xfantazy.com/video/63215686df915905ff622722
188.114.96.1302 Found 0 B URL HTTP/1.1 xfantazy.com/video/63215686df915905ff622722
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/63215686df915905ff622722 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sun, 04 Dec 2022 19:49:40 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/63215686df915905ff622722
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUsh2oReXWn5aWwwl4i58H%2BJizyPNwq5hrnHx993Q%2BI73Yl9YDZAB%2FmeD3kMEre%2BPx3TVxFMG%2FIw8SbTFbMlZ25NPpaSh0hVZOEoDm%2BZyS8nnlZhxKrbMq1G39PAn4Y%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 774711125e690afe-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18515
Expires: Mon, 05 Dec 2022 00:58:16 GMT
Date: Sun, 04 Dec 2022 19:49:41 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5299
Cache-Control: max-age=144595
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:41 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:59:36 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14473
Expires: Sun, 04 Dec 2022 23:50:54 GMT
Date: Sun, 04 Dec 2022 19:49:41 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 19:18:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1877
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: oTb0iI95QMmN5De3es8PAc/ABjrLGzieglul2ipI/YvTh7GOML/ra2rhXD6akxTJFUxPf9LOsBQ=
x-amz-request-id: 9RX10A6NCQP2XZ7P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 19:47:06 GMT
age: 155
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
IP 142.250.74.131:0
Hash 237c24ccbba942780e3fef90d865a4fb
5c1ff7e1db4e67d76860c9fc372a64a19fdeb116
44695627e49eadde7fb60432f9cf46cf1dd6328bc22a7c98f3a91363d36e764e
POST /s/gts1p5/HHuh0f0kcFg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 19:08:58 GMT
cache-control: public,max-age=3600
age: 2443
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
IP 142.250.74.131:0
Hash 237c24ccbba942780e3fef90d865a4fb
5c1ff7e1db4e67d76860c9fc372a64a19fdeb116
44695627e49eadde7fb60432f9cf46cf1dd6328bc22a7c98f3a91363d36e764e
POST /s/gts1p5/HHuh0f0kcFg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5268
Cache-Control: max-age=139498
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:41 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:34:39 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cf8fa41ef602ae70ffca585b472e5a48
ee82688bae8ec454aefccccd51259d5efb26915c
f4b30ab9f60cbb23f30a89cd2161530019d664541ee595021b3031d91ff7289d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/v0/amp-analytics-0.1.js
172.217.21.161200 OK 32 kB URL HTTP/2 cdn.ampproject.org/v0/amp-analytics-0.1.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (65534)
Hash 39694f65e232a53143348cf3bf0882b9
f9b453f2589b64e443462745975d117c778b6820
235569f2704cffbcbe5ef497562c0dac90ccb87c6ce76a9d896d764a72463163
GET /v0/amp-analytics-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 32042
date: Sun, 04 Dec 2022 19:49:41 GMT
expires: Sun, 04 Dec 2022 19:49:41 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "8d52a7de4cfe57f6"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 6.7 kB IP 172.64.155.188:0
Hash d3b577319c18fe2c174ba4092c94c887
dc012e0ace30e47ba73659f2b3fd0aaeedbeccf8
74ccd5ad0942f38cc1a0b8bdc12e184d4e3f437643395e6f867aca1b20d9ffb0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:41 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 03:14:18 GMT
Expires: Sat, 10 Dec 2022 03:14:17 GMT
Etag: "ff020494c839e4554df1dda6de6e29105bba56c9"
Cache-Control: max-age=458075,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774711191b17b4fd-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 11 kB IP 172.64.155.188:0
Hash f7b23f350f4ab911fbb0c9f1700e5b21
a23852f0fabcbf7f97ab2eb866f3170a627381bf
4acc8e0221c0f2b628bbb1a1c9c3e835207f1468deb49b4bf840f3d87f1fe025
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:41 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 03:14:18 GMT
Expires: Sat, 10 Dec 2022 03:14:17 GMT
Etag: "ff020494c839e4554df1dda6de6e29105bba56c9"
Cache-Control: max-age=458075,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774711191b39fac8-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 9e4958c22870ed11e50500cae76df248
ff020494c839e4554df1dda6de6e29105bba56c9
a3687fdab306fa5f8de4a3da74b69c9e3f3659bfd99dec78f4fea93df9c41f37
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:41 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 03:14:18 GMT
Expires: Sat, 10 Dec 2022 03:14:17 GMT
Etag: "ff020494c839e4554df1dda6de6e29105bba56c9"
Cache-Control: max-age=458075,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774711191e87b50f-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cf8fa41ef602ae70ffca585b472e5a48
ee82688bae8ec454aefccccd51259d5efb26915c
f4b30ab9f60cbb23f30a89cd2161530019d664541ee595021b3031d91ff7289d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.106200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.106:0
Hash 1e58b74af3a3467a2b8a0ad3e132ff11
8a40e387d812017734805af542aed6b8a0360f5d
4e64f14db8b4d036859547d8d04f9d29ee05e42daf3ca1a00cc1feb7df0e78d8
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 19:49:41 GMT
date: Sun, 04 Dec 2022 19:49:41 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 346527
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:56 GMT
expires: Thu, 30 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 346546
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 346548
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 9e4958c22870ed11e50500cae76df248
ff020494c839e4554df1dda6de6e29105bba56c9
