVpUUmpNZy0tfC9saWJyYXJ5LzQ3NTU2Ny9iMDJhNGU3YzYwMTE2ZWI2YWI2NzNhOThjOTVlODU0N2ZiMWZjYjdlLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w1OTk5MTh8ODY5MjcxfDM5MzY4NTl8NTA4fDUxOTE2MTZ8NzQzMzc5NTB8MTV8M3wwfDB8MjUzNDR8MHwxfDcwfFVTRHxVU0R8MXwxfDM0fHwxfE5PUnx8MjB8NHwxfHwyMzQ5ODgwNTgzfDAyZjA1OGJkNTI1YjJhODViNWIzYTlhM2Y1MzAyYWFmfDF8MHx0eHh4LmNvbXwwfDB8MHwwLjAyfDF8MHxleGNoYW5nZV9uYXRpdmVfYWR8MHwwfDMxNDMyNDJ8LTF8MHwzMTQzMjQ0fHx8M3wxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3w3MDBiMTQwMjEwOWUzOGYyYzk4NmQzMmVkMDExNjZkYw-- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226353fa8780c3e9.263130732752539605%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:27 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
X-Robots-Tag: noindex, follow
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe09c8e70524fab63110dddd902e07c4
9e25fca8bd2e64d53cfd14c2baa55dd8b016fd01
5046dce1508f1b73f62b90205ad79b36b47c778a232a19587315365c3d5bfbad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5046DCE1508F1B73F62B90205AD79B36B47C778A232A19587315365C3D5BFBAD"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4228
Expires: Sat, 22 Oct 2022 15:23:55 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
185.76.9.19200 OK 25 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash dbe31828ea0277ab9845bf67aa749927
cc7211683ae26562c2df637755f311868f37c8ea
6499cca4ce115e6dcb44a71342a5c705f938fbffbe5c410b55e60051a417b917
GET /library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c0276acfe.9a363a4900.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: image/jpeg
content-length: 25056
last-modified: Thu, 30 Mar 2017 09:55:25 GMT
etag: "58dcd60d-61e0"
expires: Fri, 30 Jun 2023 14:29:46 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195223
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ15qR//cF2VAA
x-77-nzt-ray: WXGknUDya5s
x-cache: HIT
x-age: 9788784
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe09c8e70524fab63110dddd902e07c4
9e25fca8bd2e64d53cfd14c2baa55dd8b016fd01
5046dce1508f1b73f62b90205ad79b36b47c778a232a19587315365c3d5bfbad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5046DCE1508F1B73F62B90205AD79B36B47C778A232A19587315365C3D5BFBAD"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4228
Expires: Sat, 22 Oct 2022 15:23:55 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
iconcnd.net/b2/l/i/icon?cid=1&eid=309&n=73ea3cff13345bb6a1723f10&nid=1&sid=iCigWmBUQwwdaeoITl8hM1ECt0KfNOIeLmPoWrO20A%2BBIvdceCZ5FsJKRDQyBOfW1DX3vKK5x6sD0yoj9wj9mW%2BXBZb%2FS%2FueAKUz435%2BcRfPMjkQkR8Xg51OscnjMG5NdNaNIn6B872AvstiJ1DTz04jQ3HRfe3%2BFJ1wjc752QRWn2VI73K3WDMR%2F3DuLt%2BikRjNR6GkiyyaoA%2FWgNgv2YOm6nyXkDf3kZE6IOXpDn1kcklqszqj%2BFBKtOXFXo%2BjhDdoMKbglLkMOadH5fl4qEcynq7TR0Xm19ppV02Nb%2F3BmlPqQIUfZSKIv1Tc1dVHpWp3rLI0Os3BpFp4mExaO6gE%2FJN8jYAtIjYNZHh%2F1SUhDw5k9stvn8jk56mGWhsJhSnbqLx7ggzxcBt17z5VFoAoVZXMqrNEWkz44fF8rL%2BqTBlFVy%2BsggsHPHLWIexVYBg5f7g7BvxvtvO2CHrPNLF%2BsPyG0uK2qorPAG3lcjeVZRUpsgjdxSrrD%2BeLaSfHsm3N2DiVBCxQ4s77YqkBb6H3X5%2FQgo8sdyLZ2LuwCcp7EPAFtnG%2FDZMGGmWuGbI8zGfnwPlMRAWKR4nizXi7j1uJPoTWrg9eRyRNrJnac58qZibfK5VWK6G6ye5U7CbfWSO2J8pWCnZqlOo16mAYeKaPUbDuWoEFHxa%2FAqdbVwm9cAgv%2FH1xwVjanNRPz%2BeS5euK2nWDMk59erVjFhXLkRdGMxIc%2Bs7aDvJBpJLsJK0WD2lVKmgrx3jfguVzGxL2cUKlNxwfM5lDzvbC4JF4Dc2ECNF8InzKyoXJGif98AkFsYcanvB9lxy07z%2BzL8CYJo7yvKSEIV86YObgOtsyxcTJS8y%2FBMcWXtLjlIf3lsIUpofaTXNjk9T4FLfSgRE44OVyYvjqupigV5o4VyvZpXWI6NBhRUsjT3ZcOiI538HFyj%2Bml5mn8bEweG5%2B6jYxAMpo8sBRG39hd3w3PZG9Npn%2F1VQ7wNWEWvhsoNA%2FKlPruiPFFGtwTLE%2FKdbDVuB90U5DtLQ7Dic%2Fk9Pchc3XXJgkgCr5FBZA1kHnBy3pxWlwWkIFXSYU91VL7dbUHN%2BS8SWqeugneLUPuzYJsFtH%2FJCSbmEozyTCIzF%2BtnA%2BMzCcUGS%2FsWXgoIf771FFen1w8SzlXwGwbLgEp428v6nFen3U0zcbtFKCG0zPIjwwCEwnEpkPahLR580m2YIoJbP%2FBNifX0d9REvs%2B19qwTRaOA26dkho98t0860uJyZ1Lp68T3cLKQT1%2BWNVjG6hKAhFK00iBiZ1z2EcZUlcWj5RoRq6VFYeYplPn%2BdXs5Eav1QiXQCc5LnBM4TZCtxTXMBNRfc7fJEyEb2%2FhDV76ZA6q1bgarpZuLVvt7wTO0k0e8Yfi925NMvdTl04NkUHZYRqefFSpgy6fShThdEvBCNbOKi%2B41Hr91fcoK9nayd1NR%2F2XF4ynacyJpVuGAiHN%2B0EnxT545h6HRl5LRoFHxM98hR%2BcnU%2FMh4MfmFLLRKgghL2UoArWR0nIoAF23JjPttaXRf%2B5jsCKysWtFUA%2FqSawYcAudfTrC%2BDRHfR%2FfPQzcyr59dvJu1k15gem4fHqSYzkC%2BL&ts=1666448007&ttl=7200&v=v5.4.15
109.206.162.121302 Found 0 B URL HTTP/2 iconcnd.net/b2/l/i/icon?cid=1&eid=309&n=73ea3cff13345bb6a1723f10&nid=1&sid=iCigWmBUQwwdaeoITl8hM1ECt0KfNOIeLmPoWrO20A%2BBIvdceCZ5FsJKRDQyBOfW1DX3vKK5x6sD0yoj9wj9mW%2BXBZb%2FS%2FueAKUz435%2BcRfPMjkQkR8Xg51OscnjMG5NdNaNIn6B872AvstiJ1DTz04jQ3HRfe3%2BFJ1wjc752QRWn2VI73K3WDMR%2F3DuLt%2BikRjNR6GkiyyaoA%2FWgNgv2YOm6nyXkDf3kZE6IOXpDn1kcklqszqj%2BFBKtOXFXo%2BjhDdoMKbglLkMOadH5fl4qEcynq7TR0Xm19ppV02Nb%2F3BmlPqQIUfZSKIv1Tc1dVHpWp3rLI0Os3BpFp4mExaO6gE%2FJN8jYAtIjYNZHh%2F1SUhDw5k9stvn8jk56mGWhsJhSnbqLx7ggzxcBt17z5VFoAoVZXMqrNEWkz44fF8rL%2BqTBlFVy%2BsggsHPHLWIexVYBg5f7g7BvxvtvO2CHrPNLF%2BsPyG0uK2qorPAG3lcjeVZRUpsgjdxSrrD%2BeLaSfHsm3N2DiVBCxQ4s77YqkBb6H3X5%2FQgo8sdyLZ2LuwCcp7EPAFtnG%2FDZMGGmWuGbI8zGfnwPlMRAWKR4nizXi7j1uJPoTWrg9eRyRNrJnac58qZibfK5VWK6G6ye5U7CbfWSO2J8pWCnZqlOo16mAYeKaPUbDuWoEFHxa%2FAqdbVwm9cAgv%2FH1xwVjanNRPz%2BeS5euK2nWDMk59erVjFhXLkRdGMxIc%2Bs7aDvJBpJLsJK0WD2lVKmgrx3jfguVzGxL2cUKlNxwfM5lDzvbC4JF4Dc2ECNF8InzKyoXJGif98AkFsYcanvB9lxy07z%2BzL8CYJo7yvKSEIV86YObgOtsyxcTJS8y%2FBMcWXtLjlIf3lsIUpofaTXNjk9T4FLfSgRE44OVyYvjqupigV5o4VyvZpXWI6NBhRUsjT3ZcOiI538HFyj%2Bml5mn8bEweG5%2B6jYxAMpo8sBRG39hd3w3PZG9Npn%2F1VQ7wNWEWvhsoNA%2FKlPruiPFFGtwTLE%2FKdbDVuB90U5DtLQ7Dic%2Fk9Pchc3XXJgkgCr5FBZA1kHnBy3pxWlwWkIFXSYU91VL7dbUHN%2BS8SWqeugneLUPuzYJsFtH%2FJCSbmEozyTCIzF%2BtnA%2BMzCcUGS%2FsWXgoIf771FFen1w8SzlXwGwbLgEp428v6nFen3U0zcbtFKCG0zPIjwwCEwnEpkPahLR580m2YIoJbP%2FBNifX0d9REvs%2B19qwTRaOA26dkho98t0860uJyZ1Lp68T3cLKQT1%2BWNVjG6hKAhFK00iBiZ1z2EcZUlcWj5RoRq6VFYeYplPn%2BdXs5Eav1QiXQCc5LnBM4TZCtxTXMBNRfc7fJEyEb2%2FhDV76ZA6q1bgarpZuLVvt7wTO0k0e8Yfi925NMvdTl04NkUHZYRqefFSpgy6fShThdEvBCNbOKi%2B41Hr91fcoK9nayd1NR%2F2XF4ynacyJpVuGAiHN%2B0EnxT545h6HRl5LRoFHxM98hR%2BcnU%2FMh4MfmFLLRKgghL2UoArWR0nIoAF23JjPttaXRf%2B5jsCKysWtFUA%2FqSawYcAudfTrC%2BDRHfR%2FfPQzcyr59dvJu1k15gem4fHqSYzkC%2BL&ts=1666448007&ttl=7200&v=v5.4.15
IP 109.206.162.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b2/l/i/icon?cid=1&eid=309&n=73ea3cff13345bb6a1723f10&nid=1&sid=iCigWmBUQwwdaeoITl8hM1ECt0KfNOIeLmPoWrO20A%2BBIvdceCZ5FsJKRDQyBOfW1DX3vKK5x6sD0yoj9wj9mW%2BXBZb%2FS%2FueAKUz435%2BcRfPMjkQkR8Xg51OscnjMG5NdNaNIn6B872AvstiJ1DTz04jQ3HRfe3%2BFJ1wjc752QRWn2VI73K3WDMR%2F3DuLt%2BikRjNR6GkiyyaoA%2FWgNgv2YOm6nyXkDf3kZE6IOXpDn1kcklqszqj%2BFBKtOXFXo%2BjhDdoMKbglLkMOadH5fl4qEcynq7TR0Xm19ppV02Nb%2F3BmlPqQIUfZSKIv1Tc1dVHpWp3rLI0Os3BpFp4mExaO6gE%2FJN8jYAtIjYNZHh%2F1SUhDw5k9stvn8jk56mGWhsJhSnbqLx7ggzxcBt17z5VFoAoVZXMqrNEWkz44fF8rL%2BqTBlFVy%2BsggsHPHLWIexVYBg5f7g7BvxvtvO2CHrPNLF%2BsPyG0uK2qorPAG3lcjeVZRUpsgjdxSrrD%2BeLaSfHsm3N2DiVBCxQ4s77YqkBb6H3X5%2FQgo8sdyLZ2LuwCcp7EPAFtnG%2FDZMGGmWuGbI8zGfnwPlMRAWKR4nizXi7j1uJPoTWrg9eRyRNrJnac58qZibfK5VWK6G6ye5U7CbfWSO2J8pWCnZqlOo16mAYeKaPUbDuWoEFHxa%2FAqdbVwm9cAgv%2FH1xwVjanNRPz%2BeS5euK2nWDMk59erVjFhXLkRdGMxIc%2Bs7aDvJBpJLsJK0WD2lVKmgrx3jfguVzGxL2cUKlNxwfM5lDzvbC4JF4Dc2ECNF8InzKyoXJGif98AkFsYcanvB9lxy07z%2BzL8CYJo7yvKSEIV86YObgOtsyxcTJS8y%2FBMcWXtLjlIf3lsIUpofaTXNjk9T4FLfSgRE44OVyYvjqupigV5o4VyvZpXWI6NBhRUsjT3ZcOiI538HFyj%2Bml5mn8bEweG5%2B6jYxAMpo8sBRG39hd3w3PZG9Npn%2F1VQ7wNWEWvhsoNA%2FKlPruiPFFGtwTLE%2FKdbDVuB90U5DtLQ7Dic%2Fk9Pchc3XXJgkgCr5FBZA1kHnBy3pxWlwWkIFXSYU91VL7dbUHN%2BS8SWqeugneLUPuzYJsFtH%2FJCSbmEozyTCIzF%2BtnA%2BMzCcUGS%2FsWXgoIf771FFen1w8SzlXwGwbLgEp428v6nFen3U0zcbtFKCG0zPIjwwCEwnEpkPahLR580m2YIoJbP%2FBNifX0d9REvs%2B19qwTRaOA26dkho98t0860uJyZ1Lp68T3cLKQT1%2BWNVjG6hKAhFK00iBiZ1z2EcZUlcWj5RoRq6VFYeYplPn%2BdXs5Eav1QiXQCc5LnBM4TZCtxTXMBNRfc7fJEyEb2%2FhDV76ZA6q1bgarpZuLVvt7wTO0k0e8Yfi925NMvdTl04NkUHZYRqefFSpgy6fShThdEvBCNbOKi%2B41Hr91fcoK9nayd1NR%2F2XF4ynacyJpVuGAiHN%2B0EnxT545h6HRl5LRoFHxM98hR%2BcnU%2FMh4MfmFLLRKgghL2UoArWR0nIoAF23JjPttaXRf%2B5jsCKysWtFUA%2FqSawYcAudfTrC%2BDRHfR%2FfPQzcyr59dvJu1k15gem4fHqSYzkC%2BL&ts=1666448007&ttl=7200&v=v5.4.15 HTTP/1.1
Host: iconcnd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: dspclick-v3.7.20.1
date: Sat, 22 Oct 2022 14:13:26 GMT
content-length: 0
location: https://imcdn.co/g35kuLa1HKDSkPFYQtni33mFGPXh1LUUkxapZVGj.png
set-cookie: adcsid-i-3333544793CaScMqbX=1; expires=Sun, 23 Oct 2022 14:13:27 GMT; path=/
referrer-policy: no-referrer
X-Firefox-Spdy: h2
kts.visitstats.com/in/373/?screen_resolution=1280x1024&dt=1666448021458&ad_sub=38830&mo=&ve=&katds_labels=&katds_nocountuniq=1&site_id=23578849&tzof=0&zone=tc_preroll&idzone=2240735&user_id=2526490cda471dd8339cb45a64b32590&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&title=How%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video&skipoffset=10&
62.122.168.42200 OK 845 B URL HTTP/2 kts.visitstats.com/in/373/?screen_resolution=1280x1024&dt=1666448021458&ad_sub=38830&mo=&ve=&katds_labels=&katds_nocountuniq=1&site_id=23578849&tzof=0&zone=tc_preroll&idzone=2240735&user_id=2526490cda471dd8339cb45a64b32590&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&title=How%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video&skipoffset=10&
IP 62.122.168.42:0
Hash 67af56c3bf60db082e271cd919b2e7b7
ac00fa098e0ad778d6dd8ca212c304ff72ae8780
02276aee56e2ce798266f39014ecb801610c99b1b4d067a8cb0aa2971798a48d
GET /in/373/?screen_resolution=1280x1024&dt=1666448021458&ad_sub=38830&mo=&ve=&katds_labels=&katds_nocountuniq=1&site_id=23578849&tzof=0&zone=tc_preroll&idzone=2240735&user_id=2526490cda471dd8339cb45a64b32590&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&title=How%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video&skipoffset=10& HTTP/1.1
Host: kts.visitstats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://txxx.com
pragma: no-cache
vary: Accept-Encoding, *
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4NCwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTEzLCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDg0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjoxLCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDg0IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTQ3NX19
162.55.139.130200 OK 2.0 kB URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4NCwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTEzLCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDg0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjoxLCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDg0IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTQ3NX19
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1756)
Hash e92e325fdb832cae36018f4e15c3eef8
a34d810364f64b1ed04e0660f0507ba05e6fc920
ff53b52bb72c0e5aba700a2a18ff943b1f8b92a90a1ad0cd4cfe03369bac7005
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4NCwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTEzLCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDg0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjoxLCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDg0IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTQ3NX19 HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
js.cabnnr.com/banner-admanager/build.m.js
45.133.44.24200 OK 16 kB URL HTTP/2 js.cabnnr.com/banner-admanager/build.m.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (48872), with no line terminators
Hash 8043259ff35f70af1dfcdc8bfa49bf46
d96f631de92b3ccd0907a5116aad1c1566613276
efa35400cd0d3b1ac29d1fd6568bf6cfceb2c2a6f9f29bd3a7c53a73ea48740a
GET /banner-admanager/build.m.js HTTP/1.1
Host: js.cabnnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:26 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 18 Oct 2022 08:59:34 GMT
etag: W/"634e6af6-bee8"
content-encoding: gzip
expires: Sat, 22 Oct 2022 14:18:26 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=410229980&pid=0&site=31083&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-3&site_id=0&spot_id=31083&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.0035579055552550443&placement_type_id=8&skin_test=&verify_hash=&score=99&ml=&tag_ab=&ttl=&space_id=31083&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=410229980&pid=0&site=31083&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-3&site_id=0&spot_id=31083&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.0035579055552550443&placement_type_id=8&skin_test=&verify_hash=&score=99&ml=&tag_ab=&ttl=&space_id=31083&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=410229980&pid=0&site=31083&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-3&site_id=0&spot_id=31083&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.0035579055552550443&placement_type_id=8&skin_test=&verify_hash=&score=99&ml=&tag_ab=&ttl=&space_id=31083&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=276991757&pid=0&site=31086&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-4&site_id=0&spot_id=31086&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.005332125277221832&placement_type_id=5&skin_test=&verify_hash=&score=96&ml=&tag_ab=&ttl=&space_id=31086&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=276991757&pid=0&site=31086&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-4&site_id=0&spot_id=31086&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.005332125277221832&placement_type_id=5&skin_test=&verify_hash=&score=96&ml=&tag_ab=&ttl=&space_id=31086&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=276991757&pid=0&site=31086&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-4&site_id=0&spot_id=31086&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.005332125277221832&placement_type_id=5&skin_test=&verify_hash=&score=96&ml=&tag_ab=&ttl=&space_id=31086&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=1991905481&pid=0&site=31085&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-5&site_id=0&spot_id=31085&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.005154973765348623&placement_type_id=2&skin_test=&verify_hash=&score=96&ml=&tag_ab=&ttl=&space_id=31085&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=1991905481&pid=0&site=31085&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-5&site_id=0&spot_id=31085&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.005154973765348623&placement_type_id=2&skin_test=&verify_hash=&score=96&ml=&tag_ab=&ttl=&space_id=31085&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=1991905481&pid=0&site=31085&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-5&site_id=0&spot_id=31085&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.005154973765348623&placement_type_id=2&skin_test=&verify_hash=&score=96&ml=&tag_ab=&ttl=&space_id=31085&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4MiwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTM5LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDgyLCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDgyIiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU1Nn19
162.55.139.130200 OK 4.6 kB URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4MiwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTM5LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDgyLCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDgyIiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU1Nn19
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash e5d37609afe5ef008b446f7c665b5227
2ccd2a414a48d4247a72ded78d3dbf20577613ca
7d05b8137f2c9eb2d8f8da69e34d19b93122093c6daf6eb93f004f406a8f2137
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4MiwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTM5LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDgyLCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDgyIiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU1Nn19 HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=1393173927&pid=0&site=47161&sc=NO&usage_type=DCH&subid=391912390&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.0068&ecpm=0.0050999999999999995&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-2&site_id=0&spot_id=47161&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=IAB25&min_cpm=0.00047422666666666665&placement_type_id=269&skin_test=&verify_hash=&score=97&ml=&tag_ab=d&ttl=&space_id=1496&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=%2F%2Fr-eu.tsyndicate.com%2Fapi%2Fv2%2Fdsp%2Fbanner%3Fc%3DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsbcIIODzA0zZlp4rFGmBQ0xOci0MGimZEGNMcrImCGjxgwzIhzOEZOGjEIdW0TMyBGD6MwcMER0cTjGzc8aMWA4DFNnDMYYQ2fEuDFUxo2cIniSwZiGTpk2X2KANWhnoQwbOGLQcAinjpiFNmvImAoHzkSsM2rohCNRB42tNGgQdVgGD50vcwhjNKjnjZsyaRXbADumjV8dM7jalPqQDE4dFMO6cbNwBgwYMWLIwOGwjZuLOmTkqAFjBl3buLe-tuGwjlodA-nQgTNHx4sXY9CEoVNHjpjpZVyMedPmRRo3L37QkQNxTY8wLc60GNOCTgwudV6_pfOmeo8hb8o0gS_fxpgwnoWRxhlu9FBDEEvkYAN_MLxFRhpzhCEGG5jNUZ8bZPTwXnwN2tDGGzxRKEUZD8pRRkTn1UEfg2-dJQaJX9jRUxlvfGEZG3loCBYZ3GF0Rhh5xCaDdj0yNd1CW8ggw1IiwCGHVTrgUBIMxIV1GgwuvCZYRnCg5SSUWA5Hmwhy2PFZDFue2OVCYcIwZh11pIFRDmUoRsNHgd0AFQ021HBYDGaQEUMYNJhRwxiB4aARDmCl8ZkIRLmAlAs0DIkmDWDVEQZGTbyhRxpssBHGCzVkCQIKWMS2AwhMfFcHHiDggYMNX9hAw6pl6qBglimAcMSJa7zxggywvRZVDCAYkYaJZryBxwu7JsUUlCI48QRYb8jxxRjUWgsWG9QW4cSOZdjxhYlsTFTDDTfgMANcrzkkB4Fu1YBDQyIcZK4YciyEw5j6fvHhWLnNmhoZcrzRmkNv_LRXkwnjkcdCc-WbB2s6jFdHGfKWcVpyyzX33I9BykZkd24IC9YcZWKUMB3TZdtCHW6U1QJWLpCh0Y7UHvSFzl9V1MZENhSdGA6v4UtHGzIQbTQNSMNwA7FVGnRuGZF9cSRqRdsKddKMmRsGhXLQ8dMWgTEpYWH5ekwVGxLRBS6bTOEGQx8KBAQ%253D%26s%3D01f0068f94f68f8faa91e93ede183fa295f5bbdaff37408d71e20c36df92c4161666448007&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&stratagem=&ssp=3758
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=1393173927&pid=0&site=47161&sc=NO&usage_type=DCH&subid=391912390&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.0068&ecpm=0.0050999999999999995&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-2&site_id=0&spot_id=47161&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=IAB25&min_cpm=0.00047422666666666665&placement_type_id=269&skin_test=&verify_hash=&score=97&ml=&tag_ab=d&ttl=&space_id=1496&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=%2F%2Fr-eu.tsyndicate.com%2Fapi%2Fv2%2Fdsp%2Fbanner%3Fc%3DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsbcIIODzA0zZlp4rFGmBQ0xOci0MGimZEGNMcrImCGjxgwzIhzOEZOGjEIdW0TMyBGD6MwcMER0cTjGzc8aMWA4DFNnDMYYQ2fEuDFUxo2cIniSwZiGTpk2X2KANWhnoQwbOGLQcAinjpiFNmvImAoHzkSsM2rohCNRB42tNGgQdVgGD50vcwhjNKjnjZsyaRXbADumjV8dM7jalPqQDE4dFMO6cbNwBgwYMWLIwOGwjZuLOmTkqAFjBl3buLe-tuGwjlodA-nQgTNHx4sXY9CEoVNHjpjpZVyMedPmRRo3L37QkQNxTY8wLc60GNOCTgwudV6_pfOmeo8hb8o0gS_fxpgwnoWRxhlu9FBDEEvkYAN_MLxFRhpzhCEGG5jNUZ8bZPTwXnwN2tDGGzxRKEUZD8pRRkTn1UEfg2-dJQaJX9jRUxlvfGEZG3loCBYZ3GF0Rhh5xCaDdj0yNd1CW8ggw1IiwCGHVTrgUBIMxIV1GgwuvCZYRnCg5SSUWA5Hmwhy2PFZDFue2OVCYcIwZh11pIFRDmUoRsNHgd0AFQ021HBYDGaQEUMYNJhRwxiB4aARDmCl8ZkIRLmAlAs0DIkmDWDVEQZGTbyhRxpssBHGCzVkCQIKWMS2AwhMfFcHHiDggYMNX9hAw6pl6qBglimAcMSJa7zxggywvRZVDCAYkYaJZryBxwu7JsUUlCI48QRYb8jxxRjUWgsWG9QW4cSOZdjxhYlsTFTDDTfgMANcrzkkB4Fu1YBDQyIcZK4YciyEw5j6fvHhWLnNmhoZcrzRmkNv_LRXkwnjkcdCc-WbB2s6jFdHGfKWcVpyyzX33I9BykZkd24IC9YcZWKUMB3TZdtCHW6U1QJWLpCh0Y7UHvSFzl9V1MZENhSdGA6v4UtHGzIQbTQNSMNwA7FVGnRuGZF9cSRqRdsKddKMmRsGhXLQ8dMWgTEpYWH5ekwVGxLRBS6bTOEGQx8KBAQ%253D%26s%3D01f0068f94f68f8faa91e93ede183fa295f5bbdaff37408d71e20c36df92c4161666448007&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&stratagem=&ssp=3758
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=1393173927&pid=0&site=47161&sc=NO&usage_type=DCH&subid=391912390&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.0068&ecpm=0.0050999999999999995&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-2&site_id=0&spot_id=47161&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=IAB25&min_cpm=0.00047422666666666665&placement_type_id=269&skin_test=&verify_hash=&score=97&ml=&tag_ab=d&ttl=&space_id=1496&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=%2F%2Fr-eu.tsyndicate.com%2Fapi%2Fv2%2Fdsp%2Fbanner%3Fc%3DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsbcIIODzA0zZlp4rFGmBQ0xOci0MGimZEGNMcrImCGjxgwzIhzOEZOGjEIdW0TMyBGD6MwcMER0cTjGzc8aMWA4DFNnDMYYQ2fEuDFUxo2cIniSwZiGTpk2X2KANWhnoQwbOGLQcAinjpiFNmvImAoHzkSsM2rohCNRB42tNGgQdVgGD50vcwhjNKjnjZsyaRXbADumjV8dM7jalPqQDE4dFMO6cbNwBgwYMWLIwOGwjZuLOmTkqAFjBl3buLe-tuGwjlodA-nQgTNHx4sXY9CEoVNHjpjpZVyMedPmRRo3L37QkQNxTY8wLc60GNOCTgwudV6_pfOmeo8hb8o0gS_fxpgwnoWRxhlu9FBDEEvkYAN_MLxFRhpzhCEGG5jNUZ8bZPTwXnwN2tDGGzxRKEUZD8pRRkTn1UEfg2-dJQaJX9jRUxlvfGEZG3loCBYZ3GF0Rhh5xCaDdj0yNd1CW8ggw1IiwCGHVTrgUBIMxIV1GgwuvCZYRnCg5SSUWA5Hmwhy2PFZDFue2OVCYcIwZh11pIFRDmUoRsNHgd0AFQ021HBYDGaQEUMYNJhRwxiB4aARDmCl8ZkIRLmAlAs0DIkmDWDVEQZGTbyhRxpssBHGCzVkCQIKWMS2AwhMfFcHHiDggYMNX9hAw6pl6qBglimAcMSJa7zxggywvRZVDCAYkYaJZryBxwu7JsUUlCI48QRYb8jxxRjUWgsWG9QW4cSOZdjxhYlsTFTDDTfgMANcrzkkB4Fu1YBDQyIcZK4YciyEw5j6fvHhWLnNmhoZcrzRmkNv_LRXkwnjkcdCc-WbB2s6jFdHGfKWcVpyyzX33I9BykZkd24IC9YcZWKUMB3TZdtCHW6U1QJWLpCh0Y7UHvSFzl9V1MZENhSdGA6v4UtHGzIQbTQNSMNwA7FVGnRuGZF9cSRqRdsKddKMmRsGhXLQ8dMWgTEpYWH5ekwVGxLRBS6bTOEGQx8KBAQ%253D%26s%3D01f0068f94f68f8faa91e93ede183fa295f5bbdaff37408d71e20c36df92c4161666448007&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&stratagem=&ssp=3758 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: //r-eu.tsyndicate.com/api/v2/dsp/banner?c=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsbcIIODzA0zZlp4rFGmBQ0xOci0MGimZEGNMcrImCGjxgwzIhzOEZOGjEIdW0TMyBGD6MwcMER0cTjGzc8aMWA4DFNnDMYYQ2fEuDFUxo2cIniSwZiGTpk2X2KANWhnoQwbOGLQcAinjpiFNmvImAoHzkSsM2rohCNRB42tNGgQdVgGD50vcwhjNKjnjZsyaRXbADumjV8dM7jalPqQDE4dFMO6cbNwBgwYMWLIwOGwjZuLOmTkqAFjBl3buLe-tuGwjlodA-nQgTNHx4sXY9CEoVNHjpjpZVyMedPmRRo3L37QkQNxTY8wLc60GNOCTgwudV6_pfOmeo8hb8o0gS_fxpgwnoWRxhlu9FBDEEvkYAN_MLxFRhpzhCEGG5jNUZ8bZPTwXnwN2tDGGzxRKEUZD8pRRkTn1UEfg2-dJQaJX9jRUxlvfGEZG3loCBYZ3GF0Rhh5xCaDdj0yNd1CW8ggw1IiwCGHVTrgUBIMxIV1GgwuvCZYRnCg5SSUWA5Hmwhy2PFZDFue2OVCYcIwZh11pIFRDmUoRsNHgd0AFQ021HBYDGaQEUMYNJhRwxiB4aARDmCl8ZkIRLmAlAs0DIkmDWDVEQZGTbyhRxpssBHGCzVkCQIKWMS2AwhMfFcHHiDggYMNX9hAw6pl6qBglimAcMSJa7zxggywvRZVDCAYkYaJZryBxwu7JsUUlCI48QRYb8jxxRjUWgsWG9QW4cSOZdjxhYlsTFTDDTfgMANcrzkkB4Fu1YBDQyIcZK4YciyEw5j6fvHhWLnNmhoZcrzRmkNv_LRXkwnjkcdCc-WbB2s6jFdHGfKWcVpyyzX33I9BykZkd24IC9YcZWKUMB3TZdtCHW6U1QJWLpCh0Y7UHvSFzl9V1MZENhSdGA6v4UtHGzIQbTQNSMNwA7FVGnRuGZF9cSRqRdsKddKMmRsGhXLQ8dMWgTEpYWH5ekwVGxLRBS6bTOEGQx8KBAQ%3D&s=01f0068f94f68f8faa91e93ede183fa295f5bbdaff37408d71e20c36df92c4161666448007
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=749059144&pid=0&site=47160&sc=NO&usage_type=DCH&subid=1856876215&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-8&site_id=0&spot_id=47160&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.00035567&placement_type_id=&skin_test=&verify_hash=&score=97&ml=&tag_ab=d&ttl=&space_id=1496&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D47160%26source%3D1856876215%26idzone%3D0%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D47160%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3DGay112.com%252Cbest%252Cfree%252Cgay%252Cporn%252Cvideos.%2520%26spot_id%3D47160%26p%3Dhttps%253A%252F%252Fgay112.com%252Fno%252F%26katds_labels%3D%26btype%3D0%26score%3D97%26bf%3D0.00035567&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&stratagem=&ssp=3758
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=749059144&pid=0&site=47160&sc=NO&usage_type=DCH&subid=1856876215&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-8&site_id=0&spot_id=47160&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.00035567&placement_type_id=&skin_test=&verify_hash=&score=97&ml=&tag_ab=d&ttl=&space_id=1496&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D47160%26source%3D1856876215%26idzone%3D0%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D47160%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3DGay112.com%252Cbest%252Cfree%252Cgay%252Cporn%252Cvideos.%2520%26spot_id%3D47160%26p%3Dhttps%253A%252F%252Fgay112.com%252Fno%252F%26katds_labels%3D%26btype%3D0%26score%3D97%26bf%3D0.00035567&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&stratagem=&ssp=3758
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=749059144&pid=0&site=47160&sc=NO&usage_type=DCH&subid=1856876215&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-8&site_id=0&spot_id=47160&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.00035567&placement_type_id=&skin_test=&verify_hash=&score=97&ml=&tag_ab=d&ttl=&space_id=1496&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D47160%26source%3D1856876215%26idzone%3D0%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D47160%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3DGay112.com%252Cbest%252Cfree%252Cgay%252Cporn%252Cvideos.%2520%26spot_id%3D47160%26p%3Dhttps%253A%252F%252Fgay112.com%252Fno%252F%26katds_labels%3D%26btype%3D0%26score%3D97%26bf%3D0.00035567&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&stratagem=&ssp=3758 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=47160&source=1856876215&idzone=0&w=300&h=250&mo=&ve=&site_id=47160&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&spot_id=47160&p=https%3A%2F%2Fgay112.com%2Fno%2F&katds_labels=&btype=0&score=97&bf=0.00035567
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/common/config.js
45.133.44.25200 OK 19 B URL HTTP/2 js.wpshsdk.com/npc/sdk/common/config.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 55aa94ec10fafc5c82436b3107b3164a
35207540b4f6e38a42432450987522b4ba7422cb
d0f5950dfe1f17ee8c9d785db2daf64fe7a09aa2340b61e6b76e1cc9e62326e1
GET /npc/sdk/common/config.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gay112.com/
Origin: https://gay112.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 19
server: nginx/1.18.0
last-modified: Fri, 21 Oct 2022 15:29:11 GMT
etag: "6352bac7-13"
expires: Sat, 22 Oct 2022 14:18:27 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2d44626f55ed7cde230ceb84013e530c
d0adc6b8e1f1bda802713d8f1e241f71deda1f2e
75ec6ee85313644064edd850c06cb290b00341b0a3033ca7b4beebbac5048983
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4840
Cache-Control: max-age=140861
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:27 GMT
Etag: "63536adc-117"
Expires: Mon, 24 Oct 2022 05:21:08 GMT
Last-Modified: Sat, 22 Oct 2022 04:00:28 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
rtbrennab.com/banner/in/show/?mid=31636182&pid=0&site=31074&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-6&site_id=0&spot_id=31074&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.0044979715475739705&placement_type_id=8&skin_test=&verify_hash=&score=100&ml=&tag_ab=&ttl=&space_id=31074&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fcc7211683ae26562c2df637755f311868f37c8ea.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=31636182&pid=0&site=31074&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-6&site_id=0&spot_id=31074&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.0044979715475739705&placement_type_id=8&skin_test=&verify_hash=&score=100&ml=&tag_ab=&ttl=&space_id=31074&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fcc7211683ae26562c2df637755f311868f37c8ea.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=31636182&pid=0&site=31074&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-6&site_id=0&spot_id=31074&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25&min_cpm=0.0044979715475739705&placement_type_id=8&skin_test=&verify_hash=&score=100&ml=&tag_ab=&ttl=&space_id=31074&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fcc7211683ae26562c2df637755f311868f37c8ea.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
X-Firefox-Spdy: h2
vlykjb.com/dsp/nt/img?aid=9254051325364029262&mid=1&t=1666448006&sid=1629
31.220.27.100302 Found 0 B URL HTTP/2 vlykjb.com/dsp/nt/img?aid=9254051325364029262&mid=1&t=1666448006&sid=1629
IP 31.220.27.100:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /dsp/nt/img?aid=9254051325364029262&mid=1&t=1666448006&sid=1629 HTTP/1.1
Host: vlykjb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
access-control-allow-origin: *
location: https://i.wmgtr.com/cim/Ds3PR_Nov82yR16ciqcFEHOTErGbJLo9.png
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=2128124&pid=0&site=31082&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-0&site_id=0&spot_id=31082&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25-3&min_cpm=0.0040095742954508575&placement_type_id=8&skin_test=&verify_hash=&score=100&ml=&tag_ab=&ttl=&space_id=31082&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25-3&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=2128124&pid=0&site=31082&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-0&site_id=0&spot_id=31082&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25-3&min_cpm=0.0040095742954508575&placement_type_id=8&skin_test=&verify_hash=&score=100&ml=&tag_ab=&ttl=&space_id=31082&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25-3&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=2128124&pid=0&site=31082&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10914&price=0&is_cpm=1&cpm=0.007652249999999999&ecpm=0.005658685829999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-0&site_id=0&spot_id=31082&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=native&iabcat=IAB25-3&min_cpm=0.0040095742954508575&placement_type_id=8&skin_test=&verify_hash=&score=100&ml=&tag_ab=&ttl=&space_id=31082&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25-3&url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F475567%2Fb02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://s3t3d2y8.afcdn.net/library/475567/b02a4e7c60116eb6ab673a98c95e8547fb1fcb7e.jpg
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=537021881&pid=0&site=31084&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10764&price=0&is_cpm=1&cpm=0.008873778844415918&ecpm=0.007252716925118017&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-7&site_id=0&spot_id=31084&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=imageAd&iabcat=IAB25&min_cpm=0.008876531101649293&placement_type_id=1&skin_test=&verify_hash=&score=96&ml=&tag_ab=&ttl=&space_id=31084&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs.optnx.com%2Fcimp.php%3Fdata%3DTVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny82M2Q0MGMyYmViYjI2MjJlMDU0ZjM1YWYyYjY0Y2QzNDJiMjI5NWFlLmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTAxMDg2fDQxNzYxODZ8NTA4fDQyMzk0MDh8NDc2NTE4ODJ8MTV8M3wwfDB8MjUzNDR8MHwxLjE1OTYzMDAyMzExOTV8NzV8RVVSfFVTRHwxLjAyMDN8MXwyMXwzMDB4MjUwfDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDN8MXwwfGV4Y2hhbmdlX2Jhbm5lcnwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDlmZTI1MDQ4YTk1ZDkwNmZjNDhmMzBiNDRjYzE5MzYz&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=537021881&pid=0&site=31084&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10764&price=0&is_cpm=1&cpm=0.008873778844415918&ecpm=0.007252716925118017&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-7&site_id=0&spot_id=31084&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=imageAd&iabcat=IAB25&min_cpm=0.008876531101649293&placement_type_id=1&skin_test=&verify_hash=&score=96&ml=&tag_ab=&ttl=&space_id=31084&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs.optnx.com%2Fcimp.php%3Fdata%3DTVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny82M2Q0MGMyYmViYjI2MjJlMDU0ZjM1YWYyYjY0Y2QzNDJiMjI5NWFlLmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTAxMDg2fDQxNzYxODZ8NTA4fDQyMzk0MDh8NDc2NTE4ODJ8MTV8M3wwfDB8MjUzNDR8MHwxLjE1OTYzMDAyMzExOTV8NzV8RVVSfFVTRHwxLjAyMDN8MXwyMXwzMDB4MjUwfDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDN8MXwwfGV4Y2hhbmdlX2Jhbm5lcnwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDlmZTI1MDQ4YTk1ZDkwNmZjNDhmMzBiNDRjYzE5MzYz&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=537021881&pid=0&site=31084&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=10764&price=0&is_cpm=1&cpm=0.008873778844415918&ecpm=0.007252716925118017&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-7&site_id=0&spot_id=31084&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=imageAd&iabcat=IAB25&min_cpm=0.008876531101649293&placement_type_id=1&skin_test=&verify_hash=&score=96&ml=&tag_ab=&ttl=&space_id=31084&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fs.optnx.com%2Fcimp.php%3Fdata%3DTVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny82M2Q0MGMyYmViYjI2MjJlMDU0ZjM1YWYyYjY0Y2QzNDJiMjI5NWFlLmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTAxMDg2fDQxNzYxODZ8NTA4fDQyMzk0MDh8NDc2NTE4ODJ8MTV8M3wwfDB8MjUzNDR8MHwxLjE1OTYzMDAyMzExOTV8NzV8RVVSfFVTRHwxLjAyMDN8MXwyMXwzMDB4MjUwfDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDN8MXwwfGV4Y2hhbmdlX2Jhbm5lcnwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDlmZTI1MDQ4YTk1ZDkwNmZjNDhmMzBiNDRjYzE5MzYz&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5c0276acfe.9a363a4900.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny82M2Q0MGMyYmViYjI2MjJlMDU0ZjM1YWYyYjY0Y2QzNDJiMjI5NWFlLmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTAxMDg2fDQxNzYxODZ8NTA4fDQyMzk0MDh8NDc2NTE4ODJ8MTV8M3wwfDB8MjUzNDR8MHwxLjE1OTYzMDAyMzExOTV8NzV8RVVSfFVTRHwxLjAyMDN8MXwyMXwzMDB4MjUwfDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDN8MXwwfGV4Y2hhbmdlX2Jhbm5lcnwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDlmZTI1MDQ4YTk1ZDkwNmZjNDhmMzBiNDRjYzE5MzYz
X-Firefox-Spdy: h2
imcdn.co/g35kuLa1HKDSkPFYQtni33mFGPXh1LUUkxapZVGj.png
172.67.186.151200 OK 73 kB URL HTTP/2 imcdn.co/g35kuLa1HKDSkPFYQtni33mFGPXh1LUUkxapZVGj.png
IP 172.67.186.151:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash bae6ef6cac93a642c20d1a8a2de2334c
422a99406279005d383ee15e0ee80ddef120ef98
ba0dbe11f351b671dfc68027111f3dd17c0076b30e68b0c98e34df7fd2da1eb7
GET /g35kuLa1HKDSkPFYQtni33mFGPXh1LUUkxapZVGj.png HTTP/1.1
Host: imcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 73062
expires: Tue, 15 Nov 2022 16:09:30 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 511437
last-modified: Sun, 16 Oct 2022 16:09:30 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=URX8c5Pzpex2whSj1TQmUbgoBJMVQPSJBgkIwsdmc%2B%2BWsJZS8f%2BTflz23um9oEHJzGckFDA77nWk52t2IvBnvGSGCQK7CjZ3amKpzjsR9bmWC%2B2cIfyMvwIG2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d56fb8afb517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzg1NjY1MjAzIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6NDcxNTksIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjEsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4LCJidHlwZSI6NH0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjQ3MTU5IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vbm8vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjllNDk0N2YzNTc1MTQ2NTQxMWZkMWE0ZjVjMzU4Yzc4IiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NjY0NDgwMjE1ODh9fQ==
162.55.139.130200 OK 1.0 kB URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzg1NjY1MjAzIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6NDcxNTksIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjEsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4LCJidHlwZSI6NH0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjQ3MTU5IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vbm8vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjllNDk0N2YzNTc1MTQ2NTQxMWZkMWE0ZjVjMzU4Yzc4IiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NjY0NDgwMjE1ODh9fQ==
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1424)
Hash 2975882586560d3c67d4938b0288a94e
c6f55197bd1743213a91fe1d271d8a894b4293ed
071290f96b742a802a4c74befb6a5421ab168b1b15aae976d22d0037097cfeb7
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzg1NjY1MjAzIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6NDcxNTksIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjEsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4LCJidHlwZSI6NH0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjQ3MTU5IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vbm8vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjllNDk0N2YzNTc1MTQ2NTQxMWZkMWE0ZjVjMzU4Yzc4IiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NjY0NDgwMjE1ODh9fQ== HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2d44626f55ed7cde230ceb84013e530c
d0adc6b8e1f1bda802713d8f1e241f71deda1f2e
75ec6ee85313644064edd850c06cb290b00341b0a3033ca7b4beebbac5048983
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4840
Cache-Control: max-age=140861
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:27 GMT
Etag: "63536adc-117"
Expires: Mon, 24 Oct 2022 05:21:08 GMT
Last-Modified: Sat, 22 Oct 2022 04:00:28 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny82M2Q0MGMyYmViYjI2MjJlMDU0ZjM1YWYyYjY0Y2QzNDJiMjI5NWFlLmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTAxMDg2fDQxNzYxODZ8NTA4fDQyMzk0MDh8NDc2NTE4ODJ8MTV8M3wwfDB8MjUzNDR8MHwxLjE1OTYzMDAyMzExOTV8NzV8RVVSfFVTRHwxLjAyMDN8MXwyMXwzMDB4MjUwfDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDN8MXwwfGV4Y2hhbmdlX2Jhbm5lcnwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDlmZTI1MDQ4YTk1ZDkwNmZjNDhmMzBiNDRjYzE5MzYz
95.211.229.247302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny82M2Q0MGMyYmViYjI2MjJlMDU0ZjM1YWYyYjY0Y2QzNDJiMjI5NWFlLmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTAxMDg2fDQxNzYxODZ8NTA4fDQyMzk0MDh8NDc2NTE4ODJ8MTV8M3wwfDB8MjUzNDR8MHwxLjE1OTYzMDAyMzExOTV8NzV8RVVSfFVTRHwxLjAyMDN8MXwyMXwzMDB4MjUwfDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDN8MXwwfGV4Y2hhbmdlX2Jhbm5lcnwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDlmZTI1MDQ4YTk1ZDkwNmZjNDhmMzBiNDRjYzE5MzYz
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk5qUTBPREF3TjN3ek5EVXlZVFEyTVRWak16Y3dNelpqWkdVMVl6Y3haRFppTWpBeU9XWTRZZy0tfC9saWJyYXJ5LzQ3NTU2Ny82M2Q0MGMyYmViYjI2MjJlMDU0ZjM1YWYyYjY0Y2QzNDJiMjI5NWFlLmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfHR4eHguY29tfDQ3NTU2N3w2NjYxNzN8OTAxMDg2fDQxNzYxODZ8NTA4fDQyMzk0MDh8NDc2NTE4ODJ8MTV8M3wwfDB8MjUzNDR8MHwxLjE1OTYzMDAyMzExOTV8NzV8RVVSfFVTRHwxLjAyMDN8MXwyMXwzMDB4MjUwfDF8Tk9SfHwyMHw0fDF8fGIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNifGRmOTYwNTA5ODc2ZDc1MWJjNmNhZmIyYzIwZDQxMzJifDF8MHxnYXkxMTIuY29tfDB8MHwwfDAuMDN8MXwwfGV4Y2hhbmdlX2Jhbm5lcnwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwzfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDlmZTI1MDQ4YTk1ZDkwNmZjNDhmMzBiNDRjYzE5MzYz HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c0276acfe.9a363a4900.com/
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226353fa8780c3e9.263130732752539605%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226353fa8780c3e9.263130732752539605%22%3B%7D; expires=Mon, 21 Oct 2024 14:13:27 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/475567/63d40c2bebb2622e054f35af2b64cd342b2295ae.gif
X-Robots-Tag: noindex, follow
btds.zog.link/in/912/?sid=47159&source=785665203&idzone=0&w=300&h=250&mo=&ve=&site_id=47159&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&spot_id=47159&p=https%3A%2F%2Fgay112.com%2Fno%2F&katds_labels=&btype=4&score=97&bf=0.000533505
109.206.176.75302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=47159&source=785665203&idzone=0&w=300&h=250&mo=&ve=&site_id=47159&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&spot_id=47159&p=https%3A%2F%2Fgay112.com%2Fno%2F&katds_labels=&btype=4&score=97&bf=0.000533505
IP 109.206.176.75:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=47159&source=785665203&idzone=0&w=300&h=250&mo=&ve=&site_id=47159&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&spot_id=47159&p=https%3A%2F%2Fgay112.com%2Fno%2F&katds_labels=&btype=4&score=97&bf=0.000533505 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c0276acfe.9a363a4900.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://twinrdack.com/link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=785665203&kw=Gay112.com,best,free,gay,porn,videos.
