bioril-area.info/bank/atb/index.htm
200 OK 490 B URL HTTP/1.1 bioril-area.info/bank/atb/index.htm
IP
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (490), with no line terminators
Hash 548ccda01c6981c238631cfdc146ddc9
1efac15e616d63f0c930c817518f6eebd1995666
d1809bc6739fda28b314e9770247daa53d7b4231bf237dbab02ca5c4656af9cf
GET /bank/atb/index.htm HTTP/1.1
Host: bioril-area.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 490
content-type: text/html; charset=utf-8
date: Wed, 19 Oct 2022 03:57:09 GMT
server: nginx
set-cookie: sid=1ae06554-4f62-11ed-9e49-beccd688d62c; path=/; domain=.bioril-area.info; expires=Mon, 06 Nov 2090 07:11:16 GMT; max-age=2147483647; HttpOnly
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 19 Oct 2022 03:51:34 GMT
Expires: Wed, 19 Oct 2022 04:38:04 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -x9s0oW6y__3C9sr976WK2VC76B6bETd5VXaJU12ZIJTrAZUcCpwEQ==
Age: 335
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 10ab470535c002d333b4f27d38b51091
ed3b0850c5d75881de410f7e8ca35e012e38bd38
31d6655d048ec8a62e00125766fea65cde04beae0b11f12ce7f722c9a5f7e232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "31D6655D048EC8A62E00125766FEA65CDE04BEAE0B11F12CE7F722C9A5F7E232"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2360
Expires: Wed, 19 Oct 2022 04:36:29 GMT
Date: Wed, 19 Oct 2022 03:57:09 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 533e1d53f291993ed5886f88a85c6e55
eb4396e8422f71168d32ac6ff3ef49496f625e62
0d1b73b2a228fe76bf14688e603741025a40803971e05570f873b28788334b33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D1B73B2A228FE76BF14688E603741025A40803971E05570F873B28788334B33"
Last-Modified: Mon, 17 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3676
Expires: Wed, 19 Oct 2022 04:58:25 GMT
Date: Wed, 19 Oct 2022 03:57:09 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 8Q49H+qELxUgwxtjS5q460z63RLiGCnaoT7BLVAPoGLGCckKn+wNJpy1GHjKEsePXhF56gQ80/Y=
x-amz-request-id: F55GSFSQ2KMHGA54
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 19 Oct 2022 03:36:09 GMT
age: 1260
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 19 Oct 2022 03:57:09 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
bioril-area.info/favicon.ico
404 Not Found 9 B URL HTTP/1.1 bioril-area.info/favicon.ico
IP
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: bioril-area.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bioril-area.info/bank/atb/index.htm
Cookie: sid=1ae06554-4f62-11ed-9e49-beccd688d62c
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Wed, 19 Oct 2022 03:57:09 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 19 Oct 2022 03:43:40 GMT
Cache-Control: max-age=3600
Expires: Wed, 19 Oct 2022 04:00:12 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xPaQgQ-KKsVCB02oOFPBqQUuBBhiDjFMcXOppp3-a66kh_hBw49YDw==
Age: 810
ocsp.digicert.com/
200 OK 471 B IP
Hash c9b278637bdca251f78b46e4a0850473
a48fe5095fc27af1c6b6628149d9e8f655295621
eea38f271e134a85a7b586631a8831888ab81f0edb33120b26bd35cdfa032e52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5355
Cache-Control: max-age=106730
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 03:57:10 GMT
Etag: "634e5e95-1d7"
Expires: Thu, 20 Oct 2022 09:36:00 GMT
Last-Modified: Tue, 18 Oct 2022 08:06:45 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
bioril-area.info/bank/atb/index.htm?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjE1OTAyOSwiaWF0IjoxNjY2MTUxODI5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2Zsb2duMWY2OTk2bzNyamswbWswb2QiLCJuYmYiOjE2NjYxNTE4MjksInRzIjoxNjY2MTUxODI5NDcwNjk2fQ.3R2oZnGUhh_eg7rwHJrwWAzPRl9y8EczHc3TB8TkgYs&sid=1ae06554-4f62-11ed-9e49-beccd688d62c
302 Found 11 B URL HTTP/1.1 bioril-area.info/bank/atb/index.htm?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjE1OTAyOSwiaWF0IjoxNjY2MTUxODI5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2Zsb2duMWY2OTk2bzNyamswbWswb2QiLCJuYmYiOjE2NjYxNTE4MjksInRzIjoxNjY2MTUxODI5NDcwNjk2fQ.3R2oZnGUhh_eg7rwHJrwWAzPRl9y8EczHc3TB8TkgYs&sid=1ae06554-4f62-11ed-9e49-beccd688d62c
IP
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /bank/atb/index.htm?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjE1OTAyOSwiaWF0IjoxNjY2MTUxODI5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2Zsb2duMWY2OTk2bzNyamswbWswb2QiLCJuYmYiOjE2NjYxNTE4MjksInRzIjoxNjY2MTUxODI5NDcwNjk2fQ.3R2oZnGUhh_eg7rwHJrwWAzPRl9y8EczHc3TB8TkgYs&sid=1ae06554-4f62-11ed-9e49-beccd688d62c HTTP/1.1
Host: bioril-area.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bioril-area.info/bank/atb/index.htm
Cookie: sid=1ae06554-4f62-11ed-9e49-beccd688d62c
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Wed, 19 Oct 2022 03:57:10 GMT
location: http://click-v4.expmdiadi.com/click?i=ugQqJC6AVgI_0
server: nginx
set-cookie: sid=1ae06554-4f62-11ed-9e49-beccd688d62c; path=/; domain=.bioril-area.info; expires=Mon, 06 Nov 2090 07:11:17 GMT; max-age=2147483647; HttpOnly
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zEYw65no5vIOIiibWwoEVA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cRcSr4cx2jS4xznA1/KuVWVifh8=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dcbf142b7958e83961fc03b9676d1fc6
930f67e486f95de63450b6d73d1957aac204fb43
9194e452419c2c850073f3dc2d2b23d759dd793b9a0d881cb7b6d862d54805b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9194E452419C2C850073F3DC2D2B23D759DD793B9A0D881CB7B6D862D54805B1"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8157
Expires: Wed, 19 Oct 2022 06:13:08 GMT
Date: Wed, 19 Oct 2022 03:57:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dcbf142b7958e83961fc03b9676d1fc6
930f67e486f95de63450b6d73d1957aac204fb43
9194e452419c2c850073f3dc2d2b23d759dd793b9a0d881cb7b6d862d54805b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9194E452419C2C850073F3DC2D2B23D759DD793B9A0D881CB7B6D862D54805B1"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8157
Expires: Wed, 19 Oct 2022 06:13:08 GMT
Date: Wed, 19 Oct 2022 03:57:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dcbf142b7958e83961fc03b9676d1fc6
930f67e486f95de63450b6d73d1957aac204fb43
9194e452419c2c850073f3dc2d2b23d759dd793b9a0d881cb7b6d862d54805b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9194E452419C2C850073F3DC2D2B23D759DD793B9A0D881CB7B6D862D54805B1"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8157
Expires: Wed, 19 Oct 2022 06:13:08 GMT
Date: Wed, 19 Oct 2022 03:57:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dcbf142b7958e83961fc03b9676d1fc6
930f67e486f95de63450b6d73d1957aac204fb43
9194e452419c2c850073f3dc2d2b23d759dd793b9a0d881cb7b6d862d54805b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9194E452419C2C850073F3DC2D2B23D759DD793B9A0D881CB7B6D862D54805B1"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8157
Expires: Wed, 19 Oct 2022 06:13:08 GMT
Date: Wed, 19 Oct 2022 03:57:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fade655c6-f6d3-4069-b1f3-12ccc9ea828e.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fade655c6-f6d3-4069-b1f3-12ccc9ea828e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86dce0f2221a313cc9f28523aa8b093f
e8fad92b792ad8fe6aaadf4f85954811fcb27ac5
9711e437d64bcbb5ecee8f6f40526223bebed07fdbbddf132819bbc740edf073
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fade655c6-f6d3-4069-b1f3-12ccc9ea828e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11105