a3687fdab306fa5f8de4a3da74b69c9e3f3659bfd99dec78f4fea93df9c41f37
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 03:14:18 GMT
Expires: Sat, 10 Dec 2022 03:14:17 GMT
Etag: "ff020494c839e4554df1dda6de6e29105bba56c9"
Cache-Control: max-age=458074,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774711191e79b50f-OSL
push.services.mozilla.com/
54.148.213.75101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.213.75:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: koXq39YjQ/vuBmpgSKlSBw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: k3/Luo1w5VhSKYhMcVYZYJEnFFs=
static-cache.k2s.cc/thumbnail/dbnF7HSlzKru-zXE_g/w320h240/0.jpeg
188.72.235.186200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/dbnF7HSlzKru-zXE_g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d583640a414f270882a04dc2d95f18ec
322577c3cad3fd3b187da1a4cef4e0b4a2b698bd
135dbe85ed362082f9ab6f8852c1fdf8ec2f8f894ab8d825274c53c2ee93818c
GET /thumbnail/dbnF7HSlzKru-zXE_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:42 GMT
content-type: image/jpeg
content-length: 11901
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Ie6a6yD3m6y9-j-T9g/w320h240/0.jpeg
188.72.235.186200 OK 9.1 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Ie6a6yD3m6y9-j-T9g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 5f8eda2202a2c6bbb3f3f7daa0e3b4a8
022e43afa6983fb324598e6bdc951c3430db7a1c
dcc98b6b86f3bed64d6df4240e523e504eb30c9c4be111f333487da708dab167
GET /thumbnail/Ie6a6yD3m6y9-j-T9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:42 GMT
content-type: image/jpeg
content-length: 9094
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LOTG6XGlyansrDqX-A/w320h240/0.jpeg
188.72.235.186200 OK 9.7 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LOTG6XGlyansrDqX-A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 533d67d040c590dff40b1fee6bb46583
8addc563ce5ccd26222781d669ea807fb2e198fd
f1ce903054a94781208694aa26688282c158dea65f22cbd5aa65f93709e171bb
GET /thumbnail/LOTG6XGlyansrDqX-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:42 GMT
content-type: image/jpeg
content-length: 9684
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cu7HuSKgmKm--zSX-Q/w320h240/0.jpeg
188.72.235.186200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cu7HuSKgmKm--zSX-Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 52ed06940f0b43a5c5c528296dcb445b
2837e6ad03535ba9f59db25680ba9e92d60ca666
9eb0dcbf5db581410686f264c77c2a6b168766cac7267ca527d90bf31c30a7ee
GET /thumbnail/cu7HuSKgmKm--zSX-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:42 GMT
content-type: image/jpeg
content-length: 10421
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/9f2354c6c7504/main/0.jpeg
188.72.235.186200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/9f2354c6c7504/main/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.54.100", baseline, precision 8, 640x360, components 3\012- data
Hash 99dbb87a99853e6d15b8f82db06b38d1
166540f9b8dd6041619d6a5125216110ac9a7d64
941f1025f335b06b74ab26f093da00d8d10b1d736f49d2f70543ab9a6e9e9497
GET /thumbnail/9f2354c6c7504/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:42 GMT
content-type: image/jpeg
content-length: 13121
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.168200 OK 454 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.168:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 454 kB (454516 bytes)
Hash f4f3e84d952ce3cf347d4e66f41441e5
7bd106f47400e7f183d71027b001c563f37b19af
545c2d5323f7b20f453880be51003cd9e39e1e55a0fd83273c8582ba79149091
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 19:49:42 GMT
expires: Sun, 04 Dec 2022 19:49:42 GMT
cache-control: private, max-age=900
last-modified: Sun, 04 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54292
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 1.4 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 078186879bda2aaa381ca74c022a7738
9edf5a3176d4abd060976f86d27d954f90e35935
9e31a23b802165bd93a8c63d2f961aeb2d273f610fc03186cf36a521bbed5332
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "38F0BEE79D6D8CB4602050243F755BC79D530E53E132F80A3EBBFEC0AE9912DA"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5877
Expires: Sun, 04 Dec 2022 21:27:39 GMT
Date: Sun, 04 Dec 2022 19:49:42 GMT
Connection: keep-alive
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.65.229200 OK 87 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.65.229:0
Hash 45ad8dfa1aa73ecfd5cc906f086faf2f
f16cd3a22ce13d49295a579d763a890b3649ae56
006250bf6636ea36be26b1f46f64e3672a75a32f55105046523ba66eb16ce490
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.250.0
x-jsd-version-type: version
etag: W/"346dd-nsZLR4YN/Jfyl2nmrii/8cxDozY"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 19:49:42 GMT
age: 5109
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1654-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85055
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fa5f8cff4338b8bb685ad311a8efee75
ed554504b6d84d1c9b9b96d78e3db26491856662
b48bf4ca0681a0f861865b1c4f3cddcc6a8608ad0b329304427cae5d958e0081
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B48BF4CA0681A0F861865B1C4F3CDDCC6A8608AD0B329304427CAE5D958E0081"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2490
Expires: Sun, 04 Dec 2022 20:31:12 GMT
Date: Sun, 04 Dec 2022 19:49:42 GMT
Connection: keep-alive
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
151.101.194.133200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 151.101.194.133:0
Hash 586578a04ab2c85ca55ebd67f4bb0b9d
a6f580d6fb57fc44b4b1dfd819f3c06aa350e672