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Tue, 25 Oct 2022 16:13:28 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=31089&source=38830&idzone=3069158&w=728&h=90&mo=&ve=&site_id=31089&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&spot_id=31089&p=https%3A%2F%2Fgay112.com%2F&katds_labels=&btype=0&score=96&bf=0.00032572
109.206.176.75302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=31089&source=38830&idzone=3069158&w=728&h=90&mo=&ve=&site_id=31089&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&spot_id=31089&p=https%3A%2F%2Fgay112.com%2F&katds_labels=&btype=0&score=96&bf=0.00032572
IP 109.206.176.75:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=31089&source=38830&idzone=3069158&w=728&h=90&mo=&ve=&site_id=31089&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&spot_id=31089&p=https%3A%2F%2Fgay112.com%2F&katds_labels=&btype=0&score=96&bf=0.00032572 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c0276acfe.9a363a4900.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/03035f472880499cb28858d7b8d87284.html?subid=38830&categories=Gay,Asian,Bareback,HD,Deepthroat,Cumshot
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Sun, 23 Oct 2022 14:13:27 GMT; path=/; secure; SameSite=None
1624.0=1; expires=Sun, 23 Oct 2022 14:13:27 GMT; path=/; secure; SameSite=None
1625.0=1; expires=Sun, 23 Oct 2022 14:13:27 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/475567/63d40c2bebb2622e054f35af2b64cd342b2295ae.gif
185.76.9.19200 OK 135 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/63d40c2bebb2622e054f35af2b64cd342b2295ae.gif
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type GIF image data, version 89a, 300 x 250\012- data
Size 135 kB (135092 bytes)
Hash ea597260cdce2934b0eab9812554e2cb
63d40c2bebb2622e054f35af2b64cd342b2295ae
c906b8724b4429df7b10f7210121f7156e28fa8479f883b135b5adb75931d4e2
GET /library/475567/63d40c2bebb2622e054f35af2b64cd342b2295ae.gif HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c0276acfe.9a363a4900.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: image/gif
content-length: 135092
last-modified: Fri, 29 Jan 2021 09:40:16 GMT
etag: "6013d800-20fb4"
expires: Fri, 30 Jun 2023 11:09:36 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195333
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1nKz7/Al2VAA
x-77-nzt-ray: Gkvl43pVMYA
x-cache: HIT
x-age: 9788674
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=47160&source=1856876215&idzone=0&w=300&h=250&mo=&ve=&site_id=47160&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&spot_id=47160&p=https%3A%2F%2Fgay112.com%2Fno%2F&katds_labels=&btype=0&score=97&bf=0.00035567
109.206.176.75302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=47160&source=1856876215&idzone=0&w=300&h=250&mo=&ve=&site_id=47160&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&spot_id=47160&p=https%3A%2F%2Fgay112.com%2Fno%2F&katds_labels=&btype=0&score=97&bf=0.00035567
IP 109.206.176.75:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=47160&source=1856876215&idzone=0&w=300&h=250&mo=&ve=&site_id=47160&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&spot_id=47160&p=https%3A%2F%2Fgay112.com%2Fno%2F&katds_labels=&btype=0&score=97&bf=0.00035567 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c0276acfe.9a363a4900.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://twinrdack.com/link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=1856876215&kw=Gay112.com,best,free,gay,porn,videos.
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Tue, 25 Oct 2022 16:13:27 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r-eu.tsyndicate.com/api/v2/dsp/banner?c=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsbcIIODzA0zZlp4rFGmBQ0xOci0MGimZEGNMcrImCGjxgwzIhzOEZOGjEIdW0TMyBGD6MwcMER0cTjGzc8aMWA4DFNnDMYYQ2fEuDFUxo2cIniSwZiGTpk2X2KANWhnoQwbOGLQcAinjpiFNmvImAoHzkSsM2rohCNRB42tNGgQdVgGD50vcwhjNKjnjZsyaRXbADumjV8dM7jalPqQDE4dFMO6cbNwBgwYMWLIwOGwjZuLOmTkqAFjBl3buLe-tuGwjlodA-nQgTNHx4sXY9CEoVNHjpjpZVyMedPmRRo3L37QkQNxTY8wLc60GNOCTgwudV6_pfOmeo8hb8o0gS_fxpgwnoWRxhlu9FBDEEvkYAN_MLxFRhpzhCEGG5jNUZ8bZPTwXnwN2tDGGzxRKEUZD8pRRkTn1UEfg2-dJQaJX9jRUxlvfGEZG3loCBYZ3GF0Rhh5xCaDdj0yNd1CW8ggw1IiwCGHVTrgUBIMxIV1GgwuvCZYRnCg5SSUWA5Hmwhy2PFZDFue2OVCYcIwZh11pIFRDmUoRsNHgd0AFQ021HBYDGaQEUMYNJhRwxiB4aARDmCl8ZkIRLmAlAs0DIkmDWDVEQZGTbyhRxpssBHGCzVkCQIKWMS2AwhMfFcHHiDggYMNX9hAw6pl6qBglimAcMSJa7zxggywvRZVDCAYkYaJZryBxwu7JsUUlCI48QRYb8jxxRjUWgsWG9QW4cSOZdjxhYlsTFTDDTfgMANcrzkkB4Fu1YBDQyIcZK4YciyEw5j6fvHhWLnNmhoZcrzRmkNv_LRXkwnjkcdCc-WbB2s6jFdHGfKWcVpyyzX33I9BykZkd24IC9YcZWKUMB3TZdtCHW6U1QJWLpCh0Y7UHvSFzl9V1MZENhSdGA6v4UtHGzIQbTQNSMNwA7FVGnRuGZF9cSRqRdsKddKMmRsGhXLQ8dMWgTEpYWH5ekwVGxLRBS6bTOEGQx8KBAQ%3D&s=01f0068f94f68f8faa91e93ede183fa295f5bbdaff37408d71e20c36df92c4161666448007
136.243.106.158200 OK 2.4 kB URL HTTP/2 r-eu.tsyndicate.com/api/v2/dsp/banner?c=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsbcIIODzA0zZlp4rFGmBQ0xOci0MGimZEGNMcrImCGjxgwzIhzOEZOGjEIdW0TMyBGD6MwcMER0cTjGzc8aMWA4DFNnDMYYQ2fEuDFUxo2cIniSwZiGTpk2X2KANWhnoQwbOGLQcAinjpiFNmvImAoHzkSsM2rohCNRB42tNGgQdVgGD50vcwhjNKjnjZsyaRXbADumjV8dM7jalPqQDE4dFMO6cbNwBgwYMWLIwOGwjZuLOmTkqAFjBl3buLe-tuGwjlodA-nQgTNHx4sXY9CEoVNHjpjpZVyMedPmRRo3L37QkQNxTY8wLc60GNOCTgwudV6_pfOmeo8hb8o0gS_fxpgwnoWRxhlu9FBDEEvkYAN_MLxFRhpzhCEGG5jNUZ8bZPTwXnwN2tDGGzxRKEUZD8pRRkTn1UEfg2-dJQaJX9jRUxlvfGEZG3loCBYZ3GF0Rhh5xCaDdj0yNd1CW8ggw1IiwCGHVTrgUBIMxIV1GgwuvCZYRnCg5SSUWA5Hmwhy2PFZDFue2OVCYcIwZh11pIFRDmUoRsNHgd0AFQ021HBYDGaQEUMYNJhRwxiB4aARDmCl8ZkIRLmAlAs0DIkmDWDVEQZGTbyhRxpssBHGCzVkCQIKWMS2AwhMfFcHHiDggYMNX9hAw6pl6qBglimAcMSJa7zxggywvRZVDCAYkYaJZryBxwu7JsUUlCI48QRYb8jxxRjUWgsWG9QW4cSOZdjxhYlsTFTDDTfgMANcrzkkB4Fu1YBDQyIcZK4YciyEw5j6fvHhWLnNmhoZcrzRmkNv_LRXkwnjkcdCc-WbB2s6jFdHGfKWcVpyyzX33I9BykZkd24IC9YcZWKUMB3TZdtCHW6U1QJWLpCh0Y7UHvSFzl9V1MZENhSdGA6v4UtHGzIQbTQNSMNwA7FVGnRuGZF9cSRqRdsKddKMmRsGhXLQ8dMWgTEpYWH5ekwVGxLRBS6bTOEGQx8KBAQ%3D&s=01f0068f94f68f8faa91e93ede183fa295f5bbdaff37408d71e20c36df92c4161666448007
IP 136.243.106.158:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3600)
Hash f842f687277da1e9c9b2b4ef3f4b48f3
09ee7e7199badae74654c8fe5c19f5262c4722d9
b0de9375a43895819cfbd7f4f1772fcc70f41995f861b886684c2068f01d6e27
GET /api/v2/dsp/banner?c=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsbcIIODzA0zZlp4rFGmBQ0xOci0MGimZEGNMcrImCGjxgwzIhzOEZOGjEIdW0TMyBGD6MwcMER0cTjGzc8aMWA4DFNnDMYYQ2fEuDFUxo2cIniSwZiGTpk2X2KANWhnoQwbOGLQcAinjpiFNmvImAoHzkSsM2rohCNRB42tNGgQdVgGD50vcwhjNKjnjZsyaRXbADumjV8dM7jalPqQDE4dFMO6cbNwBgwYMWLIwOGwjZuLOmTkqAFjBl3buLe-tuGwjlodA-nQgTNHx4sXY9CEoVNHjpjpZVyMedPmRRo3L37QkQNxTY8wLc60GNOCTgwudV6_pfOmeo8hb8o0gS_fxpgwnoWRxhlu9FBDEEvkYAN_MLxFRhpzhCEGG5jNUZ8bZPTwXnwN2tDGGzxRKEUZD8pRRkTn1UEfg2-dJQaJX9jRUxlvfGEZG3loCBYZ3GF0Rhh5xCaDdj0yNd1CW8ggw1IiwCGHVTrgUBIMxIV1GgwuvCZYRnCg5SSUWA5Hmwhy2PFZDFue2OVCYcIwZh11pIFRDmUoRsNHgd0AFQ021HBYDGaQEUMYNJhRwxiB4aARDmCl8ZkIRLmAlAs0DIkmDWDVEQZGTbyhRxpssBHGCzVkCQIKWMS2AwhMfFcHHiDggYMNX9hAw6pl6qBglimAcMSJa7zxggywvRZVDCAYkYaJZryBxwu7JsUUlCI48QRYb8jxxRjUWgsWG9QW4cSOZdjxhYlsTFTDDTfgMANcrzkkB4Fu1YBDQyIcZK4YciyEw5j6fvHhWLnNmhoZcrzRmkNv_LRXkwnjkcdCc-WbB2s6jFdHGfKWcVpyyzX33I9BykZkd24IC9YcZWKUMB3TZdtCHW6U1QJWLpCh0Y7UHvSFzl9V1MZENhSdGA6v4UtHGzIQbTQNSMNwA7FVGnRuGZF9cSRqRdsKddKMmRsGhXLQ8dMWgTEpYWH5ekwVGxLRBS6bTOEGQx8KBAQ%3D&s=01f0068f94f68f8faa91e93ede183fa295f5bbdaff37408d71e20c36df92c4161666448007 HTTP/1.1
Host: r-eu.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c0276acfe.9a363a4900.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html; charset=utf-8
content-length: 2388
vary: *
content-encoding: gzip
pragma: no-cache
expires: 0
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 257f423b78aa4c39
set-cookie: ts_uid=9e4947f35751465411fd1a4f5c358c78; expires=Sat, 22 Apr 2023 14:13:27 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 1b54ab427690eb9b6b90fd2a3c86699d
a89964a15b549e28931afb7efd612e1eb5156756
bb9f61cea9199450d013e827be1344a3e2c509070e8772350235aea78225dff3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 00:04:36 GMT
Expires: Thu, 27 Oct 2022 00:04:35 GMT
Etag: "a89964a15b549e28931afb7efd612e1eb5156756"
Cache-Control: max-age=380467,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e2d5703889fac0-OSL
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4NiwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTI1LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDg2LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo1LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDg2IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTUzOX19
162.55.139.130200 OK 3.5 kB URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4NiwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTI1LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDg2LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo1LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDg2IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTUzOX19
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash 6d28c9cd62168e31fdbaa54b88ff7bdc
8626f61cdeaf73a1ab8f6d5ee990b22878c6e062
0f9044e55bd0d15dc6fbe8a5ba1c99c884fcd849f7807d8ca3669678f45bceca
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4NiwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTI1LCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDg2LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo1LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDg2IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTUzOX19 HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf4f131eeb09d951e51b305ac924bf8b
731133cc60538b18a90a881ed14373abe6406323
142f8a7861b64ba8cbb627f6c607cf6bfdeab0ddd0e04ae0f859f651675f563f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "142F8A7861B64BA8CBB627F6C607CF6BFDEAB0DDD0E04AE0F859F651675F563F"
Last-Modified: Thu, 20 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5199
Expires: Sat, 22 Oct 2022 15:40:06 GMT
Date: Sat, 22 Oct 2022 14:13:27 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 1b54ab427690eb9b6b90fd2a3c86699d
a89964a15b549e28931afb7efd612e1eb5156756
bb9f61cea9199450d013e827be1344a3e2c509070e8772350235aea78225dff3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 00:04:36 GMT
Expires: Thu, 27 Oct 2022 00:04:35 GMT
Etag: "a89964a15b549e28931afb7efd612e1eb5156756"
Cache-Control: max-age=380467,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e2d56f6b9c0b31-OSL
mcpuwpsh.com/popunder/in/click/?mid=265706709&pid=0&site=47158&sc=NO&usage_type=DCH&subid=1858225680&sid=0&cid=12900&price=0&is_cpm=0&cpm=0.61&ecpm=0.58&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-popunder-hz-1&site_id=0&spot_id=47158&utm_source=&utm_medium=&utm_campaign=&utm_content=spt_2&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.017125&placement_type_id=&skin_test=&verify_hash=&score=100&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&pop_type=0&space_id=1095&verify_hash=&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ssp=0&url=https%3A%2F%2Fts.cvastico.com%2Fin%2F849%2F%3Fsource%3D1858225680%26site_id%3D47158%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3Dspt_2%26idzone%3D0%26spot_id%3D47158%26mo%3D%26ve%3D%26ad_tags%3DGay112.com%252Cbest%252Cfree%252Cgay%252Cporn%252Cvideos.%2520%26p%3Dhttps%253A%252F%252Fgay112.com%252Fno%252F%26sid%3D1095%26katds_labels%3D%26is_iframe%3D0%26btype%3D0%26score%3D100%26bf%3D0.017125&pr=&bid_crid=&bid_cid=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&is_interstitial=0
94.130.197.134302 Found 0 B URL HTTP/2 mcpuwpsh.com/popunder/in/click/?mid=265706709&pid=0&site=47158&sc=NO&usage_type=DCH&subid=1858225680&sid=0&cid=12900&price=0&is_cpm=0&cpm=0.61&ecpm=0.58&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-popunder-hz-1&site_id=0&spot_id=47158&utm_source=&utm_medium=&utm_campaign=&utm_content=spt_2&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.017125&placement_type_id=&skin_test=&verify_hash=&score=100&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&pop_type=0&space_id=1095&verify_hash=&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ssp=0&url=https%3A%2F%2Fts.cvastico.com%2Fin%2F849%2F%3Fsource%3D1858225680%26site_id%3D47158%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3Dspt_2%26idzone%3D0%26spot_id%3D47158%26mo%3D%26ve%3D%26ad_tags%3DGay112.com%252Cbest%252Cfree%252Cgay%252Cporn%252Cvideos.%2520%26p%3Dhttps%253A%252F%252Fgay112.com%252Fno%252F%26sid%3D1095%26katds_labels%3D%26is_iframe%3D0%26btype%3D0%26score%3D100%26bf%3D0.017125&pr=&bid_crid=&bid_cid=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&is_interstitial=0
IP 94.130.197.134:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /popunder/in/click/?mid=265706709&pid=0&site=47158&sc=NO&usage_type=DCH&subid=1858225680&sid=0&cid=12900&price=0&is_cpm=0&cpm=0.61&ecpm=0.58&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-popunder-hz-1&site_id=0&spot_id=47158&utm_source=&utm_medium=&utm_campaign=&utm_content=spt_2&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.017125&placement_type_id=&skin_test=&verify_hash=&score=100&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&pop_type=0&space_id=1095&verify_hash=&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ssp=0&url=https%3A%2F%2Fts.cvastico.com%2Fin%2F849%2F%3Fsource%3D1858225680%26site_id%3D47158%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3Dspt_2%26idzone%3D0%26spot_id%3D47158%26mo%3D%26ve%3D%26ad_tags%3DGay112.com%252Cbest%252Cfree%252Cgay%252Cporn%252Cvideos.%2520%26p%3Dhttps%253A%252F%252Fgay112.com%252Fno%252F%26sid%3D1095%26katds_labels%3D%26is_iframe%3D0%26btype%3D0%26score%3D100%26bf%3D0.017125&pr=&bid_crid=&bid_cid=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&is_interstitial=0 HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gay112.com/
Origin: https://gay112.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://ts.cvastico.com/in/849/?source=1858225680&site_id=47158&utm1=&utm2=&utm3=&utm4=spt_2&idzone=0&spot_id=47158&mo=&ve=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&p=https%3A%2F%2Fgay112.com%2Fno%2F&sid=1095&katds_labels=&is_iframe=0&btype=0&score=100&bf=0.017125
X-Firefox-Spdy: h2
track.trackingtraffo.com/banner/imp?auth=d7j1u1&price=${AUCTION_PRICE}&c=Ikwgz8No3Exaoa4H0tsIZt7p4k_DuLe_W7rnEHynlLcWsV44GoILjEUBHiJ7zc038-pT4dHPZf99PgD3v1HaYu56mXn580Adykz5fiTWLf0jF6iDcfvbAgXlB9_4pOQ9la5ywC5V7JWDli4JEAwycYX7Rp1F8zMqigFLdm6ze6lCuGOGeShTIIHs2g4DxIDOm2KzGhB4f3vwTWIIeT0ftomec_DwSKLHOobazzGCWyxyWGZffRI5XCLHTQd4jPQ4cwcnd8FeHb4omKNBx3ShIyaatDR1UWBg
88.214.206.175200 OK 70 B URL HTTP/1.1 track.trackingtraffo.com/banner/imp?auth=d7j1u1&price=${AUCTION_PRICE}&c=Ikwgz8No3Exaoa4H0tsIZt7p4k_DuLe_W7rnEHynlLcWsV44GoILjEUBHiJ7zc038-pT4dHPZf99PgD3v1HaYu56mXn580Adykz5fiTWLf0jF6iDcfvbAgXlB9_4pOQ9la5ywC5V7JWDli4JEAwycYX7Rp1F8zMqigFLdm6ze6lCuGOGeShTIIHs2g4DxIDOm2KzGhB4f3vwTWIIeT0ftomec_DwSKLHOobazzGCWyxyWGZffRI5XCLHTQd4jPQ4cwcnd8FeHb4omKNBx3ShIyaatDR1UWBg
IP 88.214.206.175:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash b357a19c87624c7c4d131aeeb4ae677f
c7a9c45fd419815a5ab1998503a9f03514c0e229
497790947d4666760ce38f3c00e852c71fdb66cae849bae8e9ede352719e1581
GET /banner/imp?auth=d7j1u1&price=${AUCTION_PRICE}&c=Ikwgz8No3Exaoa4H0tsIZt7p4k_DuLe_W7rnEHynlLcWsV44GoILjEUBHiJ7zc038-pT4dHPZf99PgD3v1HaYu56mXn580Adykz5fiTWLf0jF6iDcfvbAgXlB9_4pOQ9la5ywC5V7JWDli4JEAwycYX7Rp1F8zMqigFLdm6ze6lCuGOGeShTIIHs2g4DxIDOm2KzGhB4f3vwTWIIeT0ftomec_DwSKLHOobazzGCWyxyWGZffRI5XCLHTQd4jPQ4cwcnd8FeHb4omKNBx3ShIyaatDR1UWBg HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: image/png
Content-Length: 70
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
i.wmgtr.com/cim/Ds3PR_Nov82yR16ciqcFEHOTErGbJLo9.png
45.133.44.33200 OK 59 kB URL HTTP/2 i.wmgtr.com/cim/Ds3PR_Nov82yR16ciqcFEHOTErGbJLo9.png
IP 45.133.44.33:0
ASN #39572 DataWeb Global Group B.V.
Hash 4aa0149b638f6d337ac3deb483d37296
35bfde73db2e47efcdebc183a969c6575ddba0f2
61701a66249ca78c30432decb5f7bd2375108fcb022621503f2dd4e238bcba0b
GET /cim/Ds3PR_Nov82yR16ciqcFEHOTErGbJLo9.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://txxx.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: image/png
server: nginx/1.17.6
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
content-encoding: gzip
cache-control: max-age=43200
expires: Sun, 23 Oct 2022 02:13:27 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1657719813428-20BET_First_300x250_NO.gif
142.132.194.196200 OK 72 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1657719813428-20BET_First_300x250_NO.gif
IP 142.132.194.196:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 300 x 250\012- data
Hash 65b724494cf4b18678dcb8c017fb551d
6111cfeae10d3ad110a38e21336890f6be2a6ace
614636de086b9b380dc1cf45be301822b00f5fac32a0cdc99519d5b7a2da25c7
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1657719813428-20BET_First_300x250_NO.gif HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: image/gif
Content-Length: 71915
Last-Modified: Wed, 13 Jul 2022 13:43:33 GMT
Connection: keep-alive
ETag: "62cecc05-118eb"
Accept-Ranges: bytes
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 145266823deb904c2e92f7a3f636afca
5f0bc9b94ada5ccea6020d27beb53b4a179eb405
29c892c30d2814f052fa66c98fa6abfb184bb6a24e2d615c2259824662587403
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 14:13:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 19 Oct 2022 03:56:18 GMT
Expires: Wed, 26 Oct 2022 03:56:17 GMT
Etag: "5f0bc9b94ada5ccea6020d27beb53b4a179eb405"
Cache-Control: max-age=307969,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e2d5715d580b31-OSL
mc.yandex.ru/watch/49315045/1?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A814807648%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C1638%2C1638%2C0%2C1419%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr%2814%29mc%28p-1%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
87.250.251.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49315045/1?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A814807648%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C1638%2C1638%2C0%2C1419%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr%2814%29mc%28p-1%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 3d477393013576d87130a22ccaeeddbf
d1fec513e91055f8536c55e8c1c4f18a56ca499a
018d42b00dcdcc912d8859b269b7f14f63ce86a00e668884933ef0af5c1bf92e
GET /watch/49315045/1?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A814807648%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C1638%2C1638%2C0%2C1419%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr%2814%29mc%28p-1%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://txxx.com
Referer: https://txxx.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Sat, 22 Oct 2022 14:13:28 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://txxx.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 22-Oct-2022 14:13:28 GMT
last-modified: Sat, 22-Oct-2022 14:13:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 145266823deb904c2e92f7a3f636afca
5f0bc9b94ada5ccea6020d27beb53b4a179eb405
29c892c30d2814f052fa66c98fa6abfb184bb6a24e2d615c2259824662587403
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 14:13:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 19 Oct 2022 03:56:18 GMT
Expires: Wed, 26 Oct 2022 03:56:17 GMT
Etag: "5f0bc9b94ada5ccea6020d27beb53b4a179eb405"
Cache-Control: max-age=307968,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e2d5711928fac0-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://r-eu.tsyndicate.com/
Cookie: ts_uid=9e4947f35751465411fd1a4f5c358c78
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 19713745
accept-ranges: bytes
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=78cdf4d6-8a61-48b6-9582-a7a4023c1668
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Sat, 22 Oct 2022 14:13:28 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 19713745
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49315045/1?page-url=goal%3A%2F%2Ftxxx.com%2Fplayer_error&page-ref=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&charset=utf-8&hittoken=1666448008_5d94b19aa4fa00e36944447bd4913404a429d6d00bdb891275ae7cb127ff9a12&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141342%3Aet%3A1666448023%3Arn%3A1061528234%3Arqn%3A3%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448023%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)mc(p-1-g-2)clc(0-0-0)aw(1)rqnt(3)ecs(1)fip(1)rqnl(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49315045/1?page-url=goal%3A%2F%2Ftxxx.com%2Fplayer_error&page-ref=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&charset=utf-8&hittoken=1666448008_5d94b19aa4fa00e36944447bd4913404a429d6d00bdb891275ae7cb127ff9a12&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141342%3Aet%3A1666448023%3Arn%3A1061528234%3Arqn%3A3%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448023%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)mc(p-1-g-2)clc(0-0-0)aw(1)rqnt(3)ecs(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49315045/1?page-url=goal%3A%2F%2Ftxxx.com%2Fplayer_error&page-ref=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&charset=utf-8&hittoken=1666448008_5d94b19aa4fa00e36944447bd4913404a429d6d00bdb891275ae7cb127ff9a12&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141342%3Aet%3A1666448023%3Arn%3A1061528234%3Arqn%3A3%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448023%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)mc(p-1-g-2)clc(0-0-0)aw(1)rqnt(3)ecs(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 85
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 22 Oct 2022 14:13:28 GMT
access-control-allow-origin: https://txxx.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 22-Oct-2022 14:13:28 GMT
last-modified: Sat, 22-Oct-2022 14:13:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49315045/1?page-url=goal%3A%2F%2Ftxxx.com%2Fplayer_setup_error&page-ref=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&charset=utf-8&hittoken=1666448008_5d94b19aa4fa00e36944447bd4913404a429d6d00bdb891275ae7cb127ff9a12&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141342%3Aet%3A1666448023%3Arn%3A413214391%3Arqn%3A2%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448023%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)mc(p-1-g-2)clc(0-0-0)aw(1)rqnt(2)ecs(1)fip(1)rqnl(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49315045/1?page-url=goal%3A%2F%2Ftxxx.com%2Fplayer_setup_error&page-ref=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&charset=utf-8&hittoken=1666448008_5d94b19aa4fa00e36944447bd4913404a429d6d00bdb891275ae7cb127ff9a12&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141342%3Aet%3A1666448023%3Arn%3A413214391%3Arqn%3A2%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448023%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)mc(p-1-g-2)clc(0-0-0)aw(1)rqnt(2)ecs(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49315045/1?page-url=goal%3A%2F%2Ftxxx.com%2Fplayer_setup_error&page-ref=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&charset=utf-8&hittoken=1666448008_5d94b19aa4fa00e36944447bd4913404a429d6d00bdb891275ae7cb127ff9a12&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141342%3Aet%3A1666448023%3Arn%3A413214391%3Arqn%3A2%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448023%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)mc(p-1-g-2)clc(0-0-0)aw(1)rqnt(2)ecs(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 36
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 22 Oct 2022 14:13:28 GMT
access-control-allow-origin: https://txxx.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 22-Oct-2022 14:13:28 GMT
last-modified: Sat, 22-Oct-2022 14:13:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash cfdf331ce0e3a071d9e936178937a59f
7c58fb42f35ac0269521938307e241e811035022
943ed3eb72121d78b8384c27ef701edef7fb13d382d7fe8313119c7ba8c7f23c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1664
Cache-Control: max-age=120408
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:28 GMT
Etag: "63532760-139"
Expires: Sun, 23 Oct 2022 23:40:16 GMT
Last-Modified: Fri, 21 Oct 2022 23:12:32 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 5dbc7cefab147d7a31e9fcdfd8cbe579
3e5fd4977d34f96cf867db35f465050a22853c9c
d3c08f3b2b224e30db2d4ab4247a3f8f21763b017c7add876ac2c78e638d9e20
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5164
Cache-Control: max-age=122857
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:28 GMT
Etag: "63532345-118"
Expires: Mon, 24 Oct 2022 00:21:05 GMT
Last-Modified: Fri, 21 Oct 2022 22:55:01 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
tsyndicate.com/iframes2/03035f472880499cb28858d7b8d87284.html?subid=38830&categories=Gay,Asian,Bareback,HD,Deepthroat,Cumshot
94.130.164.161200 OK 3.2 kB URL HTTP/2 tsyndicate.com/iframes2/03035f472880499cb28858d7b8d87284.html?subid=38830&categories=Gay,Asian,Bareback,HD,Deepthroat,Cumshot
IP 94.130.164.161:0
ASN #24940 Hetzner Online GmbH
Hash 25d8a55aa640f2221e4b217c5905d038
3e5bba9d562078a75bf075c2671685b9ce76af34
036de14b5b030fac3f4f39368d604d8899292b050886c4d339a7b454bbeb800b
GET /iframes2/03035f472880499cb28858d7b8d87284.html?subid=38830&categories=Gay,Asian,Bareback,HD,Deepthroat,Cumshot HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c0276acfe.9a363a4900.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: d6bdd988874f1a30
set-cookie: ts_uid=78cdf4d6-8a61-48b6-9582-a7a4023c1668; expires=Sat, 22 Apr 2023 14:13:27 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
twinrdack.com/link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=785665203&kw=Gay112.com,best,free,gay,porn,videos.