x-amzn-requestid: 7f7e80b2-2e6d-4f61-996c-268a1871c73e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z-7InF8hIAMFg_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63490bd0-13f801b40cd42c9c292f2af2;Sampled=0
x-amzn-remapped-date: Fri, 14 Oct 2022 07:12:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: iOjuwVdXfYKwx7tpCz7dBN4YNq-YqEOVzx_MzElAmHtmE1-MIkXCpA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 07:16:45 GMT
age: 74426
etag: "e8fad92b792ad8fe6aaadf4f85954811fcb27ac5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F194b4740-96c9-4288-beb4-2bb6b10771b1.jpeg
200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F194b4740-96c9-4288-beb4-2bb6b10771b1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8b18cc36d516d20449dbba4fa894e898
40f6c41e0259a820bec12e31c6e650fd6c5dea57
1202e14ec5edc289d0be7b7f9d8538b9bc23a35f4ede6eae39179a61f6128bb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F194b4740-96c9-4288-beb4-2bb6b10771b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4044
x-amzn-requestid: 08cb82b3-386b-4d87-b11c-ab7c4c66173b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aOFFWEDjIAMF5jA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634f1bbb-4d516cbb74baf2a0228f8cbe;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 21:33:47 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tQYClqPLjSS3FDGVemCBOXlADtDJ-oALPJM0HoLOcRqJcg_D9HRzWQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 22:01:37 GMT
age: 21334
etag: "40f6c41e0259a820bec12e31c6e650fd6c5dea57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc809406-f843-4494-9a76-eab77bec4daa.jpeg
200 OK 35 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc809406-f843-4494-9a76-eab77bec4daa.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b683fafb36238c7da6be76247f60600b
e975f7a307a970ab45b03f861fd7d875ec66028d
b65fa7f3e7e0d999ebdfc1a4beb74e21221e4ceabd9e57ed0af6ab4560e12fdd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc809406-f843-4494-9a76-eab77bec4daa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 35276
x-amzn-requestid: 6e8a79ad-d0f3-4290-a1ed-ef9b1239f193
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aOFApGzbIAMFRGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634f1b9d-65cf1b926ab122b1716a2983;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 21:33:17 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: z25FLjYXE2AbAQpLftrPxmMMo3eioc8IODJO6Tj4BhCAeNBZ3kPHtQ==
via: 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 21:41:57 GMT
age: 22514
etag: "e975f7a307a970ab45b03f861fd7d875ec66028d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70612e6e-41db-4396-a6ea-fbc41b5e70e4.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70612e6e-41db-4396-a6ea-fbc41b5e70e4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e1c0bd9d5e2db04e45307c6b44e3cc
cc90f762203d84d853c8ee21356c0165ec1029e8
5410f602da90611a8f34b68e1b91fd6ef7eef355af864cdf1cf01fb214f01e28
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70612e6e-41db-4396-a6ea-fbc41b5e70e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12793
x-amzn-requestid: 223f9710-a56d-437a-8e24-f20f4ccb792d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aIQvIEvNIAMFs9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634cc7fa-12df83767d309d0b18773d78;Sampled=0
x-amzn-remapped-date: Mon, 17 Oct 2022 03:11:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: wCAJUT5Smowvk-gUiEpo6dlaQIS5CzSrUwfpn_Pg-DQ5fy3ISHBssQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 04:10:01 GMT
age: 85630
etag: "cc90f762203d84d853c8ee21356c0165ec1029e8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87d6cfa7-6d1f-40ca-bf2d-507a8fffc5dd.jpeg
200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87d6cfa7-6d1f-40ca-bf2d-507a8fffc5dd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 34233831dc5c15001753b8bcc03382b0
00790fcdc95ebb458a67c1de32fbb58039795d81
a63d7d3ff74534fa2edfef6aae76074b228fdd3966917903176d897e7ea1e1c5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87d6cfa7-6d1f-40ca-bf2d-507a8fffc5dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7749
x-amzn-requestid: 389e9ef8-8bf4-4aa4-9255-e71f64442dd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aBq4FFKioAMFoOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634a2500-307d1b4103e58eb400cdc6bc;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 03:12:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C0e5N28x1zDtdUgejrEqDiljYuM27UN1ZwvfiXMiNNp0jjLVvjx2tw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 06:21:56 GMT
age: 77715
etag: "00790fcdc95ebb458a67c1de32fbb58039795d81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F97a40388-4af0-420d-bed9-b95e11c797a2.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F97a40388-4af0-420d-bed9-b95e11c797a2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash af15d820ca84500be65f5d6df5e4f68d
b62e825f4ca21fb1caebbc8c3ba51f42c99c1e7d
b64a6e7d9a74d7cb273b2bb6abad92c2b9b236edf3144f7e79bf872bf77e8086
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F97a40388-4af0-420d-bed9-b95e11c797a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10533
x-amzn-requestid: 679e8300-7bad-4394-9d18-887f7f624e26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZxtttE_oIAMFl1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6343c324-34fc212f7e482dd337894f6c;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 07:00:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mrzzW5lO8JsQ1v-v7cwsjJ54gAjdNP7V6mBR_F_xUu0yZxEGrSZg9g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 10:13:17 GMT
age: 63834
etag: "b62e825f4ca21fb1caebbc8c3ba51f42c99c1e7d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
click-v4.expmdiadi.com/click?i=ugQqJC6AVgI_0
302 Found 0 B URL HTTP/1.1 click-v4.expmdiadi.com/click?i=ugQqJC6AVgI_0
IP
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=ugQqJC6AVgI_0 HTTP/1.1
Host: click-v4.expmdiadi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bioril-area.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Pragma: no-cache
xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
200 OK 2.7 kB URL HTTP/2 xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 7428d92fd230c04c56343384aec01168
a9a7d5b215d46df29528a7b38649307a90663b16
a76b75b5e9761cad6936162225a31bf632cee4e787f8121f87130e9b41f52395
GET /rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bioril-area.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:11 GMT
server: Apache
set-cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1; expires=Wed, 19-Oct-2022 07:57:12 GMT; Max-Age=14400; path=/
cache-control: max-age=600
expires: Wed, 19 Oct 2022 04:07:11 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2706
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash c57c1a8a277ffda7d5f389e74cacbb2a
2f8f0d32c5b16df447dc5e0f83fda162bbe85ca2
40b1c17b4f017c6cf33f267a10068bf9f5b297e74f63c4fafe9e28a0088e0abc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3077
Cache-Control: max-age=145151
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 03:57:12 GMT
Etag: "634efd92-117"
Expires: Thu, 20 Oct 2022 20:16:23 GMT
Last-Modified: Tue, 18 Oct 2022 19:25:06 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css
