xfantazy.com/video/5f76ce8301bf221df0f0efe7?utm_source=share&ruid=41901732
172.67.137.4302 Found 0 B URL HTTP/1.1 xfantazy.com/video/5f76ce8301bf221df0f0efe7?utm_source=share&ruid=41901732
IP 172.67.137.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/5f76ce8301bf221df0f0efe7?utm_source=share&ruid=41901732 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 29 Nov 2022 03:54:52 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/5f76ce8301bf221df0f0efe7?utm_source=share&ruid=41901732
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4gYpYKj%2FVnkPsAlw%2Bfz8qnxNAZH3l4JjHfTXlATLG4%2FwqugY08Yr0IdhM5K%2FsP3iqFHLcF41WAUdGPNNCCl1EFyQMPZej33FXNhWv%2Fac9m6MAvW8PZVJqAyZ%2BKdYwNY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7718678bdc5eb517-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2408
Expires: Tue, 29 Nov 2022 04:35:00 GMT
Date: Tue, 29 Nov 2022 03:54:52 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4671
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:52 GMT
Last-Modified: Tue, 29 Nov 2022 02:37:01 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 03:17:51 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2221
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4698
Expires: Tue, 29 Nov 2022 05:13:10 GMT
Date: Tue, 29 Nov 2022 03:54:52 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
142.250.74.35200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 142.250.74.35:0
Hash 5bb8290d5483ea039d3c66af6f732e29
f7e73ac8f382fd25e611c1b6943ce4437296aa6b
de49be87e7816cddfe49b45ba24c81c3f766c194fbdcb2468472b90621deac50
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:52 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jkrqTxpkz4nChcHIRFxtjngabOlYF14AxN/UQUNJA3ke0ZOXL3vrD0ji6YMYjV5FFdzpCDJ2ZsE=
x-amz-request-id: XZE1SG39HEJXZTJM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 03:42:21 GMT
age: 751
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 03:08:56 GMT
cache-control: public,max-age=3600
age: 2756
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4511
Cache-Control: max-age=109634
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:52 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:22:06 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.208.31.97101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.208.31.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8nyK39iD8tS4Yc8nB/UkWQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /6pZUm+1cINJ1eHkis8zYjTYaAw=
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
142.250.74.35200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 142.250.74.35:0
Hash 5bb8290d5483ea039d3c66af6f732e29
f7e73ac8f382fd25e611c1b6943ce4437296aa6b
de49be87e7816cddfe49b45ba24c81c3f766c194fbdcb2468472b90621deac50
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:53 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 38 kB IP 142.250.74.35:0
Hash 7ac1c826684446f0fb44552cdeb4c632
fd6968aa84f294f51d282b341add50047c359277
14add3dc4b0f243f22ef4f732cd15c87db340b7e2a4e2cb0d8cbe5ef253287ba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 5.4 kB IP 104.18.32.68:0
Hash 617086ae42b59ab6c1d63023a0d53e8a
aca9fc30fa67d02d9eb79784bcd4304fb2938e43
cca2d22434c655f02d250927b17924e0ebafdd8469ef1f09507641d74ea7f5da
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 03:14:20 GMT
Expires: Sat, 03 Dec 2022 03:14:19 GMT
Etag: "85966dd88ccb082b7f7ebc1def721c8c334d770d"
Cache-Control: max-age=342565,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77186793ba9bb4ff-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 1.3 kB IP 104.18.32.68:0
Hash 801d84fa8799abcbcd07f4e9a09e5865
4e033a0f83ff47e60e30e1a550c20761cb640cf1
c676f0294e408d0d467dfbb70a1986a992bf0a59de3769db6da12ce0b6b1fd01
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 03:14:20 GMT
Expires: Sat, 03 Dec 2022 03:14:19 GMT
Etag: "85966dd88ccb082b7f7ebc1def721c8c334d770d"
Cache-Control: max-age=342565,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77186793c86eb4ee-OSL
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/v0/amp-analytics-0.1.js
216.58.211.1200 OK 32 kB URL HTTP/2 cdn.ampproject.org/v0/amp-analytics-0.1.js
IP 216.58.211.1:0
File type ASCII text, with very long lines (65534)
Hash 4f942bf3bb6e278be0343ec05344261f
ebc18dfa8eb590914fd57549e050dd2dd0ab1538
33def24490fbc9b22c557b723dec40eefc79a1c18236354d3e51801f0ccc196b
GET /v0/amp-analytics-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 31953
date: Tue, 29 Nov 2022 03:54:53 GMT
expires: Tue, 29 Nov 2022 03:54:53 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "eddf6e9f984d26cc"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d-qV6COuyfy4_z7FrA/w320h240/0.jpeg
188.72.235.184200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d-qV6COuyfy4_z7FrA/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 8e335d2bc1c8ad70f9546bd4db147ef3
3122500b027e7c2e61a3ac923cba48664e37f289
38e2fd462ac2d15dceb0eac403210afc21efa138670ac10e04c3211fec9d4e82
GET /thumbnail/d-qV6COuyfy4_z7FrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:53 GMT
content-type: image/jpeg
content-length: 15359
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: MISS, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JryUuXagzfrtqm7C9g/w320h240/0.jpeg
188.72.235.184200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JryUuXagzfrtqm7C9g/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c64759ac6fe8cc43172640ee68dcfab0
7eef557f11a283c8769e7b0b871ebf09fbfa297d
48df40721a60a91d2603205ef4b1f856fe58fb4ebc53d889652ca2c524f88f7e
GET /thumbnail/JryUuXagzfrtqm7C9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:53 GMT
content-type: image/jpeg
content-length: 11045
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J7ma73Wvm_jk_W_FrQ/w320h240/0.jpeg
188.72.235.184200 OK 18 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J7ma73Wvm_jk_W_FrQ/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d5d36839c62cdd2a947ea15fab1c37df
d01c52e68da772120289b18152c5dae42b5ea227
aa9b8c9d4e19e9cc889266946c385ffda0d7cdf0dc5f1e6f2869db763d798a97
GET /thumbnail/J7ma73Wvm_jk_W_FrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:53 GMT
content-type: image/jpeg
content-length: 17767
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ce2W63Wmnv_q-jvE9w/w320h240/0.jpeg
188.72.235.184200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ce2W63Wmnv_q-jvE9w/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 2ebb32a4193c4a067ed801f5aa423e73
ab5f6d0e008e12a4b884250c9ef485f1dc950089
8a3159b976766ddf67fe3f8f97efbaa6a572c078e9f46aa2bdeb03f7865ebb80
GET /thumbnail/ce2W63Wmnv_q-jvE9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:53 GMT
content-type: image/jpeg
content-length: 11235
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e8864674933b39029cfebb5295cec568
ab88f2142fc26d5dfa91e95f500264553fe3176e
915cf81e0a18f50aeeb5ab12a791be52b604f8c56d3fcd7745a7e13dc54f8a84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 462045
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/87e80c0996131/main/0.jpeg
188.72.235.184200 OK 158 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/87e80c0996131/main/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.35.100", baseline, precision 8, 1920x1080, components 3\012- data
Size 158 kB (157764 bytes)
Hash b8aba54d260c0dc36c3ff619f6908852
4d7d9d29122492a1799ea25415a8152ed2e22f1d
38a3cda734b9bb323d423611b81fa137f6909f5d0b63bcf076bf5eb5dc13387b
GET /thumbnail/87e80c0996131/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:53 GMT
content-type: image/jpeg
content-length: 157764
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 464464
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 14:07:32 GMT
expires: Thu, 23 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 481641
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 54d2af8f61eca7773a7b49481005db46
85966dd88ccb082b7f7ebc1def721c8c334d770d
a2d72b519b587a04c426c6fc260f8c4f6138878f853ce3cf730672b29adde912
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 03:14:20 GMT
Expires: Sat, 03 Dec 2022 03:14:19 GMT
Etag: "85966dd88ccb082b7f7ebc1def721c8c334d770d"
Cache-Control: max-age=342565,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77186793c987b4ed-OSL
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 54d2af8f61eca7773a7b49481005db46
85966dd88ccb082b7f7ebc1def721c8c334d770d
a2d72b519b587a04c426c6fc260f8c4f6138878f853ce3cf730672b29adde912
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 03:14:20 GMT
Expires: Sat, 03 Dec 2022 03:14:19 GMT
Etag: "85966dd88ccb082b7f7ebc1def721c8c334d770d"
Cache-Control: max-age=342565,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77186793c90c0b41-OSL
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 401 kB IP 142.250.74.35:0
Size 401 kB (400696 bytes)
Hash ca107a414374de83d7440b9cc4fa44b0
e13a080ccf2a3ae39345d444afdd1a9485e7f06a
1718ca74e2c9297cfe96a5098b8fd932d41b618d7699c1136910ea53573d5e61
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.168200 OK 54 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.168:0
File type ASCII text, with very long lines (15971)
Hash 9c5c9a950bc1bea679ff5cefb3937e3a
a0574624e802b4c150626241b239d244e9934ac1
cb8af0521a5d3bbb9c07b87a7502e732628296c693da8f771420eab7d69f0aec
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 29 Nov 2022 03:54:53 GMT
expires: Tue, 29 Nov 2022 03:54:53 GMT
cache-control: private, max-age=900
last-modified: Tue, 29 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 39 kB IP 142.250.74.35:0
Hash b5cdd89dcd5a90e9ae293dfad94a0289
8bbb0fef1da69fc28efb904246883b2982e399b3
5e64ac7eb74a4e448c40e3fae5baca55de94352e7609b4d10b9e7994683dd82b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.10200 OK 6.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.10:0
Hash 63ced56828f3c9ff17b21daf47f9e42a
f92bd41da9570e76d27e2b32cbccf913005fac9b
471cfb4538da15890cd5a92240474f8778dce516e9fe7fc5e0317b2935d51818
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 29 Nov 2022 03:54:53 GMT
date: Tue, 29 Nov 2022 03:54:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 2.0 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e2885e114838d92bf81e6161755ae24b
4bbaccce19f80afa8b79a95668f315dbebfbf4ca
bd2f418fb8ea795744bbd9d530acf80e7251077009c330e08aac5d2f6d6c0e70
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "517A5939ED6272C2C3D76BA3CD2AB7771E672AD0DFF722A59D7E81C4EEF50C4A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15203
Expires: Tue, 29 Nov 2022 08:08:17 GMT
Date: Tue, 29 Nov 2022 03:54:54 GMT
Connection: keep-alive
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.85.229200 OK 85 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Hash 48c6510db10510d25a14e132b6c6bd1a
de1feca854233a18bd70d0484154bcacbd138c1d
73c6bbad275690c160ed6e68c4cd317e8c8bc46e3ca5a1445d6195bfa3ef100b
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.249.0
x-jsd-version-type: version
etag: W/"346a1-5pJjF6sMSAvD5NiPdWPuLzoQQcw"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 29 Nov 2022 03:54:54 GMT
age: 34226
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85108
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 530b0c207f3e23633c69eb72b1a14788
03884cc8fdf3ce4f8e4f088fe4e3d314e5abe8e9
d2ad2b27634b7d4068fa577c47da7ee20ef9b682b916620cb80e4cbcab86f79d
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:54 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "901BCA098CF38941689978ED613F3C27399A5B7E"
Expires: Tue, 29 Nov 2022 15:00:00 GMT
Last-Modified: Tue, 29 Nov 2022 03:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2734
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77186799dd97b505-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5281
Expires: Tue, 29 Nov 2022 05:22:55 GMT
Date: Tue, 29 Nov 2022 03:54:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5281
Expires: Tue, 29 Nov 2022 05:22:55 GMT
Date: Tue, 29 Nov 2022 03:54:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5281
Expires: Tue, 29 Nov 2022 05:22:55 GMT
Date: Tue, 29 Nov 2022 03:54:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5281
Expires: Tue, 29 Nov 2022 05:22:55 GMT
Date: Tue, 29 Nov 2022 03:54:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5281
Expires: Tue, 29 Nov 2022 05:22:55 GMT
Date: Tue, 29 Nov 2022 03:54:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 04:16:47 GMT
age: 85087
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
173.233.137.52200 OK 13 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 173.233.137.52:0
File type ASCII text, with very long lines (37167), with no line terminators
Hash 0569406e4c7d7b6e1a93e17fbcd4e0a0
ad8f95d13e95b5a4c73ab5fb19cc186ceeefe686
3accaea384d40d25784224db4ba5ec52097c30afb571641076c4d763d3d8138f
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 78011838e2f6b343885c93a77bf394e7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 748366131b496e41f92e15ce7d1cd0e0
a6c7a59a6599ece2cf0e76c778c920dea94ff469
b9ea2d419742c67e2b14536379e7383524f22645b1af988d5bd72154647fc602
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4862
x-amzn-requestid: 17c6fb35-2dc8-45e4-a226-a74ba94323b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYlHXxIAMFcpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5d0-5a0f4f667a3747166eb2b338;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ImCYNlZ1ri4mMpJhMnoucEoQPgKly8gj7KvMPFYb6WpsoJ18WyFog==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 13:28:25 GMT
age: 51989
etag: "a6c7a59a6599ece2cf0e76c778c920dea94ff469"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 07:38:02 GMT
age: 73012
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e44c46db2ac9917110dc47aa38fdc85
b5b245c90705ad80c31d457c0d7c96709ca31e96
5024225a583b188860eaf21f7196c06cef8b2e89389ae4b1df6e314399f3b2ae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8796
x-amzn-requestid: 2eed036c-fcda-425b-8c5d-0b0ff31214a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEEWMIAMFwKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-5cb071a2098d43d909eb8d5c;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uWzs8gOBoczTeYXB7-FfJemWbh-hYHwNcR3b9BM5VtJ55NRUzCZeTQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 14:56:22 GMT
age: 46712
etag: "b5b245c90705ad80c31d457c0d7c96709ca31e96"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4058fd62595d15c58b3d3266de9865a
d0dff35eb78f129b5da407043037bcf9c27e55c0
ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qh3WqWdBmMG3fzchn3OvxbEpwm2wl_CXi105CL4uJda47N9ZX3CyLA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 08:56:43 GMT
age: 68291
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5049b423-1bbd-4caa-891e-b46234fc1a6a.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5049b423-1bbd-4caa-891e-b46234fc1a6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df665be3ae1347cb9bb1443a6a1a33e6
e0617845684a8f7586b37e8be8976bbe6a93563e
15155df8643daa0408633922e15691a3b00b393ee433e1162cf031024e84d0a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5049b423-1bbd-4caa-891e-b46234fc1a6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14856
x-amzn-requestid: 22ec3d7a-91f5-4b67-9621-a93b1e5d09e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYejFKxoAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d45c-34ffa40356825a715a7eb5cc;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:07:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GBeOUYK49uZurdS8v-Fmimf_GDcBqDR6hlZ7eRaMeGjs0iEeIvhIWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 04:01:39 GMT
age: 85995
etag: "e0617845684a8f7586b37e8be8976bbe6a93563e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash fdd8f3012dda2753d3e20aca16ee07d0
864ff860222d2189d6cd9a8654580702417fde59
ded359c37dc7cddb7369e0a9157f726e4a15bad13f12722da92c9754a969c775
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:54 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Sat, 03 Dec 2022 02:17:26 GMT
ETag: "864ff860222d2189d6cd9a8654580702417fde59"
Last-Modified: Tue, 29 Nov 2022 02:17:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2957
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7718679b9e30b505-OSL
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3657
Expires: Tue, 29 Nov 2022 04:55:51 GMT
Date: Tue, 29 Nov 2022 03:54:54 GMT
Connection: keep-alive
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37161), with no line terminators
Hash a77800ec73b0df231ca6dab35bf0e0af
b342118daf724890b49d47b876a2b01b4c966a25
079a90c6ac2b459a4398a75114f0945fa7ce44193402b5d69a9f28afb5cfd5d1
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 03:54:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1282995aa396d21d9700673bd8eb06d0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035453%3Aet%3A1669694094%3Ac%3A1%3Arn%3A896685632%3Arqn%3A1%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C98%2C807%2C0%2C233%2C0%2C%2C302%2C7%2C%2C%2C%2C1448%3Ans%3A1669694091303%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694094%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035453%3Aet%3A1669694094%3Ac%3A1%3Arn%3A896685632%3Arqn%3A1%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C98%2C807%2C0%2C233%2C0%2C%2C302%2C7%2C%2C%2C%2C1448%3Ans%3A1669694091303%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694094%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash b36f93275b808987d59564d1dc60e9ba
71a4d3a189a83dd87a4c44ac9aff5fc6f98d79dd
771be9d1a36b24e9409b262e5bfd2bc81b4554d1f17c31dafa345c67c29159c1
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035453%3Aet%3A1669694094%3Ac%3A1%3Arn%3A896685632%3Arqn%3A1%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C98%2C807%2C0%2C233%2C0%2C%2C302%2C7%2C%2C%2C%2C1448%3Ans%3A1669694091303%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694094%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035453%3Aet%3A1669694094%3Ac%3A1%3Arn%3A896685632%3Arqn%3A1%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C98%2C807%2C0%2C233%2C0%2C%2C302%2C7%2C%2C%2C%2C1448%3Ans%3A1669694091303%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694094%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 29 Nov 2022 03:54:54 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=772436041669694094; Expires=Wed, 29-Nov-2023 03:54:54 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=772436041669694094; Expires=Wed, 29-Nov-2023 03:54:54 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=828641831669694094; Path=/; SameSite=None; Secure
i=H2C9hQZ3a+wlBl3QA7OKEr5HQGieEf3Sepzd7ei0Z1EUNRqgu1s+lvVOhoQ6TAlGSx6NgAwnLcXcxkx4+BN0qssCTYs=; Expires=Fri, 26-Nov-2032 03:54:36 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1701230094.yc.1669694094#1701230094.yrts.1669694094#1701230094.yrtsi.1669694094; Expires=Wed, 29-Nov-2023 03:54:54 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 03:54:54 GMT
last-modified: Tue, 29-Nov-2022 03:54:54 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 94d394d6beaad25971b7f1e02d93b841
07359fac8e3e5c10dee86bdb0d2a468ab90d8f9a
06c4f25efd09668ee6bc8cc7b4d278841c5abb5d31c0e029cda8b43c4ee4a489
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=124433
Date: Tue, 29 Nov 2022 03:54:54 GMT
Etag: "6384b816-1d7"
Expires: Wed, 30 Nov 2022 14:28:47 GMT
Last-Modified: Mon, 28 Nov 2022 13:31:02 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: s_A2fj4Mfy7NyJorLRpuHlEfH-2_mU5U1qnx2y_mDEQYdoEyyiss9g==
Age: 3465
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 8d9e3cbd26fb95ffcad8238a4e312f50
fa69a468c40ecf606d65c3293cac9440913deab0
a820b739bc81809fc4ad1b032da705163454b233980bfd7e35ec705d0f95f2fe
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=1202d32d-ea3f-4fff-bff2-e54407c2569c:2:1; expires=Fri, 26 Nov 2032 03:54:54 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3657
Expires: Tue, 29 Nov 2022 04:55:51 GMT
Date: Tue, 29 Nov 2022 03:54:54 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 94d394d6beaad25971b7f1e02d93b841
07359fac8e3e5c10dee86bdb0d2a468ab90d8f9a
06c4f25efd09668ee6bc8cc7b4d278841c5abb5d31c0e029cda8b43c4ee4a489
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 29 Nov 2022 03:54:54 GMT
Last-Modified: Tue, 29 Nov 2022 02:28:51 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wxaVCJBYsui4yeSXArCzGekHCdnMtJqdykaJ-iXNjN7uZ5fF3TWK7g==
Age: 5163
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash b59ad9f07f69c10c8ef6882c7c644a90
88a7d5b33ad3cd4431f7b33ca3b3433e23185c2c
277e48834fe98c2e3d67198d87e8c2b1809a66cd04debf158682c95152de3faf
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=856bff0f-2c1c-451a-9715-bd2bc6f429cf:2:1; expires=Fri, 26 Nov 2032 03:54:54 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035454%3Aet%3A1669694094%3Ac%3A1%3Arn%3A1022917094%3Arqn%3A3%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669694091303%3Arqnl%3A1%3Ast%3A1669694094&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035454%3Aet%3A1669694094%3Ac%3A1%3Arn%3A1022917094%3Arqn%3A3%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669694091303%3Arqnl%3A1%3Ast%3A1669694094&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035454%3Aet%3A1669694094%3Ac%3A1%3Arn%3A1022917094%3Arqn%3A3%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669694091303%3Arqnl%3A1%3Ast%3A1669694094&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 03:54:55 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 03:54:55 GMT