172.66.43.134302 Found 1.5 kB URL HTTP/2 twinrdack.com/link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=785665203&kw=Gay112.com,best,free,gay,porn,videos.
IP 172.66.43.134:0
Hash a54877f7b1c1513db15da07fc28cf4ce
3df182a19bf41e6af4ad06ee6995ed2683f6da17
2225aacc08e0f99702f35ec9d411308b7be328013c89cfe709aa7f920a9b1b93
GET /link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=785665203&kw=Gay112.com,best,free,gay,porn,videos. HTTP/1.1
Host: twinrdack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c0276acfe.9a363a4900.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html; charset=utf-8
location: https://twinrdack.com/Redirect.eng?MediaSegmentId=31311&dcid=3_ctx_08c92431-5574-495f-86dd-77f6e0f3741f&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=LpLocukkOyyzqEkBvPoCmU0T000hmDzrHh2H0VNHw0JGOnoyew66gH4lAZaaNpBFHjGUDdoi86e0in0ZnNammSWu2VBgG0ph9o3t38lSfD41CeoUq9aVuEhWBS5auZ0C1_Ft-RI_KzZ2JfVOqXE7hGD1DURB6jGmKjX7ftmM8rD69ZsZX_SFvi-UzUv1LZGlfu_vF_Za2e6qAhSMfaBBSIKQy29CccycfrD3DMIt6wwvHMAEhP9-zF2YB0IWRxtS2L1dTXofudMmDTIaCRelGaUh-VLzS5c1rnTOvk5Dm1SC1G_-A-j3x2yez6AWA1C5H1Cd1nPBb64yGtCtca-THkcRzG5w9rgQ-yBWwpvThoqQmeu-ghFXiuOPmMfZFSUEWoEyIKhgroA2nLNjMKnDjPcXa6JyxJQtZBoJIzkxMbpZiUg0-EVZuu8XlQIkdY0u5mczsARG6I4aShDu2hpLQAlfRFP1OIo6AdiVn-ZOYYN153scYe_jjv7e1DdwSxVndYaMv7UxQKUpgcf4inJj0TwkZ4fT8jNmpQEhI3WTgRIhJ-cltJ1ne3nP-QjfDQKQiIz-1q9-3meTb_yW87D16HcHvfyGpOL_ZLOYhA6wnCqZqFVio9S_gIlLojobuyrEyqokMAYhi2HjNRCHgvECr1tzC-3CBQvTNxBW66KLe7mlRmV7uuA8Xi4MIUKJucYnYgh9FNb5Yjyu8G0SF61XLKkoWO1uGhvQKVQ7rPfLrHMMucZcPpHN8gH16-bMfzWRmn_GS1nQqOUVJ0VVx6wSc_Hk_sRXYyqyOLm594UJO_JKDhlw2VdlTKR1bNPUPKwbxw8_t6fmOLbcmLTA2XvgCoLLjtTMb_WygshoABMFC0CyRccLRb78TsXP3jl-X4VzOvThzKPbhau-VC-F4WE2cwI5gVqTy_4BI-1FURVPrdE1&kw=Gay112.com%2cbest%2cfree%2cgay%2cporn%2cvideos.&mw=300&mh=250
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=11a553de-d6a8-4ec1-96b6-79d10a75a369; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure
ISSH=66C5D1; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Sat, 22-Oct-2022 18:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"14173":[{"SId":"66C5D1","D":"22/10/22T7:13:27"}]}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[14173]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6JDDUX4NAFXz3zn%2F4zfKCVuTwVB06c54NFacR9Bz6CjyH9A6k%2BPjomoVBdeLrvblkk204neEJT29xM3L7%2F258CRmY1Q8ees2vLuABidbppRlpGDOfw2iBxMTTh7cLCQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e2d5707d3bb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=Wx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi&p1=4099653&tag=men%2C-men
104.18.51.106302 Found 0 B URL HTTP/2 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=Wx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi&p1=4099653&tag=men%2C-men
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=Wx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi&p1=4099653&tag=men%2C-men HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 22 Oct 2022 14:13:28 GMT
content-length: 0
location: https://creative.xxxvjmp.com/widgets/v4/MobileSlider?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&isFace=1&iterationId=28473&masterSmartpopId=0&memberId=Wx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi&p1=4099653&ruleId=0&showButton=1&showModelName=1&showTitle=1&smartpopId=1547&sourceId=349000&tag=men%2C-men&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=21696
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=808613.21696; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeRWUB3HBu9a5K9WZoGkSduoLfHv; SameSite=None; Secure; path=/; expires=Sun, 23-Oct-22 13:13:28 GMT; HttpOnly
server: cloudflare
cf-ray: 75e2d572dfd20b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
twinrdack.com/link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=1856876215&kw=Gay112.com,best,free,gay,porn,videos.
172.66.43.134302 Found 1.3 kB URL HTTP/2 twinrdack.com/link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=1856876215&kw=Gay112.com,best,free,gay,porn,videos.
IP 172.66.43.134:0
Hash f38f33193cffeacfedb10ebc2507f41b
2073b3c614314ad4c2d20943715636f7b895b8a0
17985afb99260cf3e491fe2b19f76307c3a610b246bd6969f499c2fe6a58f556
GET /link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=1856876215&kw=Gay112.com,best,free,gay,porn,videos. HTTP/1.1
Host: twinrdack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c0276acfe.9a363a4900.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html; charset=utf-8
location: https://twinrdack.com/Redirect.eng?MediaSegmentId=31311&dcid=3_ctx_ba4f482c-5385-4084-8882-c75fc9674813&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=3En15_gvkCEpqS81rdEhmYxPB961bfT01bfk0ZJW6UgVvtEdmEYuwn8_ezZLD0WVw-UuNjz9z2TRcKhK3Yv6EkvtadfOq1MztGnh5Y-yM0ZweVXwLAI0cbHjdJpQ1n5_WhgzCpM-BO9suf80_XQkJ2QsDLZ7gN2EQZkwjaLmP9xh5giM-XO0rpV7sd26sTEw2W0KvEKT-MwEsfM2PFrtOymNOz_vubeQ2IzKcvln1j-LwJ33fuxWvm38pA7BJWtclHonMDVBedR6yiqnPgqvvH44sAKLPj-UAS8JRbwCxUtSQ3dST0_uhMUSkKaruqRtomsbQog9GS14ztH7s67TAgkYDj9wU0frxs3nf1JbY3owMXXM9lFdKTvxiQn1EnxbIqtdTGUksyY-Ip7C1abir7Xm3nttFSandNlzpo6MRWsWLW-B7t5f-3qNSxXeTK48XoaJKRhT-cFAKxg--MipfM3YDEyxtul2RsjgbEi7gUUM7wrIRRB9_LVefACuzm2EZ3P-cuHXHOIc9Fd6CwUUjs2EizyGIJU5pjwkirSoVBj2u3G-7i6YJBuZ4eoAKEJ1LxjIRs3azugBwQGTKdafI0pp6BEiG9PD8RRndQJVewOo6GrUYKH_Itk359CmP7kU3imHV4LsHODhyywbtayLr_nAYv3lRJvWty9LOUWHlYfw6hstXdPhuzC-DLfcFnd7Y2o-3oWhuZS5rJsaEk-jYCcxwBV7zShwsX6RG9EN3icPxKmZQZ68ojSKpHDQ9TBhLHQRNiI-QFyAFZAR9RHpljaE_fBakJMJCEexyeNHZ8O899kfdygq3sTjgIywvXQfG1uZu9I-KLdBlsJL1YJm0Wv5rQ7oe9Pey19k9Yq1So6KEc0iXUE3HQCKV4uP6QTJw_jSL3aHQ3_hdGaad17EXWISADTKpRyIibvd8O0bY1w1&kw=Gay112.com%2cbest%2cfree%2cgay%2cporn%2cvideos.&mw=300&mh=250
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=ffedd284-97b7-415a-b04f-3b6fece61339; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure
ISSH=66C5D1; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Sat, 22-Oct-2022 18:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"14173":[{"SId":"66C5D1","D":"22/10/22T7:13:27"}]}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[14173]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Fri, 22-Oct-2032 14:13:27 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4nYymzLXkrO50xBCwM%2FsU971nSx46JX99WIOSUDpH71zcPo2%2F2miyHM3MYIpXmPL8ckuFv7vJ11ExXRPsZR%2BSIShepqetoyzunsRaO3O7ZIEVN2eh%2FQeCbM5o1wrJmU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e2d5707d49b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 74c66a82e1ef0fec80e27e2b7fbef88a
a86349930b0c38835e3dc09d74d753cdd09eeea1
293b51cb75ef8c66db11a989927c6c0fa5888e8567158138b205ffd92803e920
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2770
Cache-Control: max-age=133030
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:28 GMT
Etag: "6353545c-117"
Expires: Mon, 24 Oct 2022 03:10:38 GMT
Last-Modified: Sat, 22 Oct 2022 02:24:28 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 74c66a82e1ef0fec80e27e2b7fbef88a
a86349930b0c38835e3dc09d74d753cdd09eeea1
293b51cb75ef8c66db11a989927c6c0fa5888e8567158138b205ffd92803e920
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1918
Cache-Control: max-age=132178
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:28 GMT
Etag: "6353545c-117"
Expires: Mon, 24 Oct 2022 02:56:27 GMT
Last-Modified: Sat, 22 Oct 2022 02:24:28 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash cfdf331ce0e3a071d9e936178937a59f
7c58fb42f35ac0269521938307e241e811035022
943ed3eb72121d78b8384c27ef701edef7fb13d382d7fe8313119c7ba8c7f23c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1664
Cache-Control: max-age=120408
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:28 GMT
Etag: "63532760-139"
Expires: Sun, 23 Oct 2022 23:40:16 GMT
Last-Modified: Fri, 21 Oct 2022 23:12:32 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
ab6de09242.441a8a5527.com/in/multy
168.119.25.22200 OK 38 kB URL HTTP/2 ab6de09242.441a8a5527.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (38291), with no line terminators
Hash cae849381186797e0f02b02ed91be421
b10779cb4cccc22db1faa9d9a5b8b2102d6b9904
623207b82d113a6bad836bc8c4da8c44212ae221591947503c0868cbec306078
POST /in/multy HTTP/1.1
Host: ab6de09242.441a8a5527.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1092
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/json
content-length: 38291
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e38b7186927019c42ff656613f494aba
2280ed9a427c6912c718bc707654b125f48b6605
e7d85f03b426e8712561ad0b4b7132c89dc2715ef08835dd8a2e9132f160753f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2862
Cache-Control: max-age=130281
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:28 GMT
Etag: "63534943-117"
Expires: Mon, 24 Oct 2022 02:24:49 GMT
Last-Modified: Sat, 22 Oct 2022 01:37:07 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
ab6de09242.441a8a5527.com/in/multy
168.119.25.22200 OK 20 kB URL HTTP/2 ab6de09242.441a8a5527.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (20201), with no line terminators
Hash 784542e30c5902341a3559738d907d14
c4921439a52b73b415980eae5bbb2af5d7357ab0
a5bef551b90dd8a78200587fe5c4f5ae4fcff8570b4e73a1c8bae00bb215d67f
POST /in/multy HTTP/1.1
Host: ab6de09242.441a8a5527.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 735
Origin: https://gay112.com
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/json
content-length: 20204
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.59.150200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.59.150:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: kyl0IVMMo5KW4pDdzfnQKUa/Cfs4W9YHdQTiL3YWd73Il6pI7lh92KHTCplsaUtVSNRKq3KXr04=
x-amz-request-id: 3YWBDN4EWV9170D8
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xxxvjmp.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 4102
expires: Sat, 22 Oct 2022 18:13:28 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d574496eb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ab6de09242.441a8a5527.com/in/show/?mid=1195245778&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1406986554&sid=2376143767&cid=12212&price=0.000703&is_cpm=0&cpm=0&ecpm=0.002532204965335606&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=7.9.2&ver_c=&refdom=txxx.com&hostname=auc-inpage-hz-7-a&site_id=31360&spot_id=360&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-10-22&is_native=2&auction_queue=0&burl=GYbyymnm4wL_-12-ZQglD86eSnbZBUwH3TGE-gKnUscyqpGACTHHF2QCclfRhLZP8pHMMkY9itwr8MNpox8eX6mtpPqzpVaV2TjvegmKlwOOtVO0hJSmkhY9AYVBRGq0WV4ru1mSdu8jefb9ZkBnSCkW9m9tB9v3Jrdr75iUg75E6rnz_2N92bag2m3P49T_he45h9mOacPqXxDgVEZX0vwotHED0Wf33Y3q1C92OUIs6F0-e21sJhBu8bwg8lRAnAhh6btM2yAITyyqCXfSq1z_ReGNs4Jryxq7yDERQmwPZ80gDncZS01c-2Z3u3igduRLZ0gND_rmZpZYE_C0SO-mfUzDnv2L_GIvtmWA2Gd5xRMDtVn8fOT8RkJYSmObxPMv4YDG_WyLwTtOeRvyk0FBezbdMS3I82H6XScFl_eWtiuuDSEE6xWqTNPNmO15vBTiBjCTIPuZ-iRiiiOfCC0uvEkm18SW4Bgii9nx2RPYfxH-pcNtHi8tYNAGcgsK_DzjtC2kfLuo6oG3AFIiBpEQPisMDl1wzoekRHoXUglKqhisNCBgxPg171_xLVxxYEwVkBkq887tzErrZOvKVVgIUSjvxVTe6QqzJkw_BzskgBX-lHV6yrQjKiiYGNXg_Tusj2w4a1mIfxFEWZ4fU6_2WhA7nFRoQppAn7SC0f6xd3A-NIwH1blJShfSttKMBwr_3VapqUQsmWX8VilL9O1nVZupc1zgOl4G4wQ-j6OmAGdIRAQvLSwHGG4HmiPGuVAghksWaKzUp93wLndxhUEKMJ4l7o4RR9lHH911bFo-Ohh46zwCYTgc82a2HnI2r6sJEp44MX22Iy8_r-iBdiUP5c-2qehuxXNBPqNtGUQ-XbaNdZJkLT5w1aCdlA0Ys63_71KyV2KOCUiCRQZYHMfR_AoTnFugbaRGDIRQQB2vhBYq5AtD4838_AmN7OwaDjk6geSm22LLVZlaynK32xrKBwKeW4_oUT5GxJNulq_G6QG7yvvOBaQcWZqO0IDPCjGpkOTpRTQ1Ab5KYp9HK07lE4ETBJ87QnM4BGAdIqp0xyy4j28dG1Mz3c0RfSGAa3SqRcmte6unl-8l8DMed0bP52G36wrrk-xj_HGCs4jmZfgFHQdHdPAX1MGfQEMd4aZwWn6i7mhb-gZt24Lzra4Lg-iy_rlfwvbbtVC3JsawzKdjPvncMSX0NE0xjx3-41g09640DXITDrSNQ7gE17pqtpnbFHw1k5M7kl4jgEgLIOB0_jmcpatY9-r4AvSZXZ2UQVN7iFJgw7V0WJXgmaAovdpD-isMCnixEz1Ki-jEqHnMkF4DFeyJA6k22ul1qTE5eRQx73TxKcN2sxKAPOq02C9jOwLyPZLlTg6dYhqOGYjGeDE02arR74fACpPiO91xqgm9HhzZeyt8UIILsLtfap9Wd0w0a445rODgzLoDLRk4Ik1xKm_KfJn9rEdaI2ky0r9M9uMqcRvR2lWyyPF9nqwSIW0Hf68nFNeFvRfCcRmzKFDL-t4HJeuLjLaJUNi1W3bSHF6u6B6kqdj8QUhU3Rx4CvY5aNxZ9d7M2mymtCy6cm6cdnfDughHeEDxPk8hY9nZxC9TjUDgl2EU6GqwqHfsJ3x_PCYwQR-yviyTcQAS59ISbQndydFFBmT1WOaEjmPhHgc4WSv0em0OlRI4xVlZtcHZpEmPAs1qLLJkF_RM3Gqkx8r1oSGuND1P89k-aKdSVKz5AlRPkp2nUnjUF_bBcxnyntSQSquu9VjkVs66_kAdawKVcK5fKe0tet2v5H_XBwF255TIW9keV2jyvtTfu0XBFdjxHfZnBVDuNXAteHDQzVnV3kmhBeMzvIRH9qcwSBszCCBfM1bcGfj_fpE1MiUXhjKNofjIGGUQuHb4zqee0PumnhRLXbk4ENnDlGfyyCfSWcCHErWkTKL8Um4V-ODD7HH3yAgN_3do32nGmyLwrkZApjnFag43ytsVDORiK2hk_lV81OFNZkSiPB2leoh8RElZaP2gKVk9dZNx1scuJMud6XKLVrHW6NA_5BiFU5MT7Gcu_kkiFjPhGsFae5qfWav1qBbuj_iGMZUgzcSn60VbLue_bjDDu6O9NZrhYseHVAZnHqm58Jf9caWUmsFSzv26YPfc5PrnF7QoBwItJ3kkQ1Q0Dur_lmyRg7WIY1qyZAvQXaeaNF6xxEl_oku-7sS-10s9YouyvQAP1il78M42HYqkaeibbKhtzrz31AT2d-ZQs_5ZJlOt7_MP1-7-a_2k_rtAWoRP7MFsHw4AyB3dr2Qyh2T_m8mFTSdJVrfeNurpV-w12qR4OwSQ9s7EvV7-wM1V3KYzEBM9-dZ5fmxvDvTj1PXtJbeuDUBtEPyH-IC_XrId--Ah1ZcJt4Iz9B-RN2oNo_Q6NaDcXOWyacvPryjVfZsvs2grROCA42ZQO_yFZEFXq0LaDoNPdZYYWowcd3IHGFfdtYnsET37qgv6iAhLRIMKzBK_FE1mheUpzzbe3ZwzehWb9vGI7IDpDFswwDZD4UaKqO5tKRER9zbmmO1mClGlvF2uZG9fUS5qXlH4SVFMCBzFIq72jFVvNSNOa6b_z3m0wgR7_Kx_vb5th-ZAuPJS7d1tPC9jiHey6jAkTCzPKdo4505uAruyas42pgIc_wba0uwSg0-pN_8mLe65EcooPKbFDgS9WMCrhXwLps1UHkgFM-sWAJ0xZP7l8sRl-1GW-4lhHsv3u58lW9yMnu_OWmbe-9omv-748VUUvYA30FDtz2IBhzxrO_FM-5jP_5oKAVDJisClKzYvf8lXWExuI4XlYaBxfakFKAc99fQwSs_yNdUGJ392jiMgBSZdu9mPRh8hnFZIKfb3TWaS9gBH0RY1hSJX1ObW1v2NIfAQP_SfB1Mq3nviw-4xWzQo4TUntk73iJqFKL5Qdy9-RZ_0cr8ayLIXccwWbNgBgKojFhwqooGwr0JPEg-WNKuWIg3cCKuF6FluT_GZCxdH6nRfl6e_D05RXLCJRq_ZR3rUuF3NmpYSjcPu_PMtoQGK9-mcxNnonwKyXxrQOaray1AjjSUr0gLynZdKGD-A9elPOYysITWJrcsgy_jlxyAHSNNPfzdf-ePosSY0-Eow8hCWVIzK-ny8lzOihFhKIGM2loDMDb1_bARzXT33rRHHx8fHtHfH-pxr-46ZW6qUVKgXrsRaEsqL0tTYWklO7wGYjwGV64ou0JbV9-rbZBk7A9XEi-cnMPz_KLIowwygo0zhCvh5DdOmYbZrOv2yLJhyrGQB6SOrABHlfFObG5oCLHitW83wVc8q5urgYZ8IECtYFdDd48hlfZX4RRZn-NQavotSYvThjm3VVcj1qdBzSntqbusNyNLwhwVEXw8Y92EVdRZdWTdPDH10E2C60K8ly3Va4eDBdlz0UmR2zS0FissbN6yVBVwuvO4fjW1s6-PL5SpGnmGMKsUQ3ysstT412u4WHUiyd9ZJG2-1iUhffyHcBDxGDlGy4TtXX3zTf6ZPuZENwW3dRFHDoGwQqt3W_gpFI_KYC6S1DtokLNC--MSbeqynze0TNanDe9N9xgGoHYINLxN5V0vMCYubmBXsk0RZ1WJgqlJJmplJ4lDO3DCDgJ4oBAau0fkZ1ZNagyHBC96fC8S5i_NoEWDDJq0XxNjKIjwwBYT8ZsA3jAclAX9Cwy2j8hLvd1IpzHPNx37RcFdL_btxpkbSvSJDhYiHD_Vlf0_H88prIa1VrFW7zdERQK0SZLx2yD2can3b9-F7Tr-6LP-BWy2q9oGmw2oe0hqu0j4RDSrXxbngUB1jGqJGPGXOhku2AWPE3lE&pop_winurl=&ip=91.90.42.154&testab=0&px_id=53360&adblock=0&auction_host=all&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.001937556831532334&placement_type_id=&skin_test=0&verify_hash=d76244aa37d7f58e3e38661586c28459&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1406986554%26spot_id%3D360%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftxxx.com%252F%26idzone%3D4438146%26sid%3D1546&ml=&tag_ab=c&original_bid=0.000703&user_fp=0&v2_track=0&url=c5bq75uvTtsj573KAlMfiA6tMDO657SytxSrymhV00X_V_PH-Rs3c_YWc_bwHR0l5Hf9ybN_wWiK4S1aJB6YgPju9MZ5qF_DKS8qQJJSUj98MjY-N_zckXjT4Vv5yhr3VMi-pjA3yJTzgjbQ82xt6FtgY68UVhHRL5j1M-lvTaQVXaKmMw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=1&vertical_id=0&real_bid=0.0006326999999999999&pr=gay112.com&user_keywords=&auc_type=1&aid=3301&ext_cid=0&device_theme=light&keywords=Adult&mlc=1&format=compact-slide-t_r-embed&mlf=1&cpa=d4beea6d-8bad-4984-a152-05dafc35e7bf
168.119.25.22302 Found 0 B URL HTTP/2 ab6de09242.441a8a5527.com/in/show/?mid=1195245778&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1406986554&sid=2376143767&cid=12212&price=0.000703&is_cpm=0&cpm=0&ecpm=0.002532204965335606&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=7.9.2&ver_c=&refdom=txxx.com&hostname=auc-inpage-hz-7-a&site_id=31360&spot_id=360&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-10-22&is_native=2&auction_queue=0&burl=GYbyymnm4wL_-12-ZQglD86eSnbZBUwH3TGE-gKnUscyqpGACTHHF2QCclfRhLZP8pHMMkY9itwr8MNpox8eX6mtpPqzpVaV2TjvegmKlwOOtVO0hJSmkhY9AYVBRGq0WV4ru1mSdu8jefb9ZkBnSCkW9m9tB9v3Jrdr75iUg75E6rnz_2N92bag2m3P49T_he45h9mOacPqXxDgVEZX0vwotHED0Wf33Y3q1C92OUIs6F0-e21sJhBu8bwg8lRAnAhh6btM2yAITyyqCXfSq1z_ReGNs4Jryxq7yDERQmwPZ80gDncZS01c-2Z3u3igduRLZ0gND_rmZpZYE_C0SO-mfUzDnv2L_GIvtmWA2Gd5xRMDtVn8fOT8RkJYSmObxPMv4YDG_WyLwTtOeRvyk0FBezbdMS3I82H6XScFl_eWtiuuDSEE6xWqTNPNmO15vBTiBjCTIPuZ-iRiiiOfCC0uvEkm18SW4Bgii9nx2RPYfxH-pcNtHi8tYNAGcgsK_DzjtC2kfLuo6oG3AFIiBpEQPisMDl1wzoekRHoXUglKqhisNCBgxPg171_xLVxxYEwVkBkq887tzErrZOvKVVgIUSjvxVTe6QqzJkw_BzskgBX-lHV6yrQjKiiYGNXg_Tusj2w4a1mIfxFEWZ4fU6_2WhA7nFRoQppAn7SC0f6xd3A-NIwH1blJShfSttKMBwr_3VapqUQsmWX8VilL9O1nVZupc1zgOl4G4wQ-j6OmAGdIRAQvLSwHGG4HmiPGuVAghksWaKzUp93wLndxhUEKMJ4l7o4RR9lHH911bFo-Ohh46zwCYTgc82a2HnI2r6sJEp44MX22Iy8_r-iBdiUP5c-2qehuxXNBPqNtGUQ-XbaNdZJkLT5w1aCdlA0Ys63_71KyV2KOCUiCRQZYHMfR_AoTnFugbaRGDIRQQB2vhBYq5AtD4838_AmN7OwaDjk6geSm22LLVZlaynK32xrKBwKeW4_oUT5GxJNulq_G6QG7yvvOBaQcWZqO0IDPCjGpkOTpRTQ1Ab5KYp9HK07lE4ETBJ87QnM4BGAdIqp0xyy4j28dG1Mz3c0RfSGAa3SqRcmte6unl-8l8DMed0bP52G36wrrk-xj_HGCs4jmZfgFHQdHdPAX1MGfQEMd4aZwWn6i7mhb-gZt24Lzra4Lg-iy_rlfwvbbtVC3JsawzKdjPvncMSX0NE0xjx3-41g09640DXITDrSNQ7gE17pqtpnbFHw1k5M7kl4jgEgLIOB0_jmcpatY9-r4AvSZXZ2UQVN7iFJgw7V0WJXgmaAovdpD-isMCnixEz1Ki-jEqHnMkF4DFeyJA6k22ul1qTE5eRQx73TxKcN2sxKAPOq02C9jOwLyPZLlTg6dYhqOGYjGeDE02arR74fACpPiO91xqgm9HhzZeyt8UIILsLtfap9Wd0w0a445rODgzLoDLRk4Ik1xKm_KfJn9rEdaI2ky0r9M9uMqcRvR2lWyyPF9nqwSIW0Hf68nFNeFvRfCcRmzKFDL-t4HJeuLjLaJUNi1W3bSHF6u6B6kqdj8QUhU3Rx4CvY5aNxZ9d7M2mymtCy6cm6cdnfDughHeEDxPk8hY9nZxC9TjUDgl2EU6GqwqHfsJ3x_PCYwQR-yviyTcQAS59ISbQndydFFBmT1WOaEjmPhHgc4WSv0em0OlRI4xVlZtcHZpEmPAs1qLLJkF_RM3Gqkx8r1oSGuND1P89k-aKdSVKz5AlRPkp2nUnjUF_bBcxnyntSQSquu9VjkVs66_kAdawKVcK5fKe0tet2v5H_XBwF255TIW9keV2jyvtTfu0XBFdjxHfZnBVDuNXAteHDQzVnV3kmhBeMzvIRH9qcwSBszCCBfM1bcGfj_fpE1MiUXhjKNofjIGGUQuHb4zqee0PumnhRLXbk4ENnDlGfyyCfSWcCHErWkTKL8Um4V-ODD7HH3yAgN_3do32nGmyLwrkZApjnFag43ytsVDORiK2hk_lV81OFNZkSiPB2leoh8RElZaP2gKVk9dZNx1scuJMud6XKLVrHW6NA_5BiFU5MT7Gcu_kkiFjPhGsFae5qfWav1qBbuj_iGMZUgzcSn60VbLue_bjDDu6O9NZrhYseHVAZnHqm58Jf9caWUmsFSzv26YPfc5PrnF7QoBwItJ3kkQ1Q0Dur_lmyRg7WIY1qyZAvQXaeaNF6xxEl_oku-7sS-10s9YouyvQAP1il78M42HYqkaeibbKhtzrz31AT2d-ZQs_5ZJlOt7_MP1-7-a_2k_rtAWoRP7MFsHw4AyB3dr2Qyh2T_m8mFTSdJVrfeNurpV-w12qR4OwSQ9s7EvV7-wM1V3KYzEBM9-dZ5fmxvDvTj1PXtJbeuDUBtEPyH-IC_XrId--Ah1ZcJt4Iz9B-RN2oNo_Q6NaDcXOWyacvPryjVfZsvs2grROCA42ZQO_yFZEFXq0LaDoNPdZYYWowcd3IHGFfdtYnsET37qgv6iAhLRIMKzBK_FE1mheUpzzbe3ZwzehWb9vGI7IDpDFswwDZD4UaKqO5tKRER9zbmmO1mClGlvF2uZG9fUS5qXlH4SVFMCBzFIq72jFVvNSNOa6b_z3m0wgR7_Kx_vb5th-ZAuPJS7d1tPC9jiHey6jAkTCzPKdo4505uAruyas42pgIc_wba0uwSg0-pN_8mLe65EcooPKbFDgS9WMCrhXwLps1UHkgFM-sWAJ0xZP7l8sRl-1GW-4lhHsv3u58lW9yMnu_OWmbe-9omv-748VUUvYA30FDtz2IBhzxrO_FM-5jP_5oKAVDJisClKzYvf8lXWExuI4XlYaBxfakFKAc99fQwSs_yNdUGJ392jiMgBSZdu9mPRh8hnFZIKfb3TWaS9gBH0RY1hSJX1ObW1v2NIfAQP_SfB1Mq3nviw-4xWzQo4TUntk73iJqFKL5Qdy9-RZ_0cr8ayLIXccwWbNgBgKojFhwqooGwr0JPEg-WNKuWIg3cCKuF6FluT_GZCxdH6nRfl6e_D05RXLCJRq_ZR3rUuF3NmpYSjcPu_PMtoQGK9-mcxNnonwKyXxrQOaray1AjjSUr0gLynZdKGD-A9elPOYysITWJrcsgy_jlxyAHSNNPfzdf-ePosSY0-Eow8hCWVIzK-ny8lzOihFhKIGM2loDMDb1_bARzXT33rRHHx8fHtHfH-pxr-46ZW6qUVKgXrsRaEsqL0tTYWklO7wGYjwGV64ou0JbV9-rbZBk7A9XEi-cnMPz_KLIowwygo0zhCvh5DdOmYbZrOv2yLJhyrGQB6SOrABHlfFObG5oCLHitW83wVc8q5urgYZ8IECtYFdDd48hlfZX4RRZn-NQavotSYvThjm3VVcj1qdBzSntqbusNyNLwhwVEXw8Y92EVdRZdWTdPDH10E2C60K8ly3Va4eDBdlz0UmR2zS0FissbN6yVBVwuvO4fjW1s6-PL5SpGnmGMKsUQ3ysstT412u4WHUiyd9ZJG2-1iUhffyHcBDxGDlGy4TtXX3zTf6ZPuZENwW3dRFHDoGwQqt3W_gpFI_KYC6S1DtokLNC--MSbeqynze0TNanDe9N9xgGoHYINLxN5V0vMCYubmBXsk0RZ1WJgqlJJmplJ4lDO3DCDgJ4oBAau0fkZ1ZNagyHBC96fC8S5i_NoEWDDJq0XxNjKIjwwBYT8ZsA3jAclAX9Cwy2j8hLvd1IpzHPNx37RcFdL_btxpkbSvSJDhYiHD_Vlf0_H88prIa1VrFW7zdERQK0SZLx2yD2can3b9-F7Tr-6LP-BWy2q9oGmw2oe0hqu0j4RDSrXxbngUB1jGqJGPGXOhku2AWPE3lE&pop_winurl=&ip=91.90.42.154&testab=0&px_id=53360&adblock=0&auction_host=all&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.001937556831532334&placement_type_id=&skin_test=0&verify_hash=d76244aa37d7f58e3e38661586c28459&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1406986554%26spot_id%3D360%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftxxx.com%252F%26idzone%3D4438146%26sid%3D1546&ml=&tag_ab=c&original_bid=0.000703&user_fp=0&v2_track=0&url=c5bq75uvTtsj573KAlMfiA6tMDO657SytxSrymhV00X_V_PH-Rs3c_YWc_bwHR0l5Hf9ybN_wWiK4S1aJB6YgPju9MZ5qF_DKS8qQJJSUj98MjY-N_zckXjT4Vv5yhr3VMi-pjA3yJTzgjbQ82xt6FtgY68UVhHRL5j1M-lvTaQVXaKmMw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=1&vertical_id=0&real_bid=0.0006326999999999999&pr=gay112.com&user_keywords=&auc_type=1&aid=3301&ext_cid=0&device_theme=light&keywords=Adult&mlc=1&format=compact-slide-t_r-embed&mlf=1&cpa=d4beea6d-8bad-4984-a152-05dafc35e7bf
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=1195245778&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1406986554&sid=2376143767&cid=12212&price=0.000703&is_cpm=0&cpm=0&ecpm=0.002532204965335606&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=7.9.2&ver_c=&refdom=txxx.com&hostname=auc-inpage-hz-7-a&site_id=31360&spot_id=360&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-10-22&is_native=2&auction_queue=0&burl=GYbyymnm4wL_-12-ZQglD86eSnbZBUwH3TGE-gKnUscyqpGACTHHF2QCclfRhLZP8pHMMkY9itwr8MNpox8eX6mtpPqzpVaV2TjvegmKlwOOtVO0hJSmkhY9AYVBRGq0WV4ru1mSdu8jefb9ZkBnSCkW9m9tB9v3Jrdr75iUg75E6rnz_2N92bag2m3P49T_he45h9mOacPqXxDgVEZX0vwotHED0Wf33Y3q1C92OUIs6F0-e21sJhBu8bwg8lRAnAhh6btM2yAITyyqCXfSq1z_ReGNs4Jryxq7yDERQmwPZ80gDncZS01c-2Z3u3igduRLZ0gND_rmZpZYE_C0SO-mfUzDnv2L_GIvtmWA2Gd5xRMDtVn8fOT8RkJYSmObxPMv4YDG_WyLwTtOeRvyk0FBezbdMS3I82H6XScFl_eWtiuuDSEE6xWqTNPNmO15vBTiBjCTIPuZ-iRiiiOfCC0uvEkm18SW4Bgii9nx2RPYfxH-pcNtHi8tYNAGcgsK_DzjtC2kfLuo6oG3AFIiBpEQPisMDl1wzoekRHoXUglKqhisNCBgxPg171_xLVxxYEwVkBkq887tzErrZOvKVVgIUSjvxVTe6QqzJkw_BzskgBX-lHV6yrQjKiiYGNXg_Tusj2w4a1mIfxFEWZ4fU6_2WhA7nFRoQppAn7SC0f6xd3A-NIwH1blJShfSttKMBwr_3VapqUQsmWX8VilL9O1nVZupc1zgOl4G4wQ-j6OmAGdIRAQvLSwHGG4HmiPGuVAghksWaKzUp93wLndxhUEKMJ4l7o4RR9lHH911bFo-Ohh46zwCYTgc82a2HnI2r6sJEp44MX22Iy8_r-iBdiUP5c-2qehuxXNBPqNtGUQ-XbaNdZJkLT5w1aCdlA0Ys63_71KyV2KOCUiCRQZYHMfR_AoTnFugbaRGDIRQQB2vhBYq5AtD4838_AmN7OwaDjk6geSm22LLVZlaynK32xrKBwKeW4_oUT5GxJNulq_G6QG7yvvOBaQcWZqO0IDPCjGpkOTpRTQ1Ab5KYp9HK07lE4ETBJ87QnM4BGAdIqp0xyy4j28dG1Mz3c0RfSGAa3SqRcmte6unl-8l8DMed0bP52G36wrrk-xj_HGCs4jmZfgFHQdHdPAX1MGfQEMd4aZwWn6i7mhb-gZt24Lzra4Lg-iy_rlfwvbbtVC3JsawzKdjPvncMSX0NE0xjx3-41g09640DXITDrSNQ7gE17pqtpnbFHw1k5M7kl4jgEgLIOB0_jmcpatY9-r4AvSZXZ2UQVN7iFJgw7V0WJXgmaAovdpD-isMCnixEz1Ki-jEqHnMkF4DFeyJA6k22ul1qTE5eRQx73TxKcN2sxKAPOq02C9jOwLyPZLlTg6dYhqOGYjGeDE02arR74fACpPiO91xqgm9HhzZeyt8UIILsLtfap9Wd0w0a445rODgzLoDLRk4Ik1xKm_KfJn9rEdaI2ky0r9M9uMqcRvR2lWyyPF9nqwSIW0Hf68nFNeFvRfCcRmzKFDL-t4HJeuLjLaJUNi1W3bSHF6u6B6kqdj8QUhU3Rx4CvY5aNxZ9d7M2mymtCy6cm6cdnfDughHeEDxPk8hY9nZxC9TjUDgl2EU6GqwqHfsJ3x_PCYwQR-yviyTcQAS59ISbQndydFFBmT1WOaEjmPhHgc4WSv0em0OlRI4xVlZtcHZpEmPAs1qLLJkF_RM3Gqkx8r1oSGuND1P89k-aKdSVKz5AlRPkp2nUnjUF_bBcxnyntSQSquu9VjkVs66_kAdawKVcK5fKe0tet2v5H_XBwF255TIW9keV2jyvtTfu0XBFdjxHfZnBVDuNXAteHDQzVnV3kmhBeMzvIRH9qcwSBszCCBfM1bcGfj_fpE1MiUXhjKNofjIGGUQuHb4zqee0PumnhRLXbk4ENnDlGfyyCfSWcCHErWkTKL8Um4V-ODD7HH3yAgN_3do32nGmyLwrkZApjnFag43ytsVDORiK2hk_lV81OFNZkSiPB2leoh8RElZaP2gKVk9dZNx1scuJMud6XKLVrHW6NA_5BiFU5MT7Gcu_kkiFjPhGsFae5qfWav1qBbuj_iGMZUgzcSn60VbLue_bjDDu6O9NZrhYseHVAZnHqm58Jf9caWUmsFSzv26YPfc5PrnF7QoBwItJ3kkQ1Q0Dur_lmyRg7WIY1qyZAvQXaeaNF6xxEl_oku-7sS-10s9YouyvQAP1il78M42HYqkaeibbKhtzrz31AT2d-ZQs_5ZJlOt7_MP1-7-a_2k_rtAWoRP7MFsHw4AyB3dr2Qyh2T_m8mFTSdJVrfeNurpV-w12qR4OwSQ9s7EvV7-wM1V3KYzEBM9-dZ5fmxvDvTj1PXtJbeuDUBtEPyH-IC_XrId--Ah1ZcJt4Iz9B-RN2oNo_Q6NaDcXOWyacvPryjVfZsvs2grROCA42ZQO_yFZEFXq0LaDoNPdZYYWowcd3IHGFfdtYnsET37qgv6iAhLRIMKzBK_FE1mheUpzzbe3ZwzehWb9vGI7IDpDFswwDZD4UaKqO5tKRER9zbmmO1mClGlvF2uZG9fUS5qXlH4SVFMCBzFIq72jFVvNSNOa6b_z3m0wgR7_Kx_vb5th-ZAuPJS7d1tPC9jiHey6jAkTCzPKdo4505uAruyas42pgIc_wba0uwSg0-pN_8mLe65EcooPKbFDgS9WMCrhXwLps1UHkgFM-sWAJ0xZP7l8sRl-1GW-4lhHsv3u58lW9yMnu_OWmbe-9omv-748VUUvYA30FDtz2IBhzxrO_FM-5jP_5oKAVDJisClKzYvf8lXWExuI4XlYaBxfakFKAc99fQwSs_yNdUGJ392jiMgBSZdu9mPRh8hnFZIKfb3TWaS9gBH0RY1hSJX1ObW1v2NIfAQP_SfB1Mq3nviw-4xWzQo4TUntk73iJqFKL5Qdy9-RZ_0cr8ayLIXccwWbNgBgKojFhwqooGwr0JPEg-WNKuWIg3cCKuF6FluT_GZCxdH6nRfl6e_D05RXLCJRq_ZR3rUuF3NmpYSjcPu_PMtoQGK9-mcxNnonwKyXxrQOaray1AjjSUr0gLynZdKGD-A9elPOYysITWJrcsgy_jlxyAHSNNPfzdf-ePosSY0-Eow8hCWVIzK-ny8lzOihFhKIGM2loDMDb1_bARzXT33rRHHx8fHtHfH-pxr-46ZW6qUVKgXrsRaEsqL0tTYWklO7wGYjwGV64ou0JbV9-rbZBk7A9XEi-cnMPz_KLIowwygo0zhCvh5DdOmYbZrOv2yLJhyrGQB6SOrABHlfFObG5oCLHitW83wVc8q5urgYZ8IECtYFdDd48hlfZX4RRZn-NQavotSYvThjm3VVcj1qdBzSntqbusNyNLwhwVEXw8Y92EVdRZdWTdPDH10E2C60K8ly3Va4eDBdlz0UmR2zS0FissbN6yVBVwuvO4fjW1s6-PL5SpGnmGMKsUQ3ysstT412u4WHUiyd9ZJG2-1iUhffyHcBDxGDlGy4TtXX3zTf6ZPuZENwW3dRFHDoGwQqt3W_gpFI_KYC6S1DtokLNC--MSbeqynze0TNanDe9N9xgGoHYINLxN5V0vMCYubmBXsk0RZ1WJgqlJJmplJ4lDO3DCDgJ4oBAau0fkZ1ZNagyHBC96fC8S5i_NoEWDDJq0XxNjKIjwwBYT8ZsA3jAclAX9Cwy2j8hLvd1IpzHPNx37RcFdL_btxpkbSvSJDhYiHD_Vlf0_H88prIa1VrFW7zdERQK0SZLx2yD2can3b9-F7Tr-6LP-BWy2q9oGmw2oe0hqu0j4RDSrXxbngUB1jGqJGPGXOhku2AWPE3lE&pop_winurl=&ip=91.90.42.154&testab=0&px_id=53360&adblock=0&auction_host=all&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.001937556831532334&placement_type_id=&skin_test=0&verify_hash=d76244aa37d7f58e3e38661586c28459&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1406986554%26spot_id%3D360%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftxxx.com%252F%26idzone%3D4438146%26sid%3D1546&ml=&tag_ab=c&original_bid=0.000703&user_fp=0&v2_track=0&url=c5bq75uvTtsj573KAlMfiA6tMDO657SytxSrymhV00X_V_PH-Rs3c_YWc_bwHR0l5Hf9ybN_wWiK4S1aJB6YgPju9MZ5qF_DKS8qQJJSUj98MjY-N_zckXjT4Vv5yhr3VMi-pjA3yJTzgjbQ82xt6FtgY68UVhHRL5j1M-lvTaQVXaKmMw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=1&vertical_id=0&real_bid=0.0006326999999999999&pr=gay112.com&user_keywords=&auc_type=1&aid=3301&ext_cid=0&device_theme=light&keywords=Adult&mlc=1&format=compact-slide-t_r-embed&mlf=1&cpa=d4beea6d-8bad-4984-a152-05dafc35e7bf HTTP/1.1
Host: ab6de09242.441a8a5527.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:28 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e38b7186927019c42ff656613f494aba
2280ed9a427c6912c718bc707654b125f48b6605
e7d85f03b426e8712561ad0b4b7132c89dc2715ef08835dd8a2e9132f160753f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2862
Cache-Control: max-age=130281
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:28 GMT
Etag: "63534943-117"
Expires: Mon, 24 Oct 2022 02:24:49 GMT
Last-Modified: Sat, 22 Oct 2022 01:37:07 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