200 OK 17 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css
IP
File type ASCII text, with very long lines (65324)
Hash 2220bb5ed14b4dfe40394499d6baf7c7
0ba7f85e9090ad666586e3222e87fdb499645876
bb4b9b4472f13a89d27a0d028e706575a9a623754d7277d47defcdb2e5e6cd98
GET /ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:12 GMT
content-type: text/css; charset=utf-8
content-length: 17210
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04010-2606e"
last-modified: Mon, 04 May 2020 16:17:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 12038251
expires: Mon, 09 Oct 2023 03:57:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1DbJuKigu%2BaWAW7YaNDgTlZqRLAVUQfKXKOh3wzeELWEvKjCOr5cqLwNk6aIAHsBaR86iEmEfMnJgvsv4bCzg9EKCNieaqcD%2FHlgrun5wlC7mMC8Be2TU0nUIaTxxYJq1b81cbXu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 75c6969b6f02b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash c57c1a8a277ffda7d5f389e74cacbb2a
2f8f0d32c5b16df447dc5e0f83fda162bbe85ca2
40b1c17b4f017c6cf33f267a10068bf9f5b297e74f63c4fafe9e28a0088e0abc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3077
Cache-Control: max-age=145151
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 03:57:12 GMT
Etag: "634efd92-117"
Expires: Thu, 20 Oct 2022 20:16:23 GMT
Last-Modified: Tue, 18 Oct 2022 19:25:06 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash d3c22f707b0cf584de711d6aba30ca97
2b2817c4c74258c3fa67af8e0eecb8c01cfe3569
8629f99bfc88cbc30ac373a52c2394e95fa70ec2c12fa15097a7ced0693d3414
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=142633
Date: Wed, 19 Oct 2022 03:57:12 GMT
Etag: "634eee13-1d7"
Expires: Thu, 20 Oct 2022 19:34:25 GMT
Last-Modified: Tue, 18 Oct 2022 18:18:59 GMT
Server: ECS (dcb/7F5D)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IQp5YaeP2tdzNIJSFZp-jSbXcFRIxThYvbk4Laj7gJRSwvBARu-ieg==
Age: 4526
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7074ecce34ac0c6a7215ab112d5f390f
95acd3800bffaa307480a83280568a8b74d78644
04554d6071cb70da5691057a11a9d1a437d37e474bed5e2705c00f7629ea8f30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04554D6071CB70DA5691057A11A9D1A437D37E474BED5E2705C00F7629EA8F30"
Last-Modified: Tue, 18 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13037
Expires: Wed, 19 Oct 2022 07:34:30 GMT
Date: Wed, 19 Oct 2022 03:57:13 GMT
Connection: keep-alive
vocony.com/ACT.obs.js
200 OK 11 kB IP
File type ASCII text, with very long lines (11006), with no line terminators
Hash b59c8943b6aabbddd1ccff7d82fee1f0
ea4844953426aa16847a2f887313cf61c6dc7f09
e89926bd12ab3d83db2f9cfdec0a0e6f7269c3c17184093fa2eacdd3df3517a3
GET /ACT.obs.js HTTP/1.1
Host: vocony.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 19 Oct 2022 03:57:13 GMT
Content-Type: application/javascript
Content-Length: 11006
Last-Modified: Mon, 17 Oct 2022 09:51:03 GMT
Connection: keep-alive
ETag: "634d2587-2afe"
Expires: Sat, 18 Mar 2023 03:57:13 GMT
Cache-Control: max-age=12960000
Accept-Ranges: bytes
itytostaracar.buzz/redirect?tid=962109
302 Found 0 B URL HTTP/2 itytostaracar.buzz/redirect?tid=962109
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=962109 HTTP/1.1
Host: itytostaracar.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://s.optnx.com/cimp.php?data=TVRZMk5qRTFNVGd6TTN3eE5EWXlabVZpTkRJMk9UTm1OV0U0WXpnMVpHUmpOVEJqTkdZMlpXTTFOUS0tfGh0dHA6Ly93d3cucGVyZmVjdGdpcmxzLm5ldC90b3AvbW9udGgvP3N1Yl9pZD0yMzQwNjY0fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8YWQtbWF2ZW4uY29tfDQ0MjY5OXw0MzA2NzV8ODE2MjYxfDM1NzY0MTF8NTA4fDIzNDA2NjR8MTk4ODgwNzh8MTV8M3wwfDB8MjUzNDR8OTYyMTA5fDE4fDc1fFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODh8MnwxfHwxN2FkMzFmZDgyOWI2MmFlYTBjYzRjYjU1OWJkNjI5Ynw1NmExMDhmYjkxYTA2ZDY1YWU4ZTgyNDFhNWRlMDZhNnwxfDB8eGNhbXNzdGFyLmNvbXwwfDMxNzE2fDQ1MTc4fDAuMDF8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDB8LTF8MHwwfHx8MHwwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3w2NGVlZTRkODY5NzBhNmExMzAwNWU2ODY0NThjN2Y5Nw--
date: Wed, 19 Oct 2022 03:57:13 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=07d0a20d-225a-406b-928e-1a4de0755d6d
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 36777c2dbd3e7df2effc3bbfbc9042ce.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-C1
x-amz-cf-id: EvydwWYEnpTd6SBl4Xba3aJuQiWYuWItHW2tqn8zl4oBzqJH4r8lug==
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZMk5qRTFNVGd6TTN3eE5EWXlabVZpTkRJMk9UTm1OV0U0WXpnMVpHUmpOVEJqTkdZMlpXTTFOUS0tfGh0dHA6Ly93d3cucGVyZmVjdGdpcmxzLm5ldC90b3AvbW9udGgvP3N1Yl9pZD0yMzQwNjY0fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8YWQtbWF2ZW4uY29tfDQ0MjY5OXw0MzA2NzV8ODE2MjYxfDM1NzY0MTF8NTA4fDIzNDA2NjR8MTk4ODgwNzh8MTV8M3wwfDB8MjUzNDR8OTYyMTA5fDE4fDc1fFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODh8MnwxfHwxN2FkMzFmZDgyOWI2MmFlYTBjYzRjYjU1OWJkNjI5Ynw1NmExMDhmYjkxYTA2ZDY1YWU4ZTgyNDFhNWRlMDZhNnwxfDB8eGNhbXNzdGFyLmNvbXwwfDMxNzE2fDQ1MTc4fDAuMDF8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDB8LTF8MHwwfHx8MHwwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3w2NGVlZTRkODY5NzBhNmExMzAwNWU2ODY0NThjN2Y5Nw--
200 OK 1.0 kB URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk5qRTFNVGd6TTN3eE5EWXlabVZpTkRJMk9UTm1OV0U0WXpnMVpHUmpOVEJqTkdZMlpXTTFOUS0tfGh0dHA6Ly93d3cucGVyZmVjdGdpcmxzLm5ldC90b3AvbW9udGgvP3N1Yl9pZD0yMzQwNjY0fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8YWQtbWF2ZW4uY29tfDQ0MjY5OXw0MzA2NzV8ODE2MjYxfDM1NzY0MTF8NTA4fDIzNDA2NjR8MTk4ODgwNzh8MTV8M3wwfDB8MjUzNDR8OTYyMTA5fDE4fDc1fFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODh8MnwxfHwxN2FkMzFmZDgyOWI2MmFlYTBjYzRjYjU1OWJkNjI5Ynw1NmExMDhmYjkxYTA2ZDY1YWU4ZTgyNDFhNWRlMDZhNnwxfDB8eGNhbXNzdGFyLmNvbXwwfDMxNzE2fDQ1MTc4fDAuMDF8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDB8LTF8MHwwfHx8MHwwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3w2NGVlZTRkODY5NzBhNmExMzAwNWU2ODY0NThjN2Y5Nw--
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1398)
Hash c546185bbbcfc65b69358cb0d9f01fd0
b726e3f0911d0aba828f305b5299da26cb21aac1
2cd556c34ce79e50d73d3e160998144c117e36cba08b81a9fcd3e2be046289d3
GET /cimp.php?data=TVRZMk5qRTFNVGd6TTN3eE5EWXlabVZpTkRJMk9UTm1OV0U0WXpnMVpHUmpOVEJqTkdZMlpXTTFOUS0tfGh0dHA6Ly93d3cucGVyZmVjdGdpcmxzLm5ldC90b3AvbW9udGgvP3N1Yl9pZD0yMzQwNjY0fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8YWQtbWF2ZW4uY29tfDQ0MjY5OXw0MzA2NzV8ODE2MjYxfDM1NzY0MTF8NTA4fDIzNDA2NjR8MTk4ODgwNzh8MTV8M3wwfDB8MjUzNDR8OTYyMTA5fDE4fDc1fFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODh8MnwxfHwxN2FkMzFmZDgyOWI2MmFlYTBjYzRjYjU1OWJkNjI5Ynw1NmExMDhmYjkxYTA2ZDY1YWU4ZTgyNDFhNWRlMDZhNnwxfDB8eGNhbXNzdGFyLmNvbXwwfDMxNzE2fDQ1MTc4fDAuMDF8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDB8LTF8MHwwfHx8MHwwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3w2NGVlZTRkODY5NzBhNmExMzAwNWU2ODY0NThjN2Y5Nw-- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xcamsstar.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Oct 2022 03:57:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22634f75997ded39.49502873459876743%22%3B%7D; expires=Fri, 18 Oct 2024 03:57:13 GMT; path=; domain=.optnx.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
xcamsstar.com/assets/lp/lp.min.css
200 OK 4.5 kB URL HTTP/2 xcamsstar.com/assets/lp/lp.min.css
IP
File type ASCII text, with very long lines (16936), with no line terminators
Hash ae49f07516d60fd6af26dd6bf3a8a1d4
2ce787bb60a0c14e26158d9856e9f49b3a2106fa