last-modified: Tue, 29-Nov-2022 03:54:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035454%3Aet%3A1669694094%3Ac%3A1%3Arn%3A231476233%3Arqn%3A2%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669694091303%3Arqnl%3A1%3Ast%3A1669694094&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035454%3Aet%3A1669694094%3Ac%3A1%3Arn%3A231476233%3Arqn%3A2%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669694091303%3Arqnl%3A1%3Ast%3A1669694094&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035454%3Aet%3A1669694094%3Ac%3A1%3Arn%3A231476233%3Arqn%3A2%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669694091303%3Arqnl%3A1%3Ast%3A1669694094&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 03:54:55 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 03:54:55 GMT
last-modified: Tue, 29-Nov-2022 03:54:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035454%3Aet%3A1669694094%3Ac%3A1%3Arn%3A279527880%3Arqn%3A4%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669694091303%3Arqnl%3A1%3Ast%3A1669694094&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035454%3Aet%3A1669694094%3Ac%3A1%3Arn%3A279527880%3Arqn%3A4%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669694091303%3Arqnl%3A1%3Ast%3A1669694094&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035454%3Aet%3A1669694094%3Ac%3A1%3Arn%3A279527880%3Arqn%3A4%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669694091303%3Arqnl%3A1%3Ast%3A1669694094&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 108
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 03:54:55 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 03:54:55 GMT
last-modified: Tue, 29-Nov-2022 03:54:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e522c74f3ef0d1b719e47988f1db4c72
d1cae72d7ec41694df696ff175041d043cb9dbf6
2ac181bff12c5547ab34600033ef12150ce0031b5e3885ec0f6e94640b1010ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2AC181BFF12C5547AB34600033EF12150CE0031B5E3885EC0F6E94640B1010EC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13953
Expires: Tue, 29 Nov 2022 07:47:28 GMT
Date: Tue, 29 Nov 2022 03:54:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e3715eedd8e6500e3c5b107da5cacbc
8967db89fffacb6f8ab57c2fa408634f02fa2440
3fb9445ec8391ec7596b82a48a1379784480abdd9362cb887c59ffb1606d4ab9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FB9445EC8391EC7596B82A48A1379784480ABDD9362CB887C59FFB1606D4AB9"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5700
Expires: Tue, 29 Nov 2022 05:29:55 GMT
Date: Tue, 29 Nov 2022 03:54:55 GMT
Connection: keep-alive
tallysaturatesnare.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.137.60200 OK 29 kB URL HTTP/1.1 tallysaturatesnare.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash dd84b5a70f01e879b56271d703124724
e76643359904ab63f442728982da7b2539b65c04
d9e6e6c579ab8ca056469f0abce8a03ea22a23681bffbe6da1d829fa735c3008
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b50eded79e1d93645b4a8435b04d0e59
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash b59ad9f07f69c10c8ef6882c7c644a90
88a7d5b33ad3cd4431f7b33ca3b3433e23185c2c
277e48834fe98c2e3d67198d87e8c2b1809a66cd04debf158682c95152de3faf
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=856bff0f-2c1c-451a-9715-bd2bc6f429cf:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
wastedinvaluable.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.137.52200 OK 29 kB URL HTTP/1.1 wastedinvaluable.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 5ab39e66bd04d0fe720d5bcb8dd5c7b2
7ab14d09b715ada3d3e9e60b81af7383aa956314
50699dca01ad10e1750e8526540e9e50bf7342b356814c748736260b7257931f
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2e0f32e80a5b6bb5519e7d9422a3fbe3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tallysaturatesnare.com/pixel/purst?dl=0&th=0&sc=0&rs=3305&rd=3305&fd=799&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/purst?dl=0&th=0&sc=0&rs=3305&rd=3305&fd=799&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3305&rd=3305&fd=799&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash b59ad9f07f69c10c8ef6882c7c644a90
88a7d5b33ad3cd4431f7b33ca3b3433e23185c2c
277e48834fe98c2e3d67198d87e8c2b1809a66cd04debf158682c95152de3faf
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=856bff0f-2c1c-451a-9715-bd2bc6f429cf:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
tallysaturatesnare.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
173.233.137.60200 OK 4.4 kB URL HTTP/1.1 tallysaturatesnare.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
IP 173.233.137.60:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6081), with no line terminators
Hash 67231343519c7068d83789e05ae1431f
5466e3fe75eda14c3c602b6d849bcb0ab8b52df1
b805050fbbb139b21f9dd3171787874af12477cf1a628c77b5362c32989aeb91
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:55 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Wed, 30 Nov 2022 03:54:55 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 30 Nov 2022 03:54:55 GMT; secure; SameSite=None
uncs=1; expires=Wed, 30 Nov 2022 03:54:55 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 30 Nov 2022 03:54:55 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 30 Nov 2022 03:54:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5994f1d90743cb3c47792bdf90fd40dc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
wastedinvaluable.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
173.233.137.52200 OK 4.0 kB URL HTTP/1.1 wastedinvaluable.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
IP 173.233.137.52:0
File type JSON data\012- , ASCII text, with very long lines (5732), with no line terminators
Hash a2b233062af06b9e72a039429007ac3d
84a15b1ab89f33c6f9cb8e9ecbde0eeb70173b79
2434e86605cf759b5c26bb83bfab450c8572cad98c9b621a09a131905c434dc5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:55 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Wed, 30 Nov 2022 03:54:55 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 30 Nov 2022 03:54:55 GMT; secure; SameSite=None
uncs=1; expires=Wed, 30 Nov 2022 03:54:55 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 30 Nov 2022 03:54:55 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 30 Nov 2022 03:54:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a15afff214f1987e7f87eeb0803a78c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 03:54:55 GMT
access-control-allow-origin: *
etag: "6384bff1-2b"
expires: Tue, 29 Nov 2022 04:54:55 GMT
accept-ranges: bytes
last-modified: Mon, 28 Nov 2022 17:04:33 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 29 Nov 2022 02:41:08 GMT
expires: Tue, 29 Nov 2022 04:41:08 GMT
cache-control: public, max-age=7200
age: 4427
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9ab0f625f5bfca1bebd5e572dc512170
936c768a4ca024e75413085f3af2438d7e62ce1f
d8cb1685a63847e7b0d13588022dc4abfcac1cf3701148d74564572609487b3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8CB1685A63847E7B0D13588022DC4ABFCAC1CF3701148D74564572609487B3A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16247
Expires: Tue, 29 Nov 2022 08:25:42 GMT
Date: Tue, 29 Nov 2022 03:54:55 GMT
Connection: keep-alive
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:56 GMT
content-length: 0
set-cookie: nauid=IsmpxlwZhBkXwVJuStiS; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:56 GMT
content-length: 0
set-cookie: nauid=Yrd5ZFipie4Arpp3ujS0; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:56 GMT
content-length: 0
set-cookie: nauid=J3qE4H9AOKKPp9K4MZ38; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:56 GMT
content-length: 0
set-cookie: nauid=pzTN5IjEttf7PTHri9rd; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/?rwlrd=961956
54.230.245.77200 OK 112 kB URL HTTP/2 d192r5l88wrng7.cloudfront.net/?rwlrd=961956
IP 54.230.245.77:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Size 112 kB (112515 bytes)
Hash 3af07fb013fb13bcab44cdad76c9a35d
e773290c251dd96848530cb7b1c24b48ad92c1a8
e6e1b71962ef5e8ba073267bb3cd40f214d13f9a1e729dc2d0d4815425940256
GET /?rwlrd=961956 HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 112515
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GZkki9tksTsyXYDr9Y-lCCdDxgIcHfMJwJ2GS1pInfNgdk_FVzfDhg==
X-Firefox-Spdy: h2
whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=3373&rd=3373&fd=743&bv=22.10.v.10&tmpl=136
192.243.61.227200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=3373&rd=3373&fd=743&bv=22.10.v.10&tmpl=136
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3373&rd=3373&fd=743&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e073931b16f243749958af494079cba6
ac0bb6eafc93f1a4be6795f73af9030ef0eb10cb
8d4a3423dfbac7819241d586bd8640ec7b143358c28fe37f297851f3c92377d7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8D4A3423DFBAC7819241D586BD8640EC7B143358C28FE37F297851F3C92377D7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15389
Expires: Tue, 29 Nov 2022 08:11:25 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3s0PfrgsqOzFgzp40QWZdM9HkskiwbhmCcYk7q7kXF1dPVOmpqqp6pqejAdDViUH0VlPHjvP5AN1WdyD4EVYJgsiAWHbg%2BRgwL9B2LPMZCD6QtX7VD1vwfO8b32%2B586ID0dP19%2FXPSElna6X%2FdIbG0JFOrOl1bulwC%2F7N0obQs3UbpS6o8105gO%2FXvavl25xtqmnK37g%2B4EflJaE4bHuTo9ZiORBIyg3%2FHKtUg7qNXTNf8%2FWebDUQ9Q5Iy9CRMX%2FWr8%2BgmBDqPYPN7ndTHXy5rttJ2mqDTrR0YdqU%2BlMoX0BY%2BMhVkeTamhbEPLNJWh1NHEA3dkfOUAoCuL9ESBURxOZCDsH50pDCa4QRleQdYbgcghBh2D6HkT0lAAswuoaVPtwVZuMbp2zdMQWZOrZ3xBZQab%2BvAbVfrgoRbd0R0uXCq0sunEO0R1CNIdI3DHSngeRHYOlOxDRb2T62QpUe3%2FNSg0R5WP3Qgwh4iEk74NaD260hAcXe3CJh3Z0WqL1Ruz7s3EYV6tzNcZYtcpYfW4mqkfV2lzsw7GRvD7SpA8m%2B2BmG4nZxqa4XxCysw%2FjHsO2ctjIg00L4n2wjU6UI%2BMEmSXIKEEmCLKUIOvkB5G0FZsfRtK6MJjkyiRX84FOm3v0QKdNrsheckZeGDXHu%2FrJ69jkp6VKEPNqo%2B7HtaDC%2FcoMq1bjIJxhnM8EVR5SWJFD2Etjvz1RkFfqV5CIgvx%2F4TFCegwrj8HE86DuZdBsMFvxQVuD2pyPnvpJ0dQZKlucyrRltTOMl5l0ISKdI0mnkG55e%2FKMvDQe2PxbV8HZycKT3l%2B3Hl77GMzkSEyOj8QTgqbcHdzWGdm%2FrTNLHq0lqWiLHh0N805KU375u%2Ff4VqZNtHzT9r99m42IEXxwl9t0hapIqKYl3y%2BKKOJmSRvGyc%2FLdoOH6862Fp1RLllZf2dpuZ0Ybq3QaggqntovwERBntv9cvxNX31NQ5ghjMvRdidkEhB6CJZswyYX6q0mMPKiJkw8ZC4fmEp4cSlFQeqfrkHyk4Wv56%2F%2FsnX4I2iYw%2FJ%2FPbzAe3YXTeOBpveg2jk6JkdH5qCyD%2BsuD9LEnCz8Xh0HQukNQmm8%2FVAaef%2B8vVaclng99mPuV3gYN8J4lvpRI641QtoI%2BGxYpwFSW7DPdr76BwAA%2F%2F8BAAD%2F%2Fxjj1oSCBAAA
173.233.137.60200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3s0PfrgsqOzFgzp40QWZdM9HkskiwbhmCcYk7q7kXF1dPVOmpqqp6pqejAdDViUH0VlPHjvP5AN1WdyD4EVYJgsiAWHbg%2BRgwL9B2LPMZCD6QtX7VD1vwfO8b32%2B586ID0dP19%2FXPSElna6X%2FdIbG0JFOrOl1bulwC%2F7N0obQs3UbpS6o8105gO%2FXvavl25xtqmnK37g%2B4EflJaE4bHuTo9ZiORBIyg3%2FHKtUg7qNXTNf8%2FWebDUQ9Q5Iy9CRMX%2FWr8%2BgmBDqPYPN7ndTHXy5rttJ2mqDTrR0YdqU%2BlMoX0BY%2BMhVkeTamhbEPLNJWh1NHEA3dkfOUAoCuL9ESBURxOZCDsH50pDCa4QRleQdYbgcghBh2D6HkT0lAAswuoaVPtwVZuMbp2zdMQWZOrZ3xBZQab%2BvAbVfrgoRbd0R0uXCq0sunEO0R1CNIdI3DHSngeRHYOlOxDRb2T62QpUe3%2FNSg0R5WP3Qgwh4iEk74NaD260hAcXe3CJh3Z0WqL1Ruz7s3EYV6tzNcZYtcpYfW4mqkfV2lzsw7GRvD7SpA8m%2B2BmG4nZxqa4XxCysw%2FjHsO2ctjIg00L4n2wjU6UI%2BMEmSXIKEEmCLKUIOvkB5G0FZsfRtK6MJjkyiRX84FOm3v0QKdNrsheckZeGDXHu%2FrJ69jkp6VKEPNqo%2B7HtaDC%2FcoMq1bjIJxhnM8EVR5SWJFD2Etjvz1RkFfqV5CIgvx%2F4TFCegwrj8HE86DuZdBsMFvxQVuD2pyPnvpJ0dQZKlucyrRltTOMl5l0ISKdI0mnkG55e%2FKMvDQe2PxbV8HZycKT3l%2B3Hl77GMzkSEyOj8QTgqbcHdzWGdm%2FrTNLHq0lqWiLHh0N805KU375u%2Ff4VqZNtHzT9r99m42IEXxwl9t0hapIqKYl3y%2BKKOJmSRvGyc%2FLdoOH6862Fp1RLllZf2dpuZ0Ybq3QaggqntovwERBntv9cvxNX31NQ5ghjMvRdidkEhB6CJZswyYX6q0mMPKiJkw8ZC4fmEp4cSlFQeqfrkHyk4Wv56%2F%2FsnX4I2iYw%2FJ%2FPbzAe3YXTeOBpveg2jk6JkdH5qCyD%2BsuD9LEnCz8Xh0HQukNQmm8%2FVAaef%2B8vVaclng99mPuV3gYN8J4lvpRI641QtoI%2BGxYpwFSW7DPdr76BwAA%2F%2F8BAAD%2F%2Fxjj1oSCBAAA
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3s0PfrgsqOzFgzp40QWZdM9HkskiwbhmCcYk7q7kXF1dPVOmpqqp6pqejAdDViUH0VlPHjvP5AN1WdyD4EVYJgsiAWHbg%2BRgwL9B2LPMZCD6QtX7VD1vwfO8b32%2B586ID0dP19%2FXPSElna6X%2FdIbG0JFOrOl1bulwC%2F7N0obQs3UbpS6o8105gO%2FXvavl25xtqmnK37g%2B4EflJaE4bHuTo9ZiORBIyg3%2FHKtUg7qNXTNf8%2FWebDUQ9Q5Iy9CRMX%2FWr8%2BgmBDqPYPN7ndTHXy5rttJ2mqDTrR0YdqU%2BlMoX0BY%2BMhVkeTamhbEPLNJWh1NHEA3dkfOUAoCuL9ESBURxOZCDsH50pDCa4QRleQdYbgcghBh2D6HkT0lAAswuoaVPtwVZuMbp2zdMQWZOrZ3xBZQab%2BvAbVfrgoRbd0R0uXCq0sunEO0R1CNIdI3DHSngeRHYOlOxDRb2T62QpUe3%2FNSg0R5WP3Qgwh4iEk74NaD260hAcXe3CJh3Z0WqL1Ruz7s3EYV6tzNcZYtcpYfW4mqkfV2lzsw7GRvD7SpA8m%2B2BmG4nZxqa4XxCysw%2FjHsO2ctjIg00L4n2wjU6UI%2BMEmSXIKEEmCLKUIOvkB5G0FZsfRtK6MJjkyiRX84FOm3v0QKdNrsheckZeGDXHu%2FrJ69jkp6VKEPNqo%2B7HtaDC%2FcoMq1bjIJxhnM8EVR5SWJFD2Etjvz1RkFfqV5CIgvx%2F4TFCegwrj8HE86DuZdBsMFvxQVuD2pyPnvpJ0dQZKlucyrRltTOMl5l0ISKdI0mnkG55e%2FKMvDQe2PxbV8HZycKT3l%2B3Hl77GMzkSEyOj8QTgqbcHdzWGdm%2FrTNLHq0lqWiLHh0N805KU375u%2Ff4VqZNtHzT9r99m42IEXxwl9t0hapIqKYl3y%2BKKOJmSRvGyc%2FLdoOH6862Fp1RLllZf2dpuZ0Ybq3QaggqntovwERBntv9cvxNX31NQ5ghjMvRdidkEhB6CJZswyYX6q0mMPKiJkw8ZC4fmEp4cSlFQeqfrkHyk4Wv56%2F%2FsnX4I2iYw%2FJ%2FPbzAe3YXTeOBpveg2jk6JkdH5qCyD%2BsuD9LEnCz8Xh0HQukNQmm8%2FVAaef%2B8vVaclng99mPuV3gYN8J4lvpRI641QtoI%2BGxYpwFSW7DPdr76BwAA%2F%2F8BAAD%2F%2Fxjj1oSCBAAA HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 301f7dcad800e24dcb1477bd06861e6c
Strict-Transport-Security: max-age=0; includeSubdomains
wastedinvaluable.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v8lsPKnsRUeaoIJPu%2BZPJuIdgXCPRmMTdlZyrq6on5VR3NVXd05MBIWRR9uRO8KKeOt8kG6JB3KsgSMeLBARbRHLYKHry4kXYqzKTgeiDqvdVfa%2Fg%2B96rD%2FbSc%2BIipWfrb%2BmBVIrONqtu5YUNGXGd2crqnYrnVt0blQ0ZzTVuVPrjzfRe9txm1X2x8rpgXT1bcz3X9VyvsiSNCHR%2FdsJCxsdtr9p2q41a1Ws20Df%2FPdvUgaUOeO%2BcPA3Jy%2F9tfvcQkhWIwi9vCttNdPzSa2GqaKINevzwnagb6SxCeAkD4yCIDqfV0LYk5OMr0NHh1AF0b3%2FsAL4sifOzBz86nMqE3zu4UOoriAg%2Bv4asV0CoApIWYPouJP%2BBAIxjdQ1R%2BGBVm4xuXbB0zJZk5vFfkFlJZh5dRxR%2Bsahkv3JbqzSROrLoBzlkv4DsFIjTEyQDBzI7AUt2IPn3ZPbxCqJwf80qDcnziXspC8iggBJDUOsgHS%2FpIA0cpLGDkJ9VaLMduG4r8IN6fb7BGKvXGWvOz%2FEmrzfmAxcpG8sbIomHYGoIZrYRm2105W5JyM4%2BTPoN7GYOyx3YpCTO29vo8RyZIMgsQUYJMkmQJQRZLz%2FgytZs%2FoArm%2FreNNemuZ6PdNLZowc66YiI7MXn5KlJc%2F584it0xVmF1oJ22w08t9Gac%2Bc81vLa3GMepXVaE4zXYGUOaa9M%2FA5kSa4%2F%2Bxvi8cTe%2Bxs%2BPYFVJ2DySdD0OdBs1Kq5oJujxryLQXTcD2iU0MFWlekQXOeIkxkkW86eOifPTHS0T3%2BHYKcLR5%2BM41MwkyM2Od6V3xJ01L3RLZ2R%2FVs6s%2BThWpzIUA7oeIC3E5qIq5%2B9KbYybfjyTTs8eoWNiTE8viNsskIjLqOOJZ8vSs6FWdKGCfL1st0Q%2FnpqNxdTE6XxyvqrS8thbIS1UkcFqCwJ%2BfAPMFmS%2F3ffmHzO539qQZoCJs0RpqdkGpC6AIu3YeNL%2FVYTGHVZ48cOsjQfmZp%2FealkSWr3H0GJ04XdnaOPrv36C6ifw4p%2FPbzEe%2FYeOsYBTe4iCnP0TI6eykHVEDa9Okpic7rwY30S8JUz8pVx9n1l1O5Fg608q4hm4AbCrQk%2FaPtBi7q8HTTaPm17ouU3qYfEluz9nfv%2FAAAA%2F%2F8BAAD%2F%2F0qf5HZ4BAAA
173.233.137.52200 OK 7 B URL HTTP/1.1 wastedinvaluable.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v8lsPKnsRUeaoIJPu%2BZPJuIdgXCPRmMTdlZyrq6on5VR3NVXd05MBIWRR9uRO8KKeOt8kG6JB3KsgSMeLBARbRHLYKHry4kXYqzKTgeiDqvdVfa%2Fg%2B96rD%2FbSc%2BIipWfrb%2BmBVIrONqtu5YUNGXGd2crqnYrnVt0blQ0ZzTVuVPrjzfRe9txm1X2x8rpgXT1bcz3X9VyvsiSNCHR%2FdsJCxsdtr9p2q41a1Ws20Df%2FPdvUgaUOeO%2BcPA3Jy%2F9tfvcQkhWIwi9vCttNdPzSa2GqaKINevzwnagb6SxCeAkD4yCIDqfV0LYk5OMr0NHh1AF0b3%2FsAL4sifOzBz86nMqE3zu4UOoriAg%2Bv4asV0CoApIWYPouJP%2BBAIxjdQ1R%2BGBVm4xuXbB0zJZk5vFfkFlJZh5dRxR%2Bsahkv3JbqzSROrLoBzlkv4DsFIjTEyQDBzI7AUt2IPn3ZPbxCqJwf80qDcnziXspC8iggBJDUOsgHS%2FpIA0cpLGDkJ9VaLMduG4r8IN6fb7BGKvXGWvOz%2FEmrzfmAxcpG8sbIomHYGoIZrYRm2105W5JyM4%2BTPoN7GYOyx3YpCTO29vo8RyZIMgsQUYJMkmQJQRZLz%2FgytZs%2FoArm%2FreNNemuZ6PdNLZowc66YiI7MXn5KlJc%2F584it0xVmF1oJ22w08t9Gac%2Bc81vLa3GMepXVaE4zXYGUOaa9M%2FA5kSa4%2F%2Bxvi8cTe%2Bxs%2BPYFVJ2DySdD0OdBs1Kq5oJujxryLQXTcD2iU0MFWlekQXOeIkxkkW86eOifPTHS0T3%2BHYKcLR5%2BM41MwkyM2Od6V3xJ01L3RLZ2R%2FVs6s%2BThWpzIUA7oeIC3E5qIq5%2B9KbYybfjyTTs8eoWNiTE8viNsskIjLqOOJZ8vSs6FWdKGCfL1st0Q%2FnpqNxdTE6XxyvqrS8thbIS1UkcFqCwJ%2BfAPMFmS%2F3ffmHzO539qQZoCJs0RpqdkGpC6AIu3YeNL%2FVYTGHVZ48cOsjQfmZp%2FealkSWr3H0GJ04XdnaOPrv36C6ifw4p%2FPbzEe%2FYeOsYBTe4iCnP0TI6eykHVEDa9Okpic7rwY30S8JUz8pVx9n1l1O5Fg608q4hm4AbCrQk%2FaPtBi7q8HTTaPm17ouU3qYfEluz9nfv%2FAAAA%2F%2F8BAAD%2F%2F0qf5HZ4BAAA
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v8lsPKnsRUeaoIJPu%2BZPJuIdgXCPRmMTdlZyrq6on5VR3NVXd05MBIWRR9uRO8KKeOt8kG6JB3KsgSMeLBARbRHLYKHry4kXYqzKTgeiDqvdVfa%2Fg%2B96rD%2FbSc%2BIipWfrb%2BmBVIrONqtu5YUNGXGd2crqnYrnVt0blQ0ZzTVuVPrjzfRe9txm1X2x8rpgXT1bcz3X9VyvsiSNCHR%2FdsJCxsdtr9p2q41a1Ws20Df%2FPdvUgaUOeO%2BcPA3Jy%2F9tfvcQkhWIwi9vCttNdPzSa2GqaKINevzwnagb6SxCeAkD4yCIDqfV0LYk5OMr0NHh1AF0b3%2FsAL4sifOzBz86nMqE3zu4UOoriAg%2Bv4asV0CoApIWYPouJP%2BBAIxjdQ1R%2BGBVm4xuXbB0zJZk5vFfkFlJZh5dRxR%2Bsahkv3JbqzSROrLoBzlkv4DsFIjTEyQDBzI7AUt2IPn3ZPbxCqJwf80qDcnziXspC8iggBJDUOsgHS%2FpIA0cpLGDkJ9VaLMduG4r8IN6fb7BGKvXGWvOz%2FEmrzfmAxcpG8sbIomHYGoIZrYRm2105W5JyM4%2BTPoN7GYOyx3YpCTO29vo8RyZIMgsQUYJMkmQJQRZLz%2FgytZs%2FoArm%2FreNNemuZ6PdNLZowc66YiI7MXn5KlJc%2F584it0xVmF1oJ22w08t9Gac%2Bc81vLa3GMepXVaE4zXYGUOaa9M%2FA5kSa4%2F%2Bxvi8cTe%2Bxs%2BPYFVJ2DySdD0OdBs1Kq5oJujxryLQXTcD2iU0MFWlekQXOeIkxkkW86eOifPTHS0T3%2BHYKcLR5%2BM41MwkyM2Od6V3xJ01L3RLZ2R%2FVs6s%2BThWpzIUA7oeIC3E5qIq5%2B9KbYybfjyTTs8eoWNiTE8viNsskIjLqOOJZ8vSs6FWdKGCfL1st0Q%2FnpqNxdTE6XxyvqrS8thbIS1UkcFqCwJ%2BfAPMFmS%2F3ffmHzO539qQZoCJs0RpqdkGpC6AIu3YeNL%2FVYTGHVZ48cOsjQfmZp%2FealkSWr3H0GJ04XdnaOPrv36C6ifw4p%2FPbzEe%2FYeOsYBTe4iCnP0TI6eykHVEDa9Okpic7rwY30S8JUz8pVx9n1l1O5Fg608q4hm4AbCrQk%2FaPtBi7q8HTTaPm17ouU3qYfEluz9nfv%2FAAAA%2F%2F8BAAD%2F%2F0qf5HZ4BAAA HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7df24a8b0a0b211939eea2bfb1e8b95c
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 666862f4814e01580d5eda6267101cf3
df635667f6dae8be205caf550fc95c16d17a01a5
f6f33ec68b533f749a2cef620edba5fba65b437d2dd9e7a8bd6d3e19d0581db6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F33EC68B533F749A2CEF620EDBA5FBA65B437D2DD9E7A8BD6D3E19D0581DB6"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8970
Expires: Tue, 29 Nov 2022 06:24:26 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 666862f4814e01580d5eda6267101cf3
df635667f6dae8be205caf550fc95c16d17a01a5
f6f33ec68b533f749a2cef620edba5fba65b437d2dd9e7a8bd6d3e19d0581db6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F33EC68B533F749A2CEF620EDBA5FBA65B437D2DD9E7A8BD6D3E19D0581DB6"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8897
Expires: Tue, 29 Nov 2022 06:23:13 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e073931b16f243749958af494079cba6
ac0bb6eafc93f1a4be6795f73af9030ef0eb10cb
8d4a3423dfbac7819241d586bd8640ec7b143358c28fe37f297851f3c92377d7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8D4A3423DFBAC7819241D586BD8640EC7B143358C28FE37F297851F3C92377D7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15389
Expires: Tue, 29 Nov 2022 08:11:25 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035455%3Aet%3A1669694095%3Ac%3A1%3Arn%3A502789179%3Arqn%3A6%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669694091303%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669694095&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(6)aw(1)ecs(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035455%3Aet%3A1669694095%3Ac%3A1%3Arn%3A502789179%3Arqn%3A6%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669694091303%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669694095&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(6)aw(1)ecs(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035455%3Aet%3A1669694095%3Ac%3A1%3Arn%3A502789179%3Arqn%3A6%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669694091303%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669694095&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(6)aw(1)ecs(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 03:54:56 GMT
last-modified: Tue, 29-Nov-2022 03:54:56 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mbledeparatea.com/cEE1dGMRI1YZXBF8V1IWAi0IUVE2ZAcyB0F4BwZWHHkNAxEeJgJaABwuQBAFAi5bAE0eJEFRUTYKVBg5KhZfJSk/FVZMIAh1EEYlIBZWOjs3JVIWFDoMZTcMQRZdBBE2FUIyISJ5QhYiKTZ4JgAEI2cMDTgvTTUmNAteFQs5BnsOAEkCYAMZPjtePjRDAAEkDyoZbBpbBRN0IVoqAgwVJxoMEEYlPXBaJC4eeUMiNRN2ex0hFANfG1cWNmwHOkMlRDE1GCxWJ1IUA3E9UTwUUSQ5NyoFJSZJKlQjEDUTci5bERlvJDk3KkEsMiImVyxbOAp9OhERKk0XOh5sTQQHG3heFTAYAmFGNikgQiYFFQZZDiYmKVgkCUkZdCAPSCB9PjoqLF0FITY1WBUrSAZiHiIHCnMxLj8Sc1FRNgNcDA0RFg0VNB4ARi4UJWdfBwweMQg4BUEufB1VQhtSOhQpNwQz
54.230.111.27200 OK 1.2 kB URL HTTP/2 mbledeparatea.com/cEE1dGMRI1YZXBF8V1IWAi0IUVE2ZAcyB0F4BwZWHHkNAxEeJgJaABwuQBAFAi5bAE0eJEFRUTYKVBg5KhZfJSk/FVZMIAh1EEYlIBZWOjs3JVIWFDoMZTcMQRZdBBE2FUIyISJ5QhYiKTZ4JgAEI2cMDTgvTTUmNAteFQs5BnsOAEkCYAMZPjtePjRDAAEkDyoZbBpbBRN0IVoqAgwVJxoMEEYlPXBaJC4eeUMiNRN2ex0hFANfG1cWNmwHOkMlRDE1GCxWJ1IUA3E9UTwUUSQ5NyoFJSZJKlQjEDUTci5bERlvJDk3KkEsMiImVyxbOAp9OhERKk0XOh5sTQQHG3heFTAYAmFGNikgQiYFFQZZDiYmKVgkCUkZdCAPSCB9PjoqLF0FITY1WBUrSAZiHiIHCnMxLj8Sc1FRNgNcDA0RFg0VNB4ARi4UJWdfBwweMQg4BUEufB1VQhtSOhQpNwQz
IP 54.230.111.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3050), with no line terminators
Hash 227f86b174a0e4c1ff46ab52677d90f5
77cd2da971302af39f10854c8768213e660255eb
f0993be5cf5d1052480f60369dd32b3b5b297949f76a2f6e162f59dc359ceb49
GET /cEE1dGMRI1YZXBF8V1IWAi0IUVE2ZAcyB0F4BwZWHHkNAxEeJgJaABwuQBAFAi5bAE0eJEFRUTYKVBg5KhZfJSk/FVZMIAh1EEYlIBZWOjs3JVIWFDoMZTcMQRZdBBE2FUIyISJ5QhYiKTZ4JgAEI2cMDTgvTTUmNAteFQs5BnsOAEkCYAMZPjtePjRDAAEkDyoZbBpbBRN0IVoqAgwVJxoMEEYlPXBaJC4eeUMiNRN2ex0hFANfG1cWNmwHOkMlRDE1GCxWJ1IUA3E9UTwUUSQ5NyoFJSZJKlQjEDUTci5bERlvJDk3KkEsMiImVyxbOAp9OhERKk0XOh5sTQQHG3heFTAYAmFGNikgQiYFFQZZDiYmKVgkCUkZdCAPSCB9PjoqLF0FITY1WBUrSAZiHiIHCnMxLj8Sc1FRNgNcDA0RFg0VNB4ARi4UJWdfBwweMQg4BUEufB1VQhtSOhQpNwQz HTTP/1.1
Host: mbledeparatea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1200
date: Tue, 29 Nov 2022 03:54:56 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vb0051JFfEaUlDFpto6X8Z6c4GndLSFRlw_AWZ61Ta5WfhDq_CpEsA==
X-Firefox-Spdy: h2
mbledeparatea.com/VU1td200Lw4aUjRwD1EYJyFQUl8TaF8xCWR0XwVYOXVVAB87KlpZDjkiGBMLJyIDA0M7KBlSXxMmNCMnFgMGEC4NHhUmCS0bDz0KITU7AC8sD14HJQIJKy0nPQg9O1wYPSYiHiMuPBwqEwk3OiETOi4tKzo9KUY7cH8rMi5lHTgvVR0vCjU6HAwZTz9lLgc0FAACPjQZNAcsNjU2BS9OOSIHAzUlPQc/JBkMASxCKxgfI0E4AzpfMl4lHyxEJAwoKCYvFA8jQTgAGB8gJWAbK0QrZS87Oi4aKi9PPxQILDJeJR88MzwBKBQ2KTYqIxo4BzkDNSUyCjsOQBMpJ0c8FA8sJVkADCcOL2YlPDFeFAohEAUUB1w2AxIfCQAOHSE/NV8iCg8fPAUuGlEHJiIDB1A4KAw/FDgKLBA