ab6de09242.441a8a5527.com/in/show/?mid=1195245778&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1406986554&sid=2376143767&cid=12212&price=0.000703&is_cpm=0&cpm=0&ecpm=0.002532204965335606&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=0&ver=7.9.2&ver_c=&refdom=txxx.com&hostname=auc-inpage-hz-7-a&site_id=31360&spot_id=360&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-10-22&is_native=2&auction_queue=0&burl=B-F846YqfzNAFlgttjny43-5fgQoiSEBD8tjSP1zgrlxX-Tf6d1l2-GjYyvD0sP4yjbXmtEhdqbO9ecHFTTTswqfy-JEoPjE0_OCItD3J0JB0cNr7L7lEsLAG-ca-7g1dyqUCCaBfgMQoEcX8U44qncN-l1aa9gHi-AX9AFKXUArqFJbetOqt1Z4g8GpRUgQe4xN-fxlWtG1XWathMxCeetX76T1hiZFBvsOxwKNbC2TbysWO94R-w4bb_N2R_U93IzXvZLzAB2Ug15kUJrLCl741E2v6gEKHVNed3lDnkPqy2-eZoxS7IJzd7V24TAq-FMj-EB6XGc6gCcTS00l_ylFMB6g_wCQ2XVPcUoIQNfXKhIyNLNG6IdiNpKGiU-Lb-QvSwD677gL1gsqv5esFBiqp8E0EOnjIvoLjtUNZqKz4H0bJFptjeNVkdZtKvA4l7GuGpNkw055xctqFytYU5at_AJ9F12jJs6zhMHl-M6ZayT2fwyRPYcBnmePVJpgvM4RSha_BIGOcZ8NAC6wd14SmrpDMzgoXH6lsU0pwg3gSd-33xSbTUKLaPbWGP3ZwwwbiSYLHtAGSc0aBF_dWvYAM9Vc76chn-Nxh-uBMoCs2ouIaIrfaXbWK4Xn8dn-SV7PVN6uRfTb-fohoTm6MAGFyz9v2WX-F2z6y3AXajWQxZ598jHWnoE_-oWOUuAvoVD2SKybTItxr7mANIxqNzxDw6bFDdbn8ayD0Z62DW5uY97sxlI3uAEJD56p7BCgB_o-PtS03tn6ChrxE99uZDORYXw-nis0DSYHNY3yKiU3FFBnBQsQq7HpzFwIEVi3KNtB8FpaVBz6xl8IueMVEzgeVY7gesjStykAqOO1H6joxxDyLG3C8z-rrqAVDnAnDedXqmU3FjEeEJFzUiihI92mjbXSGDytTrL-jMnrTDShwanlkYeMVGxlczl-eqVBrL8L1VUXcyBsHYf82go9NXqPPqzJfwwpZzaT5AcEb4acIO-7p8VlDNHYh5XtFJ_LAzR7cyuPLNvMa-4ibWdnkrMRRZdIRFFmkCkTos0DYTyMcLHoKwvb2rycmK0lwl1dO-RCDGTJFasJOB4swsFInVPdtW8brDnWslTXEevFUHwk_0-hackor5oDjEtiJwbODsoC2tS0olY2jjm3nRLw3gqoN5ywN6YRnhdsG-J47irHj8okY6PdjTohJTkO-8faBepMN4PPuku5AZRvIUOnde4elv1DOzragFLh5zv43uqwHCIcKlJ0_Mg2eLRrBDabLi2ywupelORcnE1Iiy-I_A-aJzDlcpNhAKsrZhXXNAiGJE-W9aFpMN9WcdSTTTUrckDr1LHiboEIi-nRFUAldqK3v1-cySOM-J4_69Rlt4pZcnTARXPYYvRgwUVXDgGGobauhwcHzQDcs7hmk1X8iH3gGD4_j12gpOOisUGR4E0_tP6OeVHI17Z3EdRIAgfQYT7hO6M9UrnBF-gLFx0MVrYKiY04fEQNl-IIn_ggP4HwWnqohOycARTmDLapnKJZ0b8yr3k2fatWaGqzavFAxJEAqF_h7rnmUSUW5RKzx83io3ez_FjSgSYnOCO8cn_Am_VBMiDYo2Bmp75e-e7dLDI3Pmj5ixxjNfkCUjppRfW5UQCmeuMVimZuYRCSEDVFwnt7zO87lLg6GC1BDBH3tTgOVKMZhgOoxq_zcSIJH5n1PdQ0DBNRPEKC5CpyZZPOf-CJb5gdvqnxedpYkvleqn6k0lC0LtIcLWfTs667777jPcgVh33YycL6D9d9Hi-E6ZbspdVPQBdihk9UmPesaEbmK13v9zDAuewA0TgEmtN_YiGFC4-e_JoEhDAUgK0Pz5RtBaH-60GUUqN8gV_KE02JqOQirZX27j2Fb70K50pYThF-eHePi6Dg-7wD-hhscq0GgDPnYwyU5xyddWUhO3zqe-lFB4ECFvRLd3cjZAWhOFxUfyjcwbkpW0d9xT8b0L8qlrLMuuuUe6Y5-pWxkxTTNmryZ9L_dJpiQp0hoG49TjOkophD2ASsP_vJ0PM-ZNlsi9j6FCObqxlYpsVGS6w2MBz_OAZkh2oDaiFOs9yrn5N90gDqb7LMZBqg1tQzAGMuagbqjJZW_DFWtZHUVv7cn6b2Iq3_k18NxxKE9gtsTwTgqEdrNdbe9maiaHNbrXCu6K2iSvmHqmTi8hltVDqP2kFFjmBiXU1-2MRxrsbuHkB5UiqV942r8Qley2QQ6QpARf-Sco20UEdqGV_NKtLgLl6vsUQcAYBpGbwnozzNLq1cB3aZCLaJBoFPOoZRz1w9tVQdcqBx6JWsNPg8N4TGEEqh395j-KFF2xCd0ta6BVuA-ngjMVvsWWMxYt-4iMwBZXeOlXvWFsKzDgaI3sWGM2hiWRMpRgK98rulqpIHgZZ7T07ZHHzPMkL_KOJxPnrYjvcZKgHkH4eWuJIynp1e_cNC6IP1MnT2Jma_D9wsAC_Nc7pObDhlkck0OU827ToJR1pOrkgm-D8jrOtF8Y9qXAcMmnbXnivgvb6vF3C5asvIADkZUFQ8auJhPwlKm93af2syJtOVw1cUUWgn_uFux0ymeI-pyCLY7zmRdkg-J5IaW0L85-jhdDKziFGaDMCb9F6_aIXoafn2bWarz8zupnMttTMKpUPdj51CuVjyItmiXCzxHjE9Zjh2Gi5QKmYrRvn3bMHzgp0G9lgVyPPYtWtg6-xMhVLx5d1ypoIcYwe8SC0rUsJscbBNxkn6GQfkwHm-7yWgV3T2Dhtuc2fZ49IieK3EjQaLveGCiH9Bix0D6RsRaJAPJ5Bh6pjWopcidXfFkEkAISvuwBmdffmuUmLkRAa7fwN4eV2v1FNISILfvszhjntRsmenfcBdJX_ejMHcOaWgIfHQObX6iqIuI5gUiarZg0XijqBOOysZFHowZQY2fsfn07aLfPFNrTn-GyH58-I5fiDLLoIrgby5sGusDcXHSHF1YRUhaj59cFEnDwJmxPqZceprt4IzyTUsKTp_OFkLZ8C7Ofs4wbGv9pFtkwM6UiwhzGpWrxEL0UNf0CBNNpwQ_ADR4zyguDDzzfA9nLOnG_P_EmAK4X56hoZt8HUNh3cYBBnohCTBRIzVrvpJGB6MbbULeF-9jkvBs9RY5CZ_g3tdCwBgonvZ9bPFNoM_uH7vAZ0TTIOGnJqcdPQtvrz6Xiyyd2j8BjlVxBTPv6H65-DMfeuQEyKRQeg75Op8iJM9m-bbskOgcDUowbloGMDZFSwR4S6ULA0JO2MnDCwS2ptCoB9eM8fjVWPf3PebwVcgYgLCqbqytNLC1PyVk1d-p0h9xx9LYEHaV4S5Fm_mhzqBzf_v5gef17thQPXqPstOJNOUGfccV2DlljlDj8ywjNVJ6ewIwzeCaF4g_AuTbHQu5pndo4XwYX1yEksQiu-yYD8ZZ6Xa6HyjDhK_aRCY7AFHK4uVhMHW54jn-Ihoc-q0_9ir0gioLUExRji0w-KlFbpxNNbPXkyy1K-3cESbdCNgzBCKATmmu4pepkcncMlYiwrucDRLKK5GN1qMGD9tkkoWopaxQT7aU81-hfLhcb_jrnsk81pfeYWP1x8Nml6nhl7s4hGlKQFrpBYn41BlMPz_PCfqsDWbsxWpYw-VS4sf2sZzGdm7ra_SDmMiOiF0q5xlzFTLfODAPbZbF4peQazzt4D9tOeDD0W3VAWjaqwDQn2ALnllCvsP0FsLJ0oaLUQ8NuXGTcCxDqq_QyUDhZfheBAiu-9TkMQ-oup9L4WFJE3rDpy90Hoq5azs9dJZBtCTvFR4W1n8iQW65CmUTbeCxTn0v7vG_qssYOa4o0g&pop_winurl=&ip=91.90.42.154&testab=0&px_id=53360&adblock=0&auction_host=all&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.001937556831532334&placement_type_id=&skin_test=0&verify_hash=d76244aa37d7f58e3e38661586c28459&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1406986554%26spot_id%3D360%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftxxx.com%252F%26idzone%3D4438146%26sid%3D1546&ml=&tag_ab=c&original_bid=0.000703&user_fp=0&v2_track=0&url=YY0av5-nbznWG46tTr1wZM5JJSqUL9inrCrunWY93u9sOUZ-Dg0-EYDolTj6iNXLPDFinO4PFnrx97f19c8bQzHCpf647UapfNBZWtsTkfzfbZx20v9sXA9UK8fweGMgE1stZrKkJ4L_ahMr75hW8GV_E_1Rh4HT2vZ6NOH9Wzb2yetBfQ&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=1&vertical_id=0&real_bid=0.0006326999999999999&pr=gay112.com&user_keywords=&auc_type=1&aid=3301&ext_cid=0&device_theme=light&keywords=Adult&format=compact-slide-t_r-embed&mlf=1&cpa=f920e395-0c23-4688-ada8-76f3ce085a8c
168.119.25.22302 Found 0 B URL HTTP/2 ab6de09242.441a8a5527.com/in/show/?mid=1195245778&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1406986554&sid=2376143767&cid=12212&price=0.000703&is_cpm=0&cpm=0&ecpm=0.002532204965335606&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=0&ver=7.9.2&ver_c=&refdom=txxx.com&hostname=auc-inpage-hz-7-a&site_id=31360&spot_id=360&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-10-22&is_native=2&auction_queue=0&burl=B-F846YqfzNAFlgttjny43-5fgQoiSEBD8tjSP1zgrlxX-Tf6d1l2-GjYyvD0sP4yjbXmtEhdqbO9ecHFTTTswqfy-JEoPjE0_OCItD3J0JB0cNr7L7lEsLAG-ca-7g1dyqUCCaBfgMQoEcX8U44qncN-l1aa9gHi-AX9AFKXUArqFJbetOqt1Z4g8GpRUgQe4xN-fxlWtG1XWathMxCeetX76T1hiZFBvsOxwKNbC2TbysWO94R-w4bb_N2R_U93IzXvZLzAB2Ug15kUJrLCl741E2v6gEKHVNed3lDnkPqy2-eZoxS7IJzd7V24TAq-FMj-EB6XGc6gCcTS00l_ylFMB6g_wCQ2XVPcUoIQNfXKhIyNLNG6IdiNpKGiU-Lb-QvSwD677gL1gsqv5esFBiqp8E0EOnjIvoLjtUNZqKz4H0bJFptjeNVkdZtKvA4l7GuGpNkw055xctqFytYU5at_AJ9F12jJs6zhMHl-M6ZayT2fwyRPYcBnmePVJpgvM4RSha_BIGOcZ8NAC6wd14SmrpDMzgoXH6lsU0pwg3gSd-33xSbTUKLaPbWGP3ZwwwbiSYLHtAGSc0aBF_dWvYAM9Vc76chn-Nxh-uBMoCs2ouIaIrfaXbWK4Xn8dn-SV7PVN6uRfTb-fohoTm6MAGFyz9v2WX-F2z6y3AXajWQxZ598jHWnoE_-oWOUuAvoVD2SKybTItxr7mANIxqNzxDw6bFDdbn8ayD0Z62DW5uY97sxlI3uAEJD56p7BCgB_o-PtS03tn6ChrxE99uZDORYXw-nis0DSYHNY3yKiU3FFBnBQsQq7HpzFwIEVi3KNtB8FpaVBz6xl8IueMVEzgeVY7gesjStykAqOO1H6joxxDyLG3C8z-rrqAVDnAnDedXqmU3FjEeEJFzUiihI92mjbXSGDytTrL-jMnrTDShwanlkYeMVGxlczl-eqVBrL8L1VUXcyBsHYf82go9NXqPPqzJfwwpZzaT5AcEb4acIO-7p8VlDNHYh5XtFJ_LAzR7cyuPLNvMa-4ibWdnkrMRRZdIRFFmkCkTos0DYTyMcLHoKwvb2rycmK0lwl1dO-RCDGTJFasJOB4swsFInVPdtW8brDnWslTXEevFUHwk_0-hackor5oDjEtiJwbODsoC2tS0olY2jjm3nRLw3gqoN5ywN6YRnhdsG-J47irHj8okY6PdjTohJTkO-8faBepMN4PPuku5AZRvIUOnde4elv1DOzragFLh5zv43uqwHCIcKlJ0_Mg2eLRrBDabLi2ywupelORcnE1Iiy-I_A-aJzDlcpNhAKsrZhXXNAiGJE-W9aFpMN9WcdSTTTUrckDr1LHiboEIi-nRFUAldqK3v1-cySOM-J4_69Rlt4pZcnTARXPYYvRgwUVXDgGGobauhwcHzQDcs7hmk1X8iH3gGD4_j12gpOOisUGR4E0_tP6OeVHI17Z3EdRIAgfQYT7hO6M9UrnBF-gLFx0MVrYKiY04fEQNl-IIn_ggP4HwWnqohOycARTmDLapnKJZ0b8yr3k2fatWaGqzavFAxJEAqF_h7rnmUSUW5RKzx83io3ez_FjSgSYnOCO8cn_Am_VBMiDYo2Bmp75e-e7dLDI3Pmj5ixxjNfkCUjppRfW5UQCmeuMVimZuYRCSEDVFwnt7zO87lLg6GC1BDBH3tTgOVKMZhgOoxq_zcSIJH5n1PdQ0DBNRPEKC5CpyZZPOf-CJb5gdvqnxedpYkvleqn6k0lC0LtIcLWfTs667777jPcgVh33YycL6D9d9Hi-E6ZbspdVPQBdihk9UmPesaEbmK13v9zDAuewA0TgEmtN_YiGFC4-e_JoEhDAUgK0Pz5RtBaH-60GUUqN8gV_KE02JqOQirZX27j2Fb70K50pYThF-eHePi6Dg-7wD-hhscq0GgDPnYwyU5xyddWUhO3zqe-lFB4ECFvRLd3cjZAWhOFxUfyjcwbkpW0d9xT8b0L8qlrLMuuuUe6Y5-pWxkxTTNmryZ9L_dJpiQp0hoG49TjOkophD2ASsP_vJ0PM-ZNlsi9j6FCObqxlYpsVGS6w2MBz_OAZkh2oDaiFOs9yrn5N90gDqb7LMZBqg1tQzAGMuagbqjJZW_DFWtZHUVv7cn6b2Iq3_k18NxxKE9gtsTwTgqEdrNdbe9maiaHNbrXCu6K2iSvmHqmTi8hltVDqP2kFFjmBiXU1-2MRxrsbuHkB5UiqV942r8Qley2QQ6QpARf-Sco20UEdqGV_NKtLgLl6vsUQcAYBpGbwnozzNLq1cB3aZCLaJBoFPOoZRz1w9tVQdcqBx6JWsNPg8N4TGEEqh395j-KFF2xCd0ta6BVuA-ngjMVvsWWMxYt-4iMwBZXeOlXvWFsKzDgaI3sWGM2hiWRMpRgK98rulqpIHgZZ7T07ZHHzPMkL_KOJxPnrYjvcZKgHkH4eWuJIynp1e_cNC6IP1MnT2Jma_D9wsAC_Nc7pObDhlkck0OU827ToJR1pOrkgm-D8jrOtF8Y9qXAcMmnbXnivgvb6vF3C5asvIADkZUFQ8auJhPwlKm93af2syJtOVw1cUUWgn_uFux0ymeI-pyCLY7zmRdkg-J5IaW0L85-jhdDKziFGaDMCb9F6_aIXoafn2bWarz8zupnMttTMKpUPdj51CuVjyItmiXCzxHjE9Zjh2Gi5QKmYrRvn3bMHzgp0G9lgVyPPYtWtg6-xMhVLx5d1ypoIcYwe8SC0rUsJscbBNxkn6GQfkwHm-7yWgV3T2Dhtuc2fZ49IieK3EjQaLveGCiH9Bix0D6RsRaJAPJ5Bh6pjWopcidXfFkEkAISvuwBmdffmuUmLkRAa7fwN4eV2v1FNISILfvszhjntRsmenfcBdJX_ejMHcOaWgIfHQObX6iqIuI5gUiarZg0XijqBOOysZFHowZQY2fsfn07aLfPFNrTn-GyH58-I5fiDLLoIrgby5sGusDcXHSHF1YRUhaj59cFEnDwJmxPqZceprt4IzyTUsKTp_OFkLZ8C7Ofs4wbGv9pFtkwM6UiwhzGpWrxEL0UNf0CBNNpwQ_ADR4zyguDDzzfA9nLOnG_P_EmAK4X56hoZt8HUNh3cYBBnohCTBRIzVrvpJGB6MbbULeF-9jkvBs9RY5CZ_g3tdCwBgonvZ9bPFNoM_uH7vAZ0TTIOGnJqcdPQtvrz6Xiyyd2j8BjlVxBTPv6H65-DMfeuQEyKRQeg75Op8iJM9m-bbskOgcDUowbloGMDZFSwR4S6ULA0JO2MnDCwS2ptCoB9eM8fjVWPf3PebwVcgYgLCqbqytNLC1PyVk1d-p0h9xx9LYEHaV4S5Fm_mhzqBzf_v5gef17thQPXqPstOJNOUGfccV2DlljlDj8ywjNVJ6ewIwzeCaF4g_AuTbHQu5pndo4XwYX1yEksQiu-yYD8ZZ6Xa6HyjDhK_aRCY7AFHK4uVhMHW54jn-Ihoc-q0_9ir0gioLUExRji0w-KlFbpxNNbPXkyy1K-3cESbdCNgzBCKATmmu4pepkcncMlYiwrucDRLKK5GN1qMGD9tkkoWopaxQT7aU81-hfLhcb_jrnsk81pfeYWP1x8Nml6nhl7s4hGlKQFrpBYn41BlMPz_PCfqsDWbsxWpYw-VS4sf2sZzGdm7ra_SDmMiOiF0q5xlzFTLfODAPbZbF4peQazzt4D9tOeDD0W3VAWjaqwDQn2ALnllCvsP0FsLJ0oaLUQ8NuXGTcCxDqq_QyUDhZfheBAiu-9TkMQ-oup9L4WFJE3rDpy90Hoq5azs9dJZBtCTvFR4W1n8iQW65CmUTbeCxTn0v7vG_qssYOa4o0g&pop_winurl=&ip=91.90.42.154&testab=0&px_id=53360&adblock=0&auction_host=all&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.001937556831532334&placement_type_id=&skin_test=0&verify_hash=d76244aa37d7f58e3e38661586c28459&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1406986554%26spot_id%3D360%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftxxx.com%252F%26idzone%3D4438146%26sid%3D1546&ml=&tag_ab=c&original_bid=0.000703&user_fp=0&v2_track=0&url=YY0av5-nbznWG46tTr1wZM5JJSqUL9inrCrunWY93u9sOUZ-Dg0-EYDolTj6iNXLPDFinO4PFnrx97f19c8bQzHCpf647UapfNBZWtsTkfzfbZx20v9sXA9UK8fweGMgE1stZrKkJ4L_ahMr75hW8GV_E_1Rh4HT2vZ6NOH9Wzb2yetBfQ&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=1&vertical_id=0&real_bid=0.0006326999999999999&pr=gay112.com&user_keywords=&auc_type=1&aid=3301&ext_cid=0&device_theme=light&keywords=Adult&format=compact-slide-t_r-embed&mlf=1&cpa=f920e395-0c23-4688-ada8-76f3ce085a8c
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=1195245778&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1406986554&sid=2376143767&cid=12212&price=0.000703&is_cpm=0&cpm=0&ecpm=0.002532204965335606&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=0&ver=7.9.2&ver_c=&refdom=txxx.com&hostname=auc-inpage-hz-7-a&site_id=31360&spot_id=360&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-10-22&is_native=2&auction_queue=0&burl=B-F846YqfzNAFlgttjny43-5fgQoiSEBD8tjSP1zgrlxX-Tf6d1l2-GjYyvD0sP4yjbXmtEhdqbO9ecHFTTTswqfy-JEoPjE0_OCItD3J0JB0cNr7L7lEsLAG-ca-7g1dyqUCCaBfgMQoEcX8U44qncN-l1aa9gHi-AX9AFKXUArqFJbetOqt1Z4g8GpRUgQe4xN-fxlWtG1XWathMxCeetX76T1hiZFBvsOxwKNbC2TbysWO94R-w4bb_N2R_U93IzXvZLzAB2Ug15kUJrLCl741E2v6gEKHVNed3lDnkPqy2-eZoxS7IJzd7V24TAq-FMj-EB6XGc6gCcTS00l_ylFMB6g_wCQ2XVPcUoIQNfXKhIyNLNG6IdiNpKGiU-Lb-QvSwD677gL1gsqv5esFBiqp8E0EOnjIvoLjtUNZqKz4H0bJFptjeNVkdZtKvA4l7GuGpNkw055xctqFytYU5at_AJ9F12jJs6zhMHl-M6ZayT2fwyRPYcBnmePVJpgvM4RSha_BIGOcZ8NAC6wd14SmrpDMzgoXH6lsU0pwg3gSd-33xSbTUKLaPbWGP3ZwwwbiSYLHtAGSc0aBF_dWvYAM9Vc76chn-Nxh-uBMoCs2ouIaIrfaXbWK4Xn8dn-SV7PVN6uRfTb-fohoTm6MAGFyz9v2WX-F2z6y3AXajWQxZ598jHWnoE_-oWOUuAvoVD2SKybTItxr7mANIxqNzxDw6bFDdbn8ayD0Z62DW5uY97sxlI3uAEJD56p7BCgB_o-PtS03tn6ChrxE99uZDORYXw-nis0DSYHNY3yKiU3FFBnBQsQq7HpzFwIEVi3KNtB8FpaVBz6xl8IueMVEzgeVY7gesjStykAqOO1H6joxxDyLG3C8z-rrqAVDnAnDedXqmU3FjEeEJFzUiihI92mjbXSGDytTrL-jMnrTDShwanlkYeMVGxlczl-eqVBrL8L1VUXcyBsHYf82go9NXqPPqzJfwwpZzaT5AcEb4acIO-7p8VlDNHYh5XtFJ_LAzR7cyuPLNvMa-4ibWdnkrMRRZdIRFFmkCkTos0DYTyMcLHoKwvb2rycmK0lwl1dO-RCDGTJFasJOB4swsFInVPdtW8brDnWslTXEevFUHwk_0-hackor5oDjEtiJwbODsoC2tS0olY2jjm3nRLw3gqoN5ywN6YRnhdsG-J47irHj8okY6PdjTohJTkO-8faBepMN4PPuku5AZRvIUOnde4elv1DOzragFLh5zv43uqwHCIcKlJ0_Mg2eLRrBDabLi2ywupelORcnE1Iiy-I_A-aJzDlcpNhAKsrZhXXNAiGJE-W9aFpMN9WcdSTTTUrckDr1LHiboEIi-nRFUAldqK3v1-cySOM-J4_69Rlt4pZcnTARXPYYvRgwUVXDgGGobauhwcHzQDcs7hmk1X8iH3gGD4_j12gpOOisUGR4E0_tP6OeVHI17Z3EdRIAgfQYT7hO6M9UrnBF-gLFx0MVrYKiY04fEQNl-IIn_ggP4HwWnqohOycARTmDLapnKJZ0b8yr3k2fatWaGqzavFAxJEAqF_h7rnmUSUW5RKzx83io3ez_FjSgSYnOCO8cn_Am_VBMiDYo2Bmp75e-e7dLDI3Pmj5ixxjNfkCUjppRfW5UQCmeuMVimZuYRCSEDVFwnt7zO87lLg6GC1BDBH3tTgOVKMZhgOoxq_zcSIJH5n1PdQ0DBNRPEKC5CpyZZPOf-CJb5gdvqnxedpYkvleqn6k0lC0LtIcLWfTs667777jPcgVh33YycL6D9d9Hi-E6ZbspdVPQBdihk9UmPesaEbmK13v9zDAuewA0TgEmtN_YiGFC4-e_JoEhDAUgK0Pz5RtBaH-60GUUqN8gV_KE02JqOQirZX27j2Fb70K50pYThF-eHePi6Dg-7wD-hhscq0GgDPnYwyU5xyddWUhO3zqe-lFB4ECFvRLd3cjZAWhOFxUfyjcwbkpW0d9xT8b0L8qlrLMuuuUe6Y5-pWxkxTTNmryZ9L_dJpiQp0hoG49TjOkophD2ASsP_vJ0PM-ZNlsi9j6FCObqxlYpsVGS6w2MBz_OAZkh2oDaiFOs9yrn5N90gDqb7LMZBqg1tQzAGMuagbqjJZW_DFWtZHUVv7cn6b2Iq3_k18NxxKE9gtsTwTgqEdrNdbe9maiaHNbrXCu6K2iSvmHqmTi8hltVDqP2kFFjmBiXU1-2MRxrsbuHkB5UiqV942r8Qley2QQ6QpARf-Sco20UEdqGV_NKtLgLl6vsUQcAYBpGbwnozzNLq1cB3aZCLaJBoFPOoZRz1w9tVQdcqBx6JWsNPg8N4TGEEqh395j-KFF2xCd0ta6BVuA-ngjMVvsWWMxYt-4iMwBZXeOlXvWFsKzDgaI3sWGM2hiWRMpRgK98rulqpIHgZZ7T07ZHHzPMkL_KOJxPnrYjvcZKgHkH4eWuJIynp1e_cNC6IP1MnT2Jma_D9wsAC_Nc7pObDhlkck0OU827ToJR1pOrkgm-D8jrOtF8Y9qXAcMmnbXnivgvb6vF3C5asvIADkZUFQ8auJhPwlKm93af2syJtOVw1cUUWgn_uFux0ymeI-pyCLY7zmRdkg-J5IaW0L85-jhdDKziFGaDMCb9F6_aIXoafn2bWarz8zupnMttTMKpUPdj51CuVjyItmiXCzxHjE9Zjh2Gi5QKmYrRvn3bMHzgp0G9lgVyPPYtWtg6-xMhVLx5d1ypoIcYwe8SC0rUsJscbBNxkn6GQfkwHm-7yWgV3T2Dhtuc2fZ49IieK3EjQaLveGCiH9Bix0D6RsRaJAPJ5Bh6pjWopcidXfFkEkAISvuwBmdffmuUmLkRAa7fwN4eV2v1FNISILfvszhjntRsmenfcBdJX_ejMHcOaWgIfHQObX6iqIuI5gUiarZg0XijqBOOysZFHowZQY2fsfn07aLfPFNrTn-GyH58-I5fiDLLoIrgby5sGusDcXHSHF1YRUhaj59cFEnDwJmxPqZceprt4IzyTUsKTp_OFkLZ8C7Ofs4wbGv9pFtkwM6UiwhzGpWrxEL0UNf0CBNNpwQ_ADR4zyguDDzzfA9nLOnG_P_EmAK4X56hoZt8HUNh3cYBBnohCTBRIzVrvpJGB6MbbULeF-9jkvBs9RY5CZ_g3tdCwBgonvZ9bPFNoM_uH7vAZ0TTIOGnJqcdPQtvrz6Xiyyd2j8BjlVxBTPv6H65-DMfeuQEyKRQeg75Op8iJM9m-bbskOgcDUowbloGMDZFSwR4S6ULA0JO2MnDCwS2ptCoB9eM8fjVWPf3PebwVcgYgLCqbqytNLC1PyVk1d-p0h9xx9LYEHaV4S5Fm_mhzqBzf_v5gef17thQPXqPstOJNOUGfccV2DlljlDj8ywjNVJ6ewIwzeCaF4g_AuTbHQu5pndo4XwYX1yEksQiu-yYD8ZZ6Xa6HyjDhK_aRCY7AFHK4uVhMHW54jn-Ihoc-q0_9ir0gioLUExRji0w-KlFbpxNNbPXkyy1K-3cESbdCNgzBCKATmmu4pepkcncMlYiwrucDRLKK5GN1qMGD9tkkoWopaxQT7aU81-hfLhcb_jrnsk81pfeYWP1x8Nml6nhl7s4hGlKQFrpBYn41BlMPz_PCfqsDWbsxWpYw-VS4sf2sZzGdm7ra_SDmMiOiF0q5xlzFTLfODAPbZbF4peQazzt4D9tOeDD0W3VAWjaqwDQn2ALnllCvsP0FsLJ0oaLUQ8NuXGTcCxDqq_QyUDhZfheBAiu-9TkMQ-oup9L4WFJE3rDpy90Hoq5azs9dJZBtCTvFR4W1n8iQW65CmUTbeCxTn0v7vG_qssYOa4o0g&pop_winurl=&ip=91.90.42.154&testab=0&px_id=53360&adblock=0&auction_host=all&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.001937556831532334&placement_type_id=&skin_test=0&verify_hash=d76244aa37d7f58e3e38661586c28459&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1406986554%26spot_id%3D360%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftxxx.com%252F%26idzone%3D4438146%26sid%3D1546&ml=&tag_ab=c&original_bid=0.000703&user_fp=0&v2_track=0&url=YY0av5-nbznWG46tTr1wZM5JJSqUL9inrCrunWY93u9sOUZ-Dg0-EYDolTj6iNXLPDFinO4PFnrx97f19c8bQzHCpf647UapfNBZWtsTkfzfbZx20v9sXA9UK8fweGMgE1stZrKkJ4L_ahMr75hW8GV_E_1Rh4HT2vZ6NOH9Wzb2yetBfQ&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=1&vertical_id=0&real_bid=0.0006326999999999999&pr=gay112.com&user_keywords=&auc_type=1&aid=3301&ext_cid=0&device_theme=light&keywords=Adult&format=compact-slide-t_r-embed&mlf=1&cpa=f920e395-0c23-4688-ada8-76f3ce085a8c HTTP/1.1
Host: ab6de09242.441a8a5527.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:28 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
X-Firefox-Spdy: h2
ab6de09242.441a8a5527.com/in/show/?mid=1910869085&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=2020051113&sid=3535497042&cid=13865&price=0.0006392&is_cpm=0&cpm=0&ecpm=0.02006075499629904&crid=2541693&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=7.9.2&ver_c=&refdom=gay112.com&hostname=auc-inpage-hz-3-c&site_id=3120724&spot_id=20724&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1666448067&created_at=2022-10-22&is_native=2&auction_queue=0&burl=xVXmRy92fv865g2Nbe0cvAJiZOWRhrlolhXSZqK_AlbP80g4m0GfDnN9_9m8kNHrw-mfjlhaQfwWC20KY-q9tWmYYv-5vpuz_py1WbvnXrJr1N21myYaxZWrW1bfY32rYx4O_k4GaUxVYTmnucfd7YIAfRBWs4vPalWAW27Wp4Jh80PH1fbdnLAtsV24kecJP1Hv8J7vX1FKFGY0iNrVUupdHPAGBxSIX17iY1pfGsY-ZIk8ByUWjjR02q8zut_lJgWtxmdx5QEP1_FVA8TCFmoM55nXMC9FUtCVtwQ7to24h-vtLdi26II6XYj_hSy5sKa01hflRKRChfy8UNTTnQmrA94TCee2P1EHK--ZkKM0q5d8ji3vJev8QCuTPeg1vzOHDeEXiwLzaFWjI4OznuF2H42Y52JdTcm7u8iUldTwU60DSpxU6hgPR2M9PGW7uWk4ivZzR9S2aCCHRKBkSy9LBh3AUwsxAxlDUjhYkwpta5ho29YPjtYYs-qSjYph_vNNbkeRo59ir_FOU1FF7YsQcy03cznkOFIRKvvjtl0kYd-lw2iYYBqUmZkVMOim0FM0BU2cqtL_AR4vZ3dsNRHe8BHG2FMz9mO23UV0rMAabTPNq-CJCeAUJ2OQzFyci-r9-viE-__spPEQA8THfeUx6xj7T4JHRf86C0fgtN1ZOiPS2UonuzVa3BxF2wsl7q8B38keEiux0imGdfw1vqSy9EzgaFI69L48XgoctOLMt6fC5uT2FdB2mBTyJ7gz4_RZpb_2IGl7JglaJ6Ih20LJzMcpXxBFUfdILAcfwOnGyNjffxjQ3jPt5PPsbRiKF5_pSlLcFKAPsFEMZJ12BN7kLdgx5GSStplBi8cdbW79RWgRMiH47KQviGP9lHFiE2s56bBcFZKk8xaKswcUCt4Wpz9pcHrwW2ip32lPJHskwK1j3lUEAO2ytCmCoZ9i9VtbQZL2FkwsdpL06skmffyLuQBnmzIMyQcrl3x6WGV0eALHse2VZgFe4FUf70lfj9HIzhZ6nVyxWF6ONZ9fffgTBLuawydmI7ZPEzaGiAjmghXuwL91IZA-M0wdmpw1IVsXq6HPRlEVXjyKurRz1TXMqTvQIjXSm8iTsXZhPSj-7rrcAPrVzg6s97mQXxcl-hO8HvV5MNr0tdZktf2B9MiHgRv5NaPChVU706mPXhs9IGvAdfxYiIlKqBK9G2bx6UsVC_3fV4ifRfYI4vu_hidsZcsoSJUy-RjROkYjDuQuOLpGTro4JQByxEB2Gt7Fg1HhpWSvJY1454-_L06jUFx6l821xBRsMLw9sf_Ap6DFCIEUGME10Th6NHbe8YXz52Gv0P6e329xADhhFMr8cDxZmYlf8sVe3DLaPfWC4DPPSImAiaYrPqFZ-v4L9fAU9Y7ox0jXo4_NCzKrzuHVx-FKkqL8Ylb2QS3doUg5DneXygpOiqWzSRfZO9OXB50VIfYb0GD499XTASA1h4WB_-yR-rQcK_wstDi5R_c6Y3N9lTqdhlai7Tr3g8EA3kZxrHfQQv7-dIAp0p8nFaupNjunapdBTwzIaWb3lxt_urOyOZvh_ljpGDwSmdwpw6tWTc0zQ7p8hazrr1Ee_gWPL5Y09q3vUOW_Uu_v3NfL6ycWu26hsmrDkTiQnUPO1tBskvgrXiVbjr8Ck7W2TmoAhMoQzu9BAvKThi85ribWm59hxxHB-uawjSqotaiQzNt7VOI05ReayD3f88c0u0oYhDCOqPF3TguYy49k3yU4KKdegG5umsd_D8eleYAO1gIuKXKG5zXHNU-Zx5YYj-5I0TId5-8OIpcRgSuKFMFOB6e8IdmTCuCUZaAtqWk4wVGsR_qfl0zjIp-VvuF9dg0oVOT-Jzg9P5frUhUQUATz_LC6h-WfShKVrLC0g3UC_R2jBbLHFRNHpw&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5320724&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.013847499795706885&placement_type_id=&skin_test=0&verify_hash=42dda992cf713512d39cb324ea9d30e7&score=96.53917686518113&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D2020051113%26spot_id%3D20724%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fgay112.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0006392&user_fp=0&v2_track=0&url=oHD9P9R7MKmRnngYnKLGkY3SZ9Ey0CoB7WyV89Q78nhFg3M7qhOMgiMcbqGeybHhDBjUo8TdgrIWZ29s3QXW6Zttz5I9hXOGiKKYUpmWkGUuC8Fafe8EMuH6iD-KlhKnq2gxHDPbLik1l_P6l41M25QzWY8CXGZvf_1qEvNgLywu8wKKFQ&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&skin_id=4&vertical_id=0&real_bid=0.0006392&pr=&user_keywords=&auc_type=1&aid=116&ext_cid=0&device_theme=light&keywords=Gay,Adult&mlc=1&format=social-scale-b_r-body&mlf=1&cpa=34c81553-e048-45d0-aa65-d174dc06dec6
168.119.25.22302 Found 0 B URL HTTP/2 ab6de09242.441a8a5527.com/in/show/?mid=1910869085&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=2020051113&sid=3535497042&cid=13865&price=0.0006392&is_cpm=0&cpm=0&ecpm=0.02006075499629904&crid=2541693&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=7.9.2&ver_c=&refdom=gay112.com&hostname=auc-inpage-hz-3-c&site_id=3120724&spot_id=20724&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1666448067&created_at=2022-10-22&is_native=2&auction_queue=0&burl=xVXmRy92fv865g2Nbe0cvAJiZOWRhrlolhXSZqK_AlbP80g4m0GfDnN9_9m8kNHrw-mfjlhaQfwWC20KY-q9tWmYYv-5vpuz_py1WbvnXrJr1N21myYaxZWrW1bfY32rYx4O_k4GaUxVYTmnucfd7YIAfRBWs4vPalWAW27Wp4Jh80PH1fbdnLAtsV24kecJP1Hv8J7vX1FKFGY0iNrVUupdHPAGBxSIX17iY1pfGsY-ZIk8ByUWjjR02q8zut_lJgWtxmdx5QEP1_FVA8TCFmoM55nXMC9FUtCVtwQ7to24h-vtLdi26II6XYj_hSy5sKa01hflRKRChfy8UNTTnQmrA94TCee2P1EHK--ZkKM0q5d8ji3vJev8QCuTPeg1vzOHDeEXiwLzaFWjI4OznuF2H42Y52JdTcm7u8iUldTwU60DSpxU6hgPR2M9PGW7uWk4ivZzR9S2aCCHRKBkSy9LBh3AUwsxAxlDUjhYkwpta5ho29YPjtYYs-qSjYph_vNNbkeRo59ir_FOU1FF7YsQcy03cznkOFIRKvvjtl0kYd-lw2iYYBqUmZkVMOim0FM0BU2cqtL_AR4vZ3dsNRHe8BHG2FMz9mO23UV0rMAabTPNq-CJCeAUJ2OQzFyci-r9-viE-__spPEQA8THfeUx6xj7T4JHRf86C0fgtN1ZOiPS2UonuzVa3BxF2wsl7q8B38keEiux0imGdfw1vqSy9EzgaFI69L48XgoctOLMt6fC5uT2FdB2mBTyJ7gz4_RZpb_2IGl7JglaJ6Ih20LJzMcpXxBFUfdILAcfwOnGyNjffxjQ3jPt5PPsbRiKF5_pSlLcFKAPsFEMZJ12BN7kLdgx5GSStplBi8cdbW79RWgRMiH47KQviGP9lHFiE2s56bBcFZKk8xaKswcUCt4Wpz9pcHrwW2ip32lPJHskwK1j3lUEAO2ytCmCoZ9i9VtbQZL2FkwsdpL06skmffyLuQBnmzIMyQcrl3x6WGV0eALHse2VZgFe4FUf70lfj9HIzhZ6nVyxWF6ONZ9fffgTBLuawydmI7ZPEzaGiAjmghXuwL91IZA-M0wdmpw1IVsXq6HPRlEVXjyKurRz1TXMqTvQIjXSm8iTsXZhPSj-7rrcAPrVzg6s97mQXxcl-hO8HvV5MNr0tdZktf2B9MiHgRv5NaPChVU706mPXhs9IGvAdfxYiIlKqBK9G2bx6UsVC_3fV4ifRfYI4vu_hidsZcsoSJUy-RjROkYjDuQuOLpGTro4JQByxEB2Gt7Fg1HhpWSvJY1454-_L06jUFx6l821xBRsMLw9sf_Ap6DFCIEUGME10Th6NHbe8YXz52Gv0P6e329xADhhFMr8cDxZmYlf8sVe3DLaPfWC4DPPSImAiaYrPqFZ-v4L9fAU9Y7ox0jXo4_NCzKrzuHVx-FKkqL8Ylb2QS3doUg5DneXygpOiqWzSRfZO9OXB50VIfYb0GD499XTASA1h4WB_-yR-rQcK_wstDi5R_c6Y3N9lTqdhlai7Tr3g8EA3kZxrHfQQv7-dIAp0p8nFaupNjunapdBTwzIaWb3lxt_urOyOZvh_ljpGDwSmdwpw6tWTc0zQ7p8hazrr1Ee_gWPL5Y09q3vUOW_Uu_v3NfL6ycWu26hsmrDkTiQnUPO1tBskvgrXiVbjr8Ck7W2TmoAhMoQzu9BAvKThi85ribWm59hxxHB-uawjSqotaiQzNt7VOI05ReayD3f88c0u0oYhDCOqPF3TguYy49k3yU4KKdegG5umsd_D8eleYAO1gIuKXKG5zXHNU-Zx5YYj-5I0TId5-8OIpcRgSuKFMFOB6e8IdmTCuCUZaAtqWk4wVGsR_qfl0zjIp-VvuF9dg0oVOT-Jzg9P5frUhUQUATz_LC6h-WfShKVrLC0g3UC_R2jBbLHFRNHpw&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5320724&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.013847499795706885&placement_type_id=&skin_test=0&verify_hash=42dda992cf713512d39cb324ea9d30e7&score=96.53917686518113&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D2020051113%26spot_id%3D20724%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fgay112.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0006392&user_fp=0&v2_track=0&url=oHD9P9R7MKmRnngYnKLGkY3SZ9Ey0CoB7WyV89Q78nhFg3M7qhOMgiMcbqGeybHhDBjUo8TdgrIWZ29s3QXW6Zttz5I9hXOGiKKYUpmWkGUuC8Fafe8EMuH6iD-KlhKnq2gxHDPbLik1l_P6l41M25QzWY8CXGZvf_1qEvNgLywu8wKKFQ&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&skin_id=4&vertical_id=0&real_bid=0.0006392&pr=&user_keywords=&auc_type=1&aid=116&ext_cid=0&device_theme=light&keywords=Gay,Adult&mlc=1&format=social-scale-b_r-body&mlf=1&cpa=34c81553-e048-45d0-aa65-d174dc06dec6
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=1910869085&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=2020051113&sid=3535497042&cid=13865&price=0.0006392&is_cpm=0&cpm=0&ecpm=0.02006075499629904&crid=2541693&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=7.9.2&ver_c=&refdom=gay112.com&hostname=auc-inpage-hz-3-c&site_id=3120724&spot_id=20724&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1666448067&created_at=2022-10-22&is_native=2&auction_queue=0&burl=xVXmRy92fv865g2Nbe0cvAJiZOWRhrlolhXSZqK_AlbP80g4m0GfDnN9_9m8kNHrw-mfjlhaQfwWC20KY-q9tWmYYv-5vpuz_py1WbvnXrJr1N21myYaxZWrW1bfY32rYx4O_k4GaUxVYTmnucfd7YIAfRBWs4vPalWAW27Wp4Jh80PH1fbdnLAtsV24kecJP1Hv8J7vX1FKFGY0iNrVUupdHPAGBxSIX17iY1pfGsY-ZIk8ByUWjjR02q8zut_lJgWtxmdx5QEP1_FVA8TCFmoM55nXMC9FUtCVtwQ7to24h-vtLdi26II6XYj_hSy5sKa01hflRKRChfy8UNTTnQmrA94TCee2P1EHK--ZkKM0q5d8ji3vJev8QCuTPeg1vzOHDeEXiwLzaFWjI4OznuF2H42Y52JdTcm7u8iUldTwU60DSpxU6hgPR2M9PGW7uWk4ivZzR9S2aCCHRKBkSy9LBh3AUwsxAxlDUjhYkwpta5ho29YPjtYYs-qSjYph_vNNbkeRo59ir_FOU1FF7YsQcy03cznkOFIRKvvjtl0kYd-lw2iYYBqUmZkVMOim0FM0BU2cqtL_AR4vZ3dsNRHe8BHG2FMz9mO23UV0rMAabTPNq-CJCeAUJ2OQzFyci-r9-viE-__spPEQA8THfeUx6xj7T4JHRf86C0fgtN1ZOiPS2UonuzVa3BxF2wsl7q8B38keEiux0imGdfw1vqSy9EzgaFI69L48XgoctOLMt6fC5uT2FdB2mBTyJ7gz4_RZpb_2IGl7JglaJ6Ih20LJzMcpXxBFUfdILAcfwOnGyNjffxjQ3jPt5PPsbRiKF5_pSlLcFKAPsFEMZJ12BN7kLdgx5GSStplBi8cdbW79RWgRMiH47KQviGP9lHFiE2s56bBcFZKk8xaKswcUCt4Wpz9pcHrwW2ip32lPJHskwK1j3lUEAO2ytCmCoZ9i9VtbQZL2FkwsdpL06skmffyLuQBnmzIMyQcrl3x6WGV0eALHse2VZgFe4FUf70lfj9HIzhZ6nVyxWF6ONZ9fffgTBLuawydmI7ZPEzaGiAjmghXuwL91IZA-M0wdmpw1IVsXq6HPRlEVXjyKurRz1TXMqTvQIjXSm8iTsXZhPSj-7rrcAPrVzg6s97mQXxcl-hO8HvV5MNr0tdZktf2B9MiHgRv5NaPChVU706mPXhs9IGvAdfxYiIlKqBK9G2bx6UsVC_3fV4ifRfYI4vu_hidsZcsoSJUy-RjROkYjDuQuOLpGTro4JQByxEB2Gt7Fg1HhpWSvJY1454-_L06jUFx6l821xBRsMLw9sf_Ap6DFCIEUGME10Th6NHbe8YXz52Gv0P6e329xADhhFMr8cDxZmYlf8sVe3DLaPfWC4DPPSImAiaYrPqFZ-v4L9fAU9Y7ox0jXo4_NCzKrzuHVx-FKkqL8Ylb2QS3doUg5DneXygpOiqWzSRfZO9OXB50VIfYb0GD499XTASA1h4WB_-yR-rQcK_wstDi5R_c6Y3N9lTqdhlai7Tr3g8EA3kZxrHfQQv7-dIAp0p8nFaupNjunapdBTwzIaWb3lxt_urOyOZvh_ljpGDwSmdwpw6tWTc0zQ7p8hazrr1Ee_gWPL5Y09q3vUOW_Uu_v3NfL6ycWu26hsmrDkTiQnUPO1tBskvgrXiVbjr8Ck7W2TmoAhMoQzu9BAvKThi85ribWm59hxxHB-uawjSqotaiQzNt7VOI05ReayD3f88c0u0oYhDCOqPF3TguYy49k3yU4KKdegG5umsd_D8eleYAO1gIuKXKG5zXHNU-Zx5YYj-5I0TId5-8OIpcRgSuKFMFOB6e8IdmTCuCUZaAtqWk4wVGsR_qfl0zjIp-VvuF9dg0oVOT-Jzg9P5frUhUQUATz_LC6h-WfShKVrLC0g3UC_R2jBbLHFRNHpw&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5320724&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.013847499795706885&placement_type_id=&skin_test=0&verify_hash=42dda992cf713512d39cb324ea9d30e7&score=96.53917686518113&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D2020051113%26spot_id%3D20724%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fgay112.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0006392&user_fp=0&v2_track=0&url=oHD9P9R7MKmRnngYnKLGkY3SZ9Ey0CoB7WyV89Q78nhFg3M7qhOMgiMcbqGeybHhDBjUo8TdgrIWZ29s3QXW6Zttz5I9hXOGiKKYUpmWkGUuC8Fafe8EMuH6iD-KlhKnq2gxHDPbLik1l_P6l41M25QzWY8CXGZvf_1qEvNgLywu8wKKFQ&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&skin_id=4&vertical_id=0&real_bid=0.0006392&pr=&user_keywords=&auc_type=1&aid=116&ext_cid=0&device_theme=light&keywords=Gay,Adult&mlc=1&format=social-scale-b_r-body&mlf=1&cpa=34c81553-e048-45d0-aa65-d174dc06dec6 HTTP/1.1