fb40b894e917fd0bfdb03b67720813b6096eaa89a8b71c5936a2316620ebb255
GET /assets/lp/lp.min.css HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:12 GMT
server: Apache
last-modified: Tue, 13 Sep 2022 11:59:09 GMT
etag: "4228-5e88dbd6f634a-gzip"
accept-ranges: bytes
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:12 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4467
content-type: text/css
X-Firefox-Spdy: h2
xcamsstar.com/assets/push/2.png
200 OK 17 kB URL HTTP/2 xcamsstar.com/assets/push/2.png
IP
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash f74d428535d522d35614b4e9cd81ecfa
1b93887ee73329a163058cb8fe9f577b29b740bb
39f5f97129b374602f370a3cb8d5565cdb6622365ace90746b8240b0012fa6e3
GET /assets/push/2.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:13 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:05 GMT
etag: "43fe-5eb41e70c677f"
accept-ranges: bytes
content-length: 17406
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:13 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/push.css
200 OK 588 B URL HTTP/2 xcamsstar.com/assets/push.css
IP
File type ASCII text, with very long lines (1171), with no line terminators
Hash e4d5527cfd6d3b19d3d8d669c2025690
94ad140cebba38c66fd27635d3e2715b01987f71
f97df94b6f1f3cf4a153b9b011908688222c9c54ff5e04d9f17e4c6be4f875cb
GET /assets/push.css HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:13 GMT
server: Apache
last-modified: Tue, 13 Sep 2022 11:23:00 GMT
etag: "493-5e88d3c1d7c4c-gzip"
accept-ranges: bytes
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:13 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 588
content-type: text/css
X-Firefox-Spdy: h2
candystudents.com/admvn-scr.php
200 OK 249 B URL HTTP/2 candystudents.com/admvn-scr.php
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ba779ffafbb0ea11d39a758bb6d8a72d
15fd2ef4bf398051a5f46c640096ee231eaabf26
8a8a1c1bc0ce4c44a78712a2ab4e135e862bf1875f2ced2becb1a090d15af803
GET /admvn-scr.php HTTP/1.1
Host: candystudents.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:13 GMT
server: Apache
cache-control: max-age=600
expires: Wed, 19 Oct 2022 04:07:13 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 249
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZMk5qRTFNVGd6TTN3eE5EWXlabVZpTkRJMk9UTm1OV0U0WXpnMVpHUmpOVEJqTkdZMlpXTTFOUS0tfGh0dHA6Ly93d3cucGVyZmVjdGdpcmxzLm5ldC90b3AvbW9udGgvP3N1Yl9pZD0yMzQwNjY0fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8YWQtbWF2ZW4uY29tfDQ0MjY5OXw0MzA2NzV8ODE2MjYxfDM1NzY0MTF8NTA4fDIzNDA2NjR8MTk4ODgwNzh8MTV8M3wwfDB8MjUzNDR8OTYyMTA5fDE4fDc1fFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODh8MnwxfHwxN2FkMzFmZDgyOWI2MmFlYTBjYzRjYjU1OWJkNjI5Ynw1NmExMDhmYjkxYTA2ZDY1YWU4ZTgyNDFhNWRlMDZhNnwxfDB8eGNhbXNzdGFyLmNvbXwwfDMxNzE2fDQ1MTc4fDAuMDF8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDB8LTF8MHwwfHx8MHwwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3w2NGVlZTRkODY5NzBhNmExMzAwNWU2ODY0NThjN2Y5Nw--&p=https%3A%2F%2Fxcamsstar.com%2F&tested=1&check=4982d74cc5945eb5f443cbeab8c29c8c&screen_resolution=1280x1024&container_resolution=1268x150&iframe=1
302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk5qRTFNVGd6TTN3eE5EWXlabVZpTkRJMk9UTm1OV0U0WXpnMVpHUmpOVEJqTkdZMlpXTTFOUS0tfGh0dHA6Ly93d3cucGVyZmVjdGdpcmxzLm5ldC90b3AvbW9udGgvP3N1Yl9pZD0yMzQwNjY0fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8YWQtbWF2ZW4uY29tfDQ0MjY5OXw0MzA2NzV8ODE2MjYxfDM1NzY0MTF8NTA4fDIzNDA2NjR8MTk4ODgwNzh8MTV8M3wwfDB8MjUzNDR8OTYyMTA5fDE4fDc1fFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODh8MnwxfHwxN2FkMzFmZDgyOWI2MmFlYTBjYzRjYjU1OWJkNjI5Ynw1NmExMDhmYjkxYTA2ZDY1YWU4ZTgyNDFhNWRlMDZhNnwxfDB8eGNhbXNzdGFyLmNvbXwwfDMxNzE2fDQ1MTc4fDAuMDF8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDB8LTF8MHwwfHx8MHwwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3w2NGVlZTRkODY5NzBhNmExMzAwNWU2ODY0NThjN2Y5Nw--&p=https%3A%2F%2Fxcamsstar.com%2F&tested=1&check=4982d74cc5945eb5f443cbeab8c29c8c&screen_resolution=1280x1024&container_resolution=1268x150&iframe=1
IP
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk5qRTFNVGd6TTN3eE5EWXlabVZpTkRJMk9UTm1OV0U0WXpnMVpHUmpOVEJqTkdZMlpXTTFOUS0tfGh0dHA6Ly93d3cucGVyZmVjdGdpcmxzLm5ldC90b3AvbW9udGgvP3N1Yl9pZD0yMzQwNjY0fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8YWQtbWF2ZW4uY29tfDQ0MjY5OXw0MzA2NzV8ODE2MjYxfDM1NzY0MTF8NTA4fDIzNDA2NjR8MTk4ODgwNzh8MTV8M3wwfDB8MjUzNDR8OTYyMTA5fDE4fDc1fFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODh8MnwxfHwxN2FkMzFmZDgyOWI2MmFlYTBjYzRjYjU1OWJkNjI5Ynw1NmExMDhmYjkxYTA2ZDY1YWU4ZTgyNDFhNWRlMDZhNnwxfDB8eGNhbXNzdGFyLmNvbXwwfDMxNzE2fDQ1MTc4fDAuMDF8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDB8LTF8MHwwfHx8MHwwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3w2NGVlZTRkODY5NzBhNmExMzAwNWU2ODY0NThjN2Y5Nw--&p=https%3A%2F%2Fxcamsstar.com%2F&tested=1&check=4982d74cc5945eb5f443cbeab8c29c8c&screen_resolution=1280x1024&container_resolution=1268x150&iframe=1 HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22634f75997ded39.49502873459876743%22%3B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 19 Oct 2022 03:57:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22634f75997ded39.49502873459876743%22%3B%7D; expires=Fri, 18 Oct 2024 03:57:14 GMT; path=; domain=.optnx.com; Secure; SameSite=none
c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C3576411%7C19888078%7C45178%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C0%7C5%7C4112%7C0%7C0%7C1%7C0%7C0%7C1%7C634f75997ded39.49502873459876743%7C56a108fb91a06d65ae8e8241a5de06a6%7C962109%7Cxcamsstar.com%7C1280x1024%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 20 Oct 2022 03:57:14 GMT; path=/; domain=.optnx.com; Secure; SameSite=none
Location: http://www.perfectgirls.net/top/month/?sub_id=2340664&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjY4eDE1MCIsImkiOiIxIn0-
X-Robots-Tag: noindex, follow
xcamsstar.com/assets/push/player.png
200 OK 92 kB URL HTTP/2 xcamsstar.com/assets/push/player.png
IP
File type PNG image data, 640 x 360, 8-bit colormap, non-interlaced\012- data
Hash e433d9cd7319ab799d10a876283c29fc
8021740006788673ab0bd382896b6da41bb5e4e8
d40e17b319cca9d670f7468f3966748f45801ec331ad2913a7d56ca844ec45e4
GET /assets/push/player.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:13 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:06 GMT
etag: "165d4-5eb41e7181f82"
accept-ranges: bytes
content-length: 91604
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:13 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
d204slsrhoah2f.cloudfront.net/?rslsd=965149
200 OK 68 kB URL HTTP/2 d204slsrhoah2f.cloudfront.net/?rslsd=965149
IP
File type Unicode text, UTF-8 text, with very long lines (15945)
Hash 6ab6c0c5a0ad70e5634a6fbea8d4b6ff
6a8af568ec17bedda84ed00ea3a84a4fc736de18
b7289e8ada7a41d571d2215ea690bb482de12d40c1997ccf617d70c3ce3ce379
GET /?rslsd=965149 HTTP/1.1
Host: d204slsrhoah2f.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://candystudents.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 68495
date: Wed, 19 Oct 2022 03:57:14 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bQNpsNI_LxKHsviHfzeoLkBK12uedLJZRVVFjEMtFBqkFREl_GJi8w==
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 488d5de4809edc067920acd6de1342c8
3a0ebb65245784253fa15adbc972fe0fe2d68535