54.230.111.27200 OK 1.2 kB URL HTTP/2 mbledeparatea.com/VU1td200Lw4aUjRwD1EYJyFQUl8TaF8xCWR0XwVYOXVVAB87KlpZDjkiGBMLJyIDA0M7KBlSXxMmNCMnFgMGEC4NHhUmCS0bDz0KITU7AC8sD14HJQIJKy0nPQg9O1wYPSYiHiMuPBwqEwk3OiETOi4tKzo9KUY7cH8rMi5lHTgvVR0vCjU6HAwZTz9lLgc0FAACPjQZNAcsNjU2BS9OOSIHAzUlPQc/JBkMASxCKxgfI0E4AzpfMl4lHyxEJAwoKCYvFA8jQTgAGB8gJWAbK0QrZS87Oi4aKi9PPxQILDJeJR88MzwBKBQ2KTYqIxo4BzkDNSUyCjsOQBMpJ0c8FA8sJVkADCcOL2YlPDFeFAohEAUUB1w2AxIfCQAOHSE/NV8iCg8fPAUuGlEHJiIDB1A4KAw/FDgKLBA
IP 54.230.111.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Hash 86c4469ad3ae2092b215397448ff28f7
8c5057d92f651538c15e7cb625ff3e04ee7f34a4
b10505025e1a9afe2847d5e75391c8f6f9c3981deaed4e0c02702e722d2750fd
GET /VU1td200Lw4aUjRwD1EYJyFQUl8TaF8xCWR0XwVYOXVVAB87KlpZDjkiGBMLJyIDA0M7KBlSXxMmNCMnFgMGEC4NHhUmCS0bDz0KITU7AC8sD14HJQIJKy0nPQg9O1wYPSYiHiMuPBwqEwk3OiETOi4tKzo9KUY7cH8rMi5lHTgvVR0vCjU6HAwZTz9lLgc0FAACPjQZNAcsNjU2BS9OOSIHAzUlPQc/JBkMASxCKxgfI0E4AzpfMl4lHyxEJAwoKCYvFA8jQTgAGB8gJWAbK0QrZS87Oi4aKi9PPxQILDJeJR88MzwBKBQ2KTYqIxo4BzkDNSUyCjsOQBMpJ0c8FA8sJVkADCcOL2YlPDFeFAohEAUUB1w2AxIfCQAOHSE/NV8iCg8fPAUuGlEHJiIDB1A4KAw/FDgKLBA HTTP/1.1
Host: mbledeparatea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1168
date: Tue, 29 Nov 2022 03:54:56 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pXGRIAo6x4StzLfnaEGWqpLvakGwazc4tqXb9lyvSDS5wIPAQACSqA==
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035455%3Aet%3A1669694095%3Ac%3A1%3Arn%3A1066436706%3Arqn%3A5%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669694091303%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694095%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035455%3Aet%3A1669694095%3Ac%3A1%3Arn%3A1066436706%3Arqn%3A5%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669694091303%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694095%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035455%3Aet%3A1669694095%3Ac%3A1%3Arn%3A1066436706%3Arqn%3A5%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669694091303%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694095%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 03:54:56 GMT
last-modified: Tue, 29-Nov-2022 03:54:56 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mbledeparatea.com/TFZVYlgtNDYPZy1rN0QtPjpoR2oKc2ckPH1vZxBtIG5tFSoiMWJMOyA5IAY+Pjk7FnYiMyFHagobADc8GQUTASEHEjoXOQ8DIC8QGiMPUQ4nMwIsawAFNgwXHxBjKCA/GBwKFTkRL1puKBcXWxIkGwcBMjsiGzooJzQ/ES8HAhtTOxgHJSxrGjsxGwE7HTgSNBUFFFYXCCZjLDEvLhshPyEfL1Y2BWUcWxYhISQtIgVzZyAIHyVkAA8ZDjYMKHg1OCxrKhJtR2oOBiwvbxwvB1I8Gwc4K2seZw8qNCIwZgYgKS4DUjwbB3BQHhw8bBoBC2c+J2oGOzAhYSI1Zk8eexANMGkWEjoKPAQHAwcPKD00NQokNTgsawEvZVIXJT4tBzAKPDFQDngMZyBrFgFkDgEfE2wtMgVlHiEgOAwHBmoWHmRXARsTPQYPFXA/ETciJmgRCxYlARgLJD1mNm09FAM
54.230.111.27200 OK 1.2 kB URL HTTP/2 mbledeparatea.com/TFZVYlgtNDYPZy1rN0QtPjpoR2oKc2ckPH1vZxBtIG5tFSoiMWJMOyA5IAY+Pjk7FnYiMyFHagobADc8GQUTASEHEjoXOQ8DIC8QGiMPUQ4nMwIsawAFNgwXHxBjKCA/GBwKFTkRL1puKBcXWxIkGwcBMjsiGzooJzQ/ES8HAhtTOxgHJSxrGjsxGwE7HTgSNBUFFFYXCCZjLDEvLhshPyEfL1Y2BWUcWxYhISQtIgVzZyAIHyVkAA8ZDjYMKHg1OCxrKhJtR2oOBiwvbxwvB1I8Gwc4K2seZw8qNCIwZgYgKS4DUjwbB3BQHhw8bBoBC2c+J2oGOzAhYSI1Zk8eexANMGkWEjoKPAQHAwcPKD00NQokNTgsawEvZVIXJT4tBzAKPDFQDngMZyBrFgFkDgEfE2wtMgVlHiEgOAwHBmoWHmRXARsTPQYPFXA/ETciJmgRCxYlARgLJD1mNm09FAM
IP 54.230.111.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash d313f270eee077b798f2eea000374cd7
f70138f8fb2b606698d613eb3962bdf732558738
b8015af9f316b8d95ad35adde9e85e92e4258490b87623995d9d9e8ff7cb9a40
GET /TFZVYlgtNDYPZy1rN0QtPjpoR2oKc2ckPH1vZxBtIG5tFSoiMWJMOyA5IAY+Pjk7FnYiMyFHagobADc8GQUTASEHEjoXOQ8DIC8QGiMPUQ4nMwIsawAFNgwXHxBjKCA/GBwKFTkRL1puKBcXWxIkGwcBMjsiGzooJzQ/ES8HAhtTOxgHJSxrGjsxGwE7HTgSNBUFFFYXCCZjLDEvLhshPyEfL1Y2BWUcWxYhISQtIgVzZyAIHyVkAA8ZDjYMKHg1OCxrKhJtR2oOBiwvbxwvB1I8Gwc4K2seZw8qNCIwZgYgKS4DUjwbB3BQHhw8bBoBC2c+J2oGOzAhYSI1Zk8eexANMGkWEjoKPAQHAwcPKD00NQokNTgsawEvZVIXJT4tBzAKPDFQDngMZyBrFgFkDgEfE2wtMgVlHiEgOAwHBmoWHmRXARsTPQYPFXA/ETciJmgRCxYlARgLJD1mNm09FAM HTTP/1.1
Host: mbledeparatea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1197
date: Tue, 29 Nov 2022 03:54:56 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ki6cvrv8V1CpL2dE6QjAAFBustKPBizB9tXWZBWDx9_gZVAeWphNrQ==
X-Firefox-Spdy: h2
edcritessuspi.com/Ykx1OHFNcxZLTDEmHXcrCAJNex8GHTdWOCwpM3k0BB1ECikVAVNMGAZxTA5AW3lDHgELKEgLQ0Q/AVkFFz9ICVcLIhNXTEQ6SAhfWmJEC19SagAFQEQ4BVkWX31TSAUWIEgJR1R1QwFFUnVAC0lV
172.67.206.179204 No Content 0 B URL HTTP/2 edcritessuspi.com/Ykx1OHFNcxZLTDEmHXcrCAJNex8GHTdWOCwpM3k0BB1ECikVAVNMGAZxTA5AW3lDHgELKEgLQ0Q/AVkFFz9ICVcLIhNXTEQ6SAhfWmJEC19SagAFQEQ4BVkWX31TSAUWIEgJR1R1QwFFUnVAC0lV
IP 172.67.206.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Ykx1OHFNcxZLTDEmHXcrCAJNex8GHTdWOCwpM3k0BB1ECikVAVNMGAZxTA5AW3lDHgELKEgLQ0Q/AVkFFz9ICVcLIhNXTEQ6SAhfWmJEC19SagAFQEQ4BVkWX31TSAUWIEgJR1R1QwFFUnVAC0lV HTTP/1.1
Host: edcritessuspi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y64peCRWiYOodAnNJCx1KNR8G%2F%2B%2BGkzNgkv56NAQgoDcNorfJ8OOV%2FhPP%2F8mRjLGsy6H9EgJkPtBPVPgSgxfw2t9NMoZv4V039V6PfoyesAhsISUaJ7M1A5YvLTAi3JyRptF5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771867a58fd7b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
edcritessuspi.com/ZVZZVVZKaTomaysTEzsDDj0XMRBcPjwEMlQANAchJB4XBg9Wbn8hPwFrYGNkVWdrcyYMMmRkbkMlLTQiECVkZHAMOD86a0MgZGR4VXhre2RDI2RkcBEmODJrVHApISIJa2hjYFxgYGFmXGNtZWQ
172.67.206.179204 No Content 0 B URL HTTP/2 edcritessuspi.com/ZVZZVVZKaTomaysTEzsDDj0XMRBcPjwEMlQANAchJB4XBg9Wbn8hPwFrYGNkVWdrcyYMMmRkbkMlLTQiECVkZHAMOD86a0MgZGR4VXhre2RDI2RkcBEmODJrVHApISIJa2hjYFxgYGFmXGNtZWQ
IP 172.67.206.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZVZZVVZKaTomaysTEzsDDj0XMRBcPjwEMlQANAchJB4XBg9Wbn8hPwFrYGNkVWdrcyYMMmRkbkMlLTQiECVkZHAMOD86a0MgZGR4VXhre2RDI2RkcBEmODJrVHApISIJa2hjYFxgYGFmXGNtZWQ HTTP/1.1
Host: edcritessuspi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oBbBkDq4apQrnJ%2FRHKIrsQvGR00O%2BK28cLd88O0Zz43sWBC1beV70O4im%2Fg99%2F%2BqWeQKr6WxTFSMAqdgyQUQ84%2BiqsSaGRpR4eHPaeV2Xq0Nw2FfPCbCG%2BYFOcr6qbfNCS84dA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771867a58fd8b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
edcritessuspi.com/YjRjZThNCwAWBTgGKhJbNlAxMHkOfCIJATp2CAZ5N3IALGsjV0URUQYJWlMJWwFVQ0gLUF5WCkRHFwRMF0deVwhSA0UMVgRbXlQeFAlTSwBMBVBLCERBXlQeFkQCAgVTEhMRTA4JUlMOWwJaUQhbAVBcCA
172.67.206.179204 No Content 0 B URL HTTP/2 edcritessuspi.com/YjRjZThNCwAWBTgGKhJbNlAxMHkOfCIJATp2CAZ5N3IALGsjV0URUQYJWlMJWwFVQ0gLUF5WCkRHFwRMF0deVwhSA0UMVgRbXlQeFAlTSwBMBVBLCERBXlQeFkQCAgVTEhMRTA4JUlMOWwJaUQhbAVBcCA
IP 172.67.206.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /YjRjZThNCwAWBTgGKhJbNlAxMHkOfCIJATp2CAZ5N3IALGsjV0URUQYJWlMJWwFVQ0gLUF5WCkRHFwRMF0deVwhSA0UMVgRbXlQeFAlTSwBMBVBLCERBXlQeFkQCAgVTEhMRTA4JUlMOWwJaUQhbAVBcCA HTTP/1.1
Host: edcritessuspi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8r3F1VQot2LnwS74QQDETmsFKmsJx%2B6cXk9ABdlE0g08R%2B8Dg6AhqeKeOdaelJf4mXrgL3hQ6N1vhUtmxDSHH02awv3Vg4Ec5Ge3HDMvRh795OgrbBybYSXBrPFZJF%2FrmJOgDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771867a59fe2b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
edcritessuspi.com/akMycEFFfFEDfD4GWgUTPCcGFnAwcmsoFxIUahQ3DC0LFCVYEhQEKA5+C0ZzWnIGVjEDJw9BZxk3UwQ0GX4DVigEJV1NZxx+A15yXm0BQW9bZUdNcEw3QhEmV3IUADUeLw9Bd1x6BEl1WnoHRHJT
172.67.206.179204 No Content 0 B URL HTTP/2 edcritessuspi.com/akMycEFFfFEDfD4GWgUTPCcGFnAwcmsoFxIUahQ3DC0LFCVYEhQEKA5+C0ZzWnIGVjEDJw9BZxk3UwQ0GX4DVigEJV1NZxx+A15yXm0BQW9bZUdNcEw3QhEmV3IUADUeLw9Bd1x6BEl1WnoHRHJT
IP 172.67.206.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /akMycEFFfFEDfD4GWgUTPCcGFnAwcmsoFxIUahQ3DC0LFCVYEhQEKA5+C0ZzWnIGVjEDJw9BZxk3UwQ0GX4DVigEJV1NZxx+A15yXm0BQW9bZUdNcEw3QhEmV3IUADUeLw9Bd1x6BEl1WnoHRHJT HTTP/1.1
Host: edcritessuspi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qOkVg4DPR0fljsfzTuXAIwbmEKbeZzY48gi9FwQvIKJ2O6UyukAGJgCD2RJhVQobUWxTX5c0lrTkj%2BLy2rH3Lg6mQefsywbSxEuRXyC%2BgD4axIXBgmYBI%2FfuNsUBjxZ6ZWZdzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771867a59fe5b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035455%3Aet%3A1669694095%3Ac%3A1%3Arn%3A1066436706%3Arqn%3A5%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669694091303%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694095%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 35 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035455%3Aet%3A1669694095%3Ac%3A1%3Arn%3A1066436706%3Arqn%3A5%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669694091303%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694095%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035455%3Aet%3A1669694095%3Ac%3A1%3Arn%3A1066436706%3Arqn%3A5%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669694091303%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694095%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&charset=utf-8&hittoken=1669694094_5a8aa92ff4fa6bc458c251c9c0f5ca726cc4b9666a37f857dd6e8190eac5e64a&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1286330564164%3Ahid%3A390449965%3Az%3A0%3Ai%3A20221129035455%3Aet%3A1669694095%3Ac%3A1%3Arn%3A1066436706%3Arqn%3A5%3Au%3A1669694094628365435%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669694091303%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669694095%3At%3Anbnabunny%20-%20bareback%20anal%20and%20deepthroat%20cumshot%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=1073657841669694096; Expires=Wed, 29-Nov-2023 03:54:56 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1073657841669694096; Expires=Wed, 29-Nov-2023 03:54:56 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2100108961669694096; Path=/; SameSite=None; Secure
i=l/zQWueA6u1ehpjVNdn2BhQGDl5osNo7JbaKtRIZ0yE6tIQTD0u13+iZoVtQypL0S0woGAqraS1hcmSabJgcqe9K7W4=; Expires=Fri, 26-Nov-2032 03:54:52 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1701230096.yc.1669694096#1701230096.yrts.1669694096#1701230096.yrtsi.1669694096; Expires=Wed, 29-Nov-2023 03:54:56 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 29-Nov-2022 03:54:56 GMT
last-modified: Tue, 29-Nov-2022 03:54:56 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e073931b16f243749958af494079cba6
ac0bb6eafc93f1a4be6795f73af9030ef0eb10cb
8d4a3423dfbac7819241d586bd8640ec7b143358c28fe37f297851f3c92377d7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8D4A3423DFBAC7819241D586BD8640EC7B143358C28FE37F297851F3C92377D7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15389
Expires: Tue, 29 Nov 2022 08:11:25 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af25abbc1f9776cf78b07837dbea38a0
1883049bac2e92f8b3107f6435f00b83d8f4c117
663a6d77de7e3c835bcbb4b567eb28053755bf50ddab14b3f668367a85efdf17
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3331
Cache-Control: max-age=116382
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:56 GMT
Etag: "6384992b-1d7"
Expires: Wed, 30 Nov 2022 12:14:38 GMT
Last-Modified: Mon, 28 Nov 2022 11:19:07 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 8f12114c5e4071a91936f049f8234c94
61ddffbc7f1154cc8a5fe6fabbd976fe71027d6f
5b700cd09f0aa11ec03e2fe0cba0d92444cf70a880eecc5825e99636a6fbab4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 8f12114c5e4071a91936f049f8234c94
61ddffbc7f1154cc8a5fe6fabbd976fe71027d6f
5b700cd09f0aa11ec03e2fe0cba0d92444cf70a880eecc5825e99636a6fbab4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash d5827e12ee88e3a11929edd2fbfac73e
e40b19e8fdce17965d2ce478ee1440193aafb5f8
9bab42d311dd471d0462b0324dc420e8ef6614210240744e0011e71fbaec7dca
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 29 Nov 2022 03:54:56 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1207751161%3A1669694096460717&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsCMY3U2Y6jB6w06Hxk4fgz4el97TCgNg5msIdLrHtyuns_CGOsfX4hssYDWsoDD5YDS1hMow
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-6lv6CSWKUPGfbSsKlNrAPg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:DJg3PlzrhhJdc-6WeO6f3fm0HG1zSg:uccdLp38c1NTELl9;Path=/;Expires=Thu, 28-Nov-2024 03:54:56 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash fb9963af5b3c525d68d5c87f0da8025b
c8d1f50313dddb0cea04745d762dac01718a026f
231ef2bc126d4f0cf0910147608f65ec32ee15f3cfdb6981f5fae66f33cfc519
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7380
Expires: Tue, 29 Nov 2022 05:57:56 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
mbledeparatea.com/utx?cb=2EMPAtmN6Bax&top=xfantazy.com&tid=962014
54.230.111.27204 No Content 0 B URL HTTP/2 mbledeparatea.com/utx?cb=2EMPAtmN6Bax&top=xfantazy.com&tid=962014
IP 54.230.111.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=2EMPAtmN6Bax&top=xfantazy.com&tid=962014 HTTP/1.1
Host: mbledeparatea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 03:54:56 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 29 Nov 2022 03:55:56 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: A6H9cjddm11Dd5qCuR9u_FHZEciGV46a3bmJPxluwGhu0ocme6Aq0A==
X-Firefox-Spdy: h2
mbledeparatea.com/utx?cb=mV1T63XeQWTa&top=xfantazy.com&tid=961956
54.230.111.27204 No Content 0 B URL HTTP/2 mbledeparatea.com/utx?cb=mV1T63XeQWTa&top=xfantazy.com&tid=961956
IP 54.230.111.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=mV1T63XeQWTa&top=xfantazy.com&tid=961956 HTTP/1.1
Host: mbledeparatea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 03:54:56 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 29 Nov 2022 03:55:56 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: at-l4Zu1dHVzVrFNFBajLjGnjKDX4Ltp4IyFO9SIbq6qL9jRJaPN3Q==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c22f6742a681063615a548ae5fbc532
631eaaad4049c5b6f54eb2b4e127b77240868636
a8e170fec241ad3ec9acc075fa8d7ce2184d129bf69f5ace3e7229aa3bfd59c7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8254
Expires: Tue, 29 Nov 2022 06:12:30 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=157
173.233.137.52200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=157
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=157 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.76.226200 OK 2.1 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3fcf323ee5881812876be79c8086a996
f5c11d1c7e7badf7cf8acc4ed14cd623b0bd973a
2cc9133e1da0c41d70ef7121fabbb4688f0f5cbf67f35337535975e73cb98775
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8254
Expires: Tue, 29 Nov 2022 06:12:30 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
d192r5l88wrng7.cloudfront.net/KalZZWjQJOTc8Cx4/PWcNXGdgbwJMPCo1WhprFTwFBR8wbAYwMRctbRxnHnxAEDJkahIGNzc9CUwzNzkJW3A4PlZXYn8uRAU9ZC9aDjM/M1oPMn8vVVc7NiBdBjo4fwYsY3dqEVhmcS1dBDI2LUdPZGk0QE9kaWsERGZ8aXZPZGktXQRgbX8HKHNrakxcYn-xpdk9kaShCT2UYawRfeGlzEVhmPj9XATl8aHJYZmhqBFtmaH8GWjAwKFEMOSF/BixnaW8aWnAsZwU
54.230.245.77200 OK 332 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/KalZZWjQJOTc8Cx4/PWcNXGdgbwJMPCo1WhprFTwFBR8wbAYwMRctbRxnHnxAEDJkahIGNzc9CUwzNzkJW3A4PlZXYn8uRAU9ZC9aDjM/M1oPMn8vVVc7NiBdBjo4fwYsY3dqEVhmcS1dBDI2LUdPZGk0QE9kaWsERGZ8aXZPZGktXQRgbX8HKHNrakxcYn-xpdk9kaShCT2UYawRfeGlzEVhmPj9XATl8aHJYZmhqBFtmaH8GWjAwKFEMOSF/BixnaW8aWnAsZwU
IP 54.230.245.77:0
File type ASCII text, with very long lines (420), with no line terminators
Hash 08e0276dbaf8361a20d100215ff11d6d
d014d715f7871b849b24c3224b671eeda1b04ddf
3282786687bd229da75915138eaa9fc98d5abc4cede1c88d6d12ab0307c28b8d
GET /KalZZWjQJOTc8Cx4/PWcNXGdgbwJMPCo1WhprFTwFBR8wbAYwMRctbRxnHnxAEDJkahIGNzc9CUwzNzkJW3A4PlZXYn8uRAU9ZC9aDjM/M1oPMn8vVVc7NiBdBjo4fwYsY3dqEVhmcS1dBDI2LUdPZGk0QE9kaWsERGZ8aXZPZGktXQRgbX8HKHNrakxcYn-xpdk9kaShCT2UYawRfeGlzEVhmPj9XATl8aHJYZmhqBFtmaH8GWjAwKFEMOSF/BixnaW8aWnAsZwU HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mbledeparatea.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 332
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VbPeJ0rXL2KUziYkGWBlPzRx16Cn7jfLQIPuXiivMM_1jv0DpZJSxA==
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/kYTJCNkgCXSxQdxVbJgtxVwByB3pHWDFZJhEPL1MpKUsvcQkGFDZMLFwCZFopD1V/EC0PUX8HbgBWIAt8R0cjCyUOSCtaJAAXcHB9TwJnBHhJRStYLA5FMRN6UVw2E3pRA3IYeEQBABN6UUUrWH5VF3F0bVMCOgB8RAEAE3pRQDQTeyADcgNmURtnBHgGVy-FdJ0QABAR4UAJyB3hQF3AGLghAJ1AnGRdwcHlRB2wGbhQPcw
54.230.245.77200 OK 186 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/kYTJCNkgCXSxQdxVbJgtxVwByB3pHWDFZJhEPL1MpKUsvcQkGFDZMLFwCZFopD1V/EC0PUX8HbgBWIAt8R0cjCyUOSCtaJAAXcHB9TwJnBHhJRStYLA5FMRN6UVw2E3pRA3IYeEQBABN6UUUrWH5VF3F0bVMCOgB8RAEAE3pRQDQTeyADcgNmURtnBHgGVy-FdJ0QABAR4UAJyB3hQF3AGLghAJ1AnGRdwcHlRB2wGbhQPcw
IP 54.230.245.77:0
File type ASCII text, with no line terminators
Hash 57f70fc2f674f2bce3c951c03447a181
37695c65953c7dfdf841134c5c87e14302139eb3
b2778cbfaf320b9b9c03b9657f3654d9b99a741456d152b09a95789dd6f7d1bb
GET /kYTJCNkgCXSxQdxVbJgtxVwByB3pHWDFZJhEPL1MpKUsvcQkGFDZMLFwCZFopD1V/EC0PUX8HbgBWIAt8R0cjCyUOSCtaJAAXcHB9TwJnBHhJRStYLA5FMRN6UVw2E3pRA3IYeEQBABN6UUUrWH5VF3F0bVMCOgB8RAEAE3pRQDQTeyADcgNmURtnBHgGVy-FdJ0QABAR4UAJyB3hQF3AGLghAJ1AnGRdwcHlRB2wGbhQPcw HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mbledeparatea.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 186
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZbkojoezgL3D381hiKRvNsEtj722JOLehAFne3gt3NgeMZmEAe3QrQ==
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/MUUdUSFcyKDouaCUuMHVuZ3VkeWN3LScnOSF6JxsNIhMuGz86dAB9JhMRcjwtNXpkbjswKTN1cTQpN3VmdyYwKmplYSA4ODp6NicxNCgmIz4nI3I9NmwqOzI+PSs1bWUXcnp4cmN3fD8+PyM7PyR0dWQmI3R1ZHlnf3dxexV0dWQ/Pj9xYG1kE2JmeC9nc3-F7FXR1ZDohdHQVeWdkaWRhcmN3My00OihxehFjd2V4Z2B3ZW1lYSE9OjI3KCxtZRd2ZH15YWEhdWY
54.230.245.77200 OK 594 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/MUUdUSFcyKDouaCUuMHVuZ3VkeWN3LScnOSF6JxsNIhMuGz86dAB9JhMRcjwtNXpkbjswKTN1cTQpN3VmdyYwKmplYSA4ODp6NicxNCgmIz4nI3I9NmwqOzI+PSs1bWUXcnp4cmN3fD8+PyM7PyR0dWQmI3R1ZHlnf3dxexV0dWQ/Pj9xYG1kE2JmeC9nc3-F7FXR1ZDohdHQVeWdkaWRhcmN3My00OihxehFjd2V4Z2B3ZW1lYSE9OjI3KCxtZRd2ZH15YWEhdWY
IP 54.230.245.77:0
File type ASCII text, with very long lines (823), with no line terminators
Hash 1f251a5906fa63a1f69c2637ff482028
a29caf143b220e5042dc28ec3bc5c455c4aedcda
dc23109d7e74cc7f24afe9f4f6768d3ddd4caf2b97a0f89d4a826d2fef588249
GET /MUUdUSFcyKDouaCUuMHVuZ3VkeWN3LScnOSF6JxsNIhMuGz86dAB9JhMRcjwtNXpkbjswKTN1cTQpN3VmdyYwKmplYSA4ODp6NicxNCgmIz4nI3I9NmwqOzI+PSs1bWUXcnp4cmN3fD8+PyM7PyR0dWQmI3R1ZHlnf3dxexV0dWQ/Pj9xYG1kE2JmeC9nc3-F7FXR1ZDohdHQVeWdkaWRhcmN3My00OihxehFjd2V4Z2B3ZW1lYSE9OjI3KCxtZRd2ZH15YWEhdWY HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mbledeparatea.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 594
date: Tue, 29 Nov 2022 03:54:56 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nwSNumv8DpEFLUzrfN5mT2UGNGlitd0mc58FB08wzYrTfiqZqisuaA==
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/5d/1e/66/5d1e6654b79f5bf053b789353432e45e/1613739250.html
45.133.44.4200 OK 537 B URL HTTP/2 cdn.barscreative1.com/sb/au/5d/1e/66/5d1e6654b79f5bf053b789353432e45e/1613739250.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash ed419ce7e348ac1e99e9ba57e5bc3a54
a37ce1e83c2f25df6af732ac3251c5f31d3b422d
d9f2af334f82552eaa3a54f44ff50182fcacd108ab75e7df451e5140f7e4b503
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/5d/1e/66/5d1e6654b79f5bf053b789353432e45e/1613739250.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 12:54:16 GMT
etag: W/"602fb4f8-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 29 Nov 2022 04:54:56 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash a6d8ab176e01bbd0bc56f4c1067c8ea8
b89e10bacd120f137a9ff0394bce8724484ad28e
9f7779bc1866fcef60ef58b2199e05d514b6bd7c04e34098cdf08825e82909e5
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 29 Nov 2022 03:54:56 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-133521793%3A1669694096503896&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuHr3Z1vl3N1psKq3U7axfAl_Icji4WtBc_7uxJoSfwDlnrWXIy7mSdJLLoLoqW6JEV0a39nw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-dKoYRCEG9OIJq4l1Brkj1w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:FBhW4q9Cg0uI5DSPeHmM6kRqU-eb8w:FpGVIhhcjT0qMEUz;Path=/;Expires=Thu, 28-Nov-2024 03:54:56 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7380
Expires: Tue, 29 Nov 2022 05:57:56 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7380
Expires: Tue, 29 Nov 2022 05:57:56 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5d%2F1e%2F66%2F5d1e6654b79f5bf053b789353432e45e%2F1613739250.html&l=1274&fd=163
173.233.137.52200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5d%2F1e%2F66%2F5d1e6654b79f5bf053b789353432e45e%2F1613739250.html&l=1274&fd=163
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5d%2F1e%2F66%2F5d1e6654b79f5bf053b789353432e45e%2F1613739250.html&l=1274&fd=163 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7207a5076b63fb5f39b9436ced9fb18f
cdd84ecfe85882601e81f11783d9f63b30084de3
6d4543402df8135d5860ecd47dd52d96d66d2e1ac6feec11accb5f43f2da7d0d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
172.64.109.13200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
IP 172.64.109.13:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1173813
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=spGbb3lrOaMIYlJboylLSrosgh09zt%2BBg9c%2BBSuzTfZ8IDupN0rOsWkvAFinf1gXcOXLLC8qK%2Basbnc%2Fa1LvqJcTcbaxB%2F6OVpBRqHN7mg9Jo%2BuTmZ%2FOy267DmrSfuqARTYcpulEFrXj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867a78b998e2c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af25abbc1f9776cf78b07837dbea38a0
1883049bac2e92f8b3107f6435f00b83d8f4c117
663a6d77de7e3c835bcbb4b567eb28053755bf50ddab14b3f668367a85efdf17
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3331