d5e104416d3c541062d4cdc9192aaa0536407de5909dd16b7ae7fa52df27e7a2
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1462
Content-Type: application/ocsp-response
Etag: "007E5FB54DA1EF6DB4914125C7D1102EF7772A54"
Expires: Mon, 05 Dec 2022 06:00:00 UTC
Last-Modified: Sun, 04 Dec 2022 18:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
Accept-Ranges: bytes
Date: Sun, 04 Dec 2022 19:49:42 GMT
Via: 1.1 varnish
Age: 3280
X-Served-By: cache-bma1637-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1670183383.943804,VS0,VE1
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
192.243.59.13200 OK 14 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37191), with no line terminators
Hash 08be2d063b79c8e83acd44456e7fceb6
01ac3163997f50bf65492cf6e345bd3c80fb4e68
e796553064c438d20097ab64e5a1cb141ef7a47a31a730500bd765fa738737f1
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 04 Dec 2022 19:49:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 806a3ff0c3661790b2c538e59d891e2d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37164), with no line terminators
Hash 348a4ec07c4c718afd22132578f590e7
395c401b1aa14e19149cf480d3e3603b064d6982
f8408d362929f128b9074bdaa16771c6016b37bbf4d1e3514c42ca4b99a9f4e6
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 04 Dec 2022 19:49:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dc8a766717ccb5a7e530dacece390050
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ffb1fa188f11f4b1ec69136d1920502b
8aac404d7cf025e415c22f6170fea74bf537c603
7beabb9b7af824e542dc5f62308e6d44c4a38dee34d69836ca4c1cf966592b82
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7BEABB9B7AF824E542DC5F62308E6D44C4A38DEE34D69836CA4C1CF966592B82"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8296
Expires: Sun, 04 Dec 2022 22:07:59 GMT
Date: Sun, 04 Dec 2022 19:49:43 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ffb1fa188f11f4b1ec69136d1920502b
8aac404d7cf025e415c22f6170fea74bf537c603
7beabb9b7af824e542dc5f62308e6d44c4a38dee34d69836ca4c1cf966592b82
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7BEABB9B7AF824E542DC5F62308E6D44C4A38DEE34D69836CA4C1CF966592B82"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8296
Expires: Sun, 04 Dec 2022 22:07:59 GMT
Date: Sun, 04 Dec 2022 19:49:43 GMT
Connection: keep-alive
ocsp.globalsign.com/gseccovsslca2018
151.101.194.133200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 151.101.194.133:0
Hash cee8562f5f5b589093c5efe40bb41fe9
b86d0238cc01b7086151cdc63c5310c2e39aa4e3
655f749e5a2208a6a1e4d8d75a31be77e339bc6d1d77ed4373aa97b7de299e8f
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 939
Server: nginx
Content-Type: application/ocsp-response
Expires: Thu, 08 Dec 2022 18:15:39 GMT
ETag: "b86d0238cc01b7086151cdc63c5310c2e39aa4e3"
Last-Modified: Sun, 04 Dec 2022 18:15:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sun, 04 Dec 2022 19:49:43 GMT
Age: 3487
X-Served-By: cache-qpg1244-QPG, cache-bma1637-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 3, 34
X-Timer: S1670183383.233327,VS0,VE0
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash f0f8b0d8806166791f6d6d9a9aa908ca
e30099fed67b541c022984b41b6de1e9ca8e01bb
c8d3589546edd372653dbcc6fe1bc48340d7bf5dc3b0f37324a9ff8014aa912b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=154755
Date: Sun, 04 Dec 2022 19:49:43 GMT
Etag: "638ca11c-1d7"
Expires: Tue, 06 Dec 2022 14:48:58 GMT
Last-Modified: Sun, 04 Dec 2022 13:31:08 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uNm1zEJQoDB-23ghm-X8P21_UtN-ACsEXtwIZCDcplId2qfrVgYvJw==
Age: 4670
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash f0f8b0d8806166791f6d6d9a9aa908ca
e30099fed67b541c022984b41b6de1e9ca8e01bb
c8d3589546edd372653dbcc6fe1bc48340d7bf5dc3b0f37324a9ff8014aa912b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=154747
Date: Sun, 04 Dec 2022 19:49:43 GMT
Etag: "638ca11c-1d7"
Expires: Tue, 06 Dec 2022 14:48:50 GMT
Last-Modified: Sun, 04 Dec 2022 13:31:08 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9zfBlfkNiePoFpL_8-yzwCl9n5dddgmrWCGPk1K5JaVWBReVttteEg==
Age: 4662
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 597d4c1ba58ce5674832a5b9316d5621
f19df534b886916f3934dcc91ae48b4e126648ee
89fd159819e02eccf20af670eaa4879cf53484851e09e081a35ac4389a129540
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:43 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=c1b9d69d-2772-40b4-9a45-d15d8500ad3f:1:1; expires=Wed, 01 Dec 2032 19:49:43 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cd5fa31ccc19370e6ea74d6f20afe184
684ae0e67c098cf3961821ac2ca5c8ed2ddf5d99
53b2f175d89e19e3cc53620889b4b5644ee37d65f8c362b8e31df78fd6f5815d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "53B2F175D89E19E3CC53620889B4B5644EE37D65F8C362B8E31DF78FD6F5815D"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18350
Expires: Mon, 05 Dec 2022 00:55:33 GMT
Date: Sun, 04 Dec 2022 19:49:43 GMT
Connection: keep-alive
simplewebanalysis.com/stats
18.185.190.54200 OK 1.2 kB URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
Hash 29ff09f5f6bb431b5ec2d137bf8bc8cd
fe61171a9180814cf24870082d5ed8429f358477
e7ea3c3ec1fc85d3d78f6cf5ee9a4a4ee4cc9943477a36323fa01e3111dc9cbd
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:43 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; expires=Wed, 01 Dec 2032 19:49:43 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194940%3Aet%3A1670183381%3Ac%3A1%3Arn%3A938659487%3Arqn%3A1%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C128%2C346%2C45%2C370%2C0%2C%2C380%2C4%2C%2C%2C%2C1279%3Aco%3A0%3Ans%3A1670183378342%3Anp%3ATGludXggeDg2XzY0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183381%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20%28SD%202021%29%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