66c9ac655514eb4869c12dfed77bd9e2d8a401978bad7898020f13c204b7aec0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "66C9AC655514EB4869C12DFED77BD9E2D8A401978BAD7898020F13C204B7AEC0"
Last-Modified: Tue, 18 Oct 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20544
Expires: Wed, 19 Oct 2022 09:39:38 GMT
Date: Wed, 19 Oct 2022 03:57:14 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 488d5de4809edc067920acd6de1342c8
3a0ebb65245784253fa15adbc972fe0fe2d68535
66c9ac655514eb4869c12dfed77bd9e2d8a401978bad7898020f13c204b7aec0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "66C9AC655514EB4869C12DFED77BD9E2D8A401978BAD7898020F13C204B7AEC0"
Last-Modified: Tue, 18 Oct 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20544
Expires: Wed, 19 Oct 2022 09:39:38 GMT
Date: Wed, 19 Oct 2022 03:57:14 GMT
Connection: keep-alive
entriflingw.xyz/cmFGb1JdXiUcbytTcykEQy8SOWE8Fx9eHCUHAVY7JyciFQs1IGAbOxZcf1lnQ1JzSSIbBXtealQSMg4mBxJ7XnQbDyAAb1QXe158Qk90QWJUFHtedAYRJwhvQ0c2GyYeXHdZZERQc15qRlN+XWU
204 No Content 0 B URL HTTP/2 entriflingw.xyz/cmFGb1JdXiUcbytTcykEQy8SOWE8Fx9eHCUHAVY7JyciFQs1IGAbOxZcf1lnQ1JzSSIbBXtealQSMg4mBxJ7XnQbDyAAb1QXe158Qk90QWJUFHtedAYRJwhvQ0c2GyYeXHdZZERQc15qRlN+XWU
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cmFGb1JdXiUcbytTcykEQy8SOWE8Fx9eHCUHAVY7JyciFQs1IGAbOxZcf1lnQ1JzSSIbBXtealQSMg4mBxJ7XnQbDyAAb1QXe158Qk90QWJUFHtedAYRJwhvQ0c2GyYeXHdZZERQc15qRlN+XWU HTTP/1.1
Host: entriflingw.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://candystudents.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 19 Oct 2022 03:57:14 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5KzTyz51di4dzfNLn6ite1cEmr%2Bs8hjwtCL5CsZyN2GyZN1Y8EHSOzIF3UZYw21zM%2FbYnRr2f8A48to%2FR1jLePdc9QaYOaTT5q6ngHSanLMrkt6FFDGAJdmHIJx%2FinyfGT8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75c696a77a0ab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
entriflingw.xyz/MmZoN2QdWQtEWXwLImcqeis4YApFITlAKmADH08mdgouBSZZI05DDVZbUQFRA1JRERRbAlUGQkESCUMRQVtZEQ1cAAcKQkRbWRlXBkhaDkoCQB0KVRQSGFYDD1dORxBGClUGUgRQWQJVClJaD1UH
204 No Content 0 B URL HTTP/2 entriflingw.xyz/MmZoN2QdWQtEWXwLImcqeis4YApFITlAKmADH08mdgouBSZZI05DDVZbUQFRA1JRERRbAlUGQkESCUMRQVtZEQ1cAAcKQkRbWRlXBkhaDkoCQB0KVRQSGFYDD1dORxBGClUGUgRQWQJVClJaD1UH
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MmZoN2QdWQtEWXwLImcqeis4YApFITlAKmADH08mdgouBSZZI05DDVZbUQFRA1JRERRbAlUGQkESCUMRQVtZEQ1cAAcKQkRbWRlXBkhaDkoCQB0KVRQSGFYDD1dORxBGClUGUgRQWQJVClJaD1UH HTTP/1.1
Host: entriflingw.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://candystudents.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 19 Oct 2022 03:57:14 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsMNGhAepptjC2f5Y%2FnTo3XYzoexnhYb8%2BlG0u0%2FovPpOjyMw%2B9TBxGDhdntBr64%2Fa4QXThx356nrbXY%2BYDAv9KM8ewkeatBrBrjs7ioboBr9ks5HJYK%2Fea8WIxITDH6j98%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75c696a77a09b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 488d5de4809edc067920acd6de1342c8
3a0ebb65245784253fa15adbc972fe0fe2d68535
66c9ac655514eb4869c12dfed77bd9e2d8a401978bad7898020f13c204b7aec0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "66C9AC655514EB4869C12DFED77BD9E2D8A401978BAD7898020F13C204B7AEC0"
Last-Modified: Tue, 18 Oct 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20544
Expires: Wed, 19 Oct 2022 09:39:38 GMT
Date: Wed, 19 Oct 2022 03:57:14 GMT
Connection: keep-alive
getherefwu.xyz/UklwengzKxMXRzN0ElwNICVNX0oUbEI8HGB5RAkUITsYFRk6exZUGz4mBR4eICYeDlY8LARfShQBJT8AHCoeEQIbMD0vKjsYHDEtawgqFBRqGCUCShgjRB4+KwsIOAAXAjFJEGsPMhkvHjEIOCArGEIxLWsDFBM5IQEyTwwzIBcZPz94SRsAHy09FD5nHzENADEaMR45KCIXMyocKikdCGYRNRZJNCdBGzkFD0kbPRd+FCJNawEYO11gCz8uLgoaQjtINhwhFyI8IR8rLCZ4FhRIEw1DLF1gDzQ/DAIvHgITBHkEHTMrLiI/Ems5FgAqHhA4S0EDIhgdHgVkGDsrBhAcKgAxLyAAKj0YNEMINyQ+OSArHwgcOXQjAxUWInQ6GQsBfUAcFhQqIUk
200 OK 1.2 kB URL HTTP/2 getherefwu.xyz/UklwengzKxMXRzN0ElwNICVNX0oUbEI8HGB5RAkUITsYFRk6exZUGz4mBR4eICYeDlY8LARfShQBJT8AHCoeEQIbMD0vKjsYHDEtawgqFBRqGCUCShgjRB4+KwsIOAAXAjFJEGsPMhkvHjEIOCArGEIxLWsDFBM5IQEyTwwzIBcZPz94SRsAHy09FD5nHzENADEaMR45KCIXMyocKikdCGYRNRZJNCdBGzkFD0kbPRd+FCJNawEYO11gCz8uLgoaQjtINhwhFyI8IR8rLCZ4FhRIEw1DLF1gDzQ/DAIvHgITBHkEHTMrLiI/Ems5FgAqHhA4S0EDIhgdHgVkGDsrBhAcKgAxLyAAKj0YNEMINyQ+OSArHwgcOXQjAxUWInQ6GQsBfUAcFhQqIUk
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2997), with no line terminators
Hash 028e1ae8938ab148ad87c8f57d19dfe3
b341270c4bc90279571625b14f25390ba0db9905
099b54615dd6d147948e9ff9b68ea4f807118e2a73884ad0c6365d511a89c650
Analyzer Verdict Alert quad9 Sinkholed
GET /UklwengzKxMXRzN0ElwNICVNX0oUbEI8HGB5RAkUITsYFRk6exZUGz4mBR4eICYeDlY8LARfShQBJT8AHCoeEQIbMD0vKjsYHDEtawgqFBRqGCUCShgjRB4+KwsIOAAXAjFJEGsPMhkvHjEIOCArGEIxLWsDFBM5IQEyTwwzIBcZPz94SRsAHy09FD5nHzENADEaMR45KCIXMyocKikdCGYRNRZJNCdBGzkFD0kbPRd+FCJNawEYO11gCz8uLgoaQjtINhwhFyI8IR8rLCZ4FhRIEw1DLF1gDzQ/DAIvHgITBHkEHTMrLiI/Ems5FgAqHhA4S0EDIhgdHgVkGDsrBhAcKgAxLyAAKj0YNEMINyQ+OSArHwgcOXQjAxUWInQ6GQsBfUAcFhQqIUk HTTP/1.1
Host: getherefwu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://candystudents.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1152
date: Wed, 19 Oct 2022 03:57:14 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f803b0b1a33d6ee945ec151c2ca0acaa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: yADtiFkZedag1lnPSRAtR0KOGZeP--Tp7XAMRcNPzmwDVpoangXzzA==
X-Firefox-Spdy: h2
getherefwu.xyz/akF3cnkLIxQfRgt8FVQMGC1KV0ssZEU0HVhxQwEVGTMfHRgCcxFcGgYuAhYfGC4ZBlcEJANXSywoJBk/BiIhOwkmJgQqGz51GDMsEjMROis/EyAGCiE5LhcpLjFPNA47MD8aGlMRIBEAIyo6NDIpdE8kLwlkRTAyE3k0JjE7NzsFIycYRQUeKxM5BB8HIiUzLVopETM8JggzRggsEz5ENCkLMzA9JHI7MxYmDg4rDSgHJRU9IhM7IyEOdRQnSSAYRAYSPCs5QRwiBD01PR1kRTQ2PwMzKxMgdCILTAEnGiAuJ3ITRho4Ij8WSgEALzcdUiQaGjg7cz4GMytsLhMpPXgNO0kkKBJBPzwQMDhOMAcTMDcpDA0zOwl4Oh8rMg9FBkEIcCEqM1klAFQTGS4ZAkQYNA8mLzINQgoa
200 OK 1.2 kB URL HTTP/2 getherefwu.xyz/akF3cnkLIxQfRgt8FVQMGC1KV0ssZEU0HVhxQwEVGTMfHRgCcxFcGgYuAhYfGC4ZBlcEJANXSywoJBk/BiIhOwkmJgQqGz51GDMsEjMROis/EyAGCiE5LhcpLjFPNA47MD8aGlMRIBEAIyo6NDIpdE8kLwlkRTAyE3k0JjE7NzsFIycYRQUeKxM5BB8HIiUzLVopETM8JggzRggsEz5ENCkLMzA9JHI7MxYmDg4rDSgHJRU9IhM7IyEOdRQnSSAYRAYSPCs5QRwiBD01PR1kRTQ2PwMzKxMgdCILTAEnGiAuJ3ITRho4Ij8WSgEALzcdUiQaGjg7cz4GMytsLhMpPXgNO0kkKBJBPzwQMDhOMAcTMDcpDA0zOwl4Oh8rMg9FBkEIcCEqM1klAFQTGS4ZAkQYNA8mLzINQgoa
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash 0a30da8ec7dc9c487aaad785ef273306
5672161af993c530a005e290c27c02385b96b641
411d1dec46b15185803ef9be2882dd8c2b6fc0ce3a900e7e457986b6857ace4f
Analyzer Verdict Alert quad9 Sinkholed
GET /akF3cnkLIxQfRgt8FVQMGC1KV0ssZEU0HVhxQwEVGTMfHRgCcxFcGgYuAhYfGC4ZBlcEJANXSywoJBk/BiIhOwkmJgQqGz51GDMsEjMROis/EyAGCiE5LhcpLjFPNA47MD8aGlMRIBEAIyo6NDIpdE8kLwlkRTAyE3k0JjE7NzsFIycYRQUeKxM5BB8HIiUzLVopETM8JggzRggsEz5ENCkLMzA9JHI7MxYmDg4rDSgHJRU9IhM7IyEOdRQnSSAYRAYSPCs5QRwiBD01PR1kRTQ2PwMzKxMgdCILTAEnGiAuJ3ITRho4Ij8WSgEALzcdUiQaGjg7cz4GMytsLhMpPXgNO0kkKBJBPzwQMDhOMAcTMDcpDA0zOwl4Oh8rMg9FBkEIcCEqM1klAFQTGS4ZAkQYNA8mLzINQgoa HTTP/1.1
Host: getherefwu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://candystudents.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Wed, 19 Oct 2022 03:57:14 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f803b0b1a33d6ee945ec151c2ca0acaa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: ZdpLJRzvZINIJC2fxdfndBTiaJCPsgMN9yfWzXJziiHIu7jnKvZbqg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 325555f8766a0c9d9f4357e77e94cb07