Host: ab6de09242.441a8a5527.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:28 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XIuEEjhowcY3C0wCEDhkgaNmbEaJEjTIwZLW7UEFMmh4wyNMrcCINDxMM5YtKQUahji4gZOHDMgCGiy8MwdcZkpCFjjBkaNWaEaVF1aQsaM26IYRmGBowWNmrkuFFmDNYwZnL0fErGDkUcNOQ-hFNHDMWPN57CgUPxRmARc-BM1GE2R460Mx6OaUNYx4y8MDLTNbNQRmQRYty46UzVBlWHItq4wchwhoySe1WzjtExBo6HdWJkREOHDpw5Ol68OPPGBZ7jadRQdjHmTZsXc9qEkeP7DZwXY2aYCXP5hgwcMGrcwFETRpgcZXCEEROjjI3vMMbAKDPDRkMZNMg0jEFmjBgz7okhxkzeaVdGTTTcMEZ6OPxQxxwIJUFGD2WQkdNleZUkQ1k0wMXTSw3BsFMO-m0YwxiPeSaDbTbMR8N_Y4yxoUtizKCVbTisJUaLZXBRR2Yy2DDHG3XIsaCEPVyWQ2Yw-AikDW2U0QZNciB5xxjr4WFEDGd8AcMVdYRhhBFK1PGEFi1csQQabRSBBRphYPGGHFPYoBQNeCAxhxNahPHGDHhQkUMRRlAVRBFauCFFFVmwIcYTcIQxxB01pEHETFFQUUMeQpShhxZ34JFHC0fY8USOU9whhhZ6yPBEEC9lgUccv7nRxhdnVJEEEYum4SQMQcIRQw-NPZbVr0HSEcYZPUTpRgkyDNGCsz6JQIZzGdUg30Y2RASgCy3VpxVmMDCHrWRhLLbFa06BxpkO5cJQkQhy2FGZbbjVkUZG441BxlVk2DBSGPZ9hcOOLNVAUgth7GSWZ2PEYIOd1aZRmQg5xABuuVS50BAN1crxhcUZZbyxCx1_XG2YGTXxhh5psMFGGC_U4AIMIKCARQwx7AACE2m4UQceIOCBgw1fmOZzvTo8dnMKIBzR1hpvvFBSDJlhHQMIRqQhRxlmvIHHC04zJZlUOojgxBPVzvlFjBmtXS0baItQhBPVHmTHF1-zQZF449UHHgwPyXHGaDrIoPBhen8hhhwLJfVQ4228QUZnR89LhhxvLPTZG0TJsBfnoi5EQ-Fg79bbb8HVvO0N3VpVBrjcpVTWkuU291y1c9SbEefK0jFnC3W4kQYdLWDtQn8e5V33QV8wL0O1dLRB0cSm0TD4YdVPzxD2NGif2Xjh08V3GYl9ke71E4e__UNl7B0GGwjRQdQWl7W73mLWgg0VGxPZC90WQjgRjIE1MOiDAgIC&s=a5a74a26539d115ee22d0a44280a50c5bffc42a4d3a90b93411842749ad6eb991666448007&w=t&r=1&d=233&priv=false
136.243.46.156200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XIuEEjhowcY3C0wCEDhkgaNmbEaJEjTIwZLW7UEFMmh4wyNMrcCINDxMM5YtKQUahji4gZOHDMgCGiy8MwdcZkpCFjjBkaNWaEaVF1aQsaM26IYRmGBowWNmrkuFFmDNYwZnL0fErGDkUcNOQ-hFNHDMWPN57CgUPxRmARc-BM1GE2R460Mx6OaUNYx4y8MDLTNbNQRmQRYty46UzVBlWHItq4wchwhoySe1WzjtExBo6HdWJkREOHDpw5Ol68OPPGBZ7jadRQdjHmTZsXc9qEkeP7DZwXY2aYCXP5hgwcMGrcwFETRpgcZXCEEROjjI3vMMbAKDPDRkMZNMg0jEFmjBgz7okhxkzeaVdGTTTcMEZ6OPxQxxwIJUFGD2WQkdNleZUkQ1k0wMXTSw3BsFMO-m0YwxiPeSaDbTbMR8N_Y4yxoUtizKCVbTisJUaLZXBRR2Yy2DDHG3XIsaCEPVyWQ2Yw-AikDW2U0QZNciB5xxjr4WFEDGd8AcMVdYRhhBFK1PGEFi1csQQabRSBBRphYPGGHFPYoBQNeCAxhxNahPHGDHhQkUMRRlAVRBFauCFFFVmwIcYTcIQxxB01pEHETFFQUUMeQpShhxZ34JFHC0fY8USOU9whhhZ6yPBEEC9lgUccv7nRxhdnVJEEEYum4SQMQcIRQw-NPZbVr0HSEcYZPUTpRgkyDNGCsz6JQIZzGdUg30Y2RASgCy3VpxVmMDCHrWRhLLbFa06BxpkO5cJQkQhy2FGZbbjVkUZG441BxlVk2DBSGPZ9hcOOLNVAUgth7GSWZ2PEYIOd1aZRmQg5xABuuVS50BAN1crxhcUZZbyxCx1_XG2YGTXxhh5psMFGGC_U4AIMIKCARQwx7AACE2m4UQceIOCBgw1fmOZzvTo8dnMKIBzR1hpvvFBSDJlhHQMIRqQhRxlmvIHHC04zJZlUOojgxBPVzvlFjBmtXS0baItQhBPVHmTHF1-zQZF449UHHgwPyXHGaDrIoPBhen8hhhwLJfVQ4228QUZnR89LhhxvLPTZG0TJsBfnoi5EQ-Fg79bbb8HVvO0N3VpVBrjcpVTWkuU291y1c9SbEefK0jFnC3W4kQYdLWDtQn8e5V33QV8wL0O1dLRB0cSm0TD4YdVPzxD2NGif2Xjh08V3GYl9ke71E4e__UNl7B0GGwjRQdQWl7W73mLWgg0VGxPZC90WQjgRjIE1MOiDAgIC&s=a5a74a26539d115ee22d0a44280a50c5bffc42a4d3a90b93411842749ad6eb991666448007&w=t&r=1&d=233&priv=false
IP 136.243.46.156:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XIuEEjhowcY3C0wCEDhkgaNmbEaJEjTIwZLW7UEFMmh4wyNMrcCINDxMM5YtKQUahji4gZOHDMgCGiy8MwdcZkpCFjjBkaNWaEaVF1aQsaM26IYRmGBowWNmrkuFFmDNYwZnL0fErGDkUcNOQ-hFNHDMWPN57CgUPxRmARc-BM1GE2R460Mx6OaUNYx4y8MDLTNbNQRmQRYty46UzVBlWHItq4wchwhoySe1WzjtExBo6HdWJkREOHDpw5Ol68OPPGBZ7jadRQdjHmTZsXc9qEkeP7DZwXY2aYCXP5hgwcMGrcwFETRpgcZXCEEROjjI3vMMbAKDPDRkMZNMg0jEFmjBgz7okhxkzeaVdGTTTcMEZ6OPxQxxwIJUFGD2WQkdNleZUkQ1k0wMXTSw3BsFMO-m0YwxiPeSaDbTbMR8N_Y4yxoUtizKCVbTisJUaLZXBRR2Yy2DDHG3XIsaCEPVyWQ2Yw-AikDW2U0QZNciB5xxjr4WFEDGd8AcMVdYRhhBFK1PGEFi1csQQabRSBBRphYPGGHFPYoBQNeCAxhxNahPHGDHhQkUMRRlAVRBFauCFFFVmwIcYTcIQxxB01pEHETFFQUUMeQpShhxZ34JFHC0fY8USOU9whhhZ6yPBEEC9lgUccv7nRxhdnVJEEEYum4SQMQcIRQw-NPZbVr0HSEcYZPUTpRgkyDNGCsz6JQIZzGdUg30Y2RASgCy3VpxVmMDCHrWRhLLbFa06BxpkO5cJQkQhy2FGZbbjVkUZG441BxlVk2DBSGPZ9hcOOLNVAUgth7GSWZ2PEYIOd1aZRmQg5xABuuVS50BAN1crxhcUZZbyxCx1_XG2YGTXxhh5psMFGGC_U4AIMIKCARQwx7AACE2m4UQceIOCBgw1fmOZzvTo8dnMKIBzR1hpvvFBSDJlhHQMIRqQhRxlmvIHHC04zJZlUOojgxBPVzvlFjBmtXS0baItQhBPVHmTHF1-zQZF449UHHgwPyXHGaDrIoPBhen8hhhwLJfVQ4228QUZnR89LhhxvLPTZG0TJsBfnoi5EQ-Fg79bbb8HVvO0N3VpVBrjcpVTWkuU291y1c9SbEefK0jFnC3W4kQYdLWDtQn8e5V33QV8wL0O1dLRB0cSm0TD4YdVPzxD2NGif2Xjh08V3GYl9ke71E4e__UNl7B0GGwjRQdQWl7W73mLWgg0VGxPZC90WQjgRjIE1MOiDAgIC&s=a5a74a26539d115ee22d0a44280a50c5bffc42a4d3a90b93411842749ad6eb991666448007&w=t&r=1&d=233&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=78cdf4d6-8a61-48b6-9582-a7a4023c1668
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash da6102bfb7218da62b876ce95372074b
d30dde85282c57d01c8b14b71a4bffc045489900
7f56fd5a18b7e596c3b051be4f9d9c990a0040a935ea7cc7af2ec2d701845327
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6263
Cache-Control: max-age=94440
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:28 GMT
Etag: "6352aff9-117"
Expires: Sun, 23 Oct 2022 16:27:28 GMT
Last-Modified: Fri, 21 Oct 2022 14:43:05 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash da6102bfb7218da62b876ce95372074b
d30dde85282c57d01c8b14b71a4bffc045489900
7f56fd5a18b7e596c3b051be4f9d9c990a0040a935ea7cc7af2ec2d701845327
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6160
Cache-Control: max-age=94337
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:28 GMT
Etag: "6352aff9-117"
Expires: Sun, 23 Oct 2022 16:25:45 GMT
Last-Modified: Fri, 21 Oct 2022 14:43:05 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
94.130.197.136200 OK 590 B URL HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP 94.130.197.136:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ab6de09242.441a8a5527.com/in/show/?mid=1910869085&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=2020051113&sid=3535497042&cid=12647&price=0.01675000024959445&is_cpm=0&cpm=0&ecpm=0.10127375783334977&crid=5713643&crtid=1c81c2cc33a9d6c8cd6172aeefa0077e&tcid=0&out_id=0&ver=7.9.2&ver_c=&refdom=gay112.com&hostname=auc-inpage-hz-3-c&site_id=3120724&spot_id=20724&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1666534407&created_at=2022-10-22&is_native=1&auction_queue=0&burl=2cqx5FaE4HTYpLsUKcup8FnHKciHfFuelAcJC_4G-7reRi6n7pmGMA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7320724&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.003464593146130911&placement_type_id=&skin_test=0&verify_hash=fe22ee599ae894a8978386132c9782b0&score=96.53917686518113&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D2020051113%26spot_id%3D20724%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fgay112.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.01675000024959445&user_fp=0&v2_track=0&url=GXBZMxU8YqvJURXS1sIKL08MWdCQolAZaMCgDIGteuuSBosCm8nFfwoKrIG9Rde_zk-vtEkU1rj4pl-Rxo_BQyqME0VvHZYLtZBFh33loMCflJA0LtA6dbA4DjVGAxbj_kJRZkcg_CcYSolWtD5ngPstVi5xnqhtaiF5RS9VzbMF2dyFOxaONUOgOOvFvFWQUkdG4jeOZJVHbb7Wdwub9YhTv1TFkGZyFjiB3V5LINbb2hv5orqWahoHrGfkIEMIkPS6sPIo7HtFWJdvbMGTE8NW4rsvmsN7-5WmqD_lfWT6yQZOqzWrQ8qQwlWm8ipdC7gAJcGgCxwgib_oiR12NcKKUoGe95hbAIFgIqmgKVJE00YjeaqWiTlRLIXW8mGIk_-nm20ymlGecuP3IE-ikqFA1kxjYst8MamNZ4Wis0UUg7Lv7kpHrSpeRCUjbDsxc46_PvMK5C8sx3PP21xzFE4Ey0xIOqoij9WEklf75-Bgxev4VanYvuvLZ-5Cyg7eFeUrv3QGgO1ycK_V3TzhKcZF75eHRmTfTCYEx7ImG3yrUbHsQiIFVXIPzr8Bps5KjX7maeh7873-C8Jn6HoYVfA1ya6r4bhGRDQDYAz-cOXgL5ZnvQKouK99BFA4ftBFqmm0Uv5lMGdxTitMy1rdMpTjgimomMwmbyNS9AA1wOtF_K8T_CYTXAY8_QkEfShrSEVdDAicKJryIKfe9E3CuUiCf-FyPiU9ldlL9Dqj9g71dKYW2GopG_hBBG_xFc46TijlEJ4uHsZ1HuhR11iNh0Jkj350-UxNoLsSt-r7S_gcld3rMtEl3ftBBbNLp-rF6yapuU-0zBeHfxlC7ClPxRDBT9BYUnqKDIE847K99mZU37NeSrjQgoWv4qMcVFWC6rCVcnTV2IP7eSffh3hKrmI8BSaF4OwYmbbHBvw7hHlF9nYB6wb1xXHP2u3PE1Svr9m_gdEjxt-5nAdCGdGKP7JfdaNpM7fF4Z-YgPRdiAZw6-BJ-QiHapcPRY_MbfTyiusNM0BmJLgvCLMTj50KdG2KU2sMsu59OmGNKlPHFghdzJ_O7rjMk_4CJUyo6q4jT9p7DPcm_aGez_5GbCNY9Y94sV40HNvq1q7G1udumM2d&image_url=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fq85%2Fimage%2Fvk%2F3643%2F643%2Frect_626aadf074621t1651158512r522.png.webp&skin_id=4&vertical_id=0&real_bid=0.012897500192187727&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=Gay,Adult&format=social-scale-b_r-body&cpa=0c06590f-c0ff-43af-a262-efaebece8f65
168.119.25.22302 Found 0 B URL HTTP/2 ab6de09242.441a8a5527.com/in/show/?mid=1910869085&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=2020051113&sid=3535497042&cid=12647&price=0.01675000024959445&is_cpm=0&cpm=0&ecpm=0.10127375783334977&crid=5713643&crtid=1c81c2cc33a9d6c8cd6172aeefa0077e&tcid=0&out_id=0&ver=7.9.2&ver_c=&refdom=gay112.com&hostname=auc-inpage-hz-3-c&site_id=3120724&spot_id=20724&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1666534407&created_at=2022-10-22&is_native=1&auction_queue=0&burl=2cqx5FaE4HTYpLsUKcup8FnHKciHfFuelAcJC_4G-7reRi6n7pmGMA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7320724&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.003464593146130911&placement_type_id=&skin_test=0&verify_hash=fe22ee599ae894a8978386132c9782b0&score=96.53917686518113&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D2020051113%26spot_id%3D20724%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fgay112.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.01675000024959445&user_fp=0&v2_track=0&url=GXBZMxU8YqvJURXS1sIKL08MWdCQolAZaMCgDIGteuuSBosCm8nFfwoKrIG9Rde_zk-vtEkU1rj4pl-Rxo_BQyqME0VvHZYLtZBFh33loMCflJA0LtA6dbA4DjVGAxbj_kJRZkcg_CcYSolWtD5ngPstVi5xnqhtaiF5RS9VzbMF2dyFOxaONUOgOOvFvFWQUkdG4jeOZJVHbb7Wdwub9YhTv1TFkGZyFjiB3V5LINbb2hv5orqWahoHrGfkIEMIkPS6sPIo7HtFWJdvbMGTE8NW4rsvmsN7-5WmqD_lfWT6yQZOqzWrQ8qQwlWm8ipdC7gAJcGgCxwgib_oiR12NcKKUoGe95hbAIFgIqmgKVJE00YjeaqWiTlRLIXW8mGIk_-nm20ymlGecuP3IE-ikqFA1kxjYst8MamNZ4Wis0UUg7Lv7kpHrSpeRCUjbDsxc46_PvMK5C8sx3PP21xzFE4Ey0xIOqoij9WEklf75-Bgxev4VanYvuvLZ-5Cyg7eFeUrv3QGgO1ycK_V3TzhKcZF75eHRmTfTCYEx7ImG3yrUbHsQiIFVXIPzr8Bps5KjX7maeh7873-C8Jn6HoYVfA1ya6r4bhGRDQDYAz-cOXgL5ZnvQKouK99BFA4ftBFqmm0Uv5lMGdxTitMy1rdMpTjgimomMwmbyNS9AA1wOtF_K8T_CYTXAY8_QkEfShrSEVdDAicKJryIKfe9E3CuUiCf-FyPiU9ldlL9Dqj9g71dKYW2GopG_hBBG_xFc46TijlEJ4uHsZ1HuhR11iNh0Jkj350-UxNoLsSt-r7S_gcld3rMtEl3ftBBbNLp-rF6yapuU-0zBeHfxlC7ClPxRDBT9BYUnqKDIE847K99mZU37NeSrjQgoWv4qMcVFWC6rCVcnTV2IP7eSffh3hKrmI8BSaF4OwYmbbHBvw7hHlF9nYB6wb1xXHP2u3PE1Svr9m_gdEjxt-5nAdCGdGKP7JfdaNpM7fF4Z-YgPRdiAZw6-BJ-QiHapcPRY_MbfTyiusNM0BmJLgvCLMTj50KdG2KU2sMsu59OmGNKlPHFghdzJ_O7rjMk_4CJUyo6q4jT9p7DPcm_aGez_5GbCNY9Y94sV40HNvq1q7G1udumM2d&image_url=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fq85%2Fimage%2Fvk%2F3643%2F643%2Frect_626aadf074621t1651158512r522.png.webp&skin_id=4&vertical_id=0&real_bid=0.012897500192187727&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=Gay,Adult&format=social-scale-b_r-body&cpa=0c06590f-c0ff-43af-a262-efaebece8f65
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=1910869085&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=2020051113&sid=3535497042&cid=12647&price=0.01675000024959445&is_cpm=0&cpm=0&ecpm=0.10127375783334977&crid=5713643&crtid=1c81c2cc33a9d6c8cd6172aeefa0077e&tcid=0&out_id=0&ver=7.9.2&ver_c=&refdom=gay112.com&hostname=auc-inpage-hz-3-c&site_id=3120724&spot_id=20724&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1666534407&created_at=2022-10-22&is_native=1&auction_queue=0&burl=2cqx5FaE4HTYpLsUKcup8FnHKciHfFuelAcJC_4G-7reRi6n7pmGMA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7320724&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.003464593146130911&placement_type_id=&skin_test=0&verify_hash=fe22ee599ae894a8978386132c9782b0&score=96.53917686518113&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D2020051113%26spot_id%3D20724%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fgay112.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.01675000024959445&user_fp=0&v2_track=0&url=GXBZMxU8YqvJURXS1sIKL08MWdCQolAZaMCgDIGteuuSBosCm8nFfwoKrIG9Rde_zk-vtEkU1rj4pl-Rxo_BQyqME0VvHZYLtZBFh33loMCflJA0LtA6dbA4DjVGAxbj_kJRZkcg_CcYSolWtD5ngPstVi5xnqhtaiF5RS9VzbMF2dyFOxaONUOgOOvFvFWQUkdG4jeOZJVHbb7Wdwub9YhTv1TFkGZyFjiB3V5LINbb2hv5orqWahoHrGfkIEMIkPS6sPIo7HtFWJdvbMGTE8NW4rsvmsN7-5WmqD_lfWT6yQZOqzWrQ8qQwlWm8ipdC7gAJcGgCxwgib_oiR12NcKKUoGe95hbAIFgIqmgKVJE00YjeaqWiTlRLIXW8mGIk_-nm20ymlGecuP3IE-ikqFA1kxjYst8MamNZ4Wis0UUg7Lv7kpHrSpeRCUjbDsxc46_PvMK5C8sx3PP21xzFE4Ey0xIOqoij9WEklf75-Bgxev4VanYvuvLZ-5Cyg7eFeUrv3QGgO1ycK_V3TzhKcZF75eHRmTfTCYEx7ImG3yrUbHsQiIFVXIPzr8Bps5KjX7maeh7873-C8Jn6HoYVfA1ya6r4bhGRDQDYAz-cOXgL5ZnvQKouK99BFA4ftBFqmm0Uv5lMGdxTitMy1rdMpTjgimomMwmbyNS9AA1wOtF_K8T_CYTXAY8_QkEfShrSEVdDAicKJryIKfe9E3CuUiCf-FyPiU9ldlL9Dqj9g71dKYW2GopG_hBBG_xFc46TijlEJ4uHsZ1HuhR11iNh0Jkj350-UxNoLsSt-r7S_gcld3rMtEl3ftBBbNLp-rF6yapuU-0zBeHfxlC7ClPxRDBT9BYUnqKDIE847K99mZU37NeSrjQgoWv4qMcVFWC6rCVcnTV2IP7eSffh3hKrmI8BSaF4OwYmbbHBvw7hHlF9nYB6wb1xXHP2u3PE1Svr9m_gdEjxt-5nAdCGdGKP7JfdaNpM7fF4Z-YgPRdiAZw6-BJ-QiHapcPRY_MbfTyiusNM0BmJLgvCLMTj50KdG2KU2sMsu59OmGNKlPHFghdzJ_O7rjMk_4CJUyo6q4jT9p7DPcm_aGez_5GbCNY9Y94sV40HNvq1q7G1udumM2d&image_url=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fq85%2Fimage%2Fvk%2F3643%2F643%2Frect_626aadf074621t1651158512r522.png.webp&skin_id=4&vertical_id=0&real_bid=0.012897500192187727&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=Gay,Adult&format=social-scale-b_r-body&cpa=0c06590f-c0ff-43af-a262-efaebece8f65 HTTP/1.1
Host: ab6de09242.441a8a5527.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:28 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://s.viiqvmfb.com/n/1064/pbiesytebz6v2ctgp56fmycjmbvas4c6arqhq6svnfabqk6shjrtuy36fbmwmhtegave4xafm56h2vldmcxlek3jxph2vbfvt2xypk2tbbefciqg45btsoay2h7ixggdqxbzfalahd72dhncj4m3favhsfscrg273a4rqyozrojus6kojfkfeohj6cv464adrblqcvcshbewsmvgodfwaupqkvmkqshirfpp6su42jooyu7gikuthpmss5rz26kd4xuxdpbtlwmgqwvvpgmz55dvqezurmsko3t2s3h2hf3nsm2v65fadcdz42hzfylk2jl73fwl7b53yuzzxnudcay4b7ufecljldx6ugoxnhpusyh2pjlqo2yn3eyodlp2ykvypk5ny5ekwmd6izfwcugyzxf2c5tymdxfcnuio3uwwyrmof6xgbhxkuolsxwfnvuus2jskzhuxelpwbldx2slnhvfitnlmpkphg6th64wwn64jrbvg2kame3aw4kzujkuz23cxf77yujz7fvdh3smq6g666mukhzklvrtuzgjn37x3zlnapcinkrffx2j7fkht5cwx66knkcq45hwbyd4q2x4jawhxxve343f46nol4odw2lm3kkosfsvus3bmegx2uafmz5xtqkvpe======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F192%2Fq85%2Fimage%2Fvk%2F3643%2F643%2F626aadf074621t1651158512r522.png.webp
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=6632f42e-5ed3-4f71-8917-994a3914f2cb&sourceId=clickadilla.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=6632f42e-5ed3-4f71-8917-994a3914f2cb&sourceId=clickadilla.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=6632f42e-5ed3-4f71-8917-994a3914f2cb&sourceId=clickadilla.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdack.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 22 Oct 2022 14:13:28 GMT
content-length: 0
location: https://creative.xlivrdr.com/LPOmega?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa&iterationId=249747&masterSmartpopId=1914&memberId=6632f42e-5ed3-4f71-8917-994a3914f2cb&p1=Promo_Banners_Straight_T1_Desk&p2=49657&ruleId=17&smartpopId=1807&sourceId=clickadilla.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29441
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=893328.29441; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbsXL8R8H9eEZS4; SameSite=None; Secure; path=/; expires=Sun, 23-Oct-22 13:13:28 GMT; HttpOnly
server: cloudflare
cf-ray: 75e2d57529ae0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=fb02d45c-175c-4f10-a0d9-5a6feaa8ce36&sourceId=clickadilla.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=fb02d45c-175c-4f10-a0d9-5a6feaa8ce36&sourceId=clickadilla.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=fb02d45c-175c-4f10-a0d9-5a6feaa8ce36&sourceId=clickadilla.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdack.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 22 Oct 2022 14:13:28 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=72d4f9afc2f0f1b08aa025ab05e9b36e3df0ba66c7200f29e663fb52e95b1e9d&iterationId=249747&masterSmartpopId=1914&memberId=fb02d45c-175c-4f10-a0d9-5a6feaa8ce36&p1=Promo_Banners_Straight_T1_Desk&p2=49657&ruleId=17&smartpopId=1807&sourceId=clickadilla.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29440
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=893328.29440; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbsXL8R8H9eEZS4; SameSite=None; Secure; path=/; expires=Sun, 23-Oct-22 13:13:28 GMT; HttpOnly
server: cloudflare
cf-ray: 75e2d57529ab0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
94.130.197.136200 OK 790 B URL HTTP/2 static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
IP 94.130.197.136:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65156a660e465299370ebd90d84aa461
12ff60b17f579a77e42a8be7b6b1892fc71be33d
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/webp
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash da6102bfb7218da62b876ce95372074b
d30dde85282c57d01c8b14b71a4bffc045489900
7f56fd5a18b7e596c3b051be4f9d9c990a0040a935ea7cc7af2ec2d701845327
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6263
Cache-Control: max-age=94440
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:28 GMT
Etag: "6352aff9-117"
Expires: Sun, 23 Oct 2022 16:27:28 GMT
Last-Modified: Fri, 21 Oct 2022 14:43:05 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2591568740d1194fc176337e6834ffd8
3f5764ba02baa4ffaec69f13c1fbefa4ae7d5b12
b2f0860e0f42c143827387a490b45186a3222187d3fb682ae178e1b5750d6690
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B2F0860E0F42C143827387A490B45186A3222187D3FB682AE178E1B5750D6690"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4669
Expires: Sat, 22 Oct 2022 15:31:17 GMT
Date: Sat, 22 Oct 2022 14:13:28 GMT
Connection: keep-alive
img.strpst.com/thumbs/1666447621/70316540
104.18.63.124200 OK 47 kB URL HTTP/2 img.strpst.com/thumbs/1666447621/70316540
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash f141c835fccd8f8b5f71927a5606c4e1
4c4d6dfee60fb087157f4fa78e5da5ebaca856a2
50a00f0470cab147de45b59aebe42af6f998f7b3acdc4657dfe52576430a8a59
GET /thumbs/1666447621/70316540 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/jpeg
content-length: 46920
cf-bgj: imgq:100,h2pri
cf-polished: origSize=49370, status=webp_bigger
etag: "e1678b3f49a7e085695779a741cd2e4a"
last-modified: Sat, 22 Oct 2022 14:08:37 GMT
cf-cache-status: HIT
age: 51
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d575ff49b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1666447621/69802171
104.18.63.124200 OK 44 kB URL HTTP/2 img.strpst.com/thumbs/1666447621/69802171
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 8d104ec9000f69eae995635314462263
2d5c0cb890971fc9e318d52173fffd9b6732a18d
84319a97e387d0781334f368e7bc6d26e7814cd202ec9bca6480d7fe90b16200
GET /thumbs/1666447621/69802171 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/jpeg
content-length: 44317
access-control-allow-credentials: true
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=46480, status=webp_bigger
etag: "aa42d2e95191e8df86c82867804d12a0"
last-modified: Sat, 22 Oct 2022 14:07:17 GMT
cf-cache-status: HIT
age: 50
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d575ff4db4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1666447621/68117617
104.18.63.124200 OK 48 kB URL HTTP/2 img.strpst.com/thumbs/1666447621/68117617
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash c2dfcf1e97eff86e8230112e7b5ce177
e755ef7de62848aa427086665b86eb70e6b2e0d2
e71795112db38ec60b350d98d89ae805a0f4400335dc95c1043def3a9001f9a5
GET /thumbs/1666447621/68117617 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/jpeg
content-length: 47969
cf-bgj: imgq:100,h2pri
cf-polished: origSize=49526, status=webp_bigger
etag: "9c4e7b4354c4c651711f733126dd1b61"
last-modified: Sat, 22 Oct 2022 14:07:05 GMT
cf-cache-status: HIT
age: 50
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d575ff4bb4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1666447621/72720269
104.18.63.124200 OK 42 kB URL HTTP/2 img.strpst.com/thumbs/1666447621/72720269
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 833bb90356913a741cd8f22ac66ac06b
8a998d1cb8382f1aa7677869ac30191a12a47d19
2ac6e4972a1e99d61e98c5e18996e8f4aa3f2e6e08757e1b80ec3a24a8b1245c
GET /thumbs/1666447621/72720269 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/jpeg
content-length: 42298
access-control-allow-credentials: true
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=43236, status=webp_bigger
etag: "48846cbbb703931ae1428098b9ed4665"
last-modified: Sat, 22 Oct 2022 14:07:04 GMT
cf-cache-status: HIT
age: 50
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d575ff50b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1666447621/56143942
104.18.63.124200 OK 37 kB URL HTTP/2 img.strpst.com/thumbs/1666447621/56143942
IP 104.18.63.124:0
Hash 8df90109b533370eeade871123527185
1e2da5dbafd8fbb4ef066e4a30e6cfbef874541f
d48cb9e7a06bf20411353ed074f54399bad085da8f69c202350af1ce89614bdd
GET /thumbs/1666447621/56143942 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/jpeg
content-length: 34852
access-control-allow-credentials: true
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=36340, status=webp_bigger
etag: "7f9c2f219de6394b3167e7146dde8834"
last-modified: Sat, 22 Oct 2022 14:06:47 GMT
cf-cache-status: HIT
age: 51
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d5762f91b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d1ba0f12e8125531153cf669c9138d60
beed845a1b55918d0a91a3780010a791c86448c6
a133be87b1c8227dd83ad7c7ad53cb0b85b318e51de68b7af8a27f29b7b3a857
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A133BE87B1C8227DD83AD7C7AD53CB0B85B318E51DE68B7AF8A27F29B7B3A857"
Last-Modified: Thu, 20 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5174
Expires: Sat, 22 Oct 2022 15:39:42 GMT
Date: Sat, 22 Oct 2022 14:13:28 GMT
Connection: keep-alive
img.strpst.com/thumbs/1666447621/14273515
104.18.63.124200 OK 30 kB URL HTTP/2 img.strpst.com/thumbs/1666447621/14273515
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash a580e7571784710c97c199ef4892ff7b
e2696b57a8cc2f8f9db8ec29135f30323bfc9e77
dd3ca85b14a15ee5c3db35fce20b2839f1726d7865822d9a5c8325be70bbbe23
GET /thumbs/1666447621/14273515 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/jpeg
content-length: 30132
cf-bgj: imgq:100,h2pri
cf-polished: origSize=31505, status=webp_bigger
etag: "65ed11eed053d767316d129369199337"
last-modified: Sat, 22 Oct 2022 14:08:02 GMT
cf-cache-status: HIT
age: 72
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d5763f9eb4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1666447621/91942310
104.18.63.124200 OK 34 kB URL HTTP/2 img.strpst.com/thumbs/1666447621/91942310
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 648x360, components 3\012- data
Hash 53b981610b5890cee5eaa85f68a3d2d9
ad8bf204b4b8bb031546ba717774b358ce2e033e
b4025d6f123ec4502544f36283815834ab3734c5ec5c578290eee55fed1a7d51
GET /thumbs/1666447621/91942310 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/jpeg
content-length: 34086
cf-bgj: imgq:100,h2pri
cf-polished: origSize=35207, status=webp_bigger
etag: "78b1c0757aec486f75ff3906bce8b058"
last-modified: Sat, 22 Oct 2022 14:07:14 GMT
cf-cache-status: HIT
age: 51
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d5763fa0b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1666447621/68338932
104.18.63.124200 OK 39 kB URL HTTP/2 img.strpst.com/thumbs/1666447621/68338932
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash f49d5ebf863b6fea864137f4e9bb6619
f797b0a7107194272755b9b3c198336ff013415f
581ee4b154071386c29f15d8c87d9d18de450c430e983693b1bb1c4cba8ce6ec
GET /thumbs/1666447621/68338932 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/jpeg
content-length: 38614
access-control-allow-credentials: true
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39958, status=webp_bigger
etag: "baae77927fa34c9e0260cca314072366"
last-modified: Sat, 22 Oct 2022 14:08:13 GMT
cf-cache-status: HIT
age: 50
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d5763fa3b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1666447621/88180519
104.18.63.124200 OK 20 kB URL HTTP/2 img.strpst.com/thumbs/1666447621/88180519
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Hash 0cc7c231158ac0cda384c9a38b301fab
5e175a539bfde971451209e11e67543f8e4d11b7
c35c9a1d5339148ff0e606dabb18712a5f0dc849f0f0dda34427e7645fd9be5f
GET /thumbs/1666447621/88180519 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/jpeg
content-length: 19613
access-control-allow-credentials: true
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=20331, status=webp_bigger
etag: "479cef07f7336115d4ad31dd834abdb9"
last-modified: Sat, 22 Oct 2022 14:07:16 GMT
cf-cache-status: HIT
age: 50
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d5764fa8b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.cdnkimg.com/auto/492x328/q85/image/vk/3643/643/rect_626aadf074621t1651158512r522.png.webp
45.133.44.36200 OK 10 kB URL HTTP/2 i.cdnkimg.com/auto/492x328/q85/image/vk/3643/643/rect_626aadf074621t1651158512r522.png.webp
IP 45.133.44.36:0
ASN #39572 DataWeb Global Group B.V.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 68329d624a42af6145117bed5c9a2f03
4439b8d8b7e2dc706b5e9a417852bf16e6eb17dd
ede7a9f931abc7e53d07dbf4a82e992cfc38ebb280158f7fa4d12d00cab03bc6
GET /auto/492x328/q85/image/vk/3643/643/rect_626aadf074621t1651158512r522.png.webp HTTP/1.1
Host: i.cdnkimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/webp
content-length: 10348
server: nginx/1.19.0
cache-control: max-age=1209600
x-cache-status: MISS
expires: Sat, 05 Nov 2022 14:13:28 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
s.viiqvmfb.com/n/1064/pbiesytebz6v2ctgp56fmycjmbvas4c6arqhq6svnfabqk6shjrtuy36fbmwmhtegave4xafm56h2vldmcxlek3jxph2vbfvt2xypk2tbbefciqg45btsoay2h7ixggdqxbzfalahd72dhncj4m3favhsfscrg273a4rqyozrojus6kojfkfeohj6cv464adrblqcvcshbewsmvgodfwaupqkvmkqshirfpp6su42jooyu7gikuthpmss5rz26kd4xuxdpbtlwmgqwvvpgmz55dvqezurmsko3t2s3h2hf3nsm2v65fadcdz42hzfylk2jl73fwl7b53yuzzxnudcay4b7ufecljldx6ugoxnhpusyh2pjlqo2yn3eyodlp2ykvypk5ny5ekwmd6izfwcugyzxf2c5tymdxfcnuio3uwwyrmof6xgbhxkuolsxwfnvuus2jskzhuxelpwbldx2slnhvfitnlmpkphg6th64wwn64jrbvg2kame3aw4kzujkuz23cxf77yujz7fvdh3smq6g666mukhzklvrtuzgjn37x3zlnapcinkrffx2j7fkht5cwx66knkcq45hwbyd4q2x4jawhxxve343f46nol4odw2lm3kkosfsvus3bmegx2uafmz5xtqkvpe======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F192%2Fq85%2Fimage%2Fvk%2F3643%2F643%2F626aadf074621t1651158512r522.png.webp