Cache-Control: max-age=116382
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:56 GMT
Etag: "6384992b-1d7"
Expires: Wed, 30 Nov 2022 12:14:38 GMT
Last-Modified: Mon, 28 Nov 2022 11:19:07 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash fb9963af5b3c525d68d5c87f0da8025b
c8d1f50313dddb0cea04745d762dac01718a026f
231ef2bc126d4f0cf0910147608f65ec32ee15f3cfdb6981f5fae66f33cfc519
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c46da6bfb7c44896d7fd5eb8e8e1f00
6023f44329436f9b6942b31ad02c805c4001b3c3
a14f4d068457340a839d1988a3f11faefe54909aaba87a98633a001e53819d49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A14F4D068457340A839D1988A3F11FAEFE54909AABA87A98633A001E53819D49"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7380
Expires: Tue, 29 Nov 2022 05:57:56 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c22f6742a681063615a548ae5fbc532
631eaaad4049c5b6f54eb2b4e127b77240868636
a8e170fec241ad3ec9acc075fa8d7ce2184d129bf69f5ace3e7229aa3bfd59c7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8254
Expires: Tue, 29 Nov 2022 06:12:30 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6345f845bbd2c2950fe27f4a0faf2353
27e0ccd4d3d81cb9382dcdbd3e8f61b19a674d76
68579d0b5925d3df0cdbc6acf7fe94428b15cea08e93a549308a104762511dd5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68579D0B5925D3DF0CDBC6ACF7FE94428B15CEA08E93A549308A104762511DD5"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3601
Expires: Tue, 29 Nov 2022 04:54:57 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 878b09fbfc6e211b9563cb6e2159ace0
b90946d8d69b02f60b75b42f1ef048311b374855
633a08f91314ecd2fd983dc5415400b0d768befb25f65fcd531df4e95cdaafcb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "633A08F91314ECD2FD983DC5415400B0D768BEFB25F65FCD531DF4E95CDAAFCB"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3644
Expires: Tue, 29 Nov 2022 04:55:40 GMT
Date: Tue, 29 Nov 2022 03:54:56 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/c7/d8/11/c7d811c735437ee7d9eaf19cabe99868/1669388590.png
45.133.44.9200 OK 68 kB URL HTTP/2 cdn.cloudimagesb.com/si/c7/d8/11/c7d811c735437ee7d9eaf19cabe99868/1669388590.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash eac5c7b7640105378379951f2136d5b6
bddb44701e180be6f8eec5a2c22d0fab88e3cb25
1c893d335cd4d1b0df7311170e7c2696e363f61511ddc86f2722960e42e31435
GET /si/c7/d8/11/c7d811c735437ee7d9eaf19cabe99868/1669388590.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: image/png
content-length: 67502
server: nginx/1.17.6
last-modified: Fri, 25 Nov 2022 15:03:18 GMT
etag: "6380d936-107ae"
expires: Thu, 01 Dec 2022 03:54:56 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/65/47/65/654765e3c493cad95a71028b28aea4d4/1668237264.png
45.133.44.9200 OK 65 kB URL HTTP/2 cdn.cloudimagesb.com/si/65/47/65/654765e3c493cad95a71028b28aea4d4/1668237264.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 87430aa60e4fe605f0d87d7017e3cf31
e1025f730c3d0bd208cb6a356531a4e38a383d84
c7a1680fdc7106832194d6778708487878fe653929d55a8a55a35ea57aa1f499
GET /si/65/47/65/654765e3c493cad95a71028b28aea4d4/1668237264.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: image/png
content-length: 65033
server: nginx/1.17.6
last-modified: Sat, 12 Nov 2022 07:14:33 GMT
etag: "636f47d9-fe09"
expires: Thu, 01 Dec 2022 03:54:56 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fstyle.css&l=6334&fd=145
173.233.137.52200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fstyle.css&l=6334&fd=145
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fstyle.css&l=6334&fd=145 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=154
173.233.137.52200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=154
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=154 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=160
173.233.137.52200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=160
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=160 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fjs%2Fscript.js&l=444&fd=160
173.233.137.52200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fjs%2Fscript.js&l=444&fd=160
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fjs%2Fscript.js&l=444&fd=160 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fanimate.css&l=79245&fd=170
173.233.137.52200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fanimate.css&l=79245&fd=170
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fanimate.css&l=79245&fd=170 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=40
173.233.137.52200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=40
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=40 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
wastedinvaluable.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReu3t3%2F8q8Hlb2IKHNUkEl3z0xmxj0sxjUSjUncXcm5uqp6Uk51V1PVPT0ZEEIWZU%2FuBC%2FqqfNNsiEaxL0Kgky8SECwRSSHjaInL16EvSozGYg%2BqHpf1fcKvu%2B9%2BmA3OyMuMnq69pYeSKXoXKPqVl5YlzHXua2s3Kl4btW9XlmX8Xz9eqU%2F2UzvZc9tVN0XK68L1tVzvuu5rud6lUVpRKj7c1MWMjlqe9W2W637Va9RR9%2F892wzB5Y64L0z8jQkL%2F%2B38d1DSDZGHH15U9huqpOXXosyRVNt0OMH78TdWOcxogsYGgdhfDCrhrYlIR9fgo4PZg6ge3sTBwhkSZyfPQTxwUwmgt7%2BudJAQcQI%2BFXkvTGEGkPSMZi%2BC8l%2FIADjWFlFHD1Y0Sanm%2BcsnbAlufL4L8i8JFceXUMcfbGgZL9yW6sslTq26IcFZH8M2RkjyY6RDhzI%2FBgs3Ybk35O5x8uIo71VqzQkL6bupRxDhmMoMQS1DrLJkg6y0EGWOIj4aYU22qHrNsMgrNVadcZYrcZYozXPG7xWb4UuMjaRN0SaDMHUEMxsITFb6MqdkpDtPZjsG9iNApY7sGlJnLe30OMFckGQW4KcEuSSIE8J8l6xz5X1bfGAK5sF3iz7s1wrRjrt7NJ9nXZETHaTM%2FLUtDl%2FPvEVuuK0Qv2w3XZDz6035915jzW9NveYR2mN%2BoJxH1YWkPbS1O9AluTas78hmUzsvb8R0GNYdQwmnwTNngPNR03fBd0Y1VsuBvFRP6RxSgebVaYjcF0gSa8g3XR21Rl5ZqqjffI7BDu5cfjJJD4FMwUSU%2BBd%2BS1BR90b3dI52bulc0seriapjOSATgZ4O6WpuPzZm2Iz14Yv3bTDw1fYhJjAozvCpss05jLuWPL5guRcmEVtmCBfL9l1EaxldmMhM3GWLK%2B9urgUJUZYK3U8BpUlIR%2F%2BASZL8v%2FuG9PP%2BfxPTUgzhskKRNkJmQWkHoMlW7DJhX6rCYy6qAkSB3lWjIwfXFwqWRL%2F%2FiMocXJjZ%2Fvwo6u%2F%2FgIaFLDiXw8v8K69h45xQNO7iKMCPVOgpwpQNYTNLo%2FSxJzc%2BLE2DQTKGQXKOHuBMmrnvMFWnlYaXl20glaTcR4Ixr2mX2vVXNfnvN5sC6%2BN1Jbs%2Fe37%2FwAAAP%2F%2FAQAA%2F%2F9el2qQeAQAAA%3D%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 wastedinvaluable.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReu3t3%2F8q8Hlb2IKHNUkEl3z0xmxj0sxjUSjUncXcm5uqp6Uk51V1PVPT0ZEEIWZU%2FuBC%2FqqfNNsiEaxL0Kgky8SECwRSSHjaInL16EvSozGYg%2BqHpf1fcKvu%2B9%2BmA3OyMuMnq69pYeSKXoXKPqVl5YlzHXua2s3Kl4btW9XlmX8Xz9eqU%2F2UzvZc9tVN0XK68L1tVzvuu5rud6lUVpRKj7c1MWMjlqe9W2W637Va9RR9%2F892wzB5Y64L0z8jQkL%2F%2B38d1DSDZGHH15U9huqpOXXosyRVNt0OMH78TdWOcxogsYGgdhfDCrhrYlIR9fgo4PZg6ge3sTBwhkSZyfPQTxwUwmgt7%2BudJAQcQI%2BFXkvTGEGkPSMZi%2BC8l%2FIADjWFlFHD1Y0Sanm%2BcsnbAlufL4L8i8JFceXUMcfbGgZL9yW6sslTq26IcFZH8M2RkjyY6RDhzI%2FBgs3Ybk35O5x8uIo71VqzQkL6bupRxDhmMoMQS1DrLJkg6y0EGWOIj4aYU22qHrNsMgrNVadcZYrcZYozXPG7xWb4UuMjaRN0SaDMHUEMxsITFb6MqdkpDtPZjsG9iNApY7sGlJnLe30OMFckGQW4KcEuSSIE8J8l6xz5X1bfGAK5sF3iz7s1wrRjrt7NJ9nXZETHaTM%2FLUtDl%2FPvEVuuK0Qv2w3XZDz6035915jzW9NveYR2mN%2BoJxH1YWkPbS1O9AluTas78hmUzsvb8R0GNYdQwmnwTNngPNR03fBd0Y1VsuBvFRP6RxSgebVaYjcF0gSa8g3XR21Rl5ZqqjffI7BDu5cfjJJD4FMwUSU%2BBd%2BS1BR90b3dI52bulc0seriapjOSATgZ4O6WpuPzZm2Iz14Yv3bTDw1fYhJjAozvCpss05jLuWPL5guRcmEVtmCBfL9l1EaxldmMhM3GWLK%2B9urgUJUZYK3U8BpUlIR%2F%2BASZL8v%2FuG9PP%2BfxPTUgzhskKRNkJmQWkHoMlW7DJhX6rCYy6qAkSB3lWjIwfXFwqWRL%2F%2FiMocXJjZ%2Fvwo6u%2F%2FgIaFLDiXw8v8K69h45xQNO7iKMCPVOgpwpQNYTNLo%2FSxJzc%2BLE2DQTKGQXKOHuBMmrnvMFWnlYaXl20glaTcR4Ixr2mX2vVXNfnvN5sC6%2BN1Jbs%2Fe37%2FwAAAP%2F%2FAQAA%2F%2F9el2qQeAQAAA%3D%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReu3t3%2F8q8Hlb2IKHNUkEl3z0xmxj0sxjUSjUncXcm5uqp6Uk51V1PVPT0ZEEIWZU%2FuBC%2FqqfNNsiEaxL0Kgky8SECwRSSHjaInL16EvSozGYg%2BqHpf1fcKvu%2B9%2BmA3OyMuMnq69pYeSKXoXKPqVl5YlzHXua2s3Kl4btW9XlmX8Xz9eqU%2F2UzvZc9tVN0XK68L1tVzvuu5rud6lUVpRKj7c1MWMjlqe9W2W637Va9RR9%2F892wzB5Y64L0z8jQkL%2F%2B38d1DSDZGHH15U9huqpOXXosyRVNt0OMH78TdWOcxogsYGgdhfDCrhrYlIR9fgo4PZg6ge3sTBwhkSZyfPQTxwUwmgt7%2BudJAQcQI%2BFXkvTGEGkPSMZi%2BC8l%2FIADjWFlFHD1Y0Sanm%2BcsnbAlufL4L8i8JFceXUMcfbGgZL9yW6sslTq26IcFZH8M2RkjyY6RDhzI%2FBgs3Ybk35O5x8uIo71VqzQkL6bupRxDhmMoMQS1DrLJkg6y0EGWOIj4aYU22qHrNsMgrNVadcZYrcZYozXPG7xWb4UuMjaRN0SaDMHUEMxsITFb6MqdkpDtPZjsG9iNApY7sGlJnLe30OMFckGQW4KcEuSSIE8J8l6xz5X1bfGAK5sF3iz7s1wrRjrt7NJ9nXZETHaTM%2FLUtDl%2FPvEVuuK0Qv2w3XZDz6035915jzW9NveYR2mN%2BoJxH1YWkPbS1O9AluTas78hmUzsvb8R0GNYdQwmnwTNngPNR03fBd0Y1VsuBvFRP6RxSgebVaYjcF0gSa8g3XR21Rl5ZqqjffI7BDu5cfjJJD4FMwUSU%2BBd%2BS1BR90b3dI52bulc0seriapjOSATgZ4O6WpuPzZm2Iz14Yv3bTDw1fYhJjAozvCpss05jLuWPL5guRcmEVtmCBfL9l1EaxldmMhM3GWLK%2B9urgUJUZYK3U8BpUlIR%2F%2BASZL8v%2FuG9PP%2BfxPTUgzhskKRNkJmQWkHoMlW7DJhX6rCYy6qAkSB3lWjIwfXFwqWRL%2F%2FiMocXJjZ%2Fvwo6u%2F%2FgIaFLDiXw8v8K69h45xQNO7iKMCPVOgpwpQNYTNLo%2FSxJzc%2BLE2DQTKGQXKOHuBMmrnvMFWnlYaXl20glaTcR4Ixr2mX2vVXNfnvN5sC6%2BN1Jbs%2Fe37%2FwAAAP%2F%2FAQAA%2F%2F9el2qQeAQAAA%3D%3D HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 01f4e5f935b2d48f2d3017fcfdcc2548
Strict-Transport-Security: max-age=0; includeSubdomains
wastedinvaluable.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/sbs?c=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTvLBhyGgkosHdfCiAZntnp7ZnUmQxRgTgnF3TSJ7rq6qnim3pqup6pqeHQ8uG5U9iE48eex9Zn%2BghmAOghchzAZEFoS0B9mDC%2F4NQs4yswOrL1S9T9XzFjzP%2B9bn2%2B6Y%2BHD0aOV9PZBK0blG1a%2B8sSoTrnNbWbpbCfyqf6WyKpP5%2BpVKf7KZ3uXAb1T9S5Ubgq3puZof%2BH7gB5Xr0ohY9%2BemLGT6oBVUW361XqsGjTr65r9n6zxY6oH3jsmLkLz8X%2BfXR5BsjKT7wzVh1zKdvvlu1ymaaYMe3%2F8wWUt0nqB7CmPjIU72Z9XQtiTkmzPQyf7MAXRvZ%2BIAkSyJ90eAKNmfyUTU2z1RGimIBBE%2Fj7w3hlBjSDoG0%2Fcg%2BVMCMI6lZSTdvSVtcrp%2BwtIJW5Jzz%2F6GzEty7s%2BLSLoPryrZr9zRymVSJxb9uIDsjyHbY6TuANnAg8wPwLJNSP4bmXt2C0l3Z9kqDcmLqXspx5DxGEoMQa0HN1nSg4s9uNRDlx9VaKMV%2B%2F5CHMVh2KwzxsKQsUZznjd4WG%2FGPhybyBsiS4dgaghmNpCaDazJ%2ByUhmzsw7jFsp4DlHmxWEu%2BDDfR4gVwQ5JYgpwS5JMgzgrxX7HJla7bY48q6KJjl2iyHxUhn7W26q7O2SMh2ekxemDTHu%2FDJ61gTR5VaEIuw1fDjelATfm2ehWEcRPNMiPkgFBGFlQWkPTP1O5AleaVxHqksyf8XHyOiB7DqAEw%2BD%2BpeBs1HCzUftDOqN30Mkp8SmjlDVUdQlXWsdoaJKlMuAtcF0uwcsnVvWx2Tl6YDu%2FzWBQh2uPhk8NeNhxc%2FBjMFUlPgI%2FmEoK22Rrd1TnZu69ySR8tpJrtyQCfDvJPRTJz97j2xnmvDb16zw2%2FfZhNiAh%2FcFTa7RRMuk7Yl31%2BVnAtzXRsmyM837aqIVpztXHUmcemtlXeu3%2BymRlgrdTIGlU%2FtF2CyJM9tfTn9pq%2B%2BpiHNGMYV6LpDMgtIPQZLN2DTU%2FVWExh1WhOlHnJXjEwtOr1UsiSNT5ehxOHi15cv%2FbK%2B9yNoVMCKfz08xdt2C23jgWb3kHQL9EyBnipA1RDWnR1lqTlc%2FD2cBiLljSJlvJ1IGXX%2FpL1WHlUaQV00o%2BYC4zwSjAcLtbAZ%2Bn6N8%2FpCSwQtZLZkn21%2B9Q8AAAD%2F%2FwEAAP%2F%2FDOtYYoIEAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTvLBhyGgkosHdfCiAZntnp7ZnUmQxRgTgnF3TSJ7rq6qnim3pqup6pqeHQ8uG5U9iE48eex9Zn%2BghmAOghchzAZEFoS0B9mDC%2F4NQs4yswOrL1S9T9XzFjzP%2B9bn2%2B6Y%2BHD0aOV9PZBK0blG1a%2B8sSoTrnNbWbpbCfyqf6WyKpP5%2BpVKf7KZ3uXAb1T9S5Ubgq3puZof%2BH7gB5Xr0ohY9%2BemLGT6oBVUW361XqsGjTr65r9n6zxY6oH3jsmLkLz8X%2BfXR5BsjKT7wzVh1zKdvvlu1ymaaYMe3%2F8wWUt0nqB7CmPjIU72Z9XQtiTkmzPQyf7MAXRvZ%2BIAkSyJ90eAKNmfyUTU2z1RGimIBBE%2Fj7w3hlBjSDoG0%2Fcg%2BVMCMI6lZSTdvSVtcrp%2BwtIJW5Jzz%2F6GzEty7s%2BLSLoPryrZr9zRymVSJxb9uIDsjyHbY6TuANnAg8wPwLJNSP4bmXt2C0l3Z9kqDcmLqXspx5DxGEoMQa0HN1nSg4s9uNRDlx9VaKMV%2B%2F5CHMVh2KwzxsKQsUZznjd4WG%2FGPhybyBsiS4dgaghmNpCaDazJ%2ByUhmzsw7jFsp4DlHmxWEu%2BDDfR4gVwQ5JYgpwS5JMgzgrxX7HJla7bY48q6KJjl2iyHxUhn7W26q7O2SMh2ekxemDTHu%2FDJ61gTR5VaEIuw1fDjelATfm2ehWEcRPNMiPkgFBGFlQWkPTP1O5AleaVxHqksyf8XHyOiB7DqAEw%2BD%2BpeBs1HCzUftDOqN30Mkp8SmjlDVUdQlXWsdoaJKlMuAtcF0uwcsnVvWx2Tl6YDu%2FzWBQh2uPhk8NeNhxc%2FBjMFUlPgI%2FmEoK22Rrd1TnZu69ySR8tpJrtyQCfDvJPRTJz97j2xnmvDb16zw2%2FfZhNiAh%2FcFTa7RRMuk7Yl31%2BVnAtzXRsmyM837aqIVpztXHUmcemtlXeu3%2BymRlgrdTIGlU%2FtF2CyJM9tfTn9pq%2B%2BpiHNGMYV6LpDMgtIPQZLN2DTU%2FVWExh1WhOlHnJXjEwtOr1UsiSNT5ehxOHi15cv%2FbK%2B9yNoVMCKfz08xdt2C23jgWb3kHQL9EyBnipA1RDWnR1lqTlc%2FD2cBiLljSJlvJ1IGXX%2FpL1WHlUaQV00o%2BYC4zwSjAcLtbAZ%2Bn6N8%2FpCSwQtZLZkn21%2B9Q8AAAD%2F%2FwEAAP%2F%2FDOtYYoIEAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTvLBhyGgkosHdfCiAZntnp7ZnUmQxRgTgnF3TSJ7rq6qnim3pqup6pqeHQ8uG5U9iE48eex9Zn%2BghmAOghchzAZEFoS0B9mDC%2F4NQs4yswOrL1S9T9XzFjzP%2B9bn2%2B6Y%2BHD0aOV9PZBK0blG1a%2B8sSoTrnNbWbpbCfyqf6WyKpP5%2BpVKf7KZ3uXAb1T9S5Ubgq3puZof%2BH7gB5Xr0ohY9%2BemLGT6oBVUW361XqsGjTr65r9n6zxY6oH3jsmLkLz8X%2BfXR5BsjKT7wzVh1zKdvvlu1ymaaYMe3%2F8wWUt0nqB7CmPjIU72Z9XQtiTkmzPQyf7MAXRvZ%2BIAkSyJ90eAKNmfyUTU2z1RGimIBBE%2Fj7w3hlBjSDoG0%2Fcg%2BVMCMI6lZSTdvSVtcrp%2BwtIJW5Jzz%2F6GzEty7s%2BLSLoPryrZr9zRymVSJxb9uIDsjyHbY6TuANnAg8wPwLJNSP4bmXt2C0l3Z9kqDcmLqXspx5DxGEoMQa0HN1nSg4s9uNRDlx9VaKMV%2B%2F5CHMVh2KwzxsKQsUZznjd4WG%2FGPhybyBsiS4dgaghmNpCaDazJ%2ByUhmzsw7jFsp4DlHmxWEu%2BDDfR4gVwQ5JYgpwS5JMgzgrxX7HJla7bY48q6KJjl2iyHxUhn7W26q7O2SMh2ekxemDTHu%2FDJ61gTR5VaEIuw1fDjelATfm2ehWEcRPNMiPkgFBGFlQWkPTP1O5AleaVxHqksyf8XHyOiB7DqAEw%2BD%2BpeBs1HCzUftDOqN30Mkp8SmjlDVUdQlXWsdoaJKlMuAtcF0uwcsnVvWx2Tl6YDu%2FzWBQh2uPhk8NeNhxc%2FBjMFUlPgI%2FmEoK22Rrd1TnZu69ySR8tpJrtyQCfDvJPRTJz97j2xnmvDb16zw2%2FfZhNiAh%2FcFTa7RRMuk7Yl31%2BVnAtzXRsmyM837aqIVpztXHUmcemtlXeu3%2BymRlgrdTIGlU%2FtF2CyJM9tfTn9pq%2B%2BpiHNGMYV6LpDMgtIPQZLN2DTU%2FVWExh1WhOlHnJXjEwtOr1UsiSNT5ehxOHi15cv%2FbK%2B9yNoVMCKfz08xdt2C23jgWb3kHQL9EyBnipA1RDWnR1lqTlc%2FD2cBiLljSJlvJ1IGXX%2FpL1WHlUaQV00o%2BYC4zwSjAcLtbAZ%2Bn6N8%2FpCSwQtZLZkn21%2B9Q8AAAD%2F%2FwEAAP%2F%2FDOtYYoIEAAA%3D HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 019f6b121bfd8a1e761f2fb260190d1f
Strict-Transport-Security: max-age=0; includeSubdomains
tallysaturatesnare.com/pixel/sbs?c=1
173.233.137.60200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbs?c=1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
static-cache.k2s.cc/thumbnail/JLzH6CX3ya7tqTifqw/w320h240/0.jpeg
188.72.235.184200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JLzH6CX3ya7tqTifqw/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash e969ccbb62ad55ccbb37b370b03b4b4e
3f554103b1403e92583c3e3aff957d7e72bad547
43461107e05d013ba528b5912ebb6f3ae8a01f0d4e94c9f9959373d59de5d0e7
GET /thumbnail/JLzH6CX3ya7tqTifqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: image/jpeg
content-length: 11078
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: MISS, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IezBtHWvw63v_zyS-Q/w320h240/0.jpeg
188.72.235.184200 OK 8.1 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IezBtHWvw63v_zyS-Q/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash aa19a4c2e15146ff4150fa53a205faff
e63b76564488ec2db87985829507d5c97e7ca4b6
96c3f5db1b3bdd6f68c629806f155df6a533af0abc7322d1bfbf0c7518aa1307
GET /thumbnail/IezBtHWvw63v_zyS-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: image/jpeg
content-length: 8146
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I-SWvX-nnqi6rDuSqg/w320h240/0.jpeg
188.72.235.184200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I-SWvX-nnqi6rDuSqg/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 06b7289974ac4e2f1f99c5b201888dd1
9b1513d9c9ab53b440bd9cb584a6972629dfbfa8
af41a67020db7da3c7fabc6fc6c8b2b6b97f5d9950180945fe39a1b1542ee6e5
GET /thumbnail/I-SWvX-nnqi6rDuSqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: image/jpeg
content-length: 13274
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J7uRtHCkzvu4_jqV_Q/w320h240/0.jpeg
188.72.235.184200 OK 9.9 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J7uRtHCkzvu4_jqV_Q/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 98ebcc900b99dd98b9c5fdcc97cdc4fe
030632580fa59550823797cc21fc8d41118fb4a3
a41081a833e0a5318a09fec7a18a250681c689b209a3bf59b8935af9faf155f2
GET /thumbnail/J7uRtHCkzvu4_jqV_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: image/jpeg
content-length: 9871
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/du7FvyT3z6vu-DXF-Q/w320h240/0.jpeg
188.72.235.184200 OK 8.6 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/du7FvyT3z6vu-DXF-Q/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 03c1c7e74c47ea89887c5301deae5460
b3af7b6edb475b0149fb23ddb1bebbbf6a6c15d4
99b752101a0042fe97f8946ef5a2733d4913c043eb461beb0e3f03857dc4fe40
GET /thumbnail/du7FvyT3z6vu-DXF-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: image/jpeg
content-length: 8615
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.109.13200 OK 17 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.109.13:0
Hash db70532a39d292839cca99d6b214bc2c
25fd834b7d8a5b82754140e478165273a96a8668
d2c52409daed245f573c7a86dc696f18eb42b6e84ea4d7f5eae02568e0513d8c
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1173809
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SFD5l%2Bh4qSi6w3fFhm6OLcvdO9p8gF95fFVBi0ngA7GrhWuCv80Ejydbdg8yGNp9ZO88E1MxJ2MijSU9CBLyqHRyGr9Gci%2BsoxCzxq52PP509rQWh%2FZzmKVyW9J%2FoPLkOI0%2FPZJUvL2a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867a75b818e2c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JuzGunT1mK6_8D-TrA/w320h240/0.jpeg
188.72.235.184200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JuzGunT1mK6_8D-TrA/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 8b18fb4a4af9c7eef78ac4827330bc2d
9d0acba39024e6db3de8c5fae8f4e4af8e17dfef
8747304079dd3fcec8187d902a1d957e57cbd377ee2bd5c78d140fbaff7b7f90
GET /thumbnail/JuzGunT1mK6_8D-TrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: image/jpeg
content-length: 14260
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cLyTuXKnzq_q-2iS9w/w320h240/0.jpeg
188.72.235.184200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cLyTuXKnzq_q-2iS9w/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 1dd81a576c86d3389f9e89d06c133d60
b10956a3c110930b9de61be336987194da90419f
946d315c867a3428bbbcccaf335419041c62ed38f69dc14c70dbfac85ca164df
GET /thumbnail/cLyTuXKnzq_q-2iS9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: image/jpeg
content-length: 11410
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-qQtHCny_i_-m_B9g/w320h240/0.jpeg
188.72.235.184200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-qQtHCny_i_-m_B9g/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash b9410441abeb18164d77dec93bb486d4
c99eea6f70927a1fc5dd801d06a94b782fe1e1ba
9f7884874809c196cb00328c5c9853d8535f4f437cbea09baece06f591ee211c
GET /thumbnail/J-qQtHCny_i_-m_B9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: image/jpeg
content-length: 11312
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c7c907e6b4f7400b48dbd691c64c8d84
d552e47576f72311387bb6cebb7baf245ed8cf07
0820efdc8aef46bff2d42a7d41f612026c73332cb1dda4356a9e858c2b81a81a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0820EFDC8AEF46BFF2D42A7D41F612026C73332CB1DDA4356A9E858C2B81A81A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17332
Expires: Tue, 29 Nov 2022 08:43:49 GMT
Date: Tue, 29 Nov 2022 03:54:57 GMT
Connection: keep-alive
mbledeparatea.com/floater?cs=TkczRGZ4dQpyU3ZyBXJReXILfVY&abt=0&red=1&sm=83&k=xfantazy%20nbnabunny%20bareback%20anal%20deepthroat%20cumshot&v=0.8.13.0&sts=0&prn=1&emb=0&tid=961956&rxy=1280_1024&u=398389298430530&agec=1669694096&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=153.37423312883436&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_1za0=1669694096165&crc=1
54.230.111.27200 OK 2.9 kB URL HTTP/2 mbledeparatea.com/floater?cs=TkczRGZ4dQpyU3ZyBXJReXILfVY&abt=0&red=1&sm=83&k=xfantazy%20nbnabunny%20bareback%20anal%20deepthroat%20cumshot&v=0.8.13.0&sts=0&prn=1&emb=0&tid=961956&rxy=1280_1024&u=398389298430530&agec=1669694096&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=153.37423312883436&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_1za0=1669694096165&crc=1
IP 54.230.111.27:0
File type ASCII text, with very long lines (4135), with no line terminators
Hash 1291c86ac4ad2f23bd0912b3b7561bbe
f3a2adae345b4ea4cf2035beffb1432013349fe3
790054c4c3d00ce0ea98788fd50aa99c178b3d6d3933af8748b09171a3a6b13a
GET /floater?cs=TkczRGZ4dQpyU3ZyBXJReXILfVY&abt=0&red=1&sm=83&k=xfantazy%20nbnabunny%20bareback%20anal%20deepthroat%20cumshot&v=0.8.13.0&sts=0&prn=1&emb=0&tid=961956&rxy=1280_1024&u=398389298430530&agec=1669694096&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=153.37423312883436&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f76ce8301bf221df0f0efe7%3Futm_source%3Dshare%26ruid%3D41901732&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_1za0=1669694096165&crc=1 HTTP/1.1
Host: mbledeparatea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2901
date: Tue, 29 Nov 2022 03:54:57 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=67c3bcd8-7341-42e7-a4a3-6f4ac0f5da04
csu=398389298430530
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: csn_iv7xg-kO1jmw6GT1dIcoQL6UiNAzBA1tWa0By0DvEKPjOBlRcg==
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 26 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 33226ff18479dffb0b52786c748b2e5e
3e105612e6795e4bb7a1c325b2f65c4dd4e4b499
11c5d41ed86f079128488e4c67f7306e7d636e080c0ab395598f578f3a442c18
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pzTN5IjEttf7PTHri9rd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 25 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Hash bc9f0d61b3756d7e42e81c3e002a4734
08109511c8d6f04d717c95f479cf9d3aa31b51d9
602e1802a54218770201ee630fe48f5a71732b6c21d6299974be0189fdbc506e
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: dJdHFjlJ5S3fGyRPbYTrsBC4TmBFZFgEe8BhYH/jQxKr2A/7f0kDZFWdmRh9eZuIIy+to1VyvItKBy2kPPqotg==
date: Tue, 29 Nov 2022 03:54:56 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1e47fa2f994233fb111382a9ca581044
cf261b7cc674c5f9a14b6cd305291e327a3539c3
0d4ab883d0bac956cab22ea1bd25e754cc5416ea124efb537a5886be24df29a2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6143
Cache-Control: max-age=165251
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:57 GMT
Etag: "63854d15-118"
Expires: Thu, 01 Dec 2022 01:49:08 GMT
Last-Modified: Tue, 29 Nov 2022 00:06:45 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1e47fa2f994233fb111382a9ca581044
cf261b7cc674c5f9a14b6cd305291e327a3539c3