21eb606142da285a6a6750fba560cd99fea1c34f
642b267a9dc106c9c6bac5bbfa574cd6b28a206fa6239d30b692bb148ebdc183
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4321
Cache-Control: max-age=126939
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 03:57:14 GMT
Etag: "634eb194-1d7"
Expires: Thu, 20 Oct 2022 15:12:53 GMT
Last-Modified: Tue, 18 Oct 2022 14:00:52 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 54771211784c0c7057e8eec201a79967
d8a1ef8c9d62ae7212ba02f3b9086f486f319665
397b95796f0ec0d2a79673b5b37c5f0132337eee09e6acf9d477aa7b8b914080
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 03:57:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 73238bfa75c3d8c9162f0306075e79d1
19b69bdb5e08185833acb458cf50311a7878ea65
38391249cf8be0e92600e93482b3910b6d0bf29f2aa42ff99094efe165ac4a66
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 03:57:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 5184bc44914d41e00006a64e227f2587
f1854d16daa5ebd8fe53abf93d8492c18f7a026f
d4d172ce9d5d01a563fc406fce21dc36f9a95e08ab5d35c5fcbfda991d26f01e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D4D172CE9D5D01A563FC406FCE21DC36F9A95E08AB5D35C5FCBFDA991D26F01E"
Last-Modified: Mon, 17 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12525
Expires: Wed, 19 Oct 2022 07:26:00 GMT
Date: Wed, 19 Oct 2022 03:57:15 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 5184bc44914d41e00006a64e227f2587
f1854d16daa5ebd8fe53abf93d8492c18f7a026f
d4d172ce9d5d01a563fc406fce21dc36f9a95e08ab5d35c5fcbfda991d26f01e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D4D172CE9D5D01A563FC406FCE21DC36F9A95E08AB5D35C5FCBFDA991D26F01E"
Last-Modified: Mon, 17 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12525
Expires: Wed, 19 Oct 2022 07:26:00 GMT
Date: Wed, 19 Oct 2022 03:57:15 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash a7ecd6d3d657a837717f7ddd027bf678
eb1933ccc2da2a10ef6d5210f8fd61b3117e3821
fe0148cfa2dc804227990eb32621beb2a15267c9e90816100c125227889232ae
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://candystudents.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 Oct 2022 03:57:15 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S789375974%3A1666151835030465&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrbmEcAP3AzS9ztP4j6PPwJHVQiehltOEBHJ9ytGhJxe-brPXMbDbpA60PN5fEi-58TJiT7
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-VNUpRzLQ_UU8F-dtVUvCUA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:7pmn2ZSaWLhR0efn285ZkqgeaZSReA:0qiiX9FOZUr8EkkK;Path=/;Expires=Fri, 18-Oct-2024 03:57:15 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
getherefwu.xyz/utx?cb=1mzaVvIABcZI&top=candystudents.com&tid=965149
204 No Content 0 B URL HTTP/2 getherefwu.xyz/utx?cb=1mzaVvIABcZI&top=candystudents.com&tid=965149
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /utx?cb=1mzaVvIABcZI&top=candystudents.com&tid=965149 HTTP/1.1
Host: getherefwu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://candystudents.com
Connection: keep-alive
Referer: https://candystudents.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 19 Oct 2022 03:57:14 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://candystudents.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 19 Oct 2022 03:58:14 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f803b0b1a33d6ee945ec151c2ca0acaa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: eoPTg-tLRae3_Im7Ksi9u5WKBPAoofy_5ngiSh_Rl9DrWEksIstY6Q==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash adc2dc44e1313cabf89a359eb73060f2
6e8585ab118fb8d20c32f9fd22a44083f3f0a4aa
2bd63a5576d65eed507f33de2c2a6d6f8831672ecd063ad2bb9ff63a96f6ac1c
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://candystudents.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 Oct 2022 03:57:15 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1208171356%3A1666151835077589&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoLboUhq_JcQ5luA6bXckR9lO_JPl_z0XUTJkrvIi3cEAv-duo4Gq7gja02yrWAZnonuP48
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-khXaJ1O7R75D-rzeKsuaqQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:Kk2ImAFBx2RkyxGvq6QLpeWKEQMCHQ:doapnoQ8Uhbl3On8;Path=/;Expires=Fri, 18-Oct-2024 03:57:15 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 325555f8766a0c9d9f4357e77e94cb07
21eb606142da285a6a6750fba560cd99fea1c34f
642b267a9dc106c9c6bac5bbfa574cd6b28a206fa6239d30b692bb148ebdc183
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4322
Cache-Control: max-age=126939
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 03:57:15 GMT
Etag: "634eb194-1d7"
Expires: Thu, 20 Oct 2022 15:12:54 GMT
Last-Modified: Tue, 18 Oct 2022 14:00:52 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 2.0 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
Hash fc5edd1a0f09e594dc6145ea557b10c0
1009ff70e111fcbf2dff38550dbf2785f44a3061
654b386d4907694c29aa2448313aafe4d9853a4b728635b5c3a79ab445e8958d
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://candystudents.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: JhgP0ZZEaPH6qGozdYTCZQdVJ1L4m959cZLAhIEdM3FkVF+SOS63kxCiFYwQdVbAyD5VL376qIFSDPgarYO4xQ==
date: Wed, 19 Oct 2022 03:57:15 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
d204slsrhoah2f.cloudfront.net/HUExNcnkzIyMURiQlKU9AZnl8QUx2Jj4dFyBxBxEKA3h9FBcWLxxBXyQ2KU9JdiAsHB5taigcGm19axMdMnF5VAwxcSAdAzkgIRNcYgp4XEl1fn1aAWF9aEE7dX59HhA+OTVXS2A0dUQmZnhoQTt1fn0AD3V/DEtPfnxkV0tgKygREj9pfzRLYH19QkhgfW-hASTYlPxcfPzRoQD9pemNCXyVxfA
200 OK 181 B URL HTTP/2 d204slsrhoah2f.cloudfront.net/HUExNcnkzIyMURiQlKU9AZnl8QUx2Jj4dFyBxBxEKA3h9FBcWLxxBXyQ2KU9JdiAsHB5taigcGm19axMdMnF5VAwxcSAdAzkgIRNcYgp4XEl1fn1aAWF9aEE7dX59HhA+OTVXS2A0dUQmZnhoQTt1fn0AD3V/DEtPfnxkV0tgKygREj9pfzRLYH19QkhgfW-hASTYlPxcfPzRoQD9pemNCXyVxfA
IP
File type ASCII text, with no line terminators
Hash cd642b4df093b303549db37a34005c9f
3e4b629c669bf1a07c5090f49b10b576920ee200
90618289f68c44c014f531c8f2564cad07c63a5b7e9f0fdd89dd2ffed8aca3f7
GET /HUExNcnkzIyMURiQlKU9AZnl8QUx2Jj4dFyBxBxEKA3h9FBcWLxxBXyQ2KU9JdiAsHB5taigcGm19axMdMnF5VAwxcSAdAzkgIRNcYgp4XEl1fn1aAWF9aEE7dX59HhA+OTVXS2A0dUQmZnhoQTt1fn0AD3V/DEtPfnxkV0tgKygREj9pfzRLYH19QkhgfW-hASTYlPxcfPzRoQD9pemNCXyVxfA HTTP/1.1
Host: d204slsrhoah2f.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getherefwu.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 181
date: Wed, 19 Oct 2022 03:57:15 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: C00W7FW-A3hgRId64do9nEue4Ej-uLtmJ20vLWeYz4hlH9m2ojPQTg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 5184bc44914d41e00006a64e227f2587
f1854d16daa5ebd8fe53abf93d8492c18f7a026f
d4d172ce9d5d01a563fc406fce21dc36f9a95e08ab5d35c5fcbfda991d26f01e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D4D172CE9D5D01A563FC406FCE21DC36F9A95E08AB5D35C5FCBFDA991D26F01E"
Last-Modified: Mon, 17 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12525
Expires: Wed, 19 Oct 2022 07:26:00 GMT
Date: Wed, 19 Oct 2022 03:57:15 GMT
Connection: keep-alive
xcamsstar.com/assets/logo.png
200 OK 4.5 kB URL HTTP/2 xcamsstar.com/assets/logo.png
IP
File type PNG image data, 242 x 59, 8-bit/color RGBA, non-interlaced\012- data
Hash 4cb06c25e8e91dbcd0dad97de923c77c
6ddb99aba2bf2f900844a6fe386f7675e4b587c9
ce8c033191c558fa56afbea50397a69f28479ab412d49dbbb89e074057e14860