31.220.27.155302 Found 0 B URL HTTP/2 s.viiqvmfb.com/n/1064/pbiesytebz6v2ctgp56fmycjmbvas4c6arqhq6svnfabqk6shjrtuy36fbmwmhtegave4xafm56h2vldmcxlek3jxph2vbfvt2xypk2tbbefciqg45btsoay2h7ixggdqxbzfalahd72dhncj4m3favhsfscrg273a4rqyozrojus6kojfkfeohj6cv464adrblqcvcshbewsmvgodfwaupqkvmkqshirfpp6su42jooyu7gikuthpmss5rz26kd4xuxdpbtlwmgqwvvpgmz55dvqezurmsko3t2s3h2hf3nsm2v65fadcdz42hzfylk2jl73fwl7b53yuzzxnudcay4b7ufecljldx6ugoxnhpusyh2pjlqo2yn3eyodlp2ykvypk5ny5ekwmd6izfwcugyzxf2c5tymdxfcnuio3uwwyrmof6xgbhxkuolsxwfnvuus2jskzhuxelpwbldx2slnhvfitnlmpkphg6th64wwn64jrbvg2kame3aw4kzujkuz23cxf77yujz7fvdh3smq6g666mukhzklvrtuzgjn37x3zlnapcinkrffx2j7fkht5cwx66knkcq45hwbyd4q2x4jawhxxve343f46nol4odw2lm3kkosfsvus3bmegx2uafmz5xtqkvpe======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F192%2Fq85%2Fimage%2Fvk%2F3643%2F643%2F626aadf074621t1651158512r522.png.webp
IP 31.220.27.155:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /n/1064/pbiesytebz6v2ctgp56fmycjmbvas4c6arqhq6svnfabqk6shjrtuy36fbmwmhtegave4xafm56h2vldmcxlek3jxph2vbfvt2xypk2tbbefciqg45btsoay2h7ixggdqxbzfalahd72dhncj4m3favhsfscrg273a4rqyozrojus6kojfkfeohj6cv464adrblqcvcshbewsmvgodfwaupqkvmkqshirfpp6su42jooyu7gikuthpmss5rz26kd4xuxdpbtlwmgqwvvpgmz55dvqezurmsko3t2s3h2hf3nsm2v65fadcdz42hzfylk2jl73fwl7b53yuzzxnudcay4b7ufecljldx6ugoxnhpusyh2pjlqo2yn3eyodlp2ykvypk5ny5ekwmd6izfwcugyzxf2c5tymdxfcnuio3uwwyrmof6xgbhxkuolsxwfnvuus2jskzhuxelpwbldx2slnhvfitnlmpkphg6th64wwn64jrbvg2kame3aw4kzujkuz23cxf77yujz7fvdh3smq6g666mukhzklvrtuzgjn37x3zlnapcinkrffx2j7fkht5cwx66knkcq45hwbyd4q2x4jawhxxve343f46nol4odw2lm3kkosfsvus3bmegx2uafmz5xtqkvpe======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F192%2Fq85%2Fimage%2Fvk%2F3643%2F643%2F626aadf074621t1651158512r522.png.webp HTTP/1.1
Host: s.viiqvmfb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.19.0
date: Sat, 22 Oct 2022 14:13:28 GMT
content-length: 0
location: https://i.cdnkimg.com/auto/192/q85/image/vk/3643/643/626aadf074621t1651158512r522.png.webp
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d33f2e8b15d60d47afd8cbdeae23a666
1f62d350e0d975d3c26d094c4cf1b8bea4015d55
2deff67485255af17356b403f6fcfa2a490e954074308a1c07fabbd7ad276529
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2DEFF67485255AF17356B403F6FCFA2A490E954074308A1C07FABBD7AD276529"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4573
Expires: Sat, 22 Oct 2022 15:29:41 GMT
Date: Sat, 22 Oct 2022 14:13:28 GMT
Connection: keep-alive
i.cdnkimg.com/auto/192/q85/image/vk/3643/643/626aadf074621t1651158512r522.png.webp
45.133.44.36200 OK 7.7 kB URL HTTP/2 i.cdnkimg.com/auto/192/q85/image/vk/3643/643/626aadf074621t1651158512r522.png.webp
IP 45.133.44.36:0
ASN #39572 DataWeb Global Group B.V.
File type RIFF (little-endian) data, Web/P image\012- data
Hash 311dea4d14f115d233335c6e836384b4
8b92a31d5f07440ea67469f1b2827fe1bde271e4
8136f9d883af8abb2895a1c5946063fc41ed4b3a7f7226ffe2f49e49a3d0c961
GET /auto/192/q85/image/vk/3643/643/626aadf074621t1651158512r522.png.webp HTTP/1.1
Host: i.cdnkimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: image/webp
content-length: 7712
server: nginx/1.19.0
cache-control: max-age=1209600
x-cache-status: MISS
expires: Sat, 05 Nov 2022 14:13:28 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
gay112.com/no/
104.21.81.228200 OK 89 kB IP 104.21.81.228:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (15124), with CRLF, LF line terminators
Hash 6cb928c50174cb4073bd515d4976accf
6d25eaab20b90e3d38743d7846d80370c25db780
d188a1cff5f6393068bf1dcbe16d47b4d49b9f8e3aee06b1976ca30f9970da1e
GET /no/ HTTP/1.1
Host: gay112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:24 GMT
content-type: text/html; charset=UTF-8
set-cookie: vn=1; expires=Thu, 27-Oct-2022 14:13:24 GMT; Max-Age=432000; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gns5UAgtkiBn9i5PDRWC0O%2Fv%2BcI1z0RHr4HBSG8%2FCbp4RViit90RwvwWEXV9hQQew0GeF8WGOK1Y3l4j%2F3eFgrqcERG3y%2FHvSFkNoyySX5qVkjEGYjwmXUWfKSj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e2d5593ebe1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.30d64135494b.css
104.16.94.42200 OK 65 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.30d64135494b.css
IP 104.16.94.42:0
File type ASCII text, with very long lines (13319), with no line terminators
Hash f78c564cbcbc99c7d7184faf405b7673
099748d643973c298d48b9167e4ca258635e7c90
36dc1704fb6525ac76c5176b71492bb5248335a96a04204f82c50cd7905799bb
GET /CACHE/css/output.30d64135494b.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=82222
etag: W/"bf5ee7bb96e4e3d49b54ea813696ac97"
last-modified: Thu, 13 Oct 2022 22:28:19 GMT
x-amz-id-2: owhPcpCLXhCi6YyNLfrW+U3Eht5G+XCxjpYxqMj0hnrsFDrxobx2i7RsYaRxmii0M3xA6RiEHh0=
x-amz-meta-s3cmd-attrs: md5:bf5ee7bb96e4e3d49b54ea813696ac97
x-amz-request-id: PW0H4DWVRP5ZPV56
cf-cache-status: HIT
age: 747739
expires: Mon, 21 Nov 2022 14:13:28 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=KJ9DXyazNmAPglbiCN7raEfw56RDY9Qwa3qybo3AjM0-1666448008984-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d5781a180b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.1486cd5aa4f0.js
104.16.94.42200 OK 42 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.1486cd5aa4f0.js
IP 104.16.94.42:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash ce7e1fd45e4fd3182e3632affd426b29
c94bb1c3c40ba2860f00db99ba20bfc94e87e2d7
5d8d935c8ca574f0d8cc4d6b8c47f68f9df5cdae0f6971c888f2b10e2c5c90a2
GET /CACHE/js/output.1486cd5aa4f0.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:29 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=117895
etag: W/"eb2259ff6dbd950ae158f73065752aa1"
last-modified: Thu, 21 Oct 2021 18:11:54 GMT
x-amz-id-2: k6NhlyRh+XXZM7+pSOMylQwAMSlxLRy7teDHalfRWz7mnIIf6Ig6amIFaKAolUjBHmL3PkEkULk=
x-amz-meta-s3cmd-attrs: md5:eb2259ff6dbd950ae158f73065752aa1
x-amz-request-id: FHZ86T60E9WK32PB
cf-cache-status: HIT
age: 1528799
expires: Mon, 21 Nov 2022 14:13:29 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=BI48xkNzcTnW3ltIujISrJS3ygszp.e672O64O7GaQk-1666448009017-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d5784a3a0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sw.wpush.org/ps/sw.js
45.133.44.24200 OK 28 kB IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash f2fd5d18ab8bec071c0e637ee5e109a1
8eb9aa7f530a347dd541981e950e32bb94fb3231
4404a332d20ed4050c574ed5a186c43f3dd936ee94d4695c892c36b8b9f9ad68
GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 21 Oct 2022 15:29:11 GMT
etag: W/"6352bac7-158c"
content-encoding: gzip
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.90a7a6687776.js
104.16.94.42200 OK 74 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.90a7a6687776.js
IP 104.16.94.42:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 2c00b39cd38f7bbcab1c712bcafd6b2e
cbf2062dc94632482ab744b9409b3a7a2478f719
262fe4497ce521d19a9c4b2fb5d60ebe8c6336e776abe5a7d3cd54aedb2b1c7d
GET /CACHE/js/output.90a7a6687776.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"eba6018c1d2ab593c234e5750506e38a"
last-modified: Mon, 17 Oct 2022 21:37:31 GMT
x-amz-id-2: MuRi9INFlyZ8s0MfpOqtyosRRye3EDr/cdpWTRrQUKKo6PNFSGfohJwm10zs48bLswjVhUc8b0Z/eZ9oVm3U4Q==
x-amz-meta-s3cmd-attrs: md5:eba6018c1d2ab593c234e5750506e38a
x-amz-request-id: VR1ABN9AAN3FB4KK
cf-cache-status: HIT
age: 405210
expires: Mon, 21 Nov 2022 14:13:28 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=8d5wBUZ8BE94beLVhf3.3o6tQg.aqbvyMc501g1vl8U-1666448008954-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d577e9f20b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
104.16.94.42200 OK 37 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
IP 104.16.94.42:0
File type ASCII text, with very long lines (1534)
Hash 7e51d6fe63f4b832c5f69632a04f8fa3
b2350f7967c171860a522f8a9f27731474a1e985
e52b517c232c91a4df8585111190d9889c342984cdfbbe0703a4ebf0ee4a022e
GET /CACHE/js/output.e1067846ea15.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=108152
etag: W/"97a23c5e27826ee4bed1dbcfe0601da8"
last-modified: Thu, 24 Jun 2021 21:24:09 GMT
x-amz-id-2: gJdq637yDaGW5b/k/xLZcaVgKR2zPrz11wa1iwf3/kEEAF2JWIngCVC4T9LIrDSnBaklrTBcytM=
x-amz-meta-s3cmd-attrs: md5:97a23c5e27826ee4bed1dbcfe0601da8
x-amz-request-id: C8A0N4S7KE12CYZQ
cf-cache-status: HIT
age: 405960
expires: Mon, 21 Nov 2022 14:13:28 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=7ZFDRhXuJjBdQFprAml4nDC8eYXCTIBZJsxHXmGKZ54-1666448008950-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d577e9f00b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsbcIIODzA0zZlp4rFGmBQ0xOci0MGimZEGNMcrImCGjxgwzIhzOEZOGjEIdW0TMyBGD6MwcMER0cTjGzc8aMWA4DFNnDMYYQ2fEuDFUxo2cIniSwZiGTpk2X2KANWhnoQwbOGLQcAinjpiFNmvImAoHzkSsM2rohCNRB42tNGgQdVgGD50vcwhjNKjnjZsyaRXbADumjV8dM7jalPqQDE4dFMO6cbNwBgwYMWLIwOGwjZuLOmTkqAFjBl3buLe-tuGwjlodA-nQgTNHx4sXY9CEoVNHjpjpZVyMedPmRRo3L37QkQNxTY8wLc60GNOCTgwudV6_pfOmeo8hb8o0gS_fxpgwnoWRxhlu9FBDEEvkYAN_MLxFRhpzhCEGG5jNUZ8bZPTwXnwN2tDGGzxRKEUZD8pRRkTn1UEfg2-dJQaJX9jRUxlvfGEZG3loCBYZ3GFUwxgN3mADRC25kEMYM9gwQxiKvaZdj0xNt9AWMsiwlAhwyGGVDjiUBANxYZ0GgwuwMQUHWlluOeZwtIkghx2fxSCYCCeeudCaMLRZRx1pYJRDGYrR8FFgN0BFgw01HBaDGWTEwKQZPwaGg0Y4gJXGZyIQZeSYNMjggpw0gCXHF5f6GcOmLnT6aaJg1REGRk28oUcabLARxgs1kAkCCljEtgMITHxXBx4g4IGDDV_YQMOvb-qgIJkpgHDEiWu88YIMsL0WVQwgGJGGiWa8gccLzybF1JYiOPEEWG-MOga66oLFBrpFOLFjGXZ8YSIbE9Vwww04JInDaw7JQaBbNeDQkAgH5SuGHAvh0GbDX3w4Vm7HpkaGHG-05tAbP-2FJcd45LHQXAznwZoO49VRRsFlnJbccs09d0YYecTm6XbduWEtWHO8iRHHdEzXbgt1uFFWCzDkSoZGO6J70BdPf1VRGxPZoHViA8OwMB1tyJD11jR0fQO2YBqkbxmRfSElalorW_ZrC-PrNoVy0PHTFoFdKWFhDMdMFRsS0TXvnUzhBkMfCgQE&s=23b6315405d70fc4debfd3b8623a07bfa111f5cc61c277e863fbed15c2afe79d1666448007&w=t&r=1&d=1783&priv=false
136.243.46.156200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsbcIIODzA0zZlp4rFGmBQ0xOci0MGimZEGNMcrImCGjxgwzIhzOEZOGjEIdW0TMyBGD6MwcMER0cTjGzc8aMWA4DFNnDMYYQ2fEuDFUxo2cIniSwZiGTpk2X2KANWhnoQwbOGLQcAinjpiFNmvImAoHzkSsM2rohCNRB42tNGgQdVgGD50vcwhjNKjnjZsyaRXbADumjV8dM7jalPqQDE4dFMO6cbNwBgwYMWLIwOGwjZuLOmTkqAFjBl3buLe-tuGwjlodA-nQgTNHx4sXY9CEoVNHjpjpZVyMedPmRRo3L37QkQNxTY8wLc60GNOCTgwudV6_pfOmeo8hb8o0gS_fxpgwnoWRxhlu9FBDEEvkYAN_MLxFRhpzhCEGG5jNUZ8bZPTwXnwN2tDGGzxRKEUZD8pRRkTn1UEfg2-dJQaJX9jRUxlvfGEZG3loCBYZ3GFUwxgN3mADRC25kEMYM9gwQxiKvaZdj0xNt9AWMsiwlAhwyGGVDjiUBANxYZ0GgwuwMQUHWlluOeZwtIkghx2fxSCYCCeeudCaMLRZRx1pYJRDGYrR8FFgN0BFgw01HBaDGWTEwKQZPwaGg0Y4gJXGZyIQZeSYNMjggpw0gCXHF5f6GcOmLnT6aaJg1REGRk28oUcabLARxgs1kAkCCljEtgMITHxXBx4g4IGDDV_YQMOvb-qgIJkpgHDEiWu88YIMsL0WVQwgGJGGiWa8gccLzybF1JYiOPEEWG-MOga66oLFBrpFOLFjGXZ8YSIbE9Vwww04JInDaw7JQaBbNeDQkAgH5SuGHAvh0GbDX3w4Vm7HpkaGHG-05tAbP-2FJcd45LHQXAznwZoO49VRRsFlnJbccs09d0YYecTm6XbduWEtWHO8iRHHdEzXbgt1uFFWCzDkSoZGO6J70BdPf1VRGxPZoHViA8OwMB1tyJD11jR0fQO2YBqkbxmRfSElalorW_ZrC-PrNoVy0PHTFoFdKWFhDMdMFRsS0TXvnUzhBkMfCgQE&s=23b6315405d70fc4debfd3b8623a07bfa111f5cc61c277e863fbed15c2afe79d1666448007&w=t&r=1&d=1783&priv=false
IP 136.243.46.156:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsbcIIODzA0zZlp4rFGmBQ0xOci0MGimZEGNMcrImCGjxgwzIhzOEZOGjEIdW0TMyBGD6MwcMER0cTjGzc8aMWA4DFNnDMYYQ2fEuDFUxo2cIniSwZiGTpk2X2KANWhnoQwbOGLQcAinjpiFNmvImAoHzkSsM2rohCNRB42tNGgQdVgGD50vcwhjNKjnjZsyaRXbADumjV8dM7jalPqQDE4dFMO6cbNwBgwYMWLIwOGwjZuLOmTkqAFjBl3buLe-tuGwjlodA-nQgTNHx4sXY9CEoVNHjpjpZVyMedPmRRo3L37QkQNxTY8wLc60GNOCTgwudV6_pfOmeo8hb8o0gS_fxpgwnoWRxhlu9FBDEEvkYAN_MLxFRhpzhCEGG5jNUZ8bZPTwXnwN2tDGGzxRKEUZD8pRRkTn1UEfg2-dJQaJX9jRUxlvfGEZG3loCBYZ3GFUwxgN3mADRC25kEMYM9gwQxiKvaZdj0xNt9AWMsiwlAhwyGGVDjiUBANxYZ0GgwuwMQUHWlluOeZwtIkghx2fxSCYCCeeudCaMLRZRx1pYJRDGYrR8FFgN0BFgw01HBaDGWTEwKQZPwaGg0Y4gJXGZyIQZeSYNMjggpw0gCXHF5f6GcOmLnT6aaJg1REGRk28oUcabLARxgs1kAkCCljEtgMITHxXBx4g4IGDDV_YQMOvb-qgIJkpgHDEiWu88YIMsL0WVQwgGJGGiWa8gccLzybF1JYiOPEEWG-MOga66oLFBrpFOLFjGXZ8YSIbE9Vwww04JInDaw7JQaBbNeDQkAgH5SuGHAvh0GbDX3w4Vm7HpkaGHG-05tAbP-2FJcd45LHQXAznwZoO49VRRsFlnJbccs09d0YYecTm6XbduWEtWHO8iRHHdEzXbgt1uFFWCzDkSoZGO6J70BdPf1VRGxPZoHViA8OwMB1tyJD11jR0fQO2YBqkbxmRfSElalorW_ZrC-PrNoVy0PHTFoFdKWFhDMdMFRsS0TXvnUzhBkMfCgQE&s=23b6315405d70fc4debfd3b8623a07bfa111f5cc61c277e863fbed15c2afe79d1666448007&w=t&r=1&d=1783&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://r-eu.tsyndicate.com/
Cookie: ts_uid=78cdf4d6-8a61-48b6-9582-a7a4023c1668
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 14:13:29 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNjk1LCJzcGFjZWlkIjoyMTY5NCwidHlwZSI6InBvcCIsImlkem9uZSI6MSwiYWRfdGFncyI6IkdheSUyQ0FzaWFuJTJDQmFyZWJhY2slMkNIRCUyQ0RlZXB0aHJvYXQlMkNDdW1zaG90IiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMzg4MzAiLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjoyMTY5NCwibXVsdGlwbGUiOmZhbHNlLCJpc19pZnJhbWUiOnRydWUsInJlZmRvbWFpbiI6ImdheTExMi5jb20iLCJwbCI6MCwic3RyYXRhZ2VtIjpudWxsLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTZ9LCJiYW5uZXIiOnsidyI6MSwiaCI6MX19XSwic2l0ZSI6eyJpZCI6IjIxNjk0IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyNDM4Mn19
162.55.139.130302 Found 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNjk1LCJzcGFjZWlkIjoyMTY5NCwidHlwZSI6InBvcCIsImlkem9uZSI6MSwiYWRfdGFncyI6IkdheSUyQ0FzaWFuJTJDQmFyZWJhY2slMkNIRCUyQ0RlZXB0aHJvYXQlMkNDdW1zaG90IiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMzg4MzAiLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjoyMTY5NCwibXVsdGlwbGUiOmZhbHNlLCJpc19pZnJhbWUiOnRydWUsInJlZmRvbWFpbiI6ImdheTExMi5jb20iLCJwbCI6MCwic3RyYXRhZ2VtIjpudWxsLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTZ9LCJiYW5uZXIiOnsidyI6MSwiaCI6MX19XSwic2l0ZSI6eyJpZCI6IjIxNjk0IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyNDM4Mn19
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNjk1LCJzcGFjZWlkIjoyMTY5NCwidHlwZSI6InBvcCIsImlkem9uZSI6MSwiYWRfdGFncyI6IkdheSUyQ0FzaWFuJTJDQmFyZWJhY2slMkNIRCUyQ0RlZXB0aHJvYXQlMkNDdW1zaG90IiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMzg4MzAiLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjoyMTY5NCwibXVsdGlwbGUiOmZhbHNlLCJpc19pZnJhbWUiOnRydWUsInJlZmRvbWFpbiI6ImdheTExMi5jb20iLCJwbCI6MCwic3RyYXRhZ2VtIjpudWxsLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTZ9LCJiYW5uZXIiOnsidyI6MSwiaCI6MX19XSwic2l0ZSI6eyJpZCI6IjIxNjk0IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyNDM4Mn19 HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:29 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://rtbrennab.com/banner/in/show/?mid=667950215&pid=0&site=21694&sc=NO&usage_type=DCH&subid=38830&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-banner-hz-10&site_id=0&spot_id=21694&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=99&ml=&tag_ab=&ttl=&space_id=21694&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D21694%26source%3D38830%26idzone%3D1%26w%3D1%26h%3D1%26mo%3D%26ve%3D%26site_id%3D21694%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3DGay%252CAsian%252CBareback%252CHD%252CDeepthroat%252CCumshot%26spot_id%3D21694%26p%3Dhttps%253A%252F%252Fgay112.com%252F%26katds_labels%3D%26btype%3D0%26score%3D99%26bf%3D0.0001&pr=gay112.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&stratagem=&ssp=3756
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 59c476019a920f38a083029db4891af4
721200e0957ff1391f9a8cc6c0f3756b2aba22b8
f2812b219d2077df5d29990f273fd38878488d6773e04ba27d8719f310209d2b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 301
Cache-Control: max-age=109357
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:29 GMT
Etag: "63530189-138"
Expires: Sun, 23 Oct 2022 20:36:06 GMT
Last-Modified: Fri, 21 Oct 2022 20:31:05 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 312
creative.xxxvjmp.com/widgets/v4/MobileSlider?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&isFace=1&iterationId=28473&masterSmartpopId=0&memberId=Wx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi&p1=4099653&ruleId=0&showButton=1&showModelName=1&showTitle=1&smartpopId=1547&sourceId=349000&tag=men%2C-men&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=21696
104.18.59.150200 OK 2.9 kB URL HTTP/2 creative.xxxvjmp.com/widgets/v4/MobileSlider?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&isFace=1&iterationId=28473&masterSmartpopId=0&memberId=Wx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi&p1=4099653&ruleId=0&showButton=1&showModelName=1&showTitle=1&smartpopId=1547&sourceId=349000&tag=men%2C-men&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=21696
IP 104.18.59.150:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 69487de476c1ce003430b0bf9bb985d1
cebcc1d1180dbd4ffa98b5c9f6345acbdf77351a
e6e73260a9fb7ce0a1fa73ddd363d7e7ac5018b4722f26277f3358d87800decf
GET /widgets/v4/MobileSlider?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&isFace=1&iterationId=28473&masterSmartpopId=0&memberId=Wx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi&p1=4099653&ruleId=0&showButton=1&showModelName=1&showTitle=1&smartpopId=1547&sourceId=349000&tag=men%2C-men&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=21696 HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: text/html
last-modified: Tue, 18 Oct 2022 11:05:34 GMT
expires: Sat, 22 Oct 2022 14:13:20 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 8
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d573498e0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=21694&source=38830&idzone=1&w=1&h=1&mo=&ve=&site_id=21694&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&spot_id=21694&p=https%3A%2F%2Fgay112.com%2F&katds_labels=&btype=0&score=99&bf=0.0001
109.206.176.75302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=21694&source=38830&idzone=1&w=1&h=1&mo=&ve=&site_id=21694&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&spot_id=21694&p=https%3A%2F%2Fgay112.com%2F&katds_labels=&btype=0&score=99&bf=0.0001
IP 109.206.176.75:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=21694&source=38830&idzone=1&w=1&h=1&mo=&ve=&site_id=21694&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&spot_id=21694&p=https%3A%2F%2Fgay112.com%2F&katds_labels=&btype=0&score=99&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://txxx.com/
Connection: keep-alive
Cookie: 912.0=1; 1624.0=1; 1625.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:30 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://cdn.1vag.com/1x1.png
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Sun, 23 Oct 2022 14:13:30 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48220e8f077a0bf0b5782e73ef0ef996
0306f205f6219f7f72b1341df40b3c09d7b0ebda
39e6fefbcc7f3ca1bd4bf365bd7ace6248841a5e43af715a21c101e8c57b2818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39E6FEFBCC7F3CA1BD4BF365BD7ACE6248841A5E43AF715A21C101E8C57B2818"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6536
Expires: Sat, 22 Oct 2022 16:02:26 GMT
Date: Sat, 22 Oct 2022 14:13:30 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 59c476019a920f38a083029db4891af4
721200e0957ff1391f9a8cc6c0f3756b2aba22b8
f2812b219d2077df5d29990f273fd38878488d6773e04ba27d8719f310209d2b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 302
Cache-Control: max-age=109357
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:30 GMT
Etag: "63530189-138"
Expires: Sun, 23 Oct 2022 20:36:07 GMT
Last-Modified: Fri, 21 Oct 2022 20:31:05 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 312
cdn.1vag.com/1x1.png
45.133.44.24200 OK 68 B IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /1x1.png HTTP/1.1
Host: cdn.1vag.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://txxx.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:30 GMT
content-type: image/png
content-length: 68
server: nginx/1.20.1
last-modified: Wed, 15 Apr 2020 13:30:15 GMT
etag: "5e970c67-44"
cache-control: max-age=3600
x-request-id: e0cea73041c202c45e6ab3a8b14597f5
expires: Sat, 22 Oct 2022 15:13:30 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
chatw-58.stream.highwebmedia.com/ws/info?t=1666448024413
104.19.242.83200 OK 18 kB URL HTTP/2 chatw-58.stream.highwebmedia.com/ws/info?t=1666448024413
IP 104.19.242.83:0
File type JSON data\012- , ASCII text
Hash 5402fbcd0c6e3835bd25277fdc1b20d0
c7ecd93b90a33e3a9ed3528a535e21d5463b2459
4a46dc05d57c8dd5fd3802aeb77a4ff4ce1fff03d0f7ddcc79226c91a2861190
GET /ws/info?t=1666448024413 HTTP/1.1
Host: chatw-58.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Cookie: _cfuvid=pDFc0YWPl_zNIxZyVzyqyMuVVpeA_m6Qzft5t4EIG3k-1666448008991-0-604800000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:30 GMT
content-type: application/json; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 75e2d57e6c071c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 019d78f49ef2b31d4969e1950815c3d7
c3f15bf1eed34281b65962aea6725141745676bb
c806a737ce6b183e83c8a4f4a068bdc7a67ce601cd68e0a507fc09650e5e4678
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5803
Cache-Control: max-age=118458
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 14:13:30 GMT
Etag: "63530f99-1d7"
Expires: Sun, 23 Oct 2022 23:07:48 GMT
Last-Modified: Fri, 21 Oct 2022 21:31:05 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2146&ck=1&ref=https://chaturbate.com/embed/asmodeosx/&ap=152&be=807&fe=1776&dc=1388&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1666448022562,%22n%22:0,%22r%22:0,%22re%22:371,%22f%22:371,%22dn%22:371,%22dne%22:371,%22c%22:371,%22s%22:371,%22ce%22:371,%22rq%22:387,%22rp%22:701,%22rpe%22:705,%22dl%22:784,%22di%22:1327,%22ds%22:1387,%22de%22:1396,%22dc%22:1775,%22l%22:1775,%22le%22:1782%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFNcB10EVgVcAFBWBlZWABh2Yi0TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlASXFYFBwwXG0kbGRtGDW5RDhEXRllEWl1YRRRDWwAWBkoACVQXFRMSWE0EPQoAQVwIGRtCCEVcPgYMCQIPVxcDEwJZWBUXEQYCElwbWl4MExVDEAYVFgNKQWZZDkJNQ1hBBwsHTUBLUwBFXE8BDAlBShtXS14WQlwTPQoAQVwbDQkCAFAPUFJOUFFUXxgNUwQEFABbAVROA18FDwJRU1wDB1RUQUobR1xXBENcE0BZRgsSTUVKC04eS0wHFkoXFUBbXVgCUE0ETAALDkkbGRtDBEBMBBEXOw4DTV1WVUMLGyYnN0ZPRElMTVkOX2YXBxEXCglXFwMTUh8OQ05BEQI5XVBPWAJUZgcDDg0PHxsPG34VWVwTQE9GFgdmUVxHCFJcPhYaFAZEAxddVBJaTQ4SQUhBE1hqVkI%2BV1gMCw8dQVwbeVBfFEkbTUAWBTwJSmpPVBNCUA4MQV5BRBUXTFA%2BU0sOFRABETlfVFRYDUgbW0AlDREDX1pBE00TTAA9ARYMEUpQS24XVEsSCwwKQVwbDA8fURMVQxcCOxASS1xXVkMLGywNGQ0PClgaDB9RERE5U1JfQypQW0xJQUkBVz1VUFhGS0MDCFcfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4AV0xTRk9EXlxNbgJeVAwLF0ZZRF0DWwkHBwBUVwBWAEQVF0lQE1BUEkBZRhg6G19WWA9uVhcHEQgCH2UXAxE9Ewg9QE9EP0RNWkxDPRMDQT5BJwwDdGkbHUFtGwIDDhQCD15bZRNbEWVDVyIvWlBlFxURPRNdCBECBg8DZkZWRA9VZUNYQzhBV2UXFRE9E1QOAAoIBjRcUVBDBFJNPUBZRD9EWEBNXj0TFUE%2BQQEOBFxRZkcIVVwOPQwKDx9lFwMRPRMIPUAeRk9EWlRUbhVQXkNYQRQWBFVcWhNNE1oODgwWPAtWUVwTWxNVCAULEA4JXVAbHUNDVg4PPBcXB01AShNbE1UIFAZGHhs%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 72 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2146&ck=1&ref=https://chaturbate.com/embed/asmodeosx/&ap=152&be=807&fe=1776&dc=1388&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1666448022562,%22n%22:0,%22r%22:0,%22re%22:371,%22f%22:371,%22dn%22:371,%22dne%22:371,%22c%22:371,%22s%22:371,%22ce%22:371,%22rq%22:387,%22rp%22:701,%22rpe%22:705,%22dl%22:784,%22di%22:1327,%22ds%22:1387,%22de%22:1396,%22dc%22:1775,%22l%22:1775,%22le%22:1782%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFNcB10EVgVcAFBWBlZWABh2Yi0TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlASXFYFBwwXG0kbGRtGDW5RDhEXRllEWl1YRRRDWwAWBkoACVQXFRMSWE0EPQoAQVwIGRtCCEVcPgYMCQIPVxcDEwJZWBUXEQYCElwbWl4MExVDEAYVFgNKQWZZDkJNQ1hBBwsHTUBLUwBFXE8BDAlBShtXS14WQlwTPQoAQVwbDQkCAFAPUFJOUFFUXxgNUwQEFABbAVROA18FDwJRU1wDB1RUQUobR1xXBENcE0BZRgsSTUVKC04eS0wHFkoXFUBbXVgCUE0ETAALDkkbGRtDBEBMBBEXOw4DTV1WVUMLGyYnN0ZPRElMTVkOX2YXBxEXCglXFwMTUh8OQ05BEQI5XVBPWAJUZgcDDg0PHxsPG34VWVwTQE9GFgdmUVxHCFJcPhYaFAZEAxddVBJaTQ4SQUhBE1hqVkI%2BV1gMCw8dQVwbeVBfFEkbTUAWBTwJSmpPVBNCUA4MQV5BRBUXTFA%2BU0sOFRABETlfVFRYDUgbW0AlDREDX1pBE00TTAA9ARYMEUpQS24XVEsSCwwKQVwbDA8fURMVQxcCOxASS1xXVkMLGywNGQ0PClgaDB9RERE5U1JfQypQW0xJQUkBVz1VUFhGS0MDCFcfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4AV0xTRk9EXlxNbgJeVAwLF0ZZRF0DWwkHBwBUVwBWAEQVF0lQE1BUEkBZRhg6G19WWA9uVhcHEQgCH2UXAxE9Ewg9QE9EP0RNWkxDPRMDQT5BJwwDdGkbHUFtGwIDDhQCD15bZRNbEWVDVyIvWlBlFxURPRNdCBECBg8DZkZWRA9VZUNYQzhBV2UXFRE9E1QOAAoIBjRcUVBDBFJNPUBZRD9EWEBNXj0TFUE%2BQQEOBFxRZkcIVVwOPQwKDx9lFwMRPRMIPUAeRk9EWlRUbhVQXkNYQRQWBFVcWhNNE1oODgwWPAtWUVwTWxNVCAULEA4JXVAbHUNDVg4PPBcXB01AShNbE1UIFAZGHhs%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2146&ck=1&ref=https://chaturbate.com/embed/asmodeosx/&ap=152&be=807&fe=1776&dc=1388&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1666448022562,%22n%22:0,%22r%22:0,%22re%22:371,%22f%22:371,%22dn%22:371,%22dne%22:371,%22c%22:371,%22s%22:371,%22ce%22:371,%22rq%22:387,%22rp%22:701,%22rpe%22:705,%22dl%22:784,%22di%22:1327,%22ds%22:1387,%22de%22:1396,%22dc%22:1775,%22l%22:1775,%22le%22:1782%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFNcB10EVgVcAFBWBlZWABh2Yi0TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlASXFYFBwwXG0kbGRtGDW5RDhEXRllEWl1YRRRDWwAWBkoACVQXFRMSWE0EPQoAQVwIGRtCCEVcPgYMCQIPVxcDEwJZWBUXEQYCElwbWl4MExVDEAYVFgNKQWZZDkJNQ1hBBwsHTUBLUwBFXE8BDAlBShtXS14WQlwTPQoAQVwbDQkCAFAPUFJOUFFUXxgNUwQEFABbAVROA18FDwJRU1wDB1RUQUobR1xXBENcE0BZRgsSTUVKC04eS0wHFkoXFUBbXVgCUE0ETAALDkkbGRtDBEBMBBEXOw4DTV1WVUMLGyYnN0ZPRElMTVkOX2YXBxEXCglXFwMTUh8OQ05BEQI5XVBPWAJUZgcDDg0PHxsPG34VWVwTQE9GFgdmUVxHCFJcPhYaFAZEAxddVBJaTQ4SQUhBE1hqVkI%2BV1gMCw8dQVwbeVBfFEkbTUAWBTwJSmpPVBNCUA4MQV5BRBUXTFA%2BU0sOFRABETlfVFRYDUgbW0AlDREDX1pBE00TTAA9ARYMEUpQS24XVEsSCwwKQVwbDA8fURMVQxcCOxASS1xXVkMLGywNGQ0PClgaDB9RERE5U1JfQypQW0xJQUkBVz1VUFhGS0MDCFcfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4AV0xTRk9EXlxNbgJeVAwLF0ZZRF0DWwkHBwBUVwBWAEQVF0lQE1BUEkBZRhg6G19WWA9uVhcHEQgCH2UXAxE9Ewg9QE9EP0RNWkxDPRMDQT5BJwwDdGkbHUFtGwIDDhQCD15bZRNbEWVDVyIvWlBlFxURPRNdCBECBg8DZkZWRA9VZUNYQzhBV2UXFRE9E1QOAAoIBjRcUVBDBFJNPUBZRD9EWEBNXj0TFUE%2BQQEOBFxRZkcIVVwOPQwKDx9lFwMRPRMIPUAeRk9EWlRUbhVQXkNYQRQWBFVcWhNNE1oODgwWPAtWUVwTWxNVCAULEA4JXVAbHUNDVg4PPBcXB01AShNbE1UIFAZGHhs%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 14:13:30 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75e2d5801fe4b4fa-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=64c9d9e813125776; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
cbjpeg.stream.highwebmedia.com/stream?room=asmodeosx&f=0.4735390542018797
131.153.88.93200 OK 20 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=asmodeosx&f=0.4735390542018797
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 2ec5f147c2aa3c6889612ba267765afc
12997f844d59e54316d8dbbe75a5f29731ec78f5
4531e81cc1ef555836beeccefca63924bbfbd4e7345e4cb5ec0e86a5d7715df4
GET /stream?room=asmodeosx&f=0.4735390542018797 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=pDFc0YWPl_zNIxZyVzyqyMuVVpeA_m6Qzft5t4EIG3k-1666448008991-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 14:13:30 GMT