93.158.134.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194940%3Aet%3A1670183381%3Ac%3A1%3Arn%3A938659487%3Arqn%3A1%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C128%2C346%2C45%2C370%2C0%2C%2C380%2C4%2C%2C%2C%2C1279%3Aco%3A0%3Ans%3A1670183378342%3Anp%3ATGludXggeDg2XzY0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183381%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20%28SD%202021%29%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 64900e675fb98c8b83b2acbfdc5a9cd5
d0effd7ed40ba570b9308083e413df53a43d61ad
eeb381bfa157d9bf73eb258f6076ef39ecdd0f0ae58b6e0c0edcc71703fc06f1
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194940%3Aet%3A1670183381%3Ac%3A1%3Arn%3A938659487%3Arqn%3A1%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C128%2C346%2C45%2C370%2C0%2C%2C380%2C4%2C%2C%2C%2C1279%3Aco%3A0%3Ans%3A1670183378342%3Anp%3ATGludXggeDg2XzY0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183381%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20%28SD%202021%29%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Sun, 04 Dec 2022 19:49:43 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 19:49:43 GMT
last-modified: Sun, 04-Dec-2022 19:49:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 58207e08b3eceab4ab51208f54827bc1
8ec261d3d3a21acae5545c63d128c08310fba29c
fd5b4520db0a3eb45792b8d95a009947622e0651ddb33edece92390481ec0b75
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD5B4520DB0A3EB45792B8D95A009947622E0651DDB33EDECE92390481EC0B75"
Last-Modified: Fri, 02 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4430
Expires: Sun, 04 Dec 2022 21:03:33 GMT
Date: Sun, 04 Dec 2022 19:49:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19161
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 19:49:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19161
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 19:49:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19161
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 19:49:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 79182
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 79624
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c1a6f4805f59db44f9d3520d88701a58
6a0258e8c97ce09f1723382c8a16d9682b7dc50c
ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:23:21 GMT
age: 44782
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 79201
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 50063
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 79542
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194941%3Aet%3A1670183381%3Ac%3A1%3Arn%3A6893134%3Arqn%3A4%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670183378342%3Arqnl%3A1%3Ast%3A1670183381&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(4)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194941%3Aet%3A1670183381%3Ac%3A1%3Arn%3A6893134%3Arqn%3A4%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670183378342%3Arqnl%3A1%3Ast%3A1670183381&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194941%3Aet%3A1670183381%3Ac%3A1%3Arn%3A6893134%3Arqn%3A4%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670183378342%3Arqnl%3A1%3Ast%3A1670183381&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 04 Dec 2022 19:49:43 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 19:49:43 GMT
last-modified: Sun, 04-Dec-2022 19:49:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194941%3Aet%3A1670183381%3Ac%3A1%3Arn%3A505155515%3Arqn%3A2%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670183378342%3Arqnl%3A1%3Ast%3A1670183381&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(2)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194941%3Aet%3A1670183381%3Ac%3A1%3Arn%3A505155515%3Arqn%3A2%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670183378342%3Arqnl%3A1%3Ast%3A1670183381&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194941%3Aet%3A1670183381%3Ac%3A1%3Arn%3A505155515%3Arqn%3A2%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670183378342%3Arqnl%3A1%3Ast%3A1670183381&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 04 Dec 2022 19:49:43 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 19:49:43 GMT
last-modified: Sun, 04-Dec-2022 19:49:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194941%3Aet%3A1670183381%3Ac%3A1%3Arn%3A372349060%3Arqn%3A3%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670183378342%3Arqnl%3A1%3Ast%3A1670183381&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(3)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194941%3Aet%3A1670183381%3Ac%3A1%3Arn%3A372349060%3Arqn%3A3%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670183378342%3Arqnl%3A1%3Ast%3A1670183381&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194941%3Aet%3A1670183381%3Ac%3A1%3Arn%3A372349060%3Arqn%3A3%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670183378342%3Arqnl%3A1%3Ast%3A1670183381&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 04 Dec 2022 19:49:43 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 19:49:43 GMT
last-modified: Sun, 04-Dec-2022 19:49:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ffb1fa188f11f4b1ec69136d1920502b
8aac404d7cf025e415c22f6170fea74bf537c603
7beabb9b7af824e542dc5f62308e6d44c4a38dee34d69836ca4c1cf966592b82
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7BEABB9B7AF824E542DC5F62308E6D44C4A38DEE34D69836CA4C1CF966592B82"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8296