0d4ab883d0bac956cab22ea1bd25e754cc5416ea124efb537a5886be24df29a2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6143
Cache-Control: max-age=165251
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:57 GMT
Etag: "63854d15-118"
Expires: Thu, 01 Dec 2022 01:49:08 GMT
Last-Modified: Tue, 29 Nov 2022 00:06:45 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1e47fa2f994233fb111382a9ca581044
cf261b7cc674c5f9a14b6cd305291e327a3539c3
0d4ab883d0bac956cab22ea1bd25e754cc5416ea124efb537a5886be24df29a2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6143
Cache-Control: max-age=165251
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:57 GMT
Etag: "63854d15-118"
Expires: Thu, 01 Dec 2022 01:49:08 GMT
Last-Modified: Tue, 29 Nov 2022 00:06:45 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1504), with no line terminators
Hash f6c4280b7f5f098608a89a343bebb081
b209e5bdac77dbaa4c538f96d8e6c9147322bb91
7ca5fc48544d8e32b9cf16659045fbfacf0485bf4e4fd354f93a2e97d607b047
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263858291991a91.00013378578410159%22%3B%7D; expires=Thu, 28-Nov-2024 03:54:57 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1452), with no line terminators
Hash d69a77d517fc51e126069ad979cf4520
746458452c0397ee2389611daa35a603058f7c55
8e82e7ae9c7c356496398b902a8868aae1ab5c53a00657301fd0993246b9bb11
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263858291952314.243767534129479961%22%3B%7D; expires=Thu, 28-Nov-2024 03:54:57 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1457), with no line terminators
Hash 77b234f73b867e3fb8402a99998d0c24
7f3a3de391fcb93d7314211a6ee825908af9a0d8
84d00a960cfe174bf988b2b51cbe50c4911834a5807e213fe8f89abca6ab1086
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226385829194dfa7.17398375914500152%22%3B%7D; expires=Thu, 28-Nov-2024 03:54:57 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1465), with no line terminators
Hash e38de08b5ad6196959bdccf6ddfb8943
05e8ff1054e4d142726094720902d88d417f62bd
868b97bb9733b1aa58fc6bbb338ce7cfebbfd8b19a5a9eb4f4ece75423169e82
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263858291971619.763152323923589119%22%3B%7D; expires=Thu, 28-Nov-2024 03:54:57 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 68ef6c3542bfd9c7bffaec043ab032a1
d6880c052a8c969618e86622406078ad16750dcd
cb5054f72fffabcc56c680f33f88cf4363eb412cec3cebd427b5f2a2eea27c60
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CB5054F72FFFABCC56C680F33F88CF4363EB412CEC3CEBD427B5F2A2EEA27C60"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16504
Expires: Tue, 29 Nov 2022 08:30:01 GMT
Date: Tue, 29 Nov 2022 03:54:57 GMT
Connection: keep-alive
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WPS27DMAxEr9IL2CApUp+s220LpMgBJFtGFkEK5AOkwBy+tFtkV85mxCHIJyGRgXmQ/CKyM91ZQuGx0KgysineP/ZQxrne7pd6OvZ6uh2vX/fL1MfpdG8InGIQWIxaIkoiChGacrSiMMpQtVg8SklEsnlICCCXWFBd3UjkXpAJb4c9Dp+v3isxCxiCQvQQI/crC4Sg7umxrqgtt7L0ZbJmc4mVQwuZ4myVtYdQ10HU8V96gl/xX7IUcQAn4WjbVfpTYA2igoGfD4UXYYvr9fs8Ac/xX9m2wPFVV25nnuNcp9yT9MVqaM1dnedu1m2S/APHP/ZbhgEAAA==
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WPS27DMAxEr9IL2CApUp+s220LpMgBJFtGFkEK5AOkwBy+tFtkV85mxCHIJyGRgXmQ/CKyM91ZQuGx0KgysineP/ZQxrne7pd6OvZ6uh2vX/fL1MfpdG8InGIQWIxaIkoiChGacrSiMMpQtVg8SklEsnlICCCXWFBd3UjkXpAJb4c9Dp+v3isxCxiCQvQQI/crC4Sg7umxrqgtt7L0ZbJmc4mVQwuZ4myVtYdQ10HU8V96gl/xX7IUcQAn4WjbVfpTYA2igoGfD4UXYYvr9fs8Ac/xX9m2wPFVV25nnuNcp9yT9MVqaM1dnedu1m2S/APHP/ZbhgEAAA==
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3WPS27DMAxEr9IL2CApUp+s220LpMgBJFtGFkEK5AOkwBy+tFtkV85mxCHIJyGRgXmQ/CKyM91ZQuGx0KgysineP/ZQxrne7pd6OvZ6uh2vX/fL1MfpdG8InGIQWIxaIkoiChGacrSiMMpQtVg8SklEsnlICCCXWFBd3UjkXpAJb4c9Dp+v3isxCxiCQvQQI/crC4Sg7umxrqgtt7L0ZbJmc4mVQwuZ4myVtYdQ10HU8V96gl/xX7IUcQAn4WjbVfpTYA2igoGfD4UXYYvr9fs8Ac/xX9m2wPFVV25nnuNcp9yT9MVqaM1dnedu1m2S/APHP/ZbhgEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263858291991a91.00013378578410159%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263858291991a91.00013378578410159%22%3B%7D; expires=Thu, 28 Nov 2024 03:54:57 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263858291991a91.00013378578410159%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 28 Nov 2024 03:54:57 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WOTWpDMQyEr9ILxIxkyfbLvtsWAj2A4/ceWYQU8gMpzOFrJzS7ejAeySPxKVQ3Ihstb6pbt61nThImBNMgbvz43NGEp3q9nevxsNTj9XD5vp3bEtrxtqdpgk/0lGxKnDIQEy2XlAA6yvDZc2J2cYkJNDASXerRbLgASCos4PvX7nGFEhA1UxmBuzp6a6CMaese97HBZV5aWfIi7jFrtVbLgtiy5rquHkeQNfwLj6cCOknP6l+DUSyqKTfyKoz9gI/vevk5NfIVf8ofCzq62XiYZZV9SXXFrMts80CqRQwlNUG0Xwvfh9R8AQAA
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WOTWpDMQyEr9ILxIxkyfbLvtsWAj2A4/ceWYQU8gMpzOFrJzS7ejAeySPxKVQ3Ihstb6pbt61nThImBNMgbvz43NGEp3q9nevxsNTj9XD5vp3bEtrxtqdpgk/0lGxKnDIQEy2XlAA6yvDZc2J2cYkJNDASXerRbLgASCos4PvX7nGFEhA1UxmBuzp6a6CMaese97HBZV5aWfIi7jFrtVbLgtiy5rquHkeQNfwLj6cCOknP6l+DUSyqKTfyKoz9gI/vevk5NfIVf8ofCzq62XiYZZV9SXXFrMts80CqRQwlNUG0Xwvfh9R8AQAA
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3WOTWpDMQyEr9ILxIxkyfbLvtsWAj2A4/ceWYQU8gMpzOFrJzS7ejAeySPxKVQ3Ihstb6pbt61nThImBNMgbvz43NGEp3q9nevxsNTj9XD5vp3bEtrxtqdpgk/0lGxKnDIQEy2XlAA6yvDZc2J2cYkJNDASXerRbLgASCos4PvX7nGFEhA1UxmBuzp6a6CMaese97HBZV5aWfIi7jFrtVbLgtiy5rquHkeQNfwLj6cCOknP6l+DUSyqKTfyKoz9gI/vevk5NfIVf8ofCzq62XiYZZV9SXXFrMts80CqRQwlNUG0Xwvfh9R8AQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263858291952314.243767534129479961%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263858291991a91.00013378578410159%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263858291952314.243767534129479961%22%3B%7D; expires=Thu, 28 Nov 2024 03:54:57 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263858291991a91.00013378578410159%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Thu, 28 Nov 2024 03:54:57 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPQWoDMQz8Sj+wRpIly5t7rykE+gDX8ZJDSCHJQgrz+Nobmls9CI9GYzEWEpmYJ8lvIjvTnTlmDjMFlcCm2H8coIxLua/Xcj61cr6fbt/rtbZQz+sXVBLZDEtJ54TZiWKCek6JCEZ5cDdPcMspsnaBEEEdYlF1sEDEyQSZ8P552IrBgaI4BJHoIUZdGlnGc+2cHmOF8bHV3LyxWXQpWktuFKuLl2WxOIwo4d/09ESgFIdX/gT0pFFUMPGrUfRD2Mbl9nOpwMv+hG0LenTVccFjObo1q96apnlZhJVM+re6o2n7BWI2Lf99AQAA
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPQWoDMQz8Sj+wRpIly5t7rykE+gDX8ZJDSCHJQgrz+Nobmls9CI9GYzEWEpmYJ8lvIjvTnTlmDjMFlcCm2H8coIxLua/Xcj61cr6fbt/rtbZQz+sXVBLZDEtJ54TZiWKCek6JCEZ5cDdPcMspsnaBEEEdYlF1sEDEyQSZ8P552IrBgaI4BJHoIUZdGlnGc+2cHmOF8bHV3LyxWXQpWktuFKuLl2WxOIwo4d/09ESgFIdX/gT0pFFUMPGrUfRD2Mbl9nOpwMv+hG0LenTVccFjObo1q96apnlZhJVM+re6o2n7BWI2Lf99AQAA
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPQWoDMQz8Sj+wRpIly5t7rykE+gDX8ZJDSCHJQgrz+Nobmls9CI9GYzEWEpmYJ8lvIjvTnTlmDjMFlcCm2H8coIxLua/Xcj61cr6fbt/rtbZQz+sXVBLZDEtJ54TZiWKCek6JCEZ5cDdPcMspsnaBEEEdYlF1sEDEyQSZ8P552IrBgaI4BJHoIUZdGlnGc+2cHmOF8bHV3LyxWXQpWktuFKuLl2WxOIwo4d/09ESgFIdX/gT0pFFUMPGrUfRD2Mbl9nOpwMv+hG0LenTVccFjObo1q96apnlZhJVM+re6o2n7BWI2Lf99AQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226385829194dfa7.17398375914500152%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263858291991a91.00013378578410159%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226385829194dfa7.17398375914500152%22%3B%7D; expires=Thu, 28 Nov 2024 03:54:57 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263858291991a91.00013378578410159%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Thu, 28 Nov 2024 03:54:57 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VQy2oDMQz8lf7AGlnWw8691xYC/QB7vUsOIYUkCyno4ytvaG71YDweyWI8CIhTjBPmN8QD04HVSgwFAmGITPbxeTSKdqn37VrPp6We76fb93adlzCft2aEAlyMRaiIFQVIYqRZuGRjyIMrq5hylhTJBbBk4EBORIMFgChIlsHev477jhYDJFRDSwAPZHBpeBnPyTk8xghZO6gqV0kJSk1FZ1iIsAtLWdM6Gq2Gf93DE8G/gN6Lf4K504SENsXXhcwX2F6ut5/LbPZqf4L3AW6daBweSmvaZs6eibZc27L2nj0YgZ47x1+691DLfQEAAA==
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VQy2oDMQz8lf7AGlnWw8691xYC/QB7vUsOIYUkCyno4ytvaG71YDweyWI8CIhTjBPmN8QD04HVSgwFAmGITPbxeTSKdqn37VrPp6We76fb93adlzCft2aEAlyMRaiIFQVIYqRZuGRjyIMrq5hylhTJBbBk4EBORIMFgChIlsHev477jhYDJFRDSwAPZHBpeBnPyTk8xghZO6gqV0kJSk1FZ1iIsAtLWdM6Gq2Gf93DE8G/gN6Lf4K504SENsXXhcwX2F6ut5/LbPZqf4L3AW6daBweSmvaZs6eibZc27L2nj0YgZ47x1+691DLfQEAAA==
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VQy2oDMQz8lf7AGlnWw8691xYC/QB7vUsOIYUkCyno4ytvaG71YDweyWI8CIhTjBPmN8QD04HVSgwFAmGITPbxeTSKdqn37VrPp6We76fb93adlzCft2aEAlyMRaiIFQVIYqRZuGRjyIMrq5hylhTJBbBk4EBORIMFgChIlsHev477jhYDJFRDSwAPZHBpeBnPyTk8xghZO6gqV0kJSk1FZ1iIsAtLWdM6Gq2Gf93DE8G/gN6Lf4K504SENsXXhcwX2F6ut5/LbPZqf4L3AW6daBweSmvaZs6eibZc27L2nj0YgZ47x1+691DLfQEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263858291971619.763152323923589119%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263858291991a91.00013378578410159%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 03:54:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263858291971619.763152323923589119%22%3B%7D; expires=Thu, 28 Nov 2024 03:54:57 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263858291991a91.00013378578410159%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Thu, 28 Nov 2024 03:54:57 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/426059/15e6361eaaee0939a24ecaf140b8a4371a791f58.webp
185.76.9.24200 OK 9.0 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/15e6361eaaee0939a24ecaf140b8a4371a791f58.webp
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cbb26a4aee0d77806bd6215e123fbf0a
15e6361eaaee0939a24ecaf140b8a4371a791f58
2ce58843d5f152ad8009b1e07deda8e311f804806e56ab3e14157898ebd38695
GET /library/426059/15e6361eaaee0939a24ecaf140b8a4371a791f58.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: image/webp
content-length: 8992
last-modified: Fri, 16 Sep 2022 15:15:44 GMT
etag: "63249320-2320"
expires: Tue, 28 Nov 2023 15:07:33 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701184386
server: CDN77-Turbo
x-77-nzt: AblMCRQYDmr/j7IAAA
x-77-nzt-ray: af585630ffa7911b9182856376a9db33
x-cache: HIT
x-age: 45711
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/317632/fc8566837d577dbd78af79a25450e8f6e2228895.mp4
185.76.9.24206 Partial Content 49 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/317632/fc8566837d577dbd78af79a25450e8f6e2228895.mp4
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 622157839d505050366045b0cfa0adb6
fc8566837d577dbd78af79a25450e8f6e2228895
07843770c6bfc15af1ff870b96b669adb096a3de639633e68f7c4f0f71b97b01
GET /library/317632/fc8566837d577dbd78af79a25450e8f6e2228895.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: video/mp4
content-length: 48778
last-modified: Thu, 28 Apr 2022 14:04:30 GMT
etag: "626a9eee-be8a"
expires: Sat, 25 Nov 2023 08:29:31 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: MISS
x-accel-expires: @1700900972
server: CDN77-Turbo
x-77-nzt: AblMCRR3M3D/pQUFAA
x-77-nzt-ray: af585630ffa7911b918285636f521c34
x-cache: HIT
x-age: 329125
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-48777/48778
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/426059/6e9d3f652b5ac8de1f3700b7e8bf466349928a65.mp4
185.76.9.24206 Partial Content 39 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/6e9d3f652b5ac8de1f3700b7e8bf466349928a65.mp4
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 7f371e2af44e39eca787a25c5482a342
6e9d3f652b5ac8de1f3700b7e8bf466349928a65
eee05542432aa66769255314a428408582efeb822bc178353e8d2d06051997e3
GET /library/426059/6e9d3f652b5ac8de1f3700b7e8bf466349928a65.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: video/mp4
content-length: 39198
last-modified: Tue, 09 Aug 2022 16:45:14 GMT
etag: "62f28f1a-991e"
expires: Wed, 25 Oct 2023 13:27:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701184583
server: CDN77-Turbo
x-77-nzt: AblMCRS3Gxj/yrEAAA
x-77-nzt-ray: af585630ffa7911b91828563a2b8f834
x-cache: HIT
x-age: 45514
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-39197/39198
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.195200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 08:17:47 GMT
expires: Thu, 23 Nov 2023 08:17:47 GMT
cache-control: public, max-age=31536000
age: 502630
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 68ef6c3542bfd9c7bffaec043ab032a1
d6880c052a8c969618e86622406078ad16750dcd
cb5054f72fffabcc56c680f33f88cf4363eb412cec3cebd427b5f2a2eea27c60
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CB5054F72FFFABCC56C680F33F88CF4363EB412CEC3CEBD427B5F2A2EEA27C60"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16504
Expires: Tue, 29 Nov 2022 08:30:01 GMT
Date: Tue, 29 Nov 2022 03:54:57 GMT
Connection: keep-alive
a.bestcontentfood.top/warp/4788752?r=64958
172.67.200.139200 OK 1.9 kB URL HTTP/2 a.bestcontentfood.top/warp/4788752?r=64958
IP 172.67.200.139:0
File type ASCII text, with very long lines (4179), with no line terminators
Hash 19844fb5f59e380b9c39fd986965be52
03db9d2b913a5966015ff63ba79c0e17aeda47a0
304ab9c5d4f7b9578890d883266b29e33b8dbdc7b2dc0dc2769d498427b9d9b3
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788752?r=64958 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TlnZCkdKgICj8wJlw3yxZwwjGgElYU7MM7ontAPqV84JuPxnbZeZI4LH%2BmyzR6GTJFqv9ShM4CieQll%2FKPRhLeZ2OnSN2pbDiziFbCMQplUWm9VUHQ9oTf3D6Pcez39mlDUC2jSroaM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771867ad8bb90b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.medfoodsafety.com/i?tid=2334035a-796f-4913-b069-5e8b295b1c3c&cf=affifid0ig
172.64.173.19200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=2334035a-796f-4913-b069-5e8b295b1c3c&cf=affifid0ig
IP 172.64.173.19:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=2334035a-796f-4913-b069-5e8b295b1c3c&cf=affifid0ig HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qJ1AVYWxcPBU5ubWZmd1RWwHPiQHllWn2zQwYwabcuA%2BJrEpmECrwiHRZjKFNOOIWIqYeBRufDrNkhVSTaGzjbbYO%2FHZbZcdDQQ9cmsdEg161b61%2Fu18f%2FRdssHb6BvHOW%2FaOAQ5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771867b0aed57457-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 72d1139e9f2e6ebe3f51c9193edb4439
cd356eb9eaab433ac792406ba36d4304b6450571
74553d0effe74cd6a4f1424940f7fd133c5457ff1d5c53030e651ec6612bec88
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 03:54:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:41 GMT
ETag: W/"5f6dbe9d-12fee"
Expires: Sun, 27 Nov 2022 08:33:03 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgGrnOH/URABAA
X-77-NZT-Ray: 382b0f1974de4e3e928285638f2b1a06
X-Cache: HIT
X-Age: 69713
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
adxadserv.com/ascripts/gcr.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/gcr.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (48738)
Hash 4bcc622fafa6d39f3d41ee9e46b585f5
f4870a326a8c0f449cbcd79673406ac1d5e6f6c8
c7ef60433000d6807163ee4643bd7774e783e4d0711513d134ae008f04f4a8e9
GET /ascripts/gcr.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 03:54:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 16 Dec 2021 16:04:19 GMT
ETag: W/"61bb6383-1434f"
Expires: Sat, 26 Nov 2022 08:33:08 GMT
Cache-Control: max-age=86400, public
X-77-NZT: Abk73hG0Otn/SxABAA
X-77-NZT-Ray: f4787b2725ac43be9282856385b27806
X-Cache: HIT
X-Age: 69707
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 167a74d212c60500592219d9cb47a105
821be5f83b2dfc678131290d58d398b38bf5d49d
96aaa035489311b9ab89496a9ff468ce682e0d2da37b4607a14d7972fde86d7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96AAA035489311B9AB89496A9FF468CE682E0D2DA37B4607A14D7972FDE86D7E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10225
Expires: Tue, 29 Nov 2022 06:45:23 GMT
Date: Tue, 29 Nov 2022 03:54:58 GMT
Connection: keep-alive
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669694096819&t_i=1669694097185&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=0a923c62-1d49-4a49-91b8-1296d7128e61&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=971c4faf-6f99-11ed-a3c4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1669694097185&fpid=&feid_sa=1669694097185&sid_sa=1669694097185&feid=b1a43f93c5fc9ee606260af540cbb8e1&sid=0265164dec9059f1038bd0231f15c133&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.259
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669694096819&t_i=1669694097185&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=0a923c62-1d49-4a49-91b8-1296d7128e61&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=971c4faf-6f99-11ed-a3c4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1669694097185&fpid=&feid_sa=1669694097185&sid_sa=1669694097185&feid=b1a43f93c5fc9ee606260af540cbb8e1&sid=0265164dec9059f1038bd0231f15c133&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.259
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669694096819&t_i=1669694097185&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=0a923c62-1d49-4a49-91b8-1296d7128e61&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=971c4faf-6f99-11ed-a3c4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1669694097185&fpid=&feid_sa=1669694097185&sid_sa=1669694097185&feid=b1a43f93c5fc9ee606260af540cbb8e1&sid=0265164dec9059f1038bd0231f15c133&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.259 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 03:54:58 GMT
Content-Length: 0
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2486
Expires: Tue, 29 Nov 2022 04:36:24 GMT
Date: Tue, 29 Nov 2022 03:54:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ed6e132ddc1bf021927a946b06e9baea
c7735ba360d1ce19c24fff89016e317c8187c019
ff0c7a4d21e6c746985d330c8ff1ca9f44ee30ec38d91744b0cf4d32c70d4ef2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF0C7A4D21E6C746985D330C8FF1CA9F44EE30EC38D91744B0CF4D32C70D4EF2"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16787
Expires: Tue, 29 Nov 2022 08:34:45 GMT
Date: Tue, 29 Nov 2022 03:54:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 22a78101cb7948836e30bd8fb6ac1e91
320e36a7fb5ebf4c118334e5629c4325ef1ffe8f
49e021274b13d426bf7c43c4cdbbd0adc5da5e17e6732865ebba2a6827be7544
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6116
Cache-Control: max-age=165571
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:58 GMT
Etag: "63854e71-13a"
Expires: Thu, 01 Dec 2022 01:54:29 GMT
Last-Modified: Tue, 29 Nov 2022 00:12:33 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 314
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ2OTIsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ2OTIsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI1NjI5NDkzODUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NjkyIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NjkyIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjYxN2VhZjRjZDkwYjZiYjQ5NmUzYTI2NDJmODZlOGM0In0sImV4dCI6eyJkdCI6MTY2OTY5NDA5NzIxMX19
116.202.60.158200 OK 996 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ2OTIsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ2OTIsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI1NjI5NDkzODUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NjkyIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NjkyIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjYxN2VhZjRjZDkwYjZiYjQ5NmUzYTI2NDJmODZlOGM0In0sImV4dCI6eyJkdCI6MTY2OTY5NDA5NzIxMX19
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1356)
Hash 9fc1138005c8ced09bc6157d2f88ba71
22ec40f91192e7bfa46ebcf3ea43eaa080cdbcc7
ac360a52dfd47c1abf44a74ea4fe0c52aa8048fe809cca710b7018a6c7b4e06f
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ2OTIsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ2OTIsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI1NjI5NDkzODUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NjkyIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NjkyIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjYxN2VhZjRjZDkwYjZiYjQ5NmUzYTI2NDJmODZlOGM0In0sImV4dCI6eyJkdCI6MTY2OTY5NDA5NzIxMX19 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669694096819&t_i=1669694097184&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=8e30fc6e-eef2-4d74-bb5f-d50229a425ee&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=a1265a0f523766e2f23e79d96dd4a8f9&sid=d335f801a59a3d244e2546a11df53d22&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%22971c4faf-6f99-11ed-a3c4-e25a5bb9767f%22%7D&t_op=0.473&cb=gl.cb.pv
185.98.53.29200 OK 65 B URL HTTP/1.1 adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669694096819&t_i=1669694097184&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=8e30fc6e-eef2-4d74-bb5f-d50229a425ee&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=a1265a0f523766e2f23e79d96dd4a8f9&sid=d335f801a59a3d244e2546a11df53d22&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%22971c4faf-6f99-11ed-a3c4-e25a5bb9767f%22%7D&t_op=0.473&cb=gl.cb.pv
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8bd444e091c351e27961860bfe2a5919
6c8e7aeb692fca75d8a7caca89523215e0cdc220
a0bd4d48b069396cecfd88d2349da84ccf52b122dd0d3819f42baed3f80d11b5
GET /t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669694096819&t_i=1669694097184&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=8e30fc6e-eef2-4d74-bb5f-d50229a425ee&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=a1265a0f523766e2f23e79d96dd4a8f9&sid=d335f801a59a3d244e2546a11df53d22&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%22971c4faf-6f99-11ed-a3c4-e25a5bb9767f%22%7D&t_op=0.473&cb=gl.cb.pv HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 03:54:58 GMT
Content-Type: text/javascript
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=a322cbabed35dd95c2e80a7c895eeeb3; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.adxadserv.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