content-type: image/jpeg
content-length: 20540
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
bam.nr-data.net/ins/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2343&ck=1&ref=https://chaturbate.com/embed/asmodeosx/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFNcB10EVgVcAFBWBlZWABh2Yi0TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlASXFYFBwwXG0kbGRtGDW5RDhEXRllEWl1YRRRDWwAWBkoACVQXFRMSWE0EPQoAQVwIGRtCCEVcPgYMCQIPVxcDEwJZWBUXEQYCElwbWl4MExVDEAYVFgNKQWZZDkJNQ1hBBwsHTUBLUwBFXE8BDAlBShtXS14WQlwTPQoAQVwbDQkCAFAPUFJOUFFUXxgNUwQEFABbAVROA18FDwJRU1wDB1RUQUobR1xXBENcE0BZRgsSTUVKC04eS0wHFkoXFUBbXVgCUE0ETAALDkkbGRtDBEBMBBEXOw4DTV1WVUMLGyYnN0ZPRElMTVkOX2YXBxEXCglXFwMTUh8OQ05BEQI5XVBPWAJUZgcDDg0PHxsPG34VWVwTQE9GFgdmUVxHCFJcPhYaFAZEAxddVBJaTQ4SQUhBE1hqVkI%2BV1gMCw8dQVwbeVBfFEkbTUAWBTwJSmpPVBNCUA4MQV5BRBUXTFA%2BU0sOFRABETlfVFRYDUgbW0AlDREDX1pBE00TTAA9ARYMEUpQS24XVEsSCwwKQVwbDA8fURMVQxcCOxASS1xXVkMLGywNGQ0PClgaDB9RERE5U1JfQypQW0xJQUkBVz1VUFhGS0MDCFcfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4AV0xTRk9EXlxNbgJeVAwLF0ZZRF0DWwkHBwBUVwBWAEQVF0lQE1BUEkBZRhg6G19WWA9uVhcHEQgCH2UXAxE9Ewg9QE9EP0RNWkxDPRMDQT5BJwwDdGkbHUFtGwIDDhQCD15bZRNbEWVDVyIvWlBlFxURPRNdCBECBg8DZkZWRA9VZUNYQzhBV2UXFRE9E1QOAAoIBjRcUVBDBFJNPUBZRD9EWEBNXj0TFUE%2BQQEOBFxRZkcIVVwOPQwKDx9lFwMRPRMIPUAeRk9EWlRUbhVQXkNYQRQWBFVcWhNNE1oODgwWPAtWUVwTWxNVCAULEA4JXVAbHUNDVg4PPBcXB01AShNbE1UIFAZGHhs%3D
162.247.241.14204 No Content 0 B URL HTTP/1.1 bam.nr-data.net/ins/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2343&ck=1&ref=https://chaturbate.com/embed/asmodeosx/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFNcB10EVgVcAFBWBlZWABh2Yi0TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlASXFYFBwwXG0kbGRtGDW5RDhEXRllEWl1YRRRDWwAWBkoACVQXFRMSWE0EPQoAQVwIGRtCCEVcPgYMCQIPVxcDEwJZWBUXEQYCElwbWl4MExVDEAYVFgNKQWZZDkJNQ1hBBwsHTUBLUwBFXE8BDAlBShtXS14WQlwTPQoAQVwbDQkCAFAPUFJOUFFUXxgNUwQEFABbAVROA18FDwJRU1wDB1RUQUobR1xXBENcE0BZRgsSTUVKC04eS0wHFkoXFUBbXVgCUE0ETAALDkkbGRtDBEBMBBEXOw4DTV1WVUMLGyYnN0ZPRElMTVkOX2YXBxEXCglXFwMTUh8OQ05BEQI5XVBPWAJUZgcDDg0PHxsPG34VWVwTQE9GFgdmUVxHCFJcPhYaFAZEAxddVBJaTQ4SQUhBE1hqVkI%2BV1gMCw8dQVwbeVBfFEkbTUAWBTwJSmpPVBNCUA4MQV5BRBUXTFA%2BU0sOFRABETlfVFRYDUgbW0AlDREDX1pBE00TTAA9ARYMEUpQS24XVEsSCwwKQVwbDA8fURMVQxcCOxASS1xXVkMLGywNGQ0PClgaDB9RERE5U1JfQypQW0xJQUkBVz1VUFhGS0MDCFcfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4AV0xTRk9EXlxNbgJeVAwLF0ZZRF0DWwkHBwBUVwBWAEQVF0lQE1BUEkBZRhg6G19WWA9uVhcHEQgCH2UXAxE9Ewg9QE9EP0RNWkxDPRMDQT5BJwwDdGkbHUFtGwIDDhQCD15bZRNbEWVDVyIvWlBlFxURPRNdCBECBg8DZkZWRA9VZUNYQzhBV2UXFRE9E1QOAAoIBjRcUVBDBFJNPUBZRD9EWEBNXj0TFUE%2BQQEOBFxRZkcIVVwOPQwKDx9lFwMRPRMIPUAeRk9EWlRUbhVQXkNYQRQWBFVcWhNNE1oODgwWPAtWUVwTWxNVCAULEA4JXVAbHUNDVg4PPBcXB01AShNbE1UIFAZGHhs%3D
IP 162.247.241.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ins/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2343&ck=1&ref=https://chaturbate.com/embed/asmodeosx/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFNcB10EVgVcAFBWBlZWABh2Yi0TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlASXFYFBwwXG0kbGRtGDW5RDhEXRllEWl1YRRRDWwAWBkoACVQXFRMSWE0EPQoAQVwIGRtCCEVcPgYMCQIPVxcDEwJZWBUXEQYCElwbWl4MExVDEAYVFgNKQWZZDkJNQ1hBBwsHTUBLUwBFXE8BDAlBShtXS14WQlwTPQoAQVwbDQkCAFAPUFJOUFFUXxgNUwQEFABbAVROA18FDwJRU1wDB1RUQUobR1xXBENcE0BZRgsSTUVKC04eS0wHFkoXFUBbXVgCUE0ETAALDkkbGRtDBEBMBBEXOw4DTV1WVUMLGyYnN0ZPRElMTVkOX2YXBxEXCglXFwMTUh8OQ05BEQI5XVBPWAJUZgcDDg0PHxsPG34VWVwTQE9GFgdmUVxHCFJcPhYaFAZEAxddVBJaTQ4SQUhBE1hqVkI%2BV1gMCw8dQVwbeVBfFEkbTUAWBTwJSmpPVBNCUA4MQV5BRBUXTFA%2BU0sOFRABETlfVFRYDUgbW0AlDREDX1pBE00TTAA9ARYMEUpQS24XVEsSCwwKQVwbDA8fURMVQxcCOxASS1xXVkMLGywNGQ0PClgaDB9RERE5U1JfQypQW0xJQUkBVz1VUFhGS0MDCFcfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4AV0xTRk9EXlxNbgJeVAwLF0ZZRF0DWwkHBwBUVwBWAEQVF0lQE1BUEkBZRhg6G19WWA9uVhcHEQgCH2UXAxE9Ewg9QE9EP0RNWkxDPRMDQT5BJwwDdGkbHUFtGwIDDhQCD15bZRNbEWVDVyIvWlBlFxURPRNdCBECBg8DZkZWRA9VZUNYQzhBV2UXFRE9E1QOAAoIBjRcUVBDBFJNPUBZRD9EWEBNXj0TFUE%2BQQEOBFxRZkcIVVwOPQwKDx9lFwMRPRMIPUAeRk9EWlRUbhVQXkNYQRQWBFVcWhNNE1oODgwWPAtWUVwTWxNVCAULEA4JXVAbHUNDVg4PPBcXB01AShNbE1UIFAZGHhs%3D HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1867
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 22 Oct 2022 14:13:30 GMT
Connection: keep-alive
CF-Ray: 75e2d5813930b4fa-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
mcpuwpsh.com/get/
94.130.197.134200 OK 2.0 kB IP 94.130.197.134:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (1983), with no line terminators
Hash e4aff46476fc006cdfff5e816e62b944
e8b858d9a547bdcc4e02c3ae8e6154ce547f627a
e2cd8132690a881485812580c605dd52f289bd2e748a5167d259e431f5e8c0e7
Analyzer Verdict Alert quad9 Sinkholed
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gay112.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://gay112.com
Content-Length: 433
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:30 GMT
content-type: application/json
content-length: 1983
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
mcpuwpsh.com/popunder/in/click/?mid=1208405646&pid=0&site=47158&sc=NO&usage_type=DCH&subid=1858225680&sid=0&cid=12900&price=0&is_cpm=1&cpm=0.7605&ecpm=0.7224749999999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-popunder-hz-1&site_id=0&spot_id=47158&utm_source=&utm_medium=&utm_campaign=&utm_content=spt_2&expiration_timestamp=0&created_at=0000-00-00&is_native=3&auction_queue=0&burl=http%3A%2F%2Ftcimp.zog.link%2Fin%2Fwin%3Fkatds_ep%3DAdkjYT9Tcjs0GYEEifOklA9jXzo8EKFCRH9P4rlPzKeBOqHm14U0nvoxKDk0DGzZPO7pj4yPlfrGFyMAqPJbJLkU6vkJEf549lowYDmudaTMGbQblaV7ePt6thxNqFX4LqnIjU3v3AYG-NhsKHtBie4eV0qXAYTs-x63CendKMj2ui7EQxAzmNdwhdf9Z0ojmCzYfCaXKSiZSXqp_EfF5xRAxgTPM0XJps1Pnau-T5W52KzAg94D-PHLbSerJjJ4wdaoSw2ierzw6dgTR9u2dumBAzJvo7tM9dA89ETdw0yPTY8WOKmXboczcHn_K1ZrzCKBlEMha226K1esV2NNqw&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=popunderAd&iabcat=IAB25&min_cpm=0.018026315789473685&placement_type_id=7&skin_test=&verify_hash=&score=100&durl=&ml=&tag_ab=&original_bid=0.7605&user_fp=0&pop_type=0&space_id=1095&verify_hash=&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ssp=0&url=https%3A%2F%2Fkts.cvastico.com%2Fin%2F769%2F%3Fkatds_ep%3D9uDc5yQNvV3FzgXrUH2uo60lrOxwfOk_7-zqEt6pkQ8zdX1HXkpXtDLiZ3Eaz-t-Do-paUb7EYhwIsj2UC75Ompxfjj6mztoYVbIQyeOAi4A1Es-lIiu2e6pg8_0Rip4h3oT4tg1x-UfVvU79j0VxG06fJJuyQarYeI64y3CZPU0IiGO2oh68GxnpfjGvxHmt-ieu_rIRRJsPEHL8YuzzJPk6llMfDtmaVFsAfq-zdoZNoiF5WqXPL6rMKy1VcTf50U6n5nc9U61b_DKPgb0wR8WfAOUPp7gaP1RSXEpCZ3R1z-1ikpS3z9UkU13g5F-fEfut3CwbT4YLDz_MQ4iTL3Ia-saiwmx03_7e_Q-_qYCaxZioCygwxhQMdexQgTa2h7rvxwInguy4rJOHic93cJKIWkOl8OJr9HKG9ZdQuBmuXK7HCjghkEzuM1zVnZggNaomm-EgeCExonfw5TrH_4dvG0pgw2VOxqTqogGsgK3-nWbwKtMNtReR1WOQv3RaXVRTGiBQ1hpY2AFQx_nj8b8C90h0z7gsqvZJs8&pr=&bid_crid=&bid_cid=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&is_interstitial=0
94.130.197.134302 Found 0 B URL HTTP/2 mcpuwpsh.com/popunder/in/click/?mid=1208405646&pid=0&site=47158&sc=NO&usage_type=DCH&subid=1858225680&sid=0&cid=12900&price=0&is_cpm=1&cpm=0.7605&ecpm=0.7224749999999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-popunder-hz-1&site_id=0&spot_id=47158&utm_source=&utm_medium=&utm_campaign=&utm_content=spt_2&expiration_timestamp=0&created_at=0000-00-00&is_native=3&auction_queue=0&burl=http%3A%2F%2Ftcimp.zog.link%2Fin%2Fwin%3Fkatds_ep%3DAdkjYT9Tcjs0GYEEifOklA9jXzo8EKFCRH9P4rlPzKeBOqHm14U0nvoxKDk0DGzZPO7pj4yPlfrGFyMAqPJbJLkU6vkJEf549lowYDmudaTMGbQblaV7ePt6thxNqFX4LqnIjU3v3AYG-NhsKHtBie4eV0qXAYTs-x63CendKMj2ui7EQxAzmNdwhdf9Z0ojmCzYfCaXKSiZSXqp_EfF5xRAxgTPM0XJps1Pnau-T5W52KzAg94D-PHLbSerJjJ4wdaoSw2ierzw6dgTR9u2dumBAzJvo7tM9dA89ETdw0yPTY8WOKmXboczcHn_K1ZrzCKBlEMha226K1esV2NNqw&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=popunderAd&iabcat=IAB25&min_cpm=0.018026315789473685&placement_type_id=7&skin_test=&verify_hash=&score=100&durl=&ml=&tag_ab=&original_bid=0.7605&user_fp=0&pop_type=0&space_id=1095&verify_hash=&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ssp=0&url=https%3A%2F%2Fkts.cvastico.com%2Fin%2F769%2F%3Fkatds_ep%3D9uDc5yQNvV3FzgXrUH2uo60lrOxwfOk_7-zqEt6pkQ8zdX1HXkpXtDLiZ3Eaz-t-Do-paUb7EYhwIsj2UC75Ompxfjj6mztoYVbIQyeOAi4A1Es-lIiu2e6pg8_0Rip4h3oT4tg1x-UfVvU79j0VxG06fJJuyQarYeI64y3CZPU0IiGO2oh68GxnpfjGvxHmt-ieu_rIRRJsPEHL8YuzzJPk6llMfDtmaVFsAfq-zdoZNoiF5WqXPL6rMKy1VcTf50U6n5nc9U61b_DKPgb0wR8WfAOUPp7gaP1RSXEpCZ3R1z-1ikpS3z9UkU13g5F-fEfut3CwbT4YLDz_MQ4iTL3Ia-saiwmx03_7e_Q-_qYCaxZioCygwxhQMdexQgTa2h7rvxwInguy4rJOHic93cJKIWkOl8OJr9HKG9ZdQuBmuXK7HCjghkEzuM1zVnZggNaomm-EgeCExonfw5TrH_4dvG0pgw2VOxqTqogGsgK3-nWbwKtMNtReR1WOQv3RaXVRTGiBQ1hpY2AFQx_nj8b8C90h0z7gsqvZJs8&pr=&bid_crid=&bid_cid=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&is_interstitial=0
IP 94.130.197.134:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /popunder/in/click/?mid=1208405646&pid=0&site=47158&sc=NO&usage_type=DCH&subid=1858225680&sid=0&cid=12900&price=0&is_cpm=1&cpm=0.7605&ecpm=0.7224749999999999&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gay112.com&hostname=auc-popunder-hz-1&site_id=0&spot_id=47158&utm_source=&utm_medium=&utm_campaign=&utm_content=spt_2&expiration_timestamp=0&created_at=0000-00-00&is_native=3&auction_queue=0&burl=http%3A%2F%2Ftcimp.zog.link%2Fin%2Fwin%3Fkatds_ep%3DAdkjYT9Tcjs0GYEEifOklA9jXzo8EKFCRH9P4rlPzKeBOqHm14U0nvoxKDk0DGzZPO7pj4yPlfrGFyMAqPJbJLkU6vkJEf549lowYDmudaTMGbQblaV7ePt6thxNqFX4LqnIjU3v3AYG-NhsKHtBie4eV0qXAYTs-x63CendKMj2ui7EQxAzmNdwhdf9Z0ojmCzYfCaXKSiZSXqp_EfF5xRAxgTPM0XJps1Pnau-T5W52KzAg94D-PHLbSerJjJ4wdaoSw2ierzw6dgTR9u2dumBAzJvo7tM9dA89ETdw0yPTY8WOKmXboczcHn_K1ZrzCKBlEMha226K1esV2NNqw&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=popunderAd&iabcat=IAB25&min_cpm=0.018026315789473685&placement_type_id=7&skin_test=&verify_hash=&score=100&durl=&ml=&tag_ab=&original_bid=0.7605&user_fp=0&pop_type=0&space_id=1095&verify_hash=&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ssp=0&url=https%3A%2F%2Fkts.cvastico.com%2Fin%2F769%2F%3Fkatds_ep%3D9uDc5yQNvV3FzgXrUH2uo60lrOxwfOk_7-zqEt6pkQ8zdX1HXkpXtDLiZ3Eaz-t-Do-paUb7EYhwIsj2UC75Ompxfjj6mztoYVbIQyeOAi4A1Es-lIiu2e6pg8_0Rip4h3oT4tg1x-UfVvU79j0VxG06fJJuyQarYeI64y3CZPU0IiGO2oh68GxnpfjGvxHmt-ieu_rIRRJsPEHL8YuzzJPk6llMfDtmaVFsAfq-zdoZNoiF5WqXPL6rMKy1VcTf50U6n5nc9U61b_DKPgb0wR8WfAOUPp7gaP1RSXEpCZ3R1z-1ikpS3z9UkU13g5F-fEfut3CwbT4YLDz_MQ4iTL3Ia-saiwmx03_7e_Q-_qYCaxZioCygwxhQMdexQgTa2h7rvxwInguy4rJOHic93cJKIWkOl8OJr9HKG9ZdQuBmuXK7HCjghkEzuM1zVnZggNaomm-EgeCExonfw5TrH_4dvG0pgw2VOxqTqogGsgK3-nWbwKtMNtReR1WOQv3RaXVRTGiBQ1hpY2AFQx_nj8b8C90h0z7gsqvZJs8&pr=&bid_crid=&bid_cid=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&is_interstitial=0 HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gay112.com/
Origin: https://gay112.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:30 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://kts.cvastico.com/in/769/?katds_ep=9uDc5yQNvV3FzgXrUH2uo60lrOxwfOk_7-zqEt6pkQ8zdX1HXkpXtDLiZ3Eaz-t-Do-paUb7EYhwIsj2UC75Ompxfjj6mztoYVbIQyeOAi4A1Es-lIiu2e6pg8_0Rip4h3oT4tg1x-UfVvU79j0VxG06fJJuyQarYeI64y3CZPU0IiGO2oh68GxnpfjGvxHmt-ieu_rIRRJsPEHL8YuzzJPk6llMfDtmaVFsAfq-zdoZNoiF5WqXPL6rMKy1VcTf50U6n5nc9U61b_DKPgb0wR8WfAOUPp7gaP1RSXEpCZ3R1z-1ikpS3z9UkU13g5F-fEfut3CwbT4YLDz_MQ4iTL3Ia-saiwmx03_7e_Q-_qYCaxZioCygwxhQMdexQgTa2h7rvxwInguy4rJOHic93cJKIWkOl8OJr9HKG9ZdQuBmuXK7HCjghkEzuM1zVnZggNaomm-EgeCExonfw5TrH_4dvG0pgw2VOxqTqogGsgK3-nWbwKtMNtReR1WOQv3RaXVRTGiBQ1hpY2AFQx_nj8b8C90h0z7gsqvZJs8
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
104.16.94.42200 OK 236 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
IP 104.16.94.42:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size 236 kB (236444 bytes)
Hash d14d951a27e26f24f820d480f741b703
8527c761ea82e00d923a9291ccaee53a5a35f509
ef4a1d15f372352f1fe78e2cca0cc97e8b5899250438e111ad3810c173da63fd
GET /CACHE/js/output.97a5db11ca63.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=827275
etag: W/"692ec922d2a39b4037073f70286968b3"
last-modified: Fri, 13 May 2022 09:09:46 GMT
x-amz-id-2: VZ8ol5gj9DR4cR1Ys+gd3EdgeEH8vduV/GWCX0hMYtqbtTyLc8wtgelbUHUwXR/km7ekid2PJdA=
x-amz-meta-s3cmd-attrs: md5:692ec922d2a39b4037073f70286968b3
x-amz-request-id: WKBNH94P832M1DR9
cf-cache-status: HIT
age: 1054488
expires: Mon, 21 Nov 2022 14:13:28 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=x1w1n1u4MRCFnbiJCNPVc4vQqvnrveOVnjlQdkHRo4o-1666448008951-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d577e9f10b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e911250598c28cffb244d38bf08c5f4f
01f65e0856a0aa0254f98f946b489376d9e744d7
60ef579850b0100164b53eadab8f08f413faef30982f4945dba8acbf1b1d29eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60EF579850B0100164B53EADAB8F08F413FAEF30982F4945DBA8ACBF1B1D29EB"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4186
Expires: Sat, 22 Oct 2022 15:23:16 GMT
Date: Sat, 22 Oct 2022 14:13:30 GMT
Connection: keep-alive
kts.cvastico.com/in/769/?katds_ep=9uDc5yQNvV3FzgXrUH2uo60lrOxwfOk_7-zqEt6pkQ8zdX1HXkpXtDLiZ3Eaz-t-Do-paUb7EYhwIsj2UC75Ompxfjj6mztoYVbIQyeOAi4A1Es-lIiu2e6pg8_0Rip4h3oT4tg1x-UfVvU79j0VxG06fJJuyQarYeI64y3CZPU0IiGO2oh68GxnpfjGvxHmt-ieu_rIRRJsPEHL8YuzzJPk6llMfDtmaVFsAfq-zdoZNoiF5WqXPL6rMKy1VcTf50U6n5nc9U61b_DKPgb0wR8WfAOUPp7gaP1RSXEpCZ3R1z-1ikpS3z9UkU13g5F-fEfut3CwbT4YLDz_MQ4iTL3Ia-saiwmx03_7e_Q-_qYCaxZioCygwxhQMdexQgTa2h7rvxwInguy4rJOHic93cJKIWkOl8OJr9HKG9ZdQuBmuXK7HCjghkEzuM1zVnZggNaomm-EgeCExonfw5TrH_4dvG0pgw2VOxqTqogGsgK3-nWbwKtMNtReR1WOQv3RaXVRTGiBQ1hpY2AFQx_nj8b8C90h0z7gsqvZJs8
62.122.168.42302 Found 0 B URL HTTP/2 kts.cvastico.com/in/769/?katds_ep=9uDc5yQNvV3FzgXrUH2uo60lrOxwfOk_7-zqEt6pkQ8zdX1HXkpXtDLiZ3Eaz-t-Do-paUb7EYhwIsj2UC75Ompxfjj6mztoYVbIQyeOAi4A1Es-lIiu2e6pg8_0Rip4h3oT4tg1x-UfVvU79j0VxG06fJJuyQarYeI64y3CZPU0IiGO2oh68GxnpfjGvxHmt-ieu_rIRRJsPEHL8YuzzJPk6llMfDtmaVFsAfq-zdoZNoiF5WqXPL6rMKy1VcTf50U6n5nc9U61b_DKPgb0wR8WfAOUPp7gaP1RSXEpCZ3R1z-1ikpS3z9UkU13g5F-fEfut3CwbT4YLDz_MQ4iTL3Ia-saiwmx03_7e_Q-_qYCaxZioCygwxhQMdexQgTa2h7rvxwInguy4rJOHic93cJKIWkOl8OJr9HKG9ZdQuBmuXK7HCjghkEzuM1zVnZggNaomm-EgeCExonfw5TrH_4dvG0pgw2VOxqTqogGsgK3-nWbwKtMNtReR1WOQv3RaXVRTGiBQ1hpY2AFQx_nj8b8C90h0z7gsqvZJs8
IP 62.122.168.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/769/?katds_ep=9uDc5yQNvV3FzgXrUH2uo60lrOxwfOk_7-zqEt6pkQ8zdX1HXkpXtDLiZ3Eaz-t-Do-paUb7EYhwIsj2UC75Ompxfjj6mztoYVbIQyeOAi4A1Es-lIiu2e6pg8_0Rip4h3oT4tg1x-UfVvU79j0VxG06fJJuyQarYeI64y3CZPU0IiGO2oh68GxnpfjGvxHmt-ieu_rIRRJsPEHL8YuzzJPk6llMfDtmaVFsAfq-zdoZNoiF5WqXPL6rMKy1VcTf50U6n5nc9U61b_DKPgb0wR8WfAOUPp7gaP1RSXEpCZ3R1z-1ikpS3z9UkU13g5F-fEfut3CwbT4YLDz_MQ4iTL3Ia-saiwmx03_7e_Q-_qYCaxZioCygwxhQMdexQgTa2h7rvxwInguy4rJOHic93cJKIWkOl8OJr9HKG9ZdQuBmuXK7HCjghkEzuM1zVnZggNaomm-EgeCExonfw5TrH_4dvG0pgw2VOxqTqogGsgK3-nWbwKtMNtReR1WOQv3RaXVRTGiBQ1hpY2AFQx_nj8b8C90h0z7gsqvZJs8 HTTP/1.1
Host: kts.cvastico.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://gay112.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:30 GMT
content-length: 0
location: https://kts.vasstycom.com/in/d/?site=gay112.com&p=http://gay112.com&ad_tags=Gay&tds_min_pr=0.760500&ic=IAB25&auid=1208405646&related_score=100.000000&bidding_price=1.521&fromtc=36&ad_sub=637996500&tt=100&ts=0&sid=29&cid=52484&sp=0.760500&tcbc_b=0.760500&utm1=tcb&utm2=990315798-100&utm3=29-52484-&utm4=63-10705854-0&click_id=6c4e736c-62b6-4520-8d29-f018359163c9&user_id=5600108955398423233&idzone=3
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 769.0=1; expires=Sun, 23 Oct 2022 14:13:30 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=693806893815947
18.244.155.41204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=693806893815947
IP 18.244.155.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /keys/KSKw2g.L36ISg/requestToken?rnd=693806893815947 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: ably-agent,content-type,x-ably-version
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Sat, 22 Oct 2022 14:13:30 GMT
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: 788-2_dkeORsxFlEgRhLBOoXwt5lTgazFZrAsTM7TB91hckiDuSFdQ==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=693806893815947
18.244.155.41201 Created 1.7 kB URL HTTP/2 realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=693806893815947
IP 18.244.155.41:0
Hash a959c6bd8256ca5e58fcb4bf0b080217
8d198abe0bca53ec3d72c47c2b43cb969569ee41
e572b8c4c31d0a634a92959d6dab8dafb4afab8652ff680f2ab100376e5c2fc6
POST /keys/KSKw2g.L36ISg/requestToken?rnd=693806893815947 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
X-Ably-Version: 1.2
Ably-Agent: ably-js/1.2.13 browser
Content-Length: 1043
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 1040
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Sat, 22 Oct 2022 14:13:30 GMT
vary: Origin
x-ably-serverid: frontend.c759.5.eu-west-1-A.i-003135b689548fdd4.108Sn93tABHDM2
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: 2oXxBUs1G-P9wgGYMj-w4eVPCjeHivLBmcLWix08Iy2a1RRIXuBWEw==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=28747463474184365
18.244.155.41200 OK 541 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=28747463474184365
IP 18.244.155.41:0
File type JSON data\012- , ASCII text
Hash 1a35b4a2221a01da440291607dfaca57
e1ebee27cb4cfeb356008089f162f79ff5b2719c
07756f28a07a7d92f7f17b39bbfdeb5fe79ed7aebf07a36e9f145720f28a4495
GET /comet/connect?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=28747463474184365 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 541
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Sat, 22 Oct 2022 14:13:31 GMT
vary: Origin
x-ably-serverid: frontend.e60c.1.eu-west-1-A.i-05c5eaa4ff0937f65.108hp6NkABHCDZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: _qpLiNl1I8uqkMCNUOvs1qLTR4lNgZtnl-AZfS8b1t90jp-jNzk5OA==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=6572892394265237
18.244.155.41204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=6572892394265237
IP 18.244.155.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=6572892394265237 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Sat, 22 Oct 2022 14:13:31 GMT
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: 8uK9BQxbt0PwsJ_mLh3BvoD5Z4Y-ohuBGXALoyDzRKBqA7mHLEhPGQ==
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2917&ck=1&ref=https://chaturbate.com/embed/asmodeosx/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2917&ck=1&ref=https://chaturbate.com/embed/asmodeosx/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2917&ck=1&ref=https://chaturbate.com/embed/asmodeosx/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 2999
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 14:13:31 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 75e2d584de7fb4fa-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=6572892394265237
18.244.155.41201 Created 2 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=6572892394265237
IP 18.244.155.41:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=6572892394265237 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
Content-Length: 77
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Sat, 22 Oct 2022 14:13:31 GMT
vary: Origin
x-ably-serverid: frontend.e60c.1.eu-west-1-A.i-05c5eaa4ff0937f65.108hp6NkABHCDZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: 93ZeHhplMUVzyRA1UFQIeOpvip8lzfFkBzFEyQd0BBVzTk_C7Y5YdA==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/recv?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=44921800193540584
18.244.155.41200 OK 145 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/recv?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=44921800193540584
IP 18.244.155.41:0
File type JSON data\012- , ASCII text
Hash e68cbc6d129365b00f7575a08eb39093
ca366c9e1555af0033aeb7d0f28d5fc27ba85939
289d134731572acb70f7ad04a071b9faa62ff5cc3ec665ca8e1b398c98814bc7
GET /comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/recv?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=44921800193540584 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 145
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Sat, 22 Oct 2022 14:13:31 GMT
vary: Origin
x-ably-serverid: frontend.e60c.1.eu-west-1-A.i-05c5eaa4ff0937f65.108hp6NkABHCDZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: dqerjY_hTRgt1Tntuah3QWLCSXENI1kxfOEaPAX11XScB6R-ZjEluQ==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=9671551199111936
18.244.155.41204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=9671551199111936
IP 18.244.155.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=9671551199111936 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Sat, 22 Oct 2022 14:13:31 GMT
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: Vo45w-EuNpkW41wLC9XdfPcp12p6p0vcWK2VSYBHP9s0XWCpBNgl1Q==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&upgrade=108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78&format=json&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0
18.244.155.41101 Switching Protocols 0 B URL HTTP/1.1 realtime.pa.highwebmedia.com/?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&upgrade=108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78&format=json&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0
IP 18.244.155.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&upgrade=108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78&format=json&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://chaturbate.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /4+sHGFkVzUdwJidSCuIgw==
Connection: keep-alive, Upgrade
Cookie: _cfuvid=pDFc0YWPl_zNIxZyVzyqyMuVVpeA_m6Qzft5t4EIG3k-1666448008991-0-604800000
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sat, 22 Oct 2022 14:13:31 GMT
Connection: upgrade
Sec-Websocket-Accept: EBXoTs3TKyqovcuaOdAYwFprAC0=
Upgrade: websocket
X-Cache: Miss from cloudfront
Via: 1.1 2198d73d723eb37fb611b71c9a3c8382.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: qr1ttuq-DISW_OnL_nE9sd8SPxCNZOZwxmSh9Peb5qLWh2buCweglQ==
realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/recv?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=858693547500968
18.244.155.41200 OK 143 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/recv?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=858693547500968
IP 18.244.155.41:0
File type JSON data\012- , ASCII text
Hash c9f3ed13b6ab5df04c689682707ae93e
f85395012b7d8807d675b4ede7183adad4fc41fc
e65cb52c320e5f11584cafbf938c64264dfc733f24a0ecf7f7b260bb6457778d
GET /comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/recv?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=858693547500968 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 143
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Sat, 22 Oct 2022 14:13:31 GMT
vary: Origin
x-ably-serverid: frontend.e60c.1.eu-west-1-A.i-05c5eaa4ff0937f65.108hp6NkABHCDZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: PiufBIMmpEIECOfNCKfyS0yI2-m6TOyW4TGWuCdds4YUolA-u6FYGg==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=9671551199111936
18.244.155.41201 Created 2 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=9671551199111936
IP 18.244.155.41:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/send?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=9671551199111936 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
Content-Length: 1308
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Sat, 22 Oct 2022 14:13:31 GMT
vary: Origin
x-ably-serverid: frontend.e60c.1.eu-west-1-A.i-05c5eaa4ff0937f65.108hp6NkABHCDZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: 6GNkARUamSqbbGd6E92wBawORkBcz-QRqBpt-59UOqbJKC-CEchskA==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/recv?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=9899331051670914
18.244.155.41200 OK 2.3 kB URL HTTP/2 realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/recv?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=9899331051670914
IP 18.244.155.41:0
File type JSON data\012- , ASCII text
Hash 8abaf7deaf4e9c116e4063eaedc254eb
348431be0738ed5f35348133894c2dcaafbd77f4
5bfab1fa67d1e5e8de0752b68372b6b053a18a1c02db9d96d84a8bf7d7b50df9
GET /comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/recv?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=9899331051670914 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 2323
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Sat, 22 Oct 2022 14:13:31 GMT
vary: Origin
x-ably-serverid: frontend.e60c.1.eu-west-1-A.i-05c5eaa4ff0937f65.108hp6NkABHCDZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: c7sZ1C2cto1ZMNmAFUW7qtnLKtfwx2GYplNEWLaqJeul4o_r_eHSyQ==
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=asmodeosx&f=0.6557659074674589
131.153.88.93200 OK 18 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=asmodeosx&f=0.6557659074674589
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash d066ef6e49270ff0bd75cf656468846e
7463f4a06f78371e4ef01f936fe73d46b2daf800
f33a7a03e581ac15e5eedfa7b9619815eb10d4b627f1b538da5c45b1a5117a38
GET /stream?room=asmodeosx&f=0.6557659074674589 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=pDFc0YWPl_zNIxZyVzyqyMuVVpeA_m6Qzft5t4EIG3k-1666448008991-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 14:13:31 GMT
content-type: image/jpeg
content-length: 18274
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/disconnect?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=7110587526859197
18.244.155.41204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/disconnect?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=7110587526859197
IP 18.244.155.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comet/108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78/disconnect?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&rnd=7110587526859197 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Sat, 22 Oct 2022 14:13:31 GMT
vary: Origin
x-ably-serverid: frontend.e60c.1.eu-west-1-A.i-05c5eaa4ff0937f65.108hp6NkABHCDZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: KFGqk28JHi-ob5klYTO3XCSZJaMKKSNIRQAbdw19ZWuqdVHf6RenIA==
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=asmodeosx&f=0.4418883917065314
131.153.88.93200 OK 18 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=asmodeosx&f=0.4418883917065314