Expires: Sun, 04 Dec 2022 22:07:59 GMT
Date: Sun, 04 Dec 2022 19:49:43 GMT
Connection: keep-alive
soldierreproduceadmiration.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.137.44200 OK 30 kB URL HTTP/1.1 soldierreproduceadmiration.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.137.44:0
Hash a9dece629fad4589fbcd3109e67c7ff5
4760a49e2852620cbc33343e3304ee61c8825e35
1468a6ec17b699758c3d5ef13764958cec5330f8eed709b57c0239a75d788617
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bda1fb34c6bba5ed05bb65d2aa337280
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
peacocktypewriter.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.139.164200 OK 29 kB URL HTTP/1.1 peacocktypewriter.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.139.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 57a1af5e69f5e42e224cbd1277bcec9e
78f18497a5bfe78f00b64413a36c6ba798517cfc
58f95202874d710e0cd6b6d5ee9106b3fe31765e8132afd7f33c4f2158d8548d
Analyzer Verdict Alert quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e0716cd98a36ac9cf2c31d7a04829cfd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47b644210e1185da967b593c2fb4f3df
e80aff46867604ff4b94607ea082361940b89715
244f29ea97060fe1a6746bbc12e7d8b288cb0820c85213f1f13628b19c8d05a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "244F29EA97060FE1A6746BBC12E7D8B288CB0820C85213F1F13628B19C8D05A9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7187
Expires: Sun, 04 Dec 2022 21:49:30 GMT
Date: Sun, 04 Dec 2022 19:49:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d30484eaa8ed2d5c9e6d66b87f1a42d6
f2ad1a88af682fafbf1ca031c5c160c41d778a5a
81d213ef6d10edffaafc375a0e47ee694604baed8c86333ea33ea6d3d24fa4f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "81D213EF6D10EDFFAAFC375A0E47EE694604BAED8C86333EA33EA6D3D24FA4F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4690
Expires: Sun, 04 Dec 2022 21:07:53 GMT
Date: Sun, 04 Dec 2022 19:49:43 GMT
Connection: keep-alive
soldierreproduceadmiration.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=c1b9d69d-2772-40b4-9a45-d15d8500ad3f%3A1%3A1
173.233.137.44200 OK 4.3 kB URL HTTP/1.1 soldierreproduceadmiration.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=c1b9d69d-2772-40b4-9a45-d15d8500ad3f%3A1%3A1
IP 173.233.137.44:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6100), with no line terminators
Hash e6f35cbffa03fa6e4eea86798d1c0229
8b61d0ea5d8a5ce2ba556780fe9f8373b6da2fbf
2286d9c9fcdf23e67c3d1a8074ea6309f214d4a34073d315942f36bf17d17d93
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=c1b9d69d-2772-40b4-9a45-d15d8500ad3f%3A1%3A1 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:43 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Mon, 05 Dec 2022 19:49:43 GMT; secure; SameSite=None
uid_id2=c1b9d69d-2772-40b4-9a45-d15d8500ad3f:1:1; expires=Sun, 11 Dec 2022 19:49:43 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 05 Dec 2022 19:49:43 GMT; secure; SameSite=None
uncs=1; expires=Mon, 05 Dec 2022 19:49:43 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 05 Dec 2022 19:49:43 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 05 Dec 2022 19:49:43 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fbf076ddcfba9c206ca5f30575f4eb04
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
peacocktypewriter.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc%3A3%3A1
173.233.139.164200 OK 4.4 kB URL HTTP/1.1 peacocktypewriter.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc%3A3%3A1
IP 173.233.139.164:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6276), with no line terminators
Hash c73bf6eaac6c430244dc4f43418bbb7a
6fa04bedaec9770acc3f998d61c9c66829efd945
a5fa40cd5a0f362334dfa9ce2742459b5acfb1a5d26ae8237e00b2f14670ac85
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc%3A3%3A1 HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:43 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Mon, 05 Dec 2022 19:49:43 GMT; secure; SameSite=None
uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; expires=Sun, 11 Dec 2022 19:49:43 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 05 Dec 2022 19:49:43 GMT; secure; SameSite=None
uncs=1; expires=Mon, 05 Dec 2022 19:49:43 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 05 Dec 2022 19:49:43 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 05 Dec 2022 19:49:43 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3e2954d224d184921683a7837bc06ff5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
specialistinsensitive.com/pixel/purst?dl=0&th=0&sc=0&rs=2903&rd=2903&fd=527&bv=22.10.v.10&tmpl=136
192.243.61.227200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/purst?dl=0&th=0&sc=0&rs=2903&rd=2903&fd=527&bv=22.10.v.10&tmpl=136
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2903&rd=2903&fd=527&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
wastedinvaluable.com/pixel/purst?dl=0&th=0&sc=0&rs=2934&rd=2934&fd=540&bv=22.10.v.10&tmpl=136
192.243.59.12200 OK 0 B URL HTTP/1.1 wastedinvaluable.com/pixel/purst?dl=0&th=0&sc=0&rs=2934&rd=2934&fd=540&bv=22.10.v.10&tmpl=136
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2934&rd=2934&fd=540&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d616b0b14e0c5cda5c98d0b99cccbaf3
657299c8f642a892045dbfe2a6958133e6b57f99
3590d6a37989c47a5d082655909defed76f2f4a467d3f6700134bba4ffb130f7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3590D6A37989C47A5D082655909DEFED76F2F4A467D3F6700134BBA4FFB130F7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10273