GET /assets/logo.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:13 GMT
server: Apache
last-modified: Tue, 13 Sep 2022 11:23:00 GMT
etag: "1195-5e88d3c1d5d0c"
accept-ranges: bytes
content-length: 4501
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:13 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
d204slsrhoah2f.cloudfront.net/iSkFlcVIpLgsXbT4oAUxrfHRURWtsKxYePDp8FwQqHhc9PWcyIkMFKC58VVc+Ky8CTHQvLwZMY2wgARNvfmcRAT0hfAELID4qFRI6MCJDBDN3LAoLOyYtBFRgDHRLQXd4cU0JY3tkVjN3eHEJGDw/OUBDYjJ5Uy5kfmRWM3d4cRcHd3kAXEd8emhAQ2ItJA-YaPW9zI0Nie3FVQGJ7ZFdBNCMzABc9MmRXN2t8b1VXJ3dw
200 OK 493 B URL HTTP/2 d204slsrhoah2f.cloudfront.net/iSkFlcVIpLgsXbT4oAUxrfHRURWtsKxYePDp8FwQqHhc9PWcyIkMFKC58VVc+Ky8CTHQvLwZMY2wgARNvfmcRAT0hfAELID4qFRI6MCJDBDN3LAoLOyYtBFRgDHRLQXd4cU0JY3tkVjN3eHEJGDw/OUBDYjJ5Uy5kfmRWM3d4cRcHd3kAXEd8emhAQ2ItJA-YaPW9zI0Nie3FVQGJ7ZFdBNCMzABc9MmRXN2t8b1VXJ3dw
IP
File type ASCII text, with very long lines (674), with no line terminators
Hash 48082a60cf3361e1471eb7ef428c5d14
d08018fe62f40c1eae2f7eb8d138c4e65faf3dbf
0992bcbee84441b889e539424b681c1d0bd07d8f68bd8827f339aa9fcfd9a3bb
GET /iSkFlcVIpLgsXbT4oAUxrfHRURWtsKxYePDp8FwQqHhc9PWcyIkMFKC58VVc+Ky8CTHQvLwZMY2wgARNvfmcRAT0hfAELID4qFRI6MCJDBDN3LAoLOyYtBFRgDHRLQXd4cU0JY3tkVjN3eHEJGDw/OUBDYjJ5Uy5kfmRWM3d4cRcHd3kAXEd8emhAQ2ItJA-YaPW9zI0Nie3FVQGJ7ZFdBNCMzABc9MmRXN2t8b1VXJ3dw HTTP/1.1
Host: d204slsrhoah2f.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getherefwu.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 493
date: Wed, 19 Oct 2022 03:57:15 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xKl74pbAXMQPx4Iw5c2g5H7THDkw7Bpk4SUstYYBX1KfQ29VV88CZg==
X-Firefox-Spdy: h2
xcamsstar.com/assets/push/4.png
200 OK 17 kB URL HTTP/2 xcamsstar.com/assets/push/4.png
IP
File type PNG image data, 714 x 228, 8-bit colormap, non-interlaced\012- data
Hash 5a0d9b736afd9a36e1d8596862e39554
ccd9322fd8e44be20fcf3c9087d7d051af98b69c
bf93ba1466b3c93d5d89190b827b554d77260a5a844185c1e564fea129b9db04
GET /assets/push/4.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:13 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:05 GMT
etag: "440f-5eb41e7143781"
accept-ranges: bytes
content-length: 17423
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:13 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/push/3.png
200 OK 23 kB URL HTTP/2 xcamsstar.com/assets/push/3.png
IP
File type PNG image data, 744 x 276, 8-bit colormap, non-interlaced\012- data
Hash 4a0779a1a1297f1773b8ea361303af03
35b45c65bc4705808c2e382daecf80858f7decee
66d51515ef4d4423d0ce6362d8089a7fd22f5c43d43b32592449569131227dcf
GET /assets/push/3.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:13 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:05 GMT
etag: "59b4-5eb41e70e5b7f"
accept-ranges: bytes
content-length: 22964
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:13 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/lp/model-avatar.jpeg
200 OK 13 kB URL HTTP/2 xcamsstar.com/assets/lp/model-avatar.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3\012- data
Hash de94b879a4ba0a09927c64bf8650fbff
c3a371bcfbedb8a38e5ed4b0927a47788138452c
c37682f1393a5f406266df15bfc2e82feba41db5b7fc969ca6743f3cc200dd83
GET /assets/lp/model-avatar.jpeg HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/assets/lp/lp.min.css
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:14 GMT
server: Apache
last-modified: Tue, 13 Sep 2022 11:23:00 GMT
etag: "3305-5e88d3c1d6cac"
accept-ranges: bytes
content-length: 13061
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:14 GMT
vary: User-Agent
content-type: image/jpeg
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_1.png
200 OK 27 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_1.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash fb05094a76b63d0f21bf17b2d0d9a51a
b371074bbd43b1220c46b67466aa063393ad3e56
2f1831a5418016aa7b7e2b2730843df94739c2287865e98c2ad407acffc4c0ef
GET /assets/cams/cam_1.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:14 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:18 GMT
etag: "6af2-5eb41e7d17cdc"
accept-ranges: bytes
content-length: 27378
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:14 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_0.png
200 OK 31 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_0.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash e4518a1982f12130835253ad013a9e4f
c0e8c72dbb6efc8dd2d7b616111e9dc8f5c5b8ad
e95863f622065adf6f88eb135196421c43d9c724fa1b3017e2503a96d06f0acc
GET /assets/cams/cam_0.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:14 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:17 GMT
etag: "79d4-5eb41e7ca0a9a"
accept-ranges: bytes
content-length: 31188
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:14 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_2.png
200 OK 31 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_2.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash 0b089a9ac396e8124b2c0b99e6cba842
96f72f33b21ff02bcb887462dcfac1ee4f593c54
907d30a54cde1ab63d7aa7273505dd58be89731082aee9fd5703cc471b5698d6
GET /assets/cams/cam_2.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:14 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:18 GMT
etag: "794b-5eb41e7d3613c"
accept-ranges: bytes
content-length: 31051
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:14 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_10.png
200 OK 35 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_10.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash 1b74adab370e1d6ce34ac3624c812bed
2dacf32dca955d5b94f37791189ab3f22d968521
3db3874da47c3418eb76963a938d3fdd5109bee7024c46a1adead52c4a8a1405
GET /assets/cams/cam_10.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:21 GMT
etag: "8739-5eb41e7fd1129"
accept-ranges: bytes
content-length: 34617
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:15 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_3.png
200 OK 34 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_3.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash 6ab2a87cebe3fc5319f5b117e2af2aa8
ae72be777abe88810b6d9485e84cc979f6441987
7099f15d61d0439fd790a567189264d7b692ae514dd31b2afa759392e689dca6
GET /assets/cams/cam_3.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:18 GMT
etag: "86be-5eb41e7db40df"
accept-ranges: bytes
content-length: 34494
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:15 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_7.png
200 OK 31 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_7.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash 7427eb2aa8c025612930e9f15be8caed
8ed587ca1f75299570e7849582cf5bfdc40db23f
840da01ed659bbe8134f5069d92c183b23b80259aaa4ea865bbe49b77954da20
GET /assets/cams/cam_7.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:19 GMT
etag: "78cd-5eb41e7ebdae4"
accept-ranges: bytes
content-length: 30925
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:15 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_11.png
200 OK 31 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_11.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash ffb24e3d75501592bdd16fc634f32bb2
8044fba3eaf293a340a213a53c4a5e1a5fc0e0b0
f5cd2a6c69f46d17443faad4e70b04e663a59387fe0fec49be5180cabb6c061b