unseenreport.com/pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 03:54:58 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f7d54bf21f79354bc5055ccfb98c3e24
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 03:54:58 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c92feff82f6631acef79bb594ba439ad
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 03:54:58 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 37211b5ea5a3110123fcb7eac8077c83
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=856bff0f-2c1c-451a-9715-bd2bc6f429cf&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=3 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 03:54:58 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7091de45831bccb097855920d503989a
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bf1c9a236479db2e55c6d74a708c5b11
9700cc58d5aba9547d5a55a613cbd406aaf2878d
3529e24cf8c67ec1edd968e8c960b472f9dc4ccc6ee8d8c161a3557e82e503f6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3529E24CF8C67EC1EDD968E8C960B472F9DC4CCC6EE8D8C161A3557E82E503F6"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15113
Expires: Tue, 29 Nov 2022 08:06:51 GMT
Date: Tue, 29 Nov 2022 03:54:58 GMT
Connection: keep-alive
btds.zog.link/in/912/?sid=0&source=562949385&idzone=3830819&w=300&h=250&mo=&ve=&site_id=4692&utm1=tcban_i&utm2=4692&utm3=19775&utm4=&ad_tags=&spot_id=0&p=https%3A%2F%2Fa.naturalhealthsource.club%2F&katds_labels=&btype=0&score=1&bf=0.0001
109.206.191.198302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=562949385&idzone=3830819&w=300&h=250&mo=&ve=&site_id=4692&utm1=tcban_i&utm2=4692&utm3=19775&utm4=&ad_tags=&spot_id=0&p=https%3A%2F%2Fa.naturalhealthsource.club%2F&katds_labels=&btype=0&score=1&bf=0.0001
IP 109.206.191.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=562949385&idzone=3830819&w=300&h=250&mo=&ve=&site_id=4692&utm1=tcban_i&utm2=4692&utm3=19775&utm4=&ad_tags=&spot_id=0&p=https%3A%2F%2Fa.naturalhealthsource.club%2F&katds_labels=&btype=0&score=1&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=562949385&categories={{ad_tags}}
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Wed, 30 Nov 2022 03:54:58 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c3efeb942790410c858fe9ae68deb52d
2df14aaf3d3b7f25fef79f3953c5cc87ce8848db
8b5ff2c1544c231ed9a6a0ccb3665331adbf040f397b62ba74e85c7a27d558f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B5FF2C1544C231ED9A6A0CCB3665331ADBF040F397B62BA74E85C7A27D558F9"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13717
Expires: Tue, 29 Nov 2022 07:43:35 GMT
Date: Tue, 29 Nov 2022 03:54:58 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
172.64.198.35200 OK 108 kB IP 172.64.198.35:0
Size 108 kB (107936 bytes)
Hash 9a2f9ea35ff171b71d200f6da6c70ccd
c01c78c935335e990e545db92e0f1e372e6a3c1e
fc9b51217cbc33991d4323f0cf9c100dfbc63d2ee547ca7bb5e352e7b7d76177
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3976
last-modified: Tue, 29 Nov 2022 02:48:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NQaO0vLA6JV2R5Y6cDf1ChDcHetNd9zYaKfzopxNkIUM9OYa0aKpiMsodZysTxpkOpCDVSnbbhoQc%2FlHQbkSQXju%2BdGQupMX0aF%2BnKNyzzFa8XEKhVLS6TsclugOnyu2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867a769ff06c9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
camschat.net/900250/awe900250.php
66.230.180.98200 OK 303 B URL HTTP/2 camschat.net/900250/awe900250.php
IP 66.230.180.98:0
File type HTML document, ASCII text, with very long lines (422), with no line terminators
Hash a0903a7811312cfc6f8d6b8af41d697e
2f2a867e72ac60f274b42efede181f6e2e915b4c
5dfbfadef5b2e2cea9692a32613963281f4fb1b948cfb030da8ecbcf5e27d547
GET /900250/awe900250.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
analitits.com/t/xfeid?cb=gl.cb.xf
31.220.24.19200 OK 65 B URL HTTP/1.1 analitits.com/t/xfeid?cb=gl.cb.xf
IP 31.220.24.19:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 6a0d74080b76d0c4711bd6e03565ba70
c4762e9f680c25d83df604698a572e1c9ae89793
d0763d40ebb48402bc24ade6fde152f25e375df454f1d7d35b5cad79e1a0c58c
GET /t/xfeid?cb=gl.cb.xf HTTP/1.1
Host: analitits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 29 Nov 2022 03:54:58 GMT
Content-Type: application/octet-stream
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=be1d7fe80ba983c2a4f1f2027f82b507; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.analitits.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 64290ca6b6050867e22541de580f0054
cfd7d518d7f00a983ef9c1df2d651cfe9a7cdd83
19c8e680fe3f6988909ba1fd0b88d690cc301644a39097fd227d18aeb960caaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "19C8E680FE3F6988909BA1FD0B88D690CC301644A39097FD227D18AEB960CAAF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11852
Expires: Tue, 29 Nov 2022 07:12:30 GMT
Date: Tue, 29 Nov 2022 03:54:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a46ab8f7adf5c9519481b657bb46190d
acc2b3d4cc751a91752596e50f5b83fa3b2fdc1d
1ee36389c7a3ca8db0f0eb2aca1f8058e3c53294b4bb1c8364af1cf3443e4142
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2852
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:58 GMT
Last-Modified: Tue, 29 Nov 2022 03:07:26 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
104.16.93.42200 OK 549 B URL HTTP/2 static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
IP 104.16.93.42:0
File type PNG image data, 13 x 15, 8-bit colormap, non-interlaced\012- data
Hash 4437b02e2efeaa0eb69858a7eb957af6
2dfa9c3fa2fc56c7504c043876eaad9526abed62
52dc5730b7afd3f35531dcca2bd7b9984f0271d15c8b449c4b1d425dddf12a33
GET /images/ico-cams.png?829027f88094 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
Cookie: _cfuvid=x48ArE00d0lRqvu7OKQOcxOfE49wHUzc_BoBRSPscuw-1669694098843-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: image/png
content-length: 549
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri,csam-hash
cf-polished: origSize=1457
etag: "58ecd9d7af4908cce84eccd4cbd6f0d0"
last-modified: Tue, 19 Jan 2021 22:03:22 GMT
x-amz-id-2: uk+Y+mMt51OLA32rfvOrwKQRVhebnzwVD7WNGN89HYS/N/FIKgMltVMzadOcg1MyUuhiPycAlHk=
x-amz-meta-s3cmd-attrs: md5:58ecd9d7af4908cce84eccd4cbd6f0d0
x-amz-request-id: 2BDHEK7PHQPF17BP
cf-cache-status: HIT
age: 1292877
expires: Thu, 29 Dec 2022 03:54:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZ0o4wmmHl5hIuEuNNu%2BafrWDiyxpPKqrtpTWIfthFGj%2B0o167AIjbhQAy5hfGOEi7SNBhINqFywNFhIulse1mbOtnWysZG%2FJ6yK0%2FNFb0RVdyp3fCLqlkvNZ5akBnAQRGSECZ5Nzg0uMs1GMNAEyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867b5eb0db523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 07ab0b5d68f2487481977366e8e41c0b
d5c8549c93944e4f7d954b6cb6b2596e02de3183
c49905b27d10ae6f8709ab9d2fbc270dd6615f315e4550a9fdb42bc159087125
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5199
Cache-Control: max-age=154974
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:58 GMT
Etag: "638528a1-138"
Expires: Wed, 30 Nov 2022 22:57:52 GMT
Last-Modified: Mon, 28 Nov 2022 21:31:13 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 312
static-assets.highwebmedia.com/fonts/ubuntur-webfont.woff?896a82003cd1
104.16.93.42200 OK 33 kB URL HTTP/2 static-assets.highwebmedia.com/fonts/ubuntur-webfont.woff?896a82003cd1
IP 104.16.93.42:0
File type Web Open Font Format, TrueType, length 32960, version 1.0\012- data
Hash 30556905d926944a6ada140546bcf5ce
b9346ce355c8259d71707ab65c13e0629d01a48e
896a82003cd1a9134b0404c129bb7b8292e1d8a91298e275141b21086baa8a9d
GET /fonts/ubuntur-webfont.woff?896a82003cd1 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://chaturbate.com
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: application/font-woff
content-length: 32960
x-amz-id-2: oQRN32iQRWNI2tD7F2N8drq+SpOONefvkFBuj6xfuUwNrtUzFxjUH3DLm/7IAXKOFQJxrDF3NDU=
x-amz-request-id: MA2EZ9YMX1DP219W
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:07:55 GMT
etag: "30556905d926944a6ada140546bcf5ce"
x-amz-meta-s3cmd-attrs: md5:30556905d926944a6ada140546bcf5ce
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 1292879
expires: Thu, 29 Dec 2022 03:54:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WF9YW1Uk3ZSXWDpFiAcb5%2Ba93ANuFQQWdUldiTDu4o2woE2HE7RwBodplWJYbN78sgPfOx8j6x6JGUlVQVDJrbCL9l5WrG8CnQnORfa01ULKCDmA72tM06JEmDzpHv7qrsXV%2FcGIsRtTg3%2FYxNW3cw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=_NewqHjzOhLkhlrVK2HREHhNLQJ2Hk_jA.w4tX0ieCo-1669694098880-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 771867b5fb17b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5e2236aa40baa1fc9ebacefa48440610
376554752fb3e522c6931830dd038a1c96630561
4ef9c9b7ed9381e7870f27c39d1b65faafb8b40a4824a088a888ae739143821f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4EF9C9B7ED9381E7870F27C39D1B65FAAFB8B40A4824A088A888AE739143821F"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14113
Expires: Tue, 29 Nov 2022 07:50:11 GMT
Date: Tue, 29 Nov 2022 03:54:58 GMT
Connection: keep-alive
roomimg.stream.highwebmedia.com/riw/yourcutekote.jpg?1669694070
104.19.242.83200 OK 9.9 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/yourcutekote.jpg?1669694070
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash 3965d21779f06d8cc8c0cb8b9de36ebd
144e18b312c9665c4d7aa5e3e912fde7490b638c
db32279c0c97223e03d456d9550cfc81a469500e5f2f4290009b327566ee2395
GET /riw/yourcutekote.jpg?1669694070 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: image/jpeg
content-length: 9927
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10026
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 20
last-modified: Tue, 29 Nov 2022 03:54:38 GMT
expires: Tue, 29 Nov 2022 03:55:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R09fh%2Bq9tiYIqkYKK4SCLKosStkE7n%2FI4pnSctmJ%2BIJhVzuzLUDQ0NgHWKuR3hHxAmxa8izCkbb1kcOoQf2TpvzdNemfahWYmAMIsb%2BkiW151KdubTuwxlpt1e6ddib%2FFj8bnp45F8TS3YFR%2BeN5z4M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=0O2bwRbxdOu76Zj65TzPdaddE3IhEEq9.ShDvIhFGy0-1669694098914-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 771867b629df0b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/fonts/ubuntum-webfont.woff?a7fc63c36394
104.16.93.42200 OK 32 kB URL HTTP/2 static-assets.highwebmedia.com/fonts/ubuntum-webfont.woff?a7fc63c36394
IP 104.16.93.42:0
File type Web Open Font Format, TrueType, length 31680, version 1.0\012- data
Hash 9968f3d2a16c9ae20a54d0e44ee83d3a
dfd651a49017147b8e8078d530f0930020bfb846
a7fc63c363948d7add8e1dade66045376e2bad22da6697f84d175e5f9a76166e
GET /fonts/ubuntum-webfont.woff?a7fc63c36394 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://chaturbate.com
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: application/font-woff
content-length: 31680
x-amz-id-2: nfVY/SXLIWDmPJZ5GmgfBoxL7C0eYluMh9Gz/lOVcMdPSy3UDaee2Sh9y//M++yROjWmGq/s9HI=
x-amz-request-id: MKNWGP9HW7APRRGE
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:07:54 GMT
etag: "9968f3d2a16c9ae20a54d0e44ee83d3a"
x-amz-meta-s3cmd-attrs: md5:9968f3d2a16c9ae20a54d0e44ee83d3a
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 2183584
expires: Thu, 29 Dec 2022 03:54:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7BOnf8luPf1656sur5HIFCMuF5GM%2Bji8hvA0xzAIwqo%2FGM8Cb7VM610zLUZOdyP4yV27iA5iHN0dG5xVibZsvK9dLTRYFVJL%2BkxuUPTqcAFeg3x5kU5C3P%2FnILvcKs6VREYYDWWwnzVr9I0TXtTNag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=Mj3BqHhmjSzVuxevB0yIbJ.Q0M9_XVK7iQGzR5IJuko-1669694098920-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 771867b63a021bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 07ab0b5d68f2487481977366e8e41c0b
d5c8549c93944e4f7d954b6cb6b2596e02de3183
c49905b27d10ae6f8709ab9d2fbc270dd6615f315e4550a9fdb42bc159087125
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5199
Cache-Control: max-age=154974
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:58 GMT
Etag: "638528a1-138"
Expires: Wed, 30 Nov 2022 22:57:52 GMT
Last-Modified: Mon, 28 Nov 2022 21:31:13 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a46ab8f7adf5c9519481b657bb46190d
acc2b3d4cc751a91752596e50f5b83fa3b2fdc1d
1ee36389c7a3ca8db0f0eb2aca1f8058e3c53294b4bb1c8364af1cf3443e4142
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2852
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:58 GMT
Last-Modified: Tue, 29 Nov 2022 03:07:26 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 57b6472e2ba2dbf92b0c9b94ca54c7d6
206e1608b85bb04a866fa7fdd0769dac5e20fd67
74e2aeb27e49d3d3f32733b45893ed7b54ac7a4141cb95cc392fc87c0b4eaa13
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "74E2AEB27E49D3D3F32733B45893ED7B54AC7A4141CB95CC392FC87C0B4EAA13"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12346
Expires: Tue, 29 Nov 2022 07:20:45 GMT
Date: Tue, 29 Nov 2022 03:54:59 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=388288,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771867b5eabfb4ff-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.218.249200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.218.249:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=36f28a7b-32d8-4ec0-97de-6715db54c464; bfq=APeIECNCx5YZMWLcsFHDRhcWIsYU3BLjoYgyE2PYsJHjBg4YNHLg6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 22959836
accept-ranges: bytes
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 29 Nov 2022 03:54:59 GMT
via: 1.1 varnish
x-served-by: cache-bma1646-BMA
x-cache: HIT
x-cache-hits: 927
x-timer: S1669694099.101681,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8aa06d3fa737d3edc3953be26fb78d4b
fccfe2c8e5132f5142580513f9907a01e74be670
4a68376f86557dabeaa89cb3c859215fd35687f8beec121c054a8f89d8175145
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6456
Cache-Control: max-age=154068
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:59 GMT
Etag: "6385202f-117"
Expires: Wed, 30 Nov 2022 22:42:47 GMT
Last-Modified: Mon, 28 Nov 2022 20:55:11 GMT
Server: ECS (amb/6B8B)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 90b81b5ac3b6b15b9ce4eebf8f625f10
108efc7b6a941c86814869dc4e8e27634516a96f
5f3a68a07f8451ef0e778127348e6e04d26751929c7081e99921ed947b07cead
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F3A68A07F8451EF0E778127348E6E04D26751929C7081E99921ED947B07CEAD"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12381
Expires: Tue, 29 Nov 2022 07:21:20 GMT
Date: Tue, 29 Nov 2022 03:54:59 GMT
Connection: keep-alive
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 29 Nov 2022 03:54:59 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeSF4mw3pyDiW7pwxb6WVP8TVpVr; SameSite=None; Secure; path=/; expires=Wed, 30-Nov-22 02:54:59 GMT; HttpOnly
server: cloudflare
cf-ray: 771867b7992efac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c98fdd09882446c18df64bedceacd151
30d04b8b6d496f8fbb06e7b9a4405db24f56ac4c
ad259f4fd5b2abdb9543b538f1a995b271b0b32b7ee5705f7b148323f2573249
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD259F4FD5B2ABDB9543B538F1A995B271B0B32B7EE5705F7B148323F2573249"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3917
Expires: Tue, 29 Nov 2022 05:00:16 GMT
Date: Tue, 29 Nov 2022 03:54:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c98fdd09882446c18df64bedceacd151
30d04b8b6d496f8fbb06e7b9a4405db24f56ac4c
ad259f4fd5b2abdb9543b538f1a995b271b0b32b7ee5705f7b148323f2573249
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD259F4FD5B2ABDB9543B538F1A995B271B0B32B7EE5705F7B148323F2573249"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18979
Expires: Tue, 29 Nov 2022 09:11:18 GMT
Date: Tue, 29 Nov 2022 03:54:59 GMT
Connection: keep-alive
pt-static5.ptwmstcnt.com/npe/_common/script/adblock/advertisement-v808381.js
93.93.51.200200 OK 21 B URL HTTP/2 pt-static5.ptwmstcnt.com/npe/_common/script/adblock/advertisement-v808381.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with no line terminators
Hash 01c6e7ecb819ef28b0c9b962513a1596
1a49f493db7b91ed34a7040d36732352b9a5dc39
e97a9988dce8067f81f57557b349dd481e0335e75175179b6b01322be2ff13a5
GET /npe/_common/script/adblock/advertisement-v808381.js HTTP/1.1
Host: pt-static5.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: application/javascript
content-length: 21
last-modified: Mon, 28 Nov 2022 09:07:36 GMT
etag: "63847a58-15"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8aa06d3fa737d3edc3953be26fb78d4b
fccfe2c8e5132f5142580513f9907a01e74be670
4a68376f86557dabeaa89cb3c859215fd35687f8beec121c054a8f89d8175145
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6456
Cache-Control: max-age=154068
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:59 GMT
Etag: "6385202f-117"
Expires: Wed, 30 Nov 2022 22:42:47 GMT
Last-Modified: Mon, 28 Nov 2022 20:55:11 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
windscrape.com/winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu2d%2F%2BDroHP9CDuCt9VJBJ9%2FR8uofFdY0Es0nYD3KU6qrq5DU9VU1V9%2FQkp6AgnmTAiwcPnSdfqMvi3hWl40UCws5FApqL%2F8CisGeZ2XFHX6h6P5738NT7PvXJXn7OfOT8bO2m2aEk4Qutuu%2B9vk5amsJ5K3e8wK%2F7V7110u3mVW84uezgrcBv1f03vPeU2DILDT%2Fw%2FcAPvEWyKjbDhSkKSu%2F1gnrPrzcb9aDVxNCWcHkNjtcgB%2BfsRZAc%2F3%2Fz5wcgUUH3v72h3FZm0jff7ecJz4zFQB7f1VvaFBr9eRjbGmJ9POuGcWPGvrgAo49nrGEGBxPWiGjMar8GiPTxjBqiweETdlECpRHJSygGFVRSgXgFYT4GyYcMEBIrq9D9oxVjC779BOUTdMwuPv4LVIzZxd9fgu7fv57Q0Lttkjwjox2GcQkaVqCNCml%2BgmyHgYoTiOwjkPyFLTxehu4frLrEgGQ5fT1RBYorJGoE7hjyySGGPK4hT2voyzOPt3qx73fiKA7DblMIEYZCtLpt2ZJhsxv7yMWE3ghZOoJIRhB2F6ndxRaNYPPPQK5CzktQWiJ1R7120Gu1ocTptT%2FCqYHTmdeJO1w02r1QcL8ZNMPAjzqdhmrJII46osMR0em15%2FLnb969QkiIQfHTHx6xqcHpEjov97WlEladspntW5mdXnvatVnCSQaXMQxkiUIxFI6h4AwFMRQZQzEoD2XiGq48konLo2DmGzMflvsm2ygPTbahNNtLz9kL0938KT7AljrzwoAHYbftq243lN1uK%2BiqrmqowG%2FGQUv2GnD0zwTIXQB3NezQmL382yOkE9nIzxHxE7jkBII88PwyeFGCb5bY0SWkuV%2BQlk5Ynqq6MH2k2TPItmt7yTl7Zcqke3T5P8MVtkRqS3xIPzFsJJ%2Fu3zIFO7hlCscerKYZ9WmHTxR0O%2BOZ%2Bt%2FX76vtwli5dMONvnpbTIBJeO%2BOctky15L0hmPfXCcplV00Vij2%2FZJbV9Fa7jav51bn6fLaO4tL%2FdQq58joCpwept9B0Jg9%2B%2BqV6d947dKXIFvB5iX6%2BdNlgUwFke7CpfOaMww2medRylDk5b5tRPPiRA7JfOvgUQn3rzyax3vuRzgqkTn2NwAAAP%2F%2FAQAA%2F%2F%2Bk%2Br7ihQQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3712540&sub3=1669694097&pid=91283&sub2=icon&auid=7f7ac2693ca0414310b772e5d1fb7c7a&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
192.243.61.228307 Temporary Redirect 0 B URL HTTP/1.1 windscrape.com/winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu2d%2F%2BDroHP9CDuCt9VJBJ9%2FR8uofFdY0Es0nYD3KU6qrq5DU9VU1V9%2FQkp6AgnmTAiwcPnSdfqMvi3hWl40UCws5FApqL%2F8CisGeZ2XFHX6h6P5738NT7PvXJXn7OfOT8bO2m2aEk4Qutuu%2B9vk5amsJ5K3e8wK%2F7V7110u3mVW84uezgrcBv1f03vPeU2DILDT%2Fw%2FcAPvEWyKjbDhSkKSu%2F1gnrPrzcb9aDVxNCWcHkNjtcgB%2BfsRZAc%2F3%2Fz5wcgUUH3v72h3FZm0jff7ecJz4zFQB7f1VvaFBr9eRjbGmJ9POuGcWPGvrgAo49nrGEGBxPWiGjMar8GiPTxjBqiweETdlECpRHJSygGFVRSgXgFYT4GyYcMEBIrq9D9oxVjC779BOUTdMwuPv4LVIzZxd9fgu7fv57Q0Lttkjwjox2GcQkaVqCNCml%2BgmyHgYoTiOwjkPyFLTxehu4frLrEgGQ5fT1RBYorJGoE7hjyySGGPK4hT2voyzOPt3qx73fiKA7DblMIEYZCtLpt2ZJhsxv7yMWE3ghZOoJIRhB2F6ndxRaNYPPPQK5CzktQWiJ1R7120Gu1ocTptT%2FCqYHTmdeJO1w02r1QcL8ZNMPAjzqdhmrJII46osMR0em15%2FLnb969QkiIQfHTHx6xqcHpEjov97WlEladspntW5mdXnvatVnCSQaXMQxkiUIxFI6h4AwFMRQZQzEoD2XiGq48konLo2DmGzMflvsm2ygPTbahNNtLz9kL0938KT7AljrzwoAHYbftq243lN1uK%2BiqrmqowG%2FGQUv2GnD0zwTIXQB3NezQmL382yOkE9nIzxHxE7jkBII88PwyeFGCb5bY0SWkuV%2BQlk5Ynqq6MH2k2TPItmt7yTl7Zcqke3T5P8MVtkRqS3xIPzFsJJ%2Fu3zIFO7hlCscerKYZ9WmHTxR0O%2BOZ%2Bt%2FX76vtwli5dMONvnpbTIBJeO%2BOctky15L0hmPfXCcplV00Vij2%2FZJbV9Fa7jav51bn6fLaO4tL%2FdQq58joCpwept9B0Jg9%2B%2BqV6d947dKXIFvB5iX6%2BdNlgUwFke7CpfOaMww2medRylDk5b5tRPPiRA7JfOvgUQn3rzyax3vuRzgqkTn2NwAAAP%2F%2FAQAA%2F%2F%2Bk%2Br7ihQQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3712540&sub3=1669694097&pid=91283&sub2=icon&auid=7f7ac2693ca0414310b772e5d1fb7c7a&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 192.243.61.228:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /winnotice?sid=H4sIAAAAAAAC%2F1RTzWskxRuu2d%2F%2BDroHP9CDuCt9VJBJ9%2FR8uofFdY0Es0nYD3KU6qrq5DU9VU1V9%2FQkp6AgnmTAiwcPnSdfqMvi3hWl40UCws5FApqL%2F8CisGeZ2XFHX6h6P5738NT7PvXJXn7OfOT8bO2m2aEk4Qutuu%2B9vk5amsJ5K3e8wK%2F7V7110u3mVW84uezgrcBv1f03vPeU2DILDT%2Fw%2FcAPvEWyKjbDhSkKSu%2F1gnrPrzcb9aDVxNCWcHkNjtcgB%2BfsRZAc%2F3%2Fz5wcgUUH3v72h3FZm0jff7ecJz4zFQB7f1VvaFBr9eRjbGmJ9POuGcWPGvrgAo49nrGEGBxPWiGjMar8GiPTxjBqiweETdlECpRHJSygGFVRSgXgFYT4GyYcMEBIrq9D9oxVjC779BOUTdMwuPv4LVIzZxd9fgu7fv57Q0Lttkjwjox2GcQkaVqCNCml%2BgmyHgYoTiOwjkPyFLTxehu4frLrEgGQ5fT1RBYorJGoE7hjyySGGPK4hT2voyzOPt3qx73fiKA7DblMIEYZCtLpt2ZJhsxv7yMWE3ghZOoJIRhB2F6ndxRaNYPPPQK5CzktQWiJ1R7120Gu1ocTptT%2FCqYHTmdeJO1w02r1QcL8ZNMPAjzqdhmrJII46osMR0em15%2FLnb969QkiIQfHTHx6xqcHpEjov97WlEladspntW5mdXnvatVnCSQaXMQxkiUIxFI6h4AwFMRQZQzEoD2XiGq48konLo2DmGzMflvsm2ygPTbahNNtLz9kL0938KT7AljrzwoAHYbftq243lN1uK%2BiqrmqowG%2FGQUv2GnD0zwTIXQB3NezQmL382yOkE9nIzxHxE7jkBII88PwyeFGCb5bY0SWkuV%2BQlk5Ynqq6MH2k2TPItmt7yTl7Zcqke3T5P8MVtkRqS3xIPzFsJJ%2Fu3zIFO7hlCscerKYZ9WmHTxR0O%2BOZ%2Bt%2FX76vtwli5dMONvnpbTIBJeO%2BOctky15L0hmPfXCcplV00Vij2%2FZJbV9Fa7jav51bn6fLaO4tL%2FdQq58joCpwept9B0Jg9%2B%2BqV6d947dKXIFvB5iX6%2BdNlgUwFke7CpfOaMww2medRylDk5b5tRPPiRA7JfOvgUQn3rzyax3vuRzgqkTn2NwAAAP%2F%2FAQAA%2F%2F%2Bk%2Br7ihQQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3712540&sub3=1669694097&pid=91283&sub2=icon&auid=7f7ac2693ca0414310b772e5d1fb7c7a&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: windscrape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 03:54:59 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a4205c70ead0f456e09981fb4f1b6d1d
Strict-Transport-Security: max-age=0; includeSubdomains
go.goaserv.com/banner.go?spaceid=1219880&sid2=wfvaB4iTtBZqE_RCnSU2qu7EL9SDSBySaOFbRyZ2KrPE2E86t2MADiEkKepMSr8gVQIs1L85y_8KgD6oCKAXsCSecHijWJUSX1MppZ67DfaRkg_gUIDRUi&sid3=3761372