Expires: Sun, 04 Dec 2022 22:40:57 GMT
Date: Sun, 04 Dec 2022 19:49:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d616b0b14e0c5cda5c98d0b99cccbaf3
657299c8f642a892045dbfe2a6958133e6b57f99
3590d6a37989c47a5d082655909defed76f2f4a467d3f6700134bba4ffb130f7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3590D6A37989C47A5D082655909DEFED76F2F4A467D3F6700134BBA4FFB130F7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10273
Expires: Sun, 04 Dec 2022 22:40:57 GMT
Date: Sun, 04 Dec 2022 19:49:44 GMT
Connection: keep-alive
soldierreproduceadmiration.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRutzp8cfvWQSC4q4hw8GHBnq3tmdraTw2KMkWDchCQS0YvVVdWz5VZ3NVXd07MDQkhAcvAw8WT00vtmkyUaxIB6EESZFVQGlIyHsAf34F0vQsCTMpPB4IPu76t63%2BG999W7m8UeoSjY7tlXTV9pzRZbdVp77qJKhSldbfVCzad1eqx2UaVLzWO13vRnu0d92qrTI7WXJV83iwH1KfWpXzuprIxNb3HGQmW3Q78e0nozqPutJnr2v2dXeHDMg%2BjukcehxOTA2o93oPgIafLZCenWc5M9%2F1JSaJYbi67Yfi1dT02ZInnYxtZDnG7Pp2HchJAP9sGk23MHMN2tqQNEakK8ez6idHsuE1H3xgOlkYZMEYlHUXZHkHoExUbg5gqUuEsALrB6Bmlyc9XYkm08YNmUnZD99%2F%2BEKidk%2F6%2BHkSafHteqVztvdJErkzr04gqqN4LqjJAVO8j7HlS5A55fhhI%2FkcX7p5EmW2ecNlBi91nuR6FYCsVC0G4HC00aNRdC1mwtCL8llluUMtGIZxEpNYKKR9ByAOY8FNNPeShiD0XmIRG7NdYKY0rbcRQ3GstNznmjwXlreUm0RKO5HFMUfOphgDwbgOsBuL2EzF7Curo2IeTyFmzxLdxaBSc8uJygKyqUkqB0BCUjKBVBmROU3eqG0C5w1U2hXRH58xrMa6MamryzyW6YvCNTspntkUOz9P547Cusy90aC%2BIwpLFPm%2B0luuTzth8Kn%2FuMNVgguQjgVAXl9s289tWEHH7qN2TTlb7zNyK2A6d3wNVBsOJpsHLYDijY2rC5TNFPb%2Fdiluasv1HnJoEwFbJ8P%2FINb1PvkSdmOo6%2B%2BTMkH6%2FcOWE%2Bur76JLitkNkKb6vvCDr66vCcKcnWOVM6cudMlqtE9dl0w%2BdzlssDH78iN0pjxakTbnDrBT4lpu3tC9Llp1kqVNpx5JPjSghpTxrLJfn6lLsoo7OFWzte2LTITp998eSpJLPSOWXSEZi6%2B9Y34GpCHhkcmr3dZ5bfgLIj2KJCUozJHFBmBJ5dgsvGK7euT%2FEhnCGw%2BuFMlHkoi2pog%2BjhpVYT0vj%2F79ByvPL%2B0SPfb9z8Aiyq4OR45csfPg9fPxghkv9GsumuomM9sPwK0qRC11bo6gpMD%2BCK%2Fw3zzI5XfmnMgEh7w0hbbyvSVl97EK9TuzXZimksaSCjOIziNqMijJthxEJftqMW85G7CX%2Fvr3v%2FAAAA%2F%2F8BAAD%2F%2FwnpWg2XBAAA
173.233.137.44200 OK 7 B URL HTTP/1.1 soldierreproduceadmiration.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRutzp8cfvWQSC4q4hw8GHBnq3tmdraTw2KMkWDchCQS0YvVVdWz5VZ3NVXd07MDQkhAcvAw8WT00vtmkyUaxIB6EESZFVQGlIyHsAf34F0vQsCTMpPB4IPu76t63%2BG999W7m8UeoSjY7tlXTV9pzRZbdVp77qJKhSldbfVCzad1eqx2UaVLzWO13vRnu0d92qrTI7WXJV83iwH1KfWpXzuprIxNb3HGQmW3Q78e0nozqPutJnr2v2dXeHDMg%2BjukcehxOTA2o93oPgIafLZCenWc5M9%2F1JSaJYbi67Yfi1dT02ZInnYxtZDnG7Pp2HchJAP9sGk23MHMN2tqQNEakK8ez6idHsuE1H3xgOlkYZMEYlHUXZHkHoExUbg5gqUuEsALrB6Bmlyc9XYkm08YNmUnZD99%2F%2BEKidk%2F6%2BHkSafHteqVztvdJErkzr04gqqN4LqjJAVO8j7HlS5A55fhhI%2FkcX7p5EmW2ecNlBi91nuR6FYCsVC0G4HC00aNRdC1mwtCL8llluUMtGIZxEpNYKKR9ByAOY8FNNPeShiD0XmIRG7NdYKY0rbcRQ3GstNznmjwXlreUm0RKO5HFMUfOphgDwbgOsBuL2EzF7Curo2IeTyFmzxLdxaBSc8uJygKyqUkqB0BCUjKBVBmROU3eqG0C5w1U2hXRH58xrMa6MamryzyW6YvCNTspntkUOz9P547Cusy90aC%2BIwpLFPm%2B0luuTzth8Kn%2FuMNVgguQjgVAXl9s289tWEHH7qN2TTlb7zNyK2A6d3wNVBsOJpsHLYDijY2rC5TNFPb%2Fdiluasv1HnJoEwFbJ8P%2FINb1PvkSdmOo6%2B%2BTMkH6%2FcOWE%2Bur76JLitkNkKb6vvCDr66vCcKcnWOVM6cudMlqtE9dl0w%2BdzlssDH78iN0pjxakTbnDrBT4lpu3tC9Llp1kqVNpx5JPjSghpTxrLJfn6lLsoo7OFWzte2LTITp998eSpJLPSOWXSEZi6%2B9Y34GpCHhkcmr3dZ5bfgLIj2KJCUozJHFBmBJ5dgsvGK7euT%2FEhnCGw%2BuFMlHkoi2pog%2BjhpVYT0vj%2F79ByvPL%2B0SPfb9z8Aiyq4OR45csfPg9fPxghkv9GsumuomM9sPwK0qRC11bo6gpMD%2BCK%2Fw3zzI5XfmnMgEh7w0hbbyvSVl97EK9TuzXZimksaSCjOIziNqMijJthxEJftqMW85G7CX%2Fvr3v%2FAAAA%2F%2F8BAAD%2F%2FwnpWg2XBAAA
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRutzp8cfvWQSC4q4hw8GHBnq3tmdraTw2KMkWDchCQS0YvVVdWz5VZ3NVXd07MDQkhAcvAw8WT00vtmkyUaxIB6EESZFVQGlIyHsAf34F0vQsCTMpPB4IPu76t63%2BG999W7m8UeoSjY7tlXTV9pzRZbdVp77qJKhSldbfVCzad1eqx2UaVLzWO13vRnu0d92qrTI7WXJV83iwH1KfWpXzuprIxNb3HGQmW3Q78e0nozqPutJnr2v2dXeHDMg%2BjukcehxOTA2o93oPgIafLZCenWc5M9%2F1JSaJYbi67Yfi1dT02ZInnYxtZDnG7Pp2HchJAP9sGk23MHMN2tqQNEakK8ez6idHsuE1H3xgOlkYZMEYlHUXZHkHoExUbg5gqUuEsALrB6Bmlyc9XYkm08YNmUnZD99%2F%2BEKidk%2F6%2BHkSafHteqVztvdJErkzr04gqqN4LqjJAVO8j7HlS5A55fhhI%2FkcX7p5EmW2ecNlBi91nuR6FYCsVC0G4HC00aNRdC1mwtCL8llluUMtGIZxEpNYKKR9ByAOY8FNNPeShiD0XmIRG7NdYKY0rbcRQ3GstNznmjwXlreUm0RKO5HFMUfOphgDwbgOsBuL2EzF7Curo2IeTyFmzxLdxaBSc8uJygKyqUkqB0BCUjKBVBmROU3eqG0C5w1U2hXRH58xrMa6MamryzyW6YvCNTspntkUOz9P547Cusy90aC%2BIwpLFPm%2B0luuTzth8Kn%2FuMNVgguQjgVAXl9s289tWEHH7qN2TTlb7zNyK2A6d3wNVBsOJpsHLYDijY2rC5TNFPb%2Fdiluasv1HnJoEwFbJ8P%2FINb1PvkSdmOo6%2B%2BTMkH6%2FcOWE%2Bur76JLitkNkKb6vvCDr66vCcKcnWOVM6cudMlqtE9dl0w%2BdzlssDH78iN0pjxakTbnDrBT4lpu3tC9Llp1kqVNpx5JPjSghpTxrLJfn6lLsoo7OFWzte2LTITp998eSpJLPSOWXSEZi6%2B9Y34GpCHhkcmr3dZ5bfgLIj2KJCUozJHFBmBJ5dgsvGK7euT%2FEhnCGw%2BuFMlHkoi2pog%2BjhpVYT0vj%2F79ByvPL%2B0SPfb9z8Aiyq4OR45csfPg9fPxghkv9GsumuomM9sPwK0qRC11bo6gpMD%2BCK%2Fw3zzI5XfmnMgEh7w0hbbyvSVl97EK9TuzXZimksaSCjOIziNqMijJthxEJftqMW85G7CX%2Fvr3v%2FAAAA%2F%2F8BAAD%2F%2FwnpWg2XBAAA HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c1b9d69d-2772-40b4-9a45-d15d8500ad3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 31a339737e82a57c3a001d3dbb56dbab
Strict-Transport-Security: max-age=0; includeSubdomains