GET /assets/cams/cam_11.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:21 GMT
etag: "77ae-5eb41e8056dcc"
accept-ranges: bytes
content-length: 30638
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:15 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_8.png
200 OK 28 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_8.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash 701d98a5c6a3da685b7ab43e6fdff2a9
d706957da6a5eae56b8208a62023b7fcded35785
97f79deea04774f7a63f7557f8b5a3d21b1199edba6c9c87337a3b9d0ac1561d
GET /assets/cams/cam_8.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:20 GMT
etag: "6d6a-5eb41e7f87d48"
accept-ranges: bytes
content-length: 28010
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:15 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_6.png
200 OK 32 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_6.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash ef7edccf98276e9941c8eda49b840742
c495926d1c0b4aaa4b37fc32dce47280596d86a7
d7e46adcb525eb3509009eb7b8dc2e22acf050660bc84474c09504167b3bdd32
GET /assets/cams/cam_6.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:19 GMT
etag: "7b41-5eb41e7e3eba2"
accept-ranges: bytes
content-length: 31553
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:15 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_9.png
200 OK 31 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_9.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash 150502609f371c21194adee88f457dea
08e4d0b4c985c04b8b2a25a0ae2ceb9991ca50ca
8e20956f9e1568818f0bb655b313dbd1ba3582f9e9aa1bc1011b569d30e7a4bb
GET /assets/cams/cam_9.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:20 GMT
etag: "79ac-5eb41e7f550c7"
accept-ranges: bytes
content-length: 31148
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:15 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_5.png
200 OK 38 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_5.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash 836ccf7e9d1031ad6cf9821b0d60ecb6
e5ed9f29fcc019472ea5730ae8d7d853ce0fbe6d
b27ffeaf75e3210f63bad908d86fc4f52a2032124b951013bb034c4627e514ca
GET /assets/cams/cam_5.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:19 GMT
etag: "9406-5eb41e7e55302"
accept-ranges: bytes
content-length: 37894
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:15 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
xcamsstar.com/assets/cams/cam_4.png
200 OK 32 kB URL HTTP/2 xcamsstar.com/assets/cams/cam_4.png
IP
File type PNG image data, 275 x 220, 8-bit colormap, non-interlaced\012- data
Hash ebb52f68ac9f4fe05908b92ae1bb4022
1cae6f030a8b0cd91a9baca430d331d36dde743f
c1f39c4f0222c6cc9d9762fa00344a5c7dd7572168502005d31cb4ba20eb6065
GET /assets/cams/cam_4.png HTTP/1.1
Host: xcamsstar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xcamsstar.com/rd.php?nt=8&s2=bioril-area.info&s1=bioril-area.info&cid=674892&geo=no&cat=adult
Cookie: XYIWPYMBXO_LEYUSETCQC_2rel=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
server: Apache
last-modified: Mon, 17 Oct 2022 21:46:18 GMT
etag: "7cfa-5eb41e7db8eff"
accept-ranges: bytes
content-length: 31994
cache-control: max-age=2592000
expires: Fri, 18 Nov 2022 03:57:15 GMT
vary: User-Agent,Accept-Encoding
content-type: image/png
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S789375974%3A1666151835030465&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrbmEcAP3AzS9ztP4j6PPwJHVQiehltOEBHJ9ytGhJxe-brPXMbDbpA60PN5fEi-58TJiT7
403 Forbidden 16 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S789375974%3A1666151835030465&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrbmEcAP3AzS9ztP4j6PPwJHVQiehltOEBHJ9ytGhJxe-brPXMbDbpA60PN5fEi-58TJiT7
IP
Hash 029803dedd660514fa412a552efe90a6
bff30f07345359f4effac939bb63bae398e8202c
39bd55301287ec6d362194e8bf644599b7ddaa46a62bdc0d1219821da4d3b9a2
GET /v3/signin/identifier?dsh=S789375974%3A1666151835030465&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrbmEcAP3AzS9ztP4j6PPwJHVQiehltOEBHJ9ytGhJxe-brPXMbDbpA60PN5fEi-58TJiT7 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://candystudents.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 Oct 2022 03:57:15 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-n-_U766vS5INi-nL-E7H5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecd863b0-94dc-48ab-a768-cb25fea284e7.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecd863b0-94dc-48ab-a768-cb25fea284e7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae2bf42f05c120363dd9c8bc320cbdf9
3e9d928edb29f9d39feda401519dd82e2e509f1e
78985912f0d45719ebcf303e3056f422390ea79b2a5ab47b19cba87f4f11b8ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecd863b0-94dc-48ab-a768-cb25fea284e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10168
x-amzn-requestid: a52a1462-c23f-47a3-a71d-461f70f07dd4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aOFokG7MoAMFsgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634f1c9d-28faabe059a668aa610da199;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4DfiNiPIw_62F56id7SQKej951QrFk8flz1iAU3y4FJ6B9lrYD16Tw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 21:42:35 GMT
age: 22482
etag: "3e9d928edb29f9d39feda401519dd82e2e509f1e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1208171356%3A1666151835077589&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoLboUhq_JcQ5luA6bXckR9lO_JPl_z0XUTJkrvIi3cEAv-duo4Gq7gja02yrWAZnonuP48
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1208171356%3A1666151835077589&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoLboUhq_JcQ5luA6bXckR9lO_JPl_z0XUTJkrvIi3cEAv-duo4Gq7gja02yrWAZnonuP48
IP
GET /v3/signin/identifier?dsh=S1208171356%3A1666151835077589&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoLboUhq_JcQ5luA6bXckR9lO_JPl_z0XUTJkrvIi3cEAv-duo4Gq7gja02yrWAZnonuP48 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://candystudents.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 Oct 2022 03:57:15 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-VseJdH5j4XCVzSZthUuCxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://candystudents.com/
Origin: https://candystudents.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
content-type: text/plain
set-cookie: csu=1943654471748314@1@1666151835; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://candystudents.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyOrAIQv1www0j6snOEH1iovYSzmNnFZ9Pr3NluzsaAP0bTi2A7rh043tfUsbSNTsWOFmvq980p%2FKnNTG9y0GH03Gg5OWaJZuuoMzMt7YrekDGNXxMiRAh%2FfK3Enk4cS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75c696a9180b4077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://candystudents.com/
Origin: https://candystudents.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 19 Oct 2022 03:57:15 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://candystudents.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1070
last-modified: Wed, 19 Oct 2022 03:39:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgh2fgQJHn976jToS6aPaIvr%2B8QPvTTAWkiW%2B%2Ff4ZKtGeSCSG0bxZwGaO%2FoWU8q%2F4fJyWxeZfl7tKDfwDMpoBDFWHj%2B%2F2rzQs8KagbAReFvFgstg1qKvr5Q%2F1XbqVL7v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75c696a908064077-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
23.82.12.30
104.21.31.33
23.36.76.226
31.13.72.36
93.184.220.29
95.211.229.246