217.22.19.196200 OK 2.2 kB URL HTTP/2 go.goaserv.com/banner.go?spaceid=1219880&sid2=wfvaB4iTtBZqE_RCnSU2qu7EL9SDSBySaOFbRyZ2KrPE2E86t2MADiEkKepMSr8gVQIs1L85y_8KgD6oCKAXsCSecHijWJUSX1MppZ67DfaRkg_gUIDRUi&sid3=3761372
IP 217.22.19.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5997), with no line terminators
Hash ffc57dd273d9696d5934cdcb9cbf0fb4
6055d7a73820d9ac09fa554deee8488e27351bee
bab113fedc64e5b864d3225db6073a636db822b5a533abf8d734a498ae13af3f
GET /banner.go?spaceid=1219880&sid2=wfvaB4iTtBZqE_RCnSU2qu7EL9SDSBySaOFbRyZ2KrPE2E86t2MADiEkKepMSr8gVQIs1L85y_8KgD6oCKAXsCSecHijWJUSX1MppZ67DfaRkg_gUIDRUi&sid3=3761372 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: text/html; charset=utf-8
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Tue, 29 11 2022 03:54:59 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-go-web-242
content-encoding: gzip
X-Firefox-Spdy: h2
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
216.127.52.241200 3.0 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
IP 216.127.52.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash debffb817a6b474b9c44a61b9370f564
c3937e1e641d4842d5132cf82703cbde5414d078
2e2b2897dec2ba2c9982fa9482b9fcde1a1b2c60ae5c374a8ab36a06722bdf1f
GET /as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Tue, 29 Nov 2022 03:54:59 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11669694099937_0_5106_4398=0001000; expires=Thu, 29-Dec-2022 03:54:59 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=3367-1669694099; expires=Fri, 26-Nov-2032 03:54:59 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
45.133.44.9200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Hash 70cf8250da1a25a7b445231428af7828
a849d338423d2919949340838c768bba90b9081c
b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: image/jpeg
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Thu, 01 Dec 2022 03:54:59 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=766&ck=1&ref=https://chaturbate.com/tours/3/&ap=24&be=427&fe=664&dc=504&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669694097610,%22n%22:0,%22r%22:1,%22re%22:211,%22f%22:211,%22dn%22:211,%22dne%22:211,%22c%22:211,%22s%22:211,%22ce%22:211,%22rq%22:212,%22rp%22:400,%22rpe%22:401,%22dl%22:404,%22di%22:500,%22ds%22:503,%22de%22:509,%22dc%22:664,%22l%22:664,%22le%22:665%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFEIDQ8GAwULBVICVQEAXBh4Yy8TFUMhJTshCU0XAwZRHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw8AAVVWW1UKGA4CBAAUVQNRUE4EXVcIHFJQWFNaBlUCVg1RDxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BMVBbXV4WQhtNQBYFPAlKak9UE0JQDgxBXkFXCRcVExRQZgMQDBMQA0tqX1AMWFUYQFlGJQ9LUF9eGRMVQxcCOwEUVkJKVBNuTwQQEA0MCBsPGwBRBBdRQE9GFgdmRk1DCF9eQ1hBKQwcUFlVUE4EF1FCSzMKCF1aTkJBf21BU1NKU10ZYlBfVwUCQRpVUFhGS0MDAFEEF1FLQyMGBVJaFgNRAAlRU1NVQyBQR1xXDkkWUFJWSlNEFRdeWBVuWg4PDg0XRAMXWwJZVQ8FUVNQAFMNFxUTEVBLAA8QRllEQmkbRQ5ESz1AWUQ/REEEa1U9ExVBPkEHAgtJVFBWD20bW0I/RhcHdkZ7bUMdGT1AADhBXBlpGwA9ExVBPkEUP0QDFWUTUW0bTUI/RgQDV1FcQz0TA0E%2BQQI/RBUVZRMFWEoAAA8BPBVWQFdVPRMDQT5BVD9ERBdETA%3D%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=766&ck=1&ref=https://chaturbate.com/tours/3/&ap=24&be=427&fe=664&dc=504&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669694097610,%22n%22:0,%22r%22:1,%22re%22:211,%22f%22:211,%22dn%22:211,%22dne%22:211,%22c%22:211,%22s%22:211,%22ce%22:211,%22rq%22:212,%22rp%22:400,%22rpe%22:401,%22dl%22:404,%22di%22:500,%22ds%22:503,%22de%22:509,%22dc%22:664,%22l%22:664,%22le%22:665%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFEIDQ8GAwULBVICVQEAXBh4Yy8TFUMhJTshCU0XAwZRHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw8AAVVWW1UKGA4CBAAUVQNRUE4EXVcIHFJQWFNaBlUCVg1RDxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BMVBbXV4WQhtNQBYFPAlKak9UE0JQDgxBXkFXCRcVExRQZgMQDBMQA0tqX1AMWFUYQFlGJQ9LUF9eGRMVQxcCOwEUVkJKVBNuTwQQEA0MCBsPGwBRBBdRQE9GFgdmRk1DCF9eQ1hBKQwcUFlVUE4EF1FCSzMKCF1aTkJBf21BU1NKU10ZYlBfVwUCQRpVUFhGS0MDAFEEF1FLQyMGBVJaFgNRAAlRU1NVQyBQR1xXDkkWUFJWSlNEFRdeWBVuWg4PDg0XRAMXWwJZVQ8FUVNQAFMNFxUTEVBLAA8QRllEQmkbRQ5ESz1AWUQ/REEEa1U9ExVBPkEHAgtJVFBWD20bW0I/RhcHdkZ7bUMdGT1AADhBXBlpGwA9ExVBPkEUP0QDFWUTUW0bTUI/RgQDV1FcQz0TA0E%2BQQI/RBUVZRMFWEoAAA8BPBVWQFdVPRMDQT5BVD9ERBdETA%3D%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=766&ck=1&ref=https://chaturbate.com/tours/3/&ap=24&be=427&fe=664&dc=504&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669694097610,%22n%22:0,%22r%22:1,%22re%22:211,%22f%22:211,%22dn%22:211,%22dne%22:211,%22c%22:211,%22s%22:211,%22ce%22:211,%22rq%22:212,%22rp%22:400,%22rpe%22:401,%22dl%22:404,%22di%22:500,%22ds%22:503,%22de%22:509,%22dc%22:664,%22l%22:664,%22le%22:665%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFEIDQ8GAwULBVICVQEAXBh4Yy8TFUMhJTshCU0XAwZRHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw8AAVVWW1UKGA4CBAAUVQNRUE4EXVcIHFJQWFNaBlUCVg1RDxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BMVBbXV4WQhtNQBYFPAlKak9UE0JQDgxBXkFXCRcVExRQZgMQDBMQA0tqX1AMWFUYQFlGJQ9LUF9eGRMVQxcCOwEUVkJKVBNuTwQQEA0MCBsPGwBRBBdRQE9GFgdmRk1DCF9eQ1hBKQwcUFlVUE4EF1FCSzMKCF1aTkJBf21BU1NKU10ZYlBfVwUCQRpVUFhGS0MDAFEEF1FLQyMGBVJaFgNRAAlRU1NVQyBQR1xXDkkWUFJWSlNEFRdeWBVuWg4PDg0XRAMXWwJZVQ8FUVNQAFMNFxUTEVBLAA8QRllEQmkbRQ5ESz1AWUQ/REEEa1U9ExVBPkEHAgtJVFBWD20bW0I/RhcHdkZ7bUMdGT1AADhBXBlpGwA9ExVBPkEUP0QDFWUTUW0bTUI/RgQDV1FcQz0TA0E%2BQQI/RBUVZRMFWEoAAA8BPBVWQFdVPRMDQT5BVD9ERBdETA%3D%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:59 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 771867b80b6ab51b-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=8f01029f2094c150; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash def12e36abede86daba89800e8a8d675
11b3dc13bf6a90f7454a38ad9e92ad2ef930b23a
15f3ad4f9d754788251a4a84fb1a1f047f652e010f8c6422d657a8e50b7c6e05
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15F3AD4F9D754788251A4A84FB1A1F047F652E010F8C6422D657A8E50B7C6E05"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16026
Expires: Tue, 29 Nov 2022 08:22:05 GMT
Date: Tue, 29 Nov 2022 03:54:59 GMT
Connection: keep-alive
creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
104.18.59.150200 OK 588 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP 104.18.59.150:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash de74023b4882af23ff3bbaa7f74f09d7
7df28b2a4f6ca7c87f610438ad5611f787064a51
d1e4eb7520000864539233e02796cecb1bc0e0d9a0b565b92516ed7663d5316c
GET /widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: text/html
last-modified: Wed, 16 Nov 2022 07:56:27 GMT
expires: Tue, 29 Nov 2022 03:55:07 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 2
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867b8093ffac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.51.106200 OK 79 kB URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.51.106:0
Hash 31f7fec4cffc9aae5c3179b6fe0ded45
8b3bfdd1f05ee11fdd6cbc21cb0117f3b3d63375
a0422b3a5c89998c2473c32b1a9d1f099ec95e404574f4a54db5a77326e6a8d0
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 6226
expires: Tue, 29 Nov 2022 07:54:59 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867b97ac91bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
camschat.net/900250/adnium.php
66.230.180.98200 OK 5.4 kB URL HTTP/2 camschat.net/900250/adnium.php
IP 66.230.180.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1164)
Hash 699962e9187bd20e379caa7022fb6102
425be30def48c59f7d98c582ff95926e3e2bdfe8
a7413202227404ed53c35a31c89890ec4cb0503a64658e5c509d721fcec7167a
GET /900250/adnium.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 501348eb69ffb62b4b15cfa07bdcb2e3
001aad019a7b41623e7a49a1fc53b8ca1589a417
348c07d38501bc790b67427323b21453357d222b3044b305ce3f78e1babab5cb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5140
Cache-Control: max-age=86873
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:59 GMT
Etag: "63841ed8-116"
Expires: Wed, 30 Nov 2022 04:02:52 GMT
Last-Modified: Mon, 28 Nov 2022 02:37:12 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
pt-static1.ptwmstcnt.com/npe/image/smilies_ex.png
93.93.51.200200 OK 8.6 kB URL HTTP/2 pt-static1.ptwmstcnt.com/npe/image/smilies_ex.png
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash e7228d7289c651d31b797255cab77182
07a09548c0d560d007604f9a3b2da45b90fbecc6
f16d5df570adc176a98ee7621cab44911d8b94fd64739aa4b155d865f7c6f5e3
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: image/png
content-length: 8533
last-modified: Tue, 22 Nov 2022 08:57:06 GMT
etag: "637c8ee2-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f11/125414bb8fe7a3fa7a11095dbf0c0506_glamour_896x504.jpg
93.93.51.190200 OK 95 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f11/125414bb8fe7a3fa7a11095dbf0c0506_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 8e72f6b29ab33467c63114172a869371
556c0a8fe59334b3c05ae8885f43b1d6598aeeae
d0b57837bacd670fb6a50f1b052806b7d86f7cd7282ed9835420adaa1d3a1d14
GET /ff268cab8d9fbae1ed7506f97496274f11/125414bb8fe7a3fa7a11095dbf0c0506_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: image/jpeg
content-length: 95195
last-modified: Wed, 02 Nov 2022 04:05:30 GMT
etag: "8e72f6b29ab33467c63114172a869371"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 13 Dec 2022 03:54:59 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
data.goasrv.com/data/creatives/1164/1206.mp4
217.22.19.195206 Partial Content 62 kB URL HTTP/2 data.goasrv.com/data/creatives/1164/1206.mp4
IP 217.22.19.195:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 00440e95d271b66ac28aba258c8ac82d
ca43f830d974453a0703e6faa5b1e47960b830ed
a8fc051a9b60e5860cf7fee52bf476279ab2842e292a1490f0c21277b04c261d
GET /data/creatives/1164/1206.mp4 HTTP/1.1
Host: data.goasrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.goaserv.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
server: nginx
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: video/mp4
content-length: 876169
last-modified: Thu, 19 May 2022 15:16:02 GMT
etag: "62865f32-d5e89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-222
content-range: bytes 0-876168/876169
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMkWHDjBkZY260MEPjhowWNGKYERlmBgwcLcjUkIGjhg0xM2-QoSHi4Rwxacgo1LFFhE0ZOWjkmFFTRJeHYeqMyShmxpgZZGAobQGjBg4YKG9YbSFmo5gWNkLmIGMDhxkxMcaQ6QmRjJ2FM27k6PoQTh0xFJHegAoHDsUYOZb6hDNRR14bMfLKeDimjWEdSpHGwAGVjBmKD8W4cYM3RowbNmw-bOMGow4ZYm3k6MvadYyUmx_WiZERDR06cOboePHizBsXxsPMQWjHxZg3bV6ICTMaIfI3P-bAiVgmaI8YMhDj-MqlDgwYHOcElfFdiZUvUlqMcWOmyBcsKom0keIER5onapRhRBFsuCEFFnq4MUYVdNhBBxMtxOHEgHW00QIRcbAhxRxQ1CDGEjHQYUUbayTBVRBPGPEEGUrMgIUYX9Qwx0tR3LGGDW1cQYYVdLxRBw00EJHEGWIM0cYcObBhoRFxrCEFGUxA0UQbZ3xxRhVJECFFFWmUd156Qc3Qw2ORmUQXHG2AJsIbaKpJBnQZyUGHGKLJ4RyclIXR2BYzxPCUCHDIMZUOMLhwXkUiiPEZoYbypRGaXwQ6aKHnvTTDDA_JYcdluYlQxhhtMnooDDHYoFsdaWQ0Q0c0hXHDWTPIQAZMNHwKVg46lYHWDQ2RgRMNY9BgA08PpXGZCDnE4MJeLtAggwsNESuCHF8Ym1GyyxbqLLQ1SFtHGBk18YYeabDBRhgv1GAoCChckYYbb94xBwhOUAFCDJTuAIK7bgyrLx7-gqApQ10ZmgIIR3y6xhsvyEDqqDGAYEQacpRhxht4vICvujDQNcagIjjxBF1vUPtxRiLTxQbIRThB10F2fFExGxTVcMMNOKz6FQyZnkHaa14NJgLMX4ghx0LjPUR0G2_M9RoOkCktxxt4PfTGUDT0NTUeeSyU9bQW9_ZbcMO9ICedbtj5XHR0zaFpnG_QoWfJLdThRhp07OoCGWOA9zLIB33Bt98WpcmQDbLJRgMMOXAmAh1tyEAR4jkozjgOJgltkMxlaPeFnpMnntTlD5URcxhsIETHUHzS8GcYYjQ2tMVRsTFRXysvxLNGrsHQhwIBAQ%3D%3D&s=c655b57706637dc896341c68364ac1511ee4724389f0c683d854b5602c0ea5271669694098&w=t&r=1&d=404&priv=false
136.243.75.209200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMkWHDjBkZY260MEPjhowWNGKYERlmBgwcLcjUkIGjhg0xM2-QoSHi4Rwxacgo1LFFhE0ZOWjkmFFTRJeHYeqMyShmxpgZZGAobQGjBg4YKG9YbSFmo5gWNkLmIGMDhxkxMcaQ6QmRjJ2FM27k6PoQTh0xFJHegAoHDsUYOZb6hDNRR14bMfLKeDimjWEdSpHGwAGVjBmKD8W4cYM3RowbNmw-bOMGow4ZYm3k6MvadYyUmx_WiZERDR06cOboePHizBsXxsPMQWjHxZg3bV6ICTMaIfI3P-bAiVgmaI8YMhDj-MqlDgwYHOcElfFdiZUvUlqMcWOmyBcsKom0keIER5onapRhRBFsuCEFFnq4MUYVdNhBBxMtxOHEgHW00QIRcbAhxRxQ1CDGEjHQYUUbayTBVRBPGPEEGUrMgIUYX9Qwx0tR3LGGDW1cQYYVdLxRBw00EJHEGWIM0cYcObBhoRFxrCEFGUxA0UQbZ3xxRhVJECFFFWmUd156Qc3Qw2ORmUQXHG2AJsIbaKpJBnQZyUGHGKLJ4RyclIXR2BYzxPCUCHDIMZUOMLhwXkUiiPEZoYbypRGaXwQ6aKHnvTTDDA_JYcdluYlQxhhtMnooDDHYoFsdaWQ0Q0c0hXHDWTPIQAZMNHwKVg46lYHWDQ2RgRMNY9BgA08PpXGZCDnE4MJeLtAggwsNESuCHF8Ym1GyyxbqLLQ1SFtHGBk18YYeabDBRhgv1GAoCChckYYbb94xBwhOUAFCDJTuAIK7bgyrLx7-gqApQ10ZmgIIR3y6xhsvyEDqqDGAYEQacpRhxht4vICvujDQNcagIjjxBF1vUPtxRiLTxQbIRThB10F2fFExGxTVcMMNOKz6FQyZnkHaa14NJgLMX4ghx0LjPUR0G2_M9RoOkCktxxt4PfTGUDT0NTUeeSyU9bQW9_ZbcMO9ICedbtj5XHR0zaFpnG_QoWfJLdThRhp07OoCGWOA9zLIB33Bt98WpcmQDbLJRgMMOXAmAh1tyEAR4jkozjgOJgltkMxlaPeFnpMnntTlD5URcxhsIETHUHzS8GcYYjQ2tMVRsTFRXysvxLNGrsHQhwIBAQ%3D%3D&s=c655b57706637dc896341c68364ac1511ee4724389f0c683d854b5602c0ea5271669694098&w=t&r=1&d=404&priv=false
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMkWHDjBkZY260MEPjhowWNGKYERlmBgwcLcjUkIGjhg0xM2-QoSHi4Rwxacgo1LFFhE0ZOWjkmFFTRJeHYeqMyShmxpgZZGAobQGjBg4YKG9YbSFmo5gWNkLmIGMDhxkxMcaQ6QmRjJ2FM27k6PoQTh0xFJHegAoHDsUYOZb6hDNRR14bMfLKeDimjWEdSpHGwAGVjBmKD8W4cYM3RowbNmw-bOMGow4ZYm3k6MvadYyUmx_WiZERDR06cOboePHizBsXxsPMQWjHxZg3bV6ICTMaIfI3P-bAiVgmaI8YMhDj-MqlDgwYHOcElfFdiZUvUlqMcWOmyBcsKom0keIER5onapRhRBFsuCEFFnq4MUYVdNhBBxMtxOHEgHW00QIRcbAhxRxQ1CDGEjHQYUUbayTBVRBPGPEEGUrMgIUYX9Qwx0tR3LGGDW1cQYYVdLxRBw00EJHEGWIM0cYcObBhoRFxrCEFGUxA0UQbZ3xxRhVJECFFFWmUd156Qc3Qw2ORmUQXHG2AJsIbaKpJBnQZyUGHGKLJ4RyclIXR2BYzxPCUCHDIMZUOMLhwXkUiiPEZoYbypRGaXwQ6aKHnvTTDDA_JYcdluYlQxhhtMnooDDHYoFsdaWQ0Q0c0hXHDWTPIQAZMNHwKVg46lYHWDQ2RgRMNY9BgA08PpXGZCDnE4MJeLtAggwsNESuCHF8Ym1GyyxbqLLQ1SFtHGBk18YYeabDBRhgv1GAoCChckYYbb94xBwhOUAFCDJTuAIK7bgyrLx7-gqApQ10ZmgIIR3y6xhsvyEDqqDGAYEQacpRhxht4vICvujDQNcagIjjxBF1vUPtxRiLTxQbIRThB10F2fFExGxTVcMMNOKz6FQyZnkHaa14NJgLMX4ghx0LjPUR0G2_M9RoOkCktxxt4PfTGUDT0NTUeeSyU9bQW9_ZbcMO9ICedbtj5XHR0zaFpnG_QoWfJLdThRhp07OoCGWOA9zLIB33Bt98WpcmQDbLJRgMMOXAmAh1tyEAR4jkozjgOJgltkMxlaPeFnpMnntTlD5URcxhsIETHUHzS8GcYYjQ2tMVRsTFRXysvxLNGrsHQhwIBAQ%3D%3D&s=c655b57706637dc896341c68364ac1511ee4724389f0c683d854b5602c0ea5271669694098&w=t&r=1&d=404&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=36f28a7b-32d8-4ec0-97de-6715db54c464; bfq=APeIECNCx5YZMWLcsFHDRhcWIsYU3BLjoYgyE2PYsJHjBg4YNHLg6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
m.sancdn.net/common/videojs/videojs.min-original-v2.css
69.16.175.42200 OK 12 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs.min-original-v2.css
IP 69.16.175.42:0
File type ASCII text, with very long lines (11336)
Hash 4b6813504d31e3b11655aafacf165db4
96517f0033bd59f277cd2eefa7d088ae6ff82dad
063b4a568733054fea7f238a10b384170ce29c136d3194feed44d8c8b451f55d
GET /common/videojs/videojs.min-original-v2.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:59 GMT
Connection: Keep-Alive
ETag: "1385146323"
Cache-Control: max-age=86400
Content-Length: 11451
Content-Type: text/css
Last-Modified: Fri, 22 Nov 2013 18:52:03 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1669694099.dop009.sk1.t,1669694099.cds013.sk1.shn,1669694099.cds013.sk1.c
pt-static3.ptwmstcnt.com/npe/ba/fklf/script/fk.lf-v808381.js
93.93.51.200200 OK 156 kB URL HTTP/2 pt-static3.ptwmstcnt.com/npe/ba/fklf/script/fk.lf-v808381.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 156 kB (155738 bytes)
Hash d8768d898eea1b67a6de9389b9c5213e
6a393f1cebb13eb5b24090d531d7156d55cb25e2
1cb83b3b9767db2cbfc33f562437a65720dfe29ecb2c7fcc135c306bce6db97e
GET /npe/ba/fklf/script/fk.lf-v808381.js HTTP/1.1
Host: pt-static3.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 09:07:36 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63847a58-503ee"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
69.16.175.42200 OK 20 kB URL HTTP/1.1 m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
IP 69.16.175.42:0
File type HTML document, ASCII text, with very long lines (14756)
Hash 70d492eca4141bdd1452977dd893dd63
9cd9504b3afdeca86a03251591e1afab36ae2c57
ce0f70d9e807bb959717d8350c21a107f5b6b7221a774b6d1ed057219468a260
GET /jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:59 GMT
Connection: Keep-Alive
ETag: "1367368554"
Cache-Control: max-age=86400
Content-Length: 19484
Content-Type: application/javascript
Last-Modified: Wed, 01 May 2013 00:35:54 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1669694099.dop227.sk1.t,1669694099.cds207.sk1.shn,1669694099.dop227.sk1.t,1669694099.cds026.sk1.c
m.sancdn.net/common/videojs/videojs-411.js
69.16.175.42200 OK 71 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs-411.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (691)
Hash 532c3b3953d350e917649027f2c2accc
ffa74d9d511742bcf131580f71475dda94b962bc
16d0f10631780e6f883d0ec99240c59cc9836c76121d31111331732aac932fe0
GET /common/videojs/videojs-411.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:59 GMT
Connection: Keep-Alive
ETag: "1448403647"
Cache-Control: max-age=86400
Content-Length: 71023
Content-Type: application/javascript
Last-Modified: Tue, 24 Nov 2015 22:20:47 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1669694099.dop013.sk1.t,1669694099.cds012.sk1.shn,1669694099.cds012.sk1.c
pt.wmptctl.com/m3Quv/kHi.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 43 B URL HTTP/2 pt.wmptctl.com/m3Quv/kHi.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /m3Quv/kHi.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 29-Dec-22 03:54:59 GMT; SameSite=None; Secure
expires: Tue, 29 Nov 2022 03:54:58 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 066345886fb7d0670ce9a1da3323cc7d
04f183887ec0c0952449f735912ecd41a703484b
98f08c082e00e8712cd8a7a8d37112d1a4e79052f6128f72a84f661e2905392e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 990
Cache-Control: max-age=94969
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:59 GMT
Etag: "63844eae-118"
Expires: Wed, 30 Nov 2022 06:17:48 GMT
Last-Modified: Mon, 28 Nov 2022 06:01:18 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f16/6008221bf45cca880c6cbd090facb2f9_glamour_896x504.jpg
93.93.51.190200 OK 54 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f16/6008221bf45cca880c6cbd090facb2f9_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash cebd3de7534d978fba23a5395abe3754
219c1a9268e780a454eb63d853e6605de99249f3
f92942eb7262f3f98343616a5ab4809bcd3f699a6c2cf79ba92e6e3f49330ef1
GET /ff268cab8d9fbae1ed7506f97496274f16/6008221bf45cca880c6cbd090facb2f9_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: image/jpeg
content-length: 54530
last-modified: Wed, 16 Nov 2022 00:58:12 GMT
etag: "cebd3de7534d978fba23a5395abe3754"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 13 Dec 2022 03:54:59 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f13/3f1a4f5f4b6106ef6426a591ed3e77d9_glamour_896x504.jpg
93.93.51.190200 OK 74 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f13/3f1a4f5f4b6106ef6426a591ed3e77d9_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash e3063556dd7464ad800d188319d8d6bf
918759ec5ea0ee8bcac3073e2df5321300594674
5dc6a2a78158aa3dcfb422f9763d4f29c778066dcd2294adb279f09e0f5f01d3
GET /ff268cab8d9fbae1ed7506f97496274f13/3f1a4f5f4b6106ef6426a591ed3e77d9_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: image/jpeg
content-length: 73596
last-modified: Sat, 26 Nov 2022 18:06:08 GMT
etag: "e3063556dd7464ad800d188319d8d6bf"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 13 Dec 2022 03:54:59 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1669693801/7598957
104.18.63.132200 OK 27 kB URL HTTP/2 img.strpst.com/thumbs/1669693801/7598957
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 0de7ecd2694665aa6517b265be128f30
5667a64e0db2c9c7a7d7ab1c143c7105f23222d8
d6e5b616c6a616b12612367d4723fafaefa6476b0de9c34f4820f81a2632ff91
GET /thumbs/1669693801/7598957 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: image/jpeg
content-length: 26892
cf-bgj: imgq:100,h2pri
cf-polished: origSize=28012, status=webp_bigger
etag: "9cca7f58af0209a30add1c5c85fc682e"
last-modified: Tue, 29 Nov 2022 03:50:03 GMT
cf-cache-status: HIT
age: 40
expires: Tue, 29 Nov 2022 03:55:59 GMT
cache-control: public, max-age=60
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867bbde120afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1f/f834697a9c25a95d0d15689f1ae3aa04_glamour_896x504.jpg
93.93.51.190200 OK 58 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1f/f834697a9c25a95d0d15689f1ae3aa04_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 7f219da1644e5bdabe88c3d7f9c09623
28fbf5247442e568615c1cab9258b502e057665c
3c1e9810b0c66fa2a01ac2deb1629522814e76ac51a438658dab71f88effd71b
GET /ff268cab8d9fbae1ed7506f97496274f1f/f834697a9c25a95d0d15689f1ae3aa04_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: image/jpeg
content-length: 58043
last-modified: Wed, 25 May 2022 19:02:17 GMT
etag: "7f219da1644e5bdabe88c3d7f9c09623"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 13 Dec 2022 03:54:59 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 066345886fb7d0670ce9a1da3323cc7d
04f183887ec0c0952449f735912ecd41a703484b
98f08c082e00e8712cd8a7a8d37112d1a4e79052f6128f72a84f661e2905392e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 990
Cache-Control: max-age=94969
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 03:54:59 GMT
Etag: "63844eae-118"
Expires: Wed, 30 Nov 2022 06:17:48 GMT
Last-Modified: Mon, 28 Nov 2022 06:01:18 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1a/a35940e243df3652526d5b58f1dfa9d6_glamour_896x504.jpg
93.93.51.190200 OK 60 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1a/a35940e243df3652526d5b58f1dfa9d6_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash dde555561b0eea6da7ae8e7b69216971
b637765750dba82b5aba05c67cb0b354a37f0516
c5b7d63268689bf808b82e083151e3dd2f693af181548453f8cb4e90c12d1593
GET /ff268cab8d9fbae1ed7506f97496274f1a/a35940e243df3652526d5b58f1dfa9d6_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:59 GMT
content-type: image/jpeg