peacocktypewriter.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhihcP6iCCCbiz%2FWN6didBFmOMBGMSkkguXupX75Zb09VUdU3P7sWQgOQQdOLJY%2B%2BbTRY1iDkIXoTQq4gsCBkPYQ8u%2Fg9iwJvMZmD1c%2BjP63qfgvfepz7Z8HskhKe7l94360prOp%2B2w9bxayoXpnKtC1dbUdgOT7WuqbzbOdUaTj92cDIK03Z4ovWu5KtmPg6jMIzCqHVWWZmZ4fw%2BC1Xc70XtXtjuxO0o7WBo%2F%2FvvfABHA4jBHnkeSkz%2Bt%2FLLAyjeIO9%2Fe0a61dIUb7zT95qWxmIgtj7IV3NT5egfwMwGyPKt2TSMmxDyxSGYfGvmAGawOXUApiYkeByB5VszmWCDu0%2BVMg2Zg4mjqAYNpG6gaANubkKJRwTgAhcuIu%2Ffu2BsRdeesnTKTsiRJ39CVRNy5PcXkPe%2FOa3VsHXFaF8qkzsMsxpq2EAtNyj8Nsr1AKraBi9vQIlfyfyT88j7mxedNlBi97Ve3Okxmco5sSi6cx3RzeYWuyybi7MkDcMu7VLG9yNSqoHKGmg5AnWH4V0ArwL4LIAvAvTFboumvSwMFzKWJclih3OeJJyni12RiqSzmIXwfOphhLIYgesRuL2Owl7HqrozIeTGJqx%2FCLdSw4kAriQYiBqVJKgcQUUJKkVQlQTVoL4rtItdfU9o51k06%2FGsJ%2FXYlMsb9K4pl2VONoo98tw0veDZj1%2FHqtxtxVEmk14aZp0olmHc5UmSRazLpexGiWQUTtVQ7hCoC7CuJuTl9CgKNSH%2FX3oIRrfh9Da4OgbqXwKtxgtxCLoy7iyGWM%2B%2Fz2npLdUrkupyxRlvuWxz7RmEqVGUR1CuBRt6j7y4v9GTbx6D5DtLPzWffXj8r21wW6OwNT5SPxIs61vjy6Yim5dN5ciDi0Wp%2BmqdTrd9paSlPPzVe3KtMlacO%2BNGX77Fp8QU3r8qXXme5kLly458fVoJIe1ZY7kkP5xz1yS75N3KaW9zX5y%2F9PbZc%2F3CSueUyRtQ9cjdBlcT8sytT%2Fff8SuvWijbwPoafb9DZgVlGvDiOlxxoN4ZAqsPZlgRoPL12Mbs4FCrCenQP6DlztLnJ0%2F8vHbvO1BWw8l%2FXTzAG%2B4Wlm0AWt5E3q8xsDUGugbVIzh%2FeFwWdmfpt2S%2FwHQwZtoGm0xbfedpvE7ttmSahZkMY8myHssWaCh6WafHaC%2BSCyylEUo34bf%2FfvwPAAAA%2F%2F8BAAD%2F%2F8kNVdWjBAAA
173.233.139.164200 OK 7 B URL HTTP/1.1 peacocktypewriter.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhihcP6iCCCbiz%2FWN6didBFmOMBGMSkkguXupX75Zb09VUdU3P7sWQgOQQdOLJY%2B%2BbTRY1iDkIXoTQq4gsCBkPYQ8u%2Fg9iwJvMZmD1c%2BjP63qfgvfepz7Z8HskhKe7l94360prOp%2B2w9bxayoXpnKtC1dbUdgOT7WuqbzbOdUaTj92cDIK03Z4ovWu5KtmPg6jMIzCqHVWWZmZ4fw%2BC1Xc70XtXtjuxO0o7WBo%2F%2FvvfABHA4jBHnkeSkz%2Bt%2FLLAyjeIO9%2Fe0a61dIUb7zT95qWxmIgtj7IV3NT5egfwMwGyPKt2TSMmxDyxSGYfGvmAGawOXUApiYkeByB5VszmWCDu0%2BVMg2Zg4mjqAYNpG6gaANubkKJRwTgAhcuIu%2Ffu2BsRdeesnTKTsiRJ39CVRNy5PcXkPe%2FOa3VsHXFaF8qkzsMsxpq2EAtNyj8Nsr1AKraBi9vQIlfyfyT88j7mxedNlBi97Ve3Okxmco5sSi6cx3RzeYWuyybi7MkDcMu7VLG9yNSqoHKGmg5AnWH4V0ArwL4LIAvAvTFboumvSwMFzKWJclih3OeJJyni12RiqSzmIXwfOphhLIYgesRuL2Owl7HqrozIeTGJqx%2FCLdSw4kAriQYiBqVJKgcQUUJKkVQlQTVoL4rtItdfU9o51k06%2FGsJ%2FXYlMsb9K4pl2VONoo98tw0veDZj1%2FHqtxtxVEmk14aZp0olmHc5UmSRazLpexGiWQUTtVQ7hCoC7CuJuTl9CgKNSH%2FX3oIRrfh9Da4OgbqXwKtxgtxCLoy7iyGWM%2B%2Fz2npLdUrkupyxRlvuWxz7RmEqVGUR1CuBRt6j7y4v9GTbx6D5DtLPzWffXj8r21wW6OwNT5SPxIs61vjy6Yim5dN5ciDi0Wp%2BmqdTrd9paSlPPzVe3KtMlacO%2BNGX77Fp8QU3r8qXXme5kLly458fVoJIe1ZY7kkP5xz1yS75N3KaW9zX5y%2F9PbZc%2F3CSueUyRtQ9cjdBlcT8sytT%2Fff8SuvWijbwPoafb9DZgVlGvDiOlxxoN4ZAqsPZlgRoPL12Mbs4FCrCenQP6DlztLnJ0%2F8vHbvO1BWw8l%2FXTzAG%2B4Wlm0AWt5E3q8xsDUGugbVIzh%2FeFwWdmfpt2S%2FwHQwZtoGm0xbfedpvE7ttmSahZkMY8myHssWaCh6WafHaC%2BSCyylEUo34bf%2FfvwPAAAA%2F%2F8BAAD%2F%2F8kNVdWjBAAA
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhihcP6iCCCbiz%2FWN6didBFmOMBGMSkkguXupX75Zb09VUdU3P7sWQgOQQdOLJY%2B%2BbTRY1iDkIXoTQq4gsCBkPYQ8u%2Fg9iwJvMZmD1c%2BjP63qfgvfepz7Z8HskhKe7l94360prOp%2B2w9bxayoXpnKtC1dbUdgOT7WuqbzbOdUaTj92cDIK03Z4ovWu5KtmPg6jMIzCqHVWWZmZ4fw%2BC1Xc70XtXtjuxO0o7WBo%2F%2FvvfABHA4jBHnkeSkz%2Bt%2FLLAyjeIO9%2Fe0a61dIUb7zT95qWxmIgtj7IV3NT5egfwMwGyPKt2TSMmxDyxSGYfGvmAGawOXUApiYkeByB5VszmWCDu0%2BVMg2Zg4mjqAYNpG6gaANubkKJRwTgAhcuIu%2Ffu2BsRdeesnTKTsiRJ39CVRNy5PcXkPe%2FOa3VsHXFaF8qkzsMsxpq2EAtNyj8Nsr1AKraBi9vQIlfyfyT88j7mxedNlBi97Ve3Okxmco5sSi6cx3RzeYWuyybi7MkDcMu7VLG9yNSqoHKGmg5AnWH4V0ArwL4LIAvAvTFboumvSwMFzKWJclih3OeJJyni12RiqSzmIXwfOphhLIYgesRuL2Owl7HqrozIeTGJqx%2FCLdSw4kAriQYiBqVJKgcQUUJKkVQlQTVoL4rtItdfU9o51k06%2FGsJ%2FXYlMsb9K4pl2VONoo98tw0veDZj1%2FHqtxtxVEmk14aZp0olmHc5UmSRazLpexGiWQUTtVQ7hCoC7CuJuTl9CgKNSH%2FX3oIRrfh9Da4OgbqXwKtxgtxCLoy7iyGWM%2B%2Fz2npLdUrkupyxRlvuWxz7RmEqVGUR1CuBRt6j7y4v9GTbx6D5DtLPzWffXj8r21wW6OwNT5SPxIs61vjy6Yim5dN5ciDi0Wp%2BmqdTrd9paSlPPzVe3KtMlacO%2BNGX77Fp8QU3r8qXXme5kLly458fVoJIe1ZY7kkP5xz1yS75N3KaW9zX5y%2F9PbZc%2F3CSueUyRtQ9cjdBlcT8sytT%2Fff8SuvWijbwPoafb9DZgVlGvDiOlxxoN4ZAqsPZlgRoPL12Mbs4FCrCenQP6DlztLnJ0%2F8vHbvO1BWw8l%2FXTzAG%2B4Wlm0AWt5E3q8xsDUGugbVIzh%2FeFwWdmfpt2S%2FwHQwZtoGm0xbfedpvE7ttmSahZkMY8myHssWaCh6WafHaC%2BSCyylEUo34bf%2FfvwPAAAA%2F%2F8BAAD%2F%2F8kNVdWjBAAA HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: acf264b9733eb63f26882108c1f42273
Strict-Transport-Security: max-age=0; includeSubdomains
www.google-analytics.com/analytics.js
216.58.207.206200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.58.207.206:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 04 Dec 2022 18:41:08 GMT
expires: Sun, 04 Dec 2022 20:41:08 GMT
cache-control: public, max-age=7200
age: 4116
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/ef/6d/9c/ef6d9ce2996acaba379ea30acdea20ae/1632400430.html
45.133.44.4200 OK 484 B URL HTTP/2 cdn.barscreative1.com/sb/au/ef/6d/9c/ef6d9ce2996acaba379ea30acdea20ae/1632400430.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash 2ffa61804041291b7baecf261b1dd8ac
d4cf16af73db9b00625f6de7190382b87b77ef8c
5d1a915612bc55ee82e19d76355bc772df41a3c6810155bbfd27e915d271e584
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/ef/6d/9c/ef6d9ce2996acaba379ea30acdea20ae/1632400430.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:44 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 23 Sep 2021 12:33:57 GMT
etag: W/"614c7435-4c2"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 04 Dec 2022 20:49:44 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fef%2F6d%2F9c%2Fef6d9ce2996acaba379ea30acdea20ae%2F1632400430.html&l=1218&fd=172
173.233.139.164200 OK 0 B URL HTTP/1.1 peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fef%2F6d%2F9c%2Fef6d9ce2996acaba379ea30acdea20ae%2F1632400430.html&l=1218&fd=172
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fef%2F6d%2F9c%2Fef6d9ce2996acaba379ea30acdea20ae%2F1632400430.html&l=1218&fd=172 HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8017f571df5727fe6f3e8c58e931076b
e09e55a3c306f2cb715e4ce1e2f0738ddf202c93
6478758dd37e708534996b23f8189e79637690d22edff70d5183a19ec66854db
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6478758DD37E708534996B23F8189E79637690D22EDFF70D5183A19EC66854DB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5656
Expires: Sun, 04 Dec 2022 21:24:00 GMT
Date: Sun, 04 Dec 2022 19:49:44 GMT