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 2875c64a161f726625fb6dd8a5965e72
ecb498abe92374e1419463e8c596660e11e37f47
ddd73ae53f5cf8d2d8c2a936eea2b699cbf8d28c83995f761175aa007ebd139e
GET /stream?room=asmodeosx&f=0.4418883917065314 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=pDFc0YWPl_zNIxZyVzyqyMuVVpeA_m6Qzft5t4EIG3k-1666448008991-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 14:13:32 GMT
content-type: image/jpeg
content-length: 18336
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
stripchat.com/api/front/v2/models/username/PetiteAbbyX/chat
104.18.63.126200 OK 0 B URL HTTP/2 stripchat.com/api/front/v2/models/username/PetiteAbbyX/chat
IP 104.18.63.126:0
GET /api/front/v2/models/username/PetiteAbbyX/chat HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:29 GMT
content-type: application/json
vary: Accept-Encoding
x-api-version: 10.43.21
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
x-backend: sc-backend-delta-yellow-09.novalocal
x-cache-status: HIT
access-control-allow-origin: https://creative.xlivrdr.com
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuFntVtrkFMde1diFXc6auiQ5NotZn9iQoq33Vp1F2; SameSite=None; Secure; path=/; expires=Sun, 23-Oct-22 13:13:29 GMT; HttpOnly
server: cloudflare
cf-ray: 75e2d57a1f4ab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&upgrade=108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=40064599731782624
18.244.155.41200 OK 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&upgrade=108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=40064599731782624
IP 18.244.155.41:0
GET /comet/connect?access_token=KSKw2g.AL36ISgaWSD9QECwW_ru8RgUkaKBtmdJicoxxxsERlZw5AEYa4&upgrade=108hp6NkABHCDZ!7f4hi9Y7mwAXeUgA-4cc78&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=40064599731782624 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Sat, 22 Oct 2022 14:13:31 GMT
vary: Origin
x-ably-serverid: frontend.e60c.1.eu-west-1-A.i-05c5eaa4ff0937f65.108hp6NkABHCDZ
x-content-type-options: nosniff
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 449a51e3fb5bfe1fe97ced981c9a5b4e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P8
x-amz-cf-id: MhFF34pyqMtSRR0RRleNTw8W4V-fpMMsJgCazoo19bO6fK51ORcpdw==
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/theatermode-react-d6b8f6955c2c.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/theatermode-react-d6b8f6955c2c.js
IP 104.16.94.42:0
GET /cachebust/theatermode-react-d6b8f6955c2c.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=195029
etag: W/"77af157c798b9a2647f76ed5f299bc40"
last-modified: Fri, 21 Oct 2022 04:55:47 GMT
x-amz-id-2: g0RZHYE/1ZHvD2FkuAGOzjP2isvy0LO5EpT9bbp3gpNtOwRVpi92qiHOGW1dXmBabIQozwT/tmM=
x-amz-meta-s3cmd-attrs: md5:77af157c798b9a2647f76ed5f299bc40
x-amz-request-id: ARPY8X5B19XGXY0M
cf-cache-status: HIT
age: 119678
expires: Mon, 21 Nov 2022 14:13:28 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=x1w1n1u4MRCFnbiJCNPVc4vQqvnrveOVnjlQdkHRo4o-1666448008951-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d577e9f30b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
IP 104.16.94.42:0
GET /CACHE/js/output.9b823bb2f723.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"1360376b8f5657814f662391b765d655"
last-modified: Tue, 24 May 2022 17:14:17 GMT
x-amz-id-2: KTWJY/HCZAzfCN7zvoTtoCRDkjCDtsx43npe+RSp0Ebo2HF6WHgess4Ct9QL7Zi8XExzaRuhmCw=
x-amz-meta-s3cmd-attrs: md5:1360376b8f5657814f662391b765d655
x-amz-request-id: M1HHWCFNA8C6CV81
cf-cache-status: HIT
age: 1521582
expires: Mon, 21 Nov 2022 14:13:28 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=.vrl38kYEY9wdN5uQxC771Kz3V_Ava5Tpaywn_7u5xU-1666448008997-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d5782a240b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Cabin:700|Roboto:300,400,500,700,900&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Cabin:700|Roboto:300,400,500,700,900&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext
IP 142.250.74.10:0
GET /css?family=Cabin:700|Roboto:300,400,500,700,900&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 22 Oct 2022 14:13:24 GMT
date: Sat, 22 Oct 2022 14:13:24 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
btds.zog.link/in/dl/?screen_resolution=1280x1024&dt=1666448021139&ad_sub=38830&mo=&ve=&katds_labels=&site_id=23578849&p=https%3A//txxx.com/videos/18018333/how-chinese-guys-enjoy-boys-porn/%3Fpromo%3D38830&zone=tx_hardlink&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&title=How%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video&katds_rcc=2
109.206.176.75200 OK 0 B URL HTTP/2 btds.zog.link/in/dl/?screen_resolution=1280x1024&dt=1666448021139&ad_sub=38830&mo=&ve=&katds_labels=&site_id=23578849&p=https%3A//txxx.com/videos/18018333/how-chinese-guys-enjoy-boys-porn/%3Fpromo%3D38830&zone=tx_hardlink&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&title=How%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video&katds_rcc=2
IP 109.206.176.75:0
GET /in/dl/?screen_resolution=1280x1024&dt=1666448021139&ad_sub=38830&mo=&ve=&katds_labels=&site_id=23578849&p=https%3A//txxx.com/videos/18018333/how-chinese-guys-enjoy-boys-porn/%3Fpromo%3D38830&zone=tx_hardlink&utm1=&utm2=&utm3=&utm4=&ad_tags=Gay%2CAsian%2CBareback%2CHD%2CDeepthroat%2CCumshot&title=How%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video&katds_rcc=2 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: 953.73385=1; expires=Sun, 23 Oct 2022 14:13:26 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
ts.cvastico.com/in/849/?source=1858225680&site_id=47158&utm1=&utm2=&utm3=&utm4=spt_2&idzone=0&spot_id=47158&mo=&ve=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&p=https%3A%2F%2Fgay112.com%2Fno%2F&sid=1095&katds_labels=&is_iframe=0&btype=0&score=100&bf=0.017125
109.206.175.252200 OK 0 B URL HTTP/2 ts.cvastico.com/in/849/?source=1858225680&site_id=47158&utm1=&utm2=&utm3=&utm4=spt_2&idzone=0&spot_id=47158&mo=&ve=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&p=https%3A%2F%2Fgay112.com%2Fno%2F&sid=1095&katds_labels=&is_iframe=0&btype=0&score=100&bf=0.017125
IP 109.206.175.252:0
GET /in/849/?source=1858225680&site_id=47158&utm1=&utm2=&utm3=&utm4=spt_2&idzone=0&spot_id=47158&mo=&ve=&ad_tags=Gay112.com%2Cbest%2Cfree%2Cgay%2Cporn%2Cvideos.%20&p=https%3A%2F%2Fgay112.com%2Fno%2F&sid=1095&katds_labels=&is_iframe=0&btype=0&score=100&bf=0.017125 HTTP/1.1
Host: ts.cvastico.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://gay112.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
set-cookie: 849.830=1; expires=Sun, 23 Oct 2022 14:13:27 GMT; path=/; secure; SameSite=None
2565.0=1; expires=Sun, 23 Oct 2022 14:13:27 GMT; path=/; secure; SameSite=None
2467.0=1; expires=Sun, 23 Oct 2022 14:13:27 GMT; path=/; secure; SameSite=None
2560.0=1; expires=Sun, 23 Oct 2022 14:13:27 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
creative.xxxvjmp.com/widgets/v4/MobileSlider/main.769ae41b2fcad3c09aa2.js
104.18.59.150200 OK 0 B URL HTTP/2 creative.xxxvjmp.com/widgets/v4/MobileSlider/main.769ae41b2fcad3c09aa2.js
IP 104.18.59.150:0
GET /widgets/v4/MobileSlider/main.769ae41b2fcad3c09aa2.js HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/widgets/v4/MobileSlider?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&isFace=1&iterationId=28473&masterSmartpopId=0&memberId=Wx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi&p1=4099653&ruleId=0&showButton=1&showModelName=1&showTitle=1&smartpopId=1547&sourceId=349000&tag=men%2C-men&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=21696
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 18 Oct 2022 11:10:13 GMT
etag: W/"634e8995-43071"
expires: Sat, 22 Oct 2022 14:13:33 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 4
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d57379b70b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FMobileSlider%3FcampaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26isFace%3D1%26iterationId%3D28473%26masterSmartpopId%3D0%26memberId%3DWx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi%26p1%3D4099653%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D1%26smartpopId%3D1547%26sourceId%3D349000%26tag%3Dmen%252C-men%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D21696
104.18.51.106200 OK 0 B URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FMobileSlider%3FcampaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26isFace%3D1%26iterationId%3D28473%26masterSmartpopId%3D0%26memberId%3DWx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi%26p1%3D4099653%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D1%26smartpopId%3D1547%26sourceId%3D349000%26tag%3Dmen%252C-men%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D21696
IP 104.18.51.106:0
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FMobileSlider%3FcampaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26isFace%3D1%26iterationId%3D28473%26masterSmartpopId%3D0%26memberId%3DWx-dIKzaYD6bCwm8tsFrQa1qkaFyNeMDBwQpDKwV5CsBR4s1-JJnsFeI-aFWTP35pU8cP-Nr6r7vs9-VLPPYubvvYctwf6RhgQ325VXE_gUIDRUi%26p1%3D4099653%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D1%26smartpopId%3D1547%26sourceId%3D349000%26tag%3Dmen%252C-men%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D21696 HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Sat, 22 Oct 2022 14:13:28 GMT
cf-cache-status: MISS
set-cookie: __cflb=0H28uukSkGJRy5UBr2St4i2aEH3UZ9ZoaxmgeQqawU8; SameSite=None; Secure; path=/; expires=Sun, 23-Oct-22 13:13:28 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d57428f51c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
txxx.com/videos/18018333/how-chinese-guys-enjoy-boys-porn/?promo=38830
172.64.171.19200 OK 0 B URL HTTP/2 txxx.com/videos/18018333/how-chinese-guys-enjoy-boys-porn/?promo=38830
IP 172.64.171.19:0
GET /videos/18018333/how-chinese-guys-enjoy-boys-porn/?promo=38830 HTTP/1.1
Host: txxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gay112.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
set-cookie: source=38830; expires=Sun, 22-Oct-2023 20:02:10 GMT; Max-Age=31556926; path=/; domain=txxx.com
tccloak=1; expires=Sat, 22-Oct-2022 15:13:24 GMT; Max-Age=3600; path=/; domain=txxx.com
kt_lang=en; expires=Tue, 17-Oct-2023 14:13:24 GMT; Max-Age=31104000; path=/; domain=.txxx.com
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=02vPF3hntUmrm417MhHEn0n%2FmjR8mBeiFiVpSaUN87BiHwq%2BcZQvVBY%2FnXr0eEOa97%2FO%2Bql%2FGZabWjGItq%2BW8Pno6MyYrR%2Br2SRPYP8TxQZbrhNm0KMXW4gzAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e2d55e3ce688af-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49315045?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A814807648%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C1638%2C1638%2C0%2C1419%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49315045?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A814807648%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C1638%2C1638%2C0%2C1419%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
GET /watch/49315045?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A814807648%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C1638%2C1638%2C0%2C1419%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr(14)mc(p-1)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49315045/1?wmode=7&page-url=https%3A%2F%2Ftxxx.com%2Fvideos%2F18018333%2Fhow-chinese-guys-enjoy-boys-porn%2F%3Fpromo%3D38830&page-ref=https%3A%2F%2Fgay112.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1005137231739%3Ahid%3A307761209%3Az%3A0%3Ai%3A20221022141340%3Aet%3A1666448021%3Arn%3A814807648%3Arqn%3A1%3Au%3A1666448021909309712%3Aw%3A1x1%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C198%2C0%2C%2C943%2C0%2C1638%2C1638%2C0%2C1419%3Ans%3A1666448018939%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666448021%3At%3AHow%20Chinese%20Guys%20Enjoy%20Boys%20Porn%20-%20Porn%20video%20%7C%20TXXX.com&t=gdpr%2814%29mc%28p-1%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 22 Oct 2022 14:13:26 GMT
access-control-allow-origin: https://txxx.com
set-cookie: yandexuid=5146018821666448006; Expires=Sun, 22-Oct-2023 14:13:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=5146018821666448006; Expires=Sun, 22-Oct-2023 14:13:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1116603001666448006; Path=/; SameSite=None; Secure
i=9ey6E8Dhf6t90MHeSpMJo7keHesuwYiVXeEdyVcszyGO1HldM2b9mYHP8AfnrvMRsudcGRpDTJwgDmK0g5+SOA9ABi8=; Expires=Tue, 19-Oct-2032 14:13:23 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1697984006.yrts.1666448006#1697984006.yrtsi.1666448006; Expires=Sun, 22-Oct-2023 14:13:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 22-Oct-2022 14:13:26 GMT
last-modified: Sat, 22-Oct-2022 14:13:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
vast.yomeno.xyz/vast
109.206.191.198200 OK 0 B IP 109.206.191.198:0
POST /vast HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json; charset=utf-8
Content-Length: 616
Origin: https://txxx.com
Connection: keep-alive
Referer: https://txxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
access-control-allow-credentials: true
access-control-allow-origin: https://txxx.com
access-control-expose-headers: Content-Length,Content-Range
content-encoding: gzip
X-Firefox-Spdy: h2
creative.xlivrdr.com/LPOmega?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa&iterationId=249747&masterSmartpopId=1914&memberId=6632f42e-5ed3-4f71-8917-994a3914f2cb&p1=Promo_Banners_Straight_T1_Desk&p2=49657&ruleId=17&smartpopId=1807&sourceId=clickadilla.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29441
104.18.59.150200 OK 0 B URL HTTP/2 creative.xlivrdr.com/LPOmega?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa&iterationId=249747&masterSmartpopId=1914&memberId=6632f42e-5ed3-4f71-8917-994a3914f2cb&p1=Promo_Banners_Straight_T1_Desk&p2=49657&ruleId=17&smartpopId=1807&sourceId=clickadilla.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29441
IP 104.18.59.150:0
GET /LPOmega?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa&iterationId=249747&masterSmartpopId=1914&memberId=6632f42e-5ed3-4f71-8917-994a3914f2cb&p1=Promo_Banners_Straight_T1_Desk&p2=49657&ruleId=17&smartpopId=1807&sourceId=clickadilla.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29441 HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://twinrdack.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: text/html
last-modified: Tue, 18 Oct 2022 11:05:44 GMT
expires: Sat, 22 Oct 2022 14:13:21 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 10
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d57579ec0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=d6b8f6955c2c
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=d6b8f6955c2c
IP 104.16.94.42:0
GET /jsi18n/en/djangojs.js?hash=d6b8f6955c2c HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=3271
etag: W/"32cad827f4958bb8450fc33065ba4b42"
last-modified: Thu, 28 Apr 2022 02:42:35 GMT
x-amz-id-2: MZIiQ2sBBdylYqA3lvtRsQ4ZmrG3WUAkpCwBJk4jHRng/bXwc9fLP6DzXXTfolf5kTzmofyiaO0=
x-amz-meta-s3cmd-attrs: md5:32cad827f4958bb8450fc33065ba4b42
x-amz-request-id: R6AAH5TQYRWKK3XH
cf-cache-status: HIT
age: 119706
expires: Mon, 21 Nov 2022 14:13:28 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=pDFc0YWPl_zNIxZyVzyqyMuVVpeA_m6Qzft5t4EIG3k-1666448008991-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d5782a210b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMTg1Njg3NjIxNSIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjQ3MTYwLCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6ZmFsc2UsInJlZmRvbWFpbiI6IiIsInBsIjoyNjksInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4LCJidHlwZSI6MH0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjQ3MTYwIiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vbm8vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjllNDk0N2YzNTc1MTQ2NTQxMWZkMWE0ZjVjMzU4Yzc4IiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NjY0NDgwMjE2MDJ9fQ==
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMTg1Njg3NjIxNSIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjQ3MTYwLCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6ZmFsc2UsInJlZmRvbWFpbiI6IiIsInBsIjoyNjksInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4LCJidHlwZSI6MH0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjQ3MTYwIiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vbm8vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjllNDk0N2YzNTc1MTQ2NTQxMWZkMWE0ZjVjMzU4Yzc4IiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NjY0NDgwMjE2MDJ9fQ==
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IkdheTExMi5jb20lMkNiZXN0JTJDZnJlZSUyQ2dheSUyQ3Bvcm4lMkN2aWRlb3MuJTIwIiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMTg1Njg3NjIxNSIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjQ3MTYwLCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6ZmFsc2UsInJlZmRvbWFpbiI6IiIsInBsIjoyNjksInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4LCJidHlwZSI6MH0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjQ3MTYwIiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vbm8vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjllNDk0N2YzNTc1MTQ2NTQxMWZkMWE0ZjVjMzU4Yzc4IiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NjY0NDgwMjE2MDJ9fQ== HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
IP 104.16.94.42:0
GET /CACHE/js/output.bc85e791cb2f.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=202270
etag: W/"7d90e856406997eee24123ea8a61c92d"
last-modified: Fri, 10 Sep 2021 01:29:44 GMT
x-amz-id-2: HJqgrzmpP8NIgQA+YW8wx4YmDeOFkE860/zZrYgEfEOOhSRenFjn4mxx7ChaQYvyWjZAxImMIY8=
x-amz-meta-s3cmd-attrs: md5:7d90e856406997eee24123ea8a61c92d
x-amz-request-id: EVKN10SQAKNB8VZG
cf-cache-status: HIT
age: 1521583
expires: Mon, 21 Nov 2022 14:13:28 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=x1w1n1u4MRCFnbiJCNPVc4vQqvnrveOVnjlQdkHRo4o-1666448008951-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d577e9f40b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/common/core.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/common/core.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/common/core.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gay112.com/
Origin: https://gay112.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 21 Oct 2022 15:29:11 GMT
etag: W/"6352bac7-1bcfb"
content-encoding: gzip
expires: Sat, 22 Oct 2022 14:18:27 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push/styles.css
45.133.44.25200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push/styles.css
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push/styles.css HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gay112.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: text/css
server: nginx/1.18.0
last-modified: Tue, 30 Aug 2022 09:15:33 GMT
etag: W/"630dd535-10f4"
content-encoding: gzip
expires: Sat, 22 Oct 2022 14:18:28 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
IP 104.16.94.42:0
GET /CACHE/js/output.caee332d326d.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:29 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"b61e15511bf0db70d0d422e98c465403"
last-modified: Thu, 24 Jun 2021 21:24:08 GMT
x-amz-id-2: gAJe87IyJM0OkbaBgua73HTcoEANURYYk4wpsNNClr414DBIRL/v+K+9hxRFHrgcwnw38qlmXmM=
x-amz-meta-s3cmd-attrs: md5:b61e15511bf0db70d0d422e98c465403
x-amz-request-id: 2D5TZ021KE4200HB
cf-cache-status: HIT
age: 405967
expires: Mon, 21 Nov 2022 14:13:29 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=cM12VKhKYTmsRlGIgXk7D3CI2uytQrMS3rKIIn6t0yY-1666448009008-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d5783a2e0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/in/?track=a-g-c-t1&tour=CoeM&campaign=5AK96&disable_sound=1&mobileRedirect=auto&embed_video_only=1
104.18.100.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=a-g-c-t1&tour=CoeM&campaign=5AK96&disable_sound=1&mobileRedirect=auto&embed_video_only=1
IP 104.18.100.40:0
GET /in/?track=a-g-c-t1&tour=CoeM&campaign=5AK96&disable_sound=1&mobileRedirect=auto&embed_video_only=1 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://r-eu.tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: text/html; charset=utf-8
location: /topembed/male/?join_overlay=1&tour=CoeM&campaign=5AK96&disable_sound=1&mobileRedirect=auto&embed_video_only=1
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_CoeM=1; expires=Thu, 27-Oct-2022 14:13:28 GMT; Max-Age=432000; Path=/
us_CoeM=1; Path=/
affkey="eJwdjMEKgCAQBX8l9pxKQUHeomP0EWJaUlboSkT077EeZ3jzXkCQBQynmaAsQPuLsOnHriXGsBErtjDNsCIVSKyIV5RCBGYSx/gcs9MKDdenFzRS1uYuOnXEPeHtrCGf3+sKvh+xZCHo"; Domain=.chaturbate.com; expires=Mon, 21-Nov-2022 14:13:28 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Sat, 22-Oct-2022 20:13:28 GMT; Max-Age=21600; Path=/
sbr=sec:sbr1f15aa32-2f29-4e1d-8b80-a1022a7b44d8:1omFFg:g0uCictCOmKy8E3C8G8y4uWBODE; Domain=.chaturbate.com; expires=Thu, 17-Jul-2025 14:13:28 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=Ix6Ao2swIJlJI3npjLyn2fz44Q2ZZd4h2FYyiGpDYJ0-1666448008-0-AYx4f3wNQ0QeEBJXPEaOHP6dL0qPK5n+CO5k2W2YKvhqO2nNUWrCZljh3g6y8Znz509AqUjBHJ+Z3/e57dUW8R8=; path=/; expires=Sat, 22-Oct-22 14:43:28 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 75e2d572bc2fb4ff-OSL
X-Firefox-Spdy: h2
creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=72d4f9afc2f0f1b08aa025ab05e9b36e3df0ba66c7200f29e663fb52e95b1e9d&iterationId=249747&masterSmartpopId=1914&memberId=fb02d45c-175c-4f10-a0d9-5a6feaa8ce36&p1=Promo_Banners_Straight_T1_Desk&p2=49657&ruleId=17&smartpopId=1807&sourceId=clickadilla.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29440
104.18.59.150200 OK 0 B URL HTTP/2 creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=72d4f9afc2f0f1b08aa025ab05e9b36e3df0ba66c7200f29e663fb52e95b1e9d&iterationId=249747&masterSmartpopId=1914&memberId=fb02d45c-175c-4f10-a0d9-5a6feaa8ce36&p1=Promo_Banners_Straight_T1_Desk&p2=49657&ruleId=17&smartpopId=1807&sourceId=clickadilla.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29440
IP 104.18.59.150:0
GET /widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=72d4f9afc2f0f1b08aa025ab05e9b36e3df0ba66c7200f29e663fb52e95b1e9d&iterationId=249747&masterSmartpopId=1914&memberId=fb02d45c-175c-4f10-a0d9-5a6feaa8ce36&p1=Promo_Banners_Straight_T1_Desk&p2=49657&ruleId=17&smartpopId=1807&sourceId=clickadilla.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29440 HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://twinrdack.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: text/html
last-modified: Tue, 18 Oct 2022 11:05:47 GMT
expires: Sat, 22 Oct 2022 14:13:33 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 1
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e2d57579ed0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4MywidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTQxLCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDgzLCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDgzIiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU0M319
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4MywidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTQxLCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDgzLCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDgzIiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU0M319
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4MywidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTQxLCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDgzLCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjo4LCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDgzIiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU0M319 HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4NSwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTIxLCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDg1LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjoyLCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDg1IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU1M319
162.55.139.130200 OK 0 B URL HTTP/2 5c0276acfe.9a363a4900.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4NSwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTIxLCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDg1LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjoyLCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDg1IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU1M319
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMTA4NSwidHlwZSI6InBvcCIsImlkem9uZSI6NjkzOTIxLCJhZF90YWdzIjoiR2F5JTJDQXNpYW4lMkNCYXJlYmFjayUyQ0hEJTJDRGVlcHRocm9hdCUyQ0N1bXNob3QiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIzODgzMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjMxMDg1LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoiZ2F5MTEyLmNvbSIsInBsIjoyLCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjMxMDg1IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2dheTExMi5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIn0sImV4dCI6eyJkdCI6MTY2NjQ0ODAyMTU1M319 HTTP/1.1
Host: 5c0276acfe.9a363a4900.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://txxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 22 Oct 2022 14:13:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/chatembed-prod-d6b8f6955c2c.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/chatembed-prod-d6b8f6955c2c.js
IP 104.16.94.42:0
GET /cachebust/chatembed-prod-d6b8f6955c2c.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 14:13:28 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=925333
etag: W/"eee1743ce4a26de142b22da01f063386"
last-modified: Fri, 21 Oct 2022 04:55:43 GMT
x-amz-id-2: 4kyzDZw47ERLzZ07RxTrvBFGI1OBKJjzsMzFb/CM+NyQ6xQO0WzH/rDiIRrCTzHlU5F+EEgi9kE=
x-amz-meta-s3cmd-attrs: md5:eee1743ce4a26de142b22da01f063386
x-amz-request-id: ARPM9S8W888XRYVD
cf-cache-status: HIT
age: 119678
expires: Mon, 21 Nov 2022 14:13:28 GMT
vary: Accept-Encoding
set-cookie: _cfuvid=fWSmksiq3huLbEILaNp4f83wzeMJacPZesrZ4zrL1nM-1666448008952-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e2d577e9f50b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2