content-length: 60141
last-modified: Fri, 25 Jun 2021 05:14:05 GMT
etag: "dde555561b0eea6da7ae8e7b69216971"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 13 Dec 2022 03:54:59 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1337&ck=1&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1337&ck=1&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1337&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1684
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:59 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 771867bb4c8cb51b-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.241200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.241:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
Cookie: iid=2707-1669694099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Tue, 29 Nov 2022 03:54:59 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1669694099; expires=Fri, 26-Nov-2032 03:54:59 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.241200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.241:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
Cookie: iid=2707-1669694099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Tue, 29 Nov 2022 03:54:59 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1669694099; expires=Fri, 26-Nov-2032 03:54:59 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
69.16.175.42200 OK 57 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
IP 69.16.175.42:0
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://as.sexad.net
Connection: keep-alive
Referer: https://m.sancdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:54:59 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 56780
Content-Type: application/octet-stream
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1669694099.dop002.sk1.t,1669694099.cds202.sk1.shn,1669694099.dop002.sk1.t,1669694099.cds252.sk1.c
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=818&ck=1&ref=https://chaturbate.com/tours/3/&ap=20&be=456&fe=719&dc=648&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669694098307,%22n%22:0,%22r%22:0,%22re%22:180,%22f%22:180,%22dn%22:180,%22dne%22:180,%22c%22:180,%22s%22:180,%22ce%22:180,%22rq%22:182,%22rp%22:370,%22rpe%22:379,%22dl%22:443,%22di%22:638,%22ds%22:647,%22de%22:652,%22dc%22:717,%22l%22:717,%22le%22:718%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=622&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFEIDQ8GAwkMA1RbBlZXXRh4Yy8TFUMhJTshCU0XAwlYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1xQUgJRWgAMGF0CVwcUVQcAVE4HC1QMHAICC1ABUFVTBVgNDRNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtXCgkFB11SUlcHVlIbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=818&ck=1&ref=https://chaturbate.com/tours/3/&ap=20&be=456&fe=719&dc=648&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669694098307,%22n%22:0,%22r%22:0,%22re%22:180,%22f%22:180,%22dn%22:180,%22dne%22:180,%22c%22:180,%22s%22:180,%22ce%22:180,%22rq%22:182,%22rp%22:370,%22rpe%22:379,%22dl%22:443,%22di%22:638,%22ds%22:647,%22de%22:652,%22dc%22:717,%22l%22:717,%22le%22:718%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=622&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFEIDQ8GAwkMA1RbBlZXXRh4Yy8TFUMhJTshCU0XAwlYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1xQUgJRWgAMGF0CVwcUVQcAVE4HC1QMHAICC1ABUFVTBVgNDRNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtXCgkFB11SUlcHVlIbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=818&ck=1&ref=https://chaturbate.com/tours/3/&ap=20&be=456&fe=719&dc=648&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669694098307,%22n%22:0,%22r%22:0,%22re%22:180,%22f%22:180,%22dn%22:180,%22dne%22:180,%22c%22:180,%22s%22:180,%22ce%22:180,%22rq%22:182,%22rp%22:370,%22rpe%22:379,%22dl%22:443,%22di%22:638,%22ds%22:647,%22de%22:652,%22dc%22:717,%22l%22:717,%22le%22:718%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=622&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFEIDQ8GAwkMA1RbBlZXXRh4Yy8TFUMhJTshCU0XAwlYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1xQUgJRWgAMGF0CVwcUVQcAVE4HC1QMHAICC1ABUFVTBVgNDRNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtXCgkFB11SUlcHVlIbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:55:00 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 771867bc5cd9b51b-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=1d1d88ddb41430bc; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1200&ck=1&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1200&ck=1&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1200&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1681
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:55:00 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 771867becd9db51b-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
m1.nsimg.net//media/9/9/2/9925300.jpg
207.178.0.89200 OK 20 kB URL HTTP/1.1 m1.nsimg.net//media/9/9/2/9925300.jpg
IP 207.178.0.89:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 320x240, components 3\012- data
Hash b1a544279cd2e20302c06abea8fac844
91f2e8d4f01f7fb2ea61e02d20116fbc2cb3ae3a
e04a7202347050ecdbb2c9ed6001059f68efad4ca77905ce5e5ef8023ee1a906
GET //media/9/9/2/9925300.jpg HTTP/1.1
Host: m1.nsimg.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 03:55:00 GMT
Content-Type: image/jpeg
Content-Length: 20129
Connection: keep-alive
Last-Modified: Thu, 10 Sep 2020 23:59:10 GMT
ETag: "5f5abdce-4ea1"
Expires: Wed, 15 Nov 2023 01:39:54 GMT
Cache-Control: max-age=31536000
X-Varnish: 109488043 66808338
Age: 1211016
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 15253e4e667088470e0891419687e454
99aaf72ded35414a915ceaea60d5457bf8236eaf
775069096293be39a91a96cd66485198b3cc828f5de0ac4798f9690baed3aa58
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "775069096293BE39A91A96CD66485198B3CC828F5DE0AC4798F9690BAED3AA58"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12687
Expires: Tue, 29 Nov 2022 07:26:27 GMT
Date: Tue, 29 Nov 2022 03:55:00 GMT
Connection: keep-alive
pt.wmptctl.com/vgH1u/uUB.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3
93.93.51.191200 OK 43 B URL HTTP/2 pt.wmptctl.com/vgH1u/uUB.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /vgH1u/uUB.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3 HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:55:00 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 29-Dec-22 03:55:00 GMT; SameSite=None; Secure
expires: Tue, 29 Nov 2022 03:54:59 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
93.93.51.191200 OK 44 kB URL HTTP/2 pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash b4e6d40ef77a4f94b0faaeaffe2d4b50
7deaf844900e3fae624433d1b4ab1cd300f1b0cd
ea22403cda4fc9a6abafff30ae4f889556c450a96ca1c896ef468aeeda6134a9
GET /live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3 HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Tue, 29 Nov 2022 03:55:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 29-Dec-22 03:55:00 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash dc0308efe32b19531f1190d08ea8d1a1
7a391aac2f55810adf0887e25fa6f006a3677c9b
9490e2676a6eeb7cfb07b8ac42d07856d97d95384b2c8b3cb2074ef8321f1411
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 03:55:01 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 19:51:06 GMT
Expires: Fri, 02 Dec 2022 19:51:05 GMT
Etag: "7a391aac2f55810adf0887e25fa6f006a3677c9b"
Cache-Control: max-age=315963,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771867c2ba6cb4ee-OSL
dss-relay-109-71-166-29.dditscdn.com/?psid=&pstool=
109.71.166.37101 Switching Protocols 0 B URL HTTP/1.1 dss-relay-109-71-166-29.dditscdn.com/?psid=&pstool=
IP 109.71.166.37:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?psid=&pstool= HTTP/1.1
Host: dss-relay-109-71-166-29.dditscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://pt.wmptctl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: s2+8NHyZpi5rTnj4gIoEJA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: unknown
Date: Tue, 29 Nov 2022 03:55:01 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BqLS9AirYfz34+g92JjY+amA6TQ=
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7479fbd-640b-4a65-ac00-893210a725b0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7479fbd-640b-4a65-ac00-893210a725b0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c76e3c4cc159bda9b9e887fcd449ba51
12d90c36bd455b3b859fdb761b6ed49ea9f98f80
fc2aad6b1ec65938249970e01a23d35a19cb9c9acbc3524586dd23f7bdaf9690
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7479fbd-640b-4a65-ac00-893210a725b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10445
x-amzn-requestid: fb9fc0d4-9f2e-4fab-a259-30300aacdc67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvuDGHaIAMFn_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc659-56786e9b754a48b30b5f79c7;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:06:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fkjT2irjF_lGK2IDx2nzFK13MgMQFXrtUIWv9lR9y-f6VT1bthJfyQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 14:31:14 GMT
age: 48227
etag: "12d90c36bd455b3b859fdb761b6ed49ea9f98f80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pzTN5IjEttf7PTHri9rd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.23200 OK 0 B URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1669892870
server: CDN77-Turbo
x-77-nzt: AblMCRQIi2b/i8kMAA
x-77-nzt-ray: af5856301d9e161b91828563c35cb82b
x-cache: HIT
x-age: 838027
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true
172.64.173.19200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true
IP 172.64.173.19:0
GET /loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3cT3VbXVMjkXtKZQot4iqzyiw6Oy3nIO06W3QqapGpjZYdwGP%2Fx2rWAxGkzyTSnoYI0yWa6vnOssPFff28qOTmGSkbKzoXWGrWExn7fIzGImnziwzqUa1YVeriro90kO9x3%2BEzGF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771867af3e0e7457-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 0 B IP 172.64.198.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3976
last-modified: Tue, 29 Nov 2022 02:48:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WwqFAuQuH4n8C2pqHqGUmw%2FKrDCoFcl0ZTQkWUWbRIHj7lm7ouLxT5wanDLxR4PV53%2FVhk2gB0Ooktf%2BKWSvI%2BiSlyQFzRUTNJTZOHtHcxsIeKu0LulFFXYLBIPvkGx0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867a739eb06c9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pzTN5IjEttf7PTHri9rd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static2.ptwmstcnt.com/npe/ba/elf/script/elf-v808381.js
93.93.51.200200 OK 0 B URL HTTP/2 pt-static2.ptwmstcnt.com/npe/ba/elf/script/elf-v808381.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/ba/elf/script/elf-v808381.js HTTP/1.1
Host: pt-static2.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:55:00 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 09:07:36 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63847a58-8a477"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cams.gratis/banner/300x250.php?site=xfanta
172.64.194.8200 OK 0 B URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.194.8:0
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O4OOHaX7x3yCbFNHKrMG4XEe9qBqKMiqs5kCnQS68NZIDAy%2FazvQGH78qgIuja%2FF5EdAJJASAeJEAj0JHJxDtlDoEnZ1gwVJI7K05NvFhg%2BeclPXmhWD56v3er25Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771867b60d5a0091-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
camschat.net/900250/game.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/game.php
IP 66.230.180.98:0
GET /900250/game.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=562949385&categories={{ad_tags}}
136.243.130.121200 OK 0 B URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=562949385&categories={{ad_tags}}
IP 136.243.130.121:0
ASN #24940 Hetzner Online GmbH
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=562949385&categories={{ad_tags}} HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: ac96face5f191789
set-cookie: ts_uid=36f28a7b-32d8-4ec0-97de-6715db54c464; expires=Mon, 29 May 2023 03:54:58 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMWLcsFHDRhcWIsYU3BLjoYgyE2PYsJHjBg4YNHLg6NJH; expires=Wed, 30 Nov 2022 03:54:58 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
104.18.101.40200 OK 0 B URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
IP 104.18.101.40:0
GET /tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://camschat.net/
Connection: keep-alive
Cookie: __cf_bm=aP2HTX.jG5OpD3fsScUU9oyn3NOrW4yvkRxj0JJA.1E-1669694098-0-AU/EMxF1hFPVa4hKKlCTiivsd5/u560JOWabfGfpPsnlTSSEkjEdnkLExlZ9LfDCYF0b6MdCXc8qOAODUAMSK1E=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: affkey="eJyrVipSslJQyigpKSi20tdPTswtTs5ILNHLSy3RV6oFAJUzCgA="; Domain=.chaturbate.com; expires=Thu, 29-Dec-2022 03:54:58 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr6ac62833-73e1-4a24-bdb1-3aa28e1a04d6:1ozrhy:-upl3wvpr_Wt5ZSwNamCTCRY74o; Domain=.chaturbate.com; expires=Sun, 24-Aug-2025 03:54:58 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 771867b42d0a1bfe-OSL
content-encoding: br
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
104.21.234.93200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 104.21.234.93:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:54 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 32e159fc63882fae87d495e7b29d85db
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 29 Nov 2022 03:54:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G5r8eXKvCAom%2B%2BmcXkNe6QqkKY7EXxPvKo6ZuYnxtHpqUdDh1xm1ND5ogMH4X0%2FZAcLPIAaMB%2BKXVXlW0cf9ESfHejtsUFPQLVx04IWNe5iECtSj9Fbn8drtuhAA4So8FUGTaMI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7718679bcc84742b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/css/animate.css
IP 172.64.109.13:0
GET /sb/ssp/utility/social-media/whatsapp/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1173180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0lngcFFiJpUtdsq9iivtfsDWmjGX%2BxQgnNhwsyzCHw7f2t9%2BdUWmuegXe6XXNkKn1J2xwgJDXtRdBwPNw4k9le%2FLtvaMCGLlysGXmPdUNz7kUlmDT0LJEHoqjCd5ORrAZ3Ls82UYQu%2Fs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867a77b928e2c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pzTN5IjEttf7PTHri9rd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/img/close.svg
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/img/close.svg
IP 172.64.109.13:0
GET /sb/ssp/utility/social-media/whatsapp/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: image/svg+xml
last-modified: Thu, 11 Feb 2021 15:19:43 GMT
etag: W/"60254b0f-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1173816
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pz3miFnakUYG8qdGFzAhJNmU0yubqRgqbh7EfUFXHckBon8twO%2FylkYQ7%2F%2B4ekkZLpd3oV0oIsbfoZjBygbjNpaq4ALYEJAcxT%2FnfJuCc01LlzfVROnxBQP0iBhlDg6WBoVaT00FLEBX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867a79b9c8e2c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 29 Nov 2022 04:54:56 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/css/style.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/css/style.css
IP 172.64.109.13:0
GET /sb/ssp/utility/social-media/whatsapp/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: text/css
last-modified: Fri, 27 Aug 2021 12:30:40 GMT
etag: W/"6128daf0-18be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1173180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BT4OoaIRBSpp0nLsA0EiS2yGKMFMjPYzulqH%2Fsy1lRdiYgr2E5BbqOBhGS8kp3jZvZHR3bG1DT%2Bu3S1J4%2Bk3wJSR4EBblbaW29lMUioIkg8gFImxa1IpbreZImYuGqO4e5M08Uf1x%2B7j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867a75b868e2c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.109.13:0
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1173809
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YeMXuc3hguIqPCfdEoev6OSZTF%2FchqLj%2FlStY0WXy0p6y7ww2sm%2Bts7T%2BUrkR77Ias%2BPLG2KGh4MO3CRSg86zFbnXxWW6mexishRpfMe5QSuWbXI4UWBtKbVR4YgRr8rcZ0LSoBQmuRV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867a75b898e2c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/js/script.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/js/script.js
IP 172.64.109.13:0
GET /sb/ssp/utility/social-media/whatsapp/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1173180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yVQzGv8E4MmOqQ5joBSGWnpij87cW%2FAfspxmaLGHqy7TNyhxiva%2BvbqRcBbHBAQubk5Q5ujOGhjkVsgleo73SQILHu4mbeMaKMo%2FHAujtrrRZd%2FSrByuhGwvYuncBUTWABG9%2BynSHWZ3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867a77b918e2c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f
104.18.101.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f
IP 104.18.101.40:0
GET /in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Sun, 04-Dec-2022 03:54:58 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJwdjFsKgCAQAK8S+135gD7qswsE3WAzRREjdAMjuntsnzMD8wDB1EBV6w5tAyadjIRLmZkpR2bcj3ClbpSy6kFyyKw90VkmIQymYjxSf1gSXNE57ubebE4hWnb/WCt4PzeUIDE="; Domain=.chaturbate.com; expires=Thu, 29-Dec-2022 03:54:58 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Tue, 29-Nov-2022 09:54:58 GMT; Max-Age=21600; Path=/
sbr=sec:sbr7edcaef2-e274-47e9-8fc6-5513105bc6c8:1ozrhy:-U3zl6dV_wstINfNO8qA5PAQfi4; Domain=.chaturbate.com; expires=Sun, 24-Aug-2025 03:54:58 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=aP2HTX.jG5OpD3fsScUU9oyn3NOrW4yvkRxj0JJA.1E-1669694098-0-AU/EMxF1hFPVa4hKKlCTiivsd5/u560JOWabfGfpPsnlTSSEkjEdnkLExlZ9LfDCYF0b6MdCXc8qOAODUAMSK1E=; path=/; expires=Tue, 29-Nov-22 04:24:58 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 771867b30cd51bfe-OSL
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.93.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:58 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 1060055
expires: Thu, 29 Dec 2022 03:54:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MUD3Ni9eQPkSYVTATINcenvMdsdeR46pHH%2Bz4I5NwnfGNeoXGKnzd3NX8kCvsaKw4p3y91o8e%2B2zibucy9ocEW3RpSe7KOOMjtUuBgihL0311sq6o%2FqkqdAESie2BVxdT%2BZMlZeXW5K36kiuURAb5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=x48ArE00d0lRqvu7OKQOcxOfE49wHUzc_BoBRSPscuw-1669694098843-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 771867b5bafbb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/video/5f76ce8301bf221df0f0efe7?utm_source=share&ruid=41901732
104.21.46.88200 OK 0 B URL HTTP/2 xfantazy.com/video/5f76ce8301bf221df0f0efe7?utm_source=share&ruid=41901732
IP 104.21.46.88:0
GET /video/5f76ce8301bf221df0f0efe7?utm_source=share&ruid=41901732 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:53 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=9ri66573ltd8ehmf65310p; Domain=xfantazy.com; Path=/; Expires=Mon, 29 Nov 2032 03:54:52 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Tue, 06 Dec 2022 03:54:52 GMT
experiment-save-to-button-2=0; Path=/; Expires=Tue, 06 Dec 2022 03:54:52 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=StiBn%2FGJmd3XbGPRW4qFG9hwJjFpQor9IJiyPN9yTVZR2DT8py1uzhia%2BlszkqJJYdV8M6ZLfI2wIDhy806DWkg%2BXqUAUcBtqfzS2kex%2FGchscylJfGR1H7idISk%2F8E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7718678d8cb30b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:53 GMT
content-type: application/javascript
last-modified: Sat, 22 Oct 2022 11:28:35 GMT
etag: W/"6353d3e3-1cfaf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: e9FEURNZCy8QCXRIFeKzNOPJcaq9JOdFmn3HwmIu-x8aW0y4oU4R0w==
age: 2912062
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
172.64.173.19200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
IP 172.64.173.19:0
GET /loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=unhc%2BhkFCLYcLyBx4TVwMNqGrfU6xHuIpnbtT4YQvaTnLTLzlIG3PPgcqz%2FL6nWeJ2%2FNN9dQvXMcGWxfp8i5YkyxxC0HMxnxA%2BXEF7iYnCLUtI4AlVihyIM6NXycZvvTEXmlrGS3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771867af3e0f7457-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pzTN5IjEttf7PTHri9rd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
93.93.51.191200 OK 0 B URL HTTP/2 awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID} HTTP/1.1
Host: awecre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
cache-control: no-cache
date: Tue, 29 Nov 2022 03:54:58 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 29-Dec-22 03:54:58 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2
cdn.tubecorp.com/i/b.html?spot=4692&src=562949385&pid=19775&width=300&height=250&spaceid=859
45.133.44.25200 OK 0 B URL HTTP/2 cdn.tubecorp.com/i/b.html?spot=4692&src=562949385&pid=19775&width=300&height=250&spaceid=859
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /i/b.html?spot=4692&src=562949385&pid=19775&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.20.1
last-modified: Sat, 20 Nov 2021 06:50:54 GMT
etag: W/"df-5d132d021cf80"
x-request-id: 1e8af8868240079b6921c214a3629454
content-encoding: gzip
expires: Tue, 29 Nov 2022 04:54:57 GMT
cache-control: max-age=3600
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
IP 172.64.109.13:0
GET /sb/chat/mob/ssp/v2/new/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 03:54:56 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:58 GMT
etag: W/"62ceb706-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1173813
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fua15jxHrhO%2FogLR1%2BgmZAzy9gqls4KIh6D9mPj8Dz5UOnSy3S1wpuDmQVoQ3OH8TniX%2B%2FjcfpcGvk8sfrC1CAk3jIELM24ecq%2FtndIsEppOAoi6kL7X4wMuaujC1ARrMRFiFU5rsQs4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771867a78b9b8e2c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=pzTN5IjEttf7PTHri9rd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 03:54:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2