Connection: keep-alive
d3t87ooo0697p8.cloudfront.net/?oootd=971975
143.204.42.128200 OK 112 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP 143.204.42.128:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Size 112 kB (112527 bytes)
Hash ac822d73eb70de81680158844edc38fc
76f8d5970bd60663ea9f1edac198ba46d8fb9cae
f7f86995f60ef596de5b1a5b4a44f87230c80b5c56af3cea7e15de67bb74c93b
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 112527
date: Sun, 04 Dec 2022 19:49:44 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6Qd889_l3Ey975ey7ngZqKxmcJRyk0uxzJxnl3cHNaie39lnuavUAg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8017f571df5727fe6f3e8c58e931076b
e09e55a3c306f2cb715e4ce1e2f0738ddf202c93
6478758dd37e708534996b23f8189e79637690d22edff70d5183a19ec66854db
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6478758DD37E708534996B23F8189E79637690D22EDFF70D5183A19EC66854DB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5656
Expires: Sun, 04 Dec 2022 21:24:00 GMT
Date: Sun, 04 Dec 2022 19:49:44 GMT
Connection: keep-alive
peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=170
173.233.139.164200 OK 0 B URL HTTP/1.1 peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=170
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=170 HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/img/close.png
172.64.108.13200 OK 769 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/img/close.png
IP 172.64.108.13:0
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 13b3b0cc6ce924780c0eec0b24c40c33
53b78225158a60f9327e135be26e365eb842f0df
7907c875d2dd81230f15826dffe1faa695cfb1f385adbb4d9480058d0d0112ad
GET /sb/ssp/vpn/os-box/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:44 GMT
content-type: image/png
content-length: 769
last-modified: Tue, 21 Sep 2021 12:06:12 GMT
etag: "6149cab4-301"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1663049
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WTJWRWSjoO9%2BbqQlma8wgtHNzO9GwnZwC0uHEgsI%2Byj8KDC2ggtMxg5uDWQV2iV2JeBLwsdoeejOvI6dBqsmKZ%2FZfGV2%2BfEHviGG9jyestIo5%2B3ektehz2K2bnFSgW9fZ7lx5vRTNerb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774711295e70071e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/css/animate.css
172.64.108.13200 OK 4.9 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/css/animate.css
IP 172.64.108.13:0
Hash a0dd2e14d215a501836c2ebff960a2f9
8d2ec2f1d388a12c73cfedf08fb6c194c2ad40ee
a252b87ff0d0a469897155f67b8f666da3592c8636356a59a841f6d1b666175c
GET /sb/ssp/vpn/os-box/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:44 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:06:11 GMT
etag: W/"6149cab3-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1662582
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GfuDTxkFevGOkEv5ztgeodJyfKy7s8tqeipcUjN%2B1J0%2F1gviErufue0MfPeRAuAviSq%2FvPFsF25XhnK3o7gUxdrzNAUcuQGQ4B1ixRETsTRsb3EpVpsOy6fg4Myf00ebnn5G343iolst"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77471128db047201-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/js/jquery.min.js
172.64.108.13200 OK 31 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/js/jquery.min.js
IP 172.64.108.13:0
File type ASCII text, with very long lines (32025)
Hash 64b11de152d5436bb3f0ece3fce30c83
b8f81a1de64edb93a3e3cdb7dcf90d4f637c7bed
74d69b9268dcb5a3fb7aee786b99267d157d1afd4275d8ca5ec18e174c0ac90a
GET /sb/ssp/vpn/os-box/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:44 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:06:14 GMT
etag: W/"6149cab6-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1663049
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TE9rlJsxRgU%2F1GgQ5uqRYaoJNJfqEC3uhVWjhdACf3h98l5BZ4WgRHZM5RJqEpQbuK1Dc32xpsOeGxBKiGjkx%2B8o9FFsxZn66Re%2BEobsPQ02HiagWHBYQFScZoKLJLErYk9cKVdo6rHN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774711293e4a071e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=124482594.1670183382&jid=566113153&gjid=1530502731&_gid=2134060288.1670183382&_u=YGBAiEABBAAAAEAAI~&z=2035133005
108.177.14.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=124482594.1670183382&jid=566113153&gjid=1530502731&_gid=2134060288.1670183382&_u=YGBAiEABBAAAAEAAI~&z=2035133005
IP 108.177.14.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=124482594.1670183382&jid=566113153&gjid=1530502731&_gid=2134060288.1670183382&_u=YGBAiEABBAAAAEAAI~&z=2035133005 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 19:49:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5e178f3b526edee352d9b28af2257f11
07b38a86e9afe9a3aa168eacb99ae717d54829f4
d9ecd0706d265906b70d78272c9ddeec7bc96e61f7e5554372d08e019a91e4ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D9ECD0706D265906B70D78272C9DDEEC7BC96E61F7E5554372D08E019A91E4CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9332
Expires: Sun, 04 Dec 2022 22:25:16 GMT
Date: Sun, 04 Dec 2022 19:49:44 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194942%3Aet%3A1670183382%3Ac%3A1%3Arn%3A362215095%3Arqn%3A6%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670183378342%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670183382&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(6)aw(1)ecs(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194942%3Aet%3A1670183382%3Ac%3A1%3Arn%3A362215095%3Arqn%3A6%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670183378342%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670183382&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(6)aw(1)ecs(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194942%3Aet%3A1670183382%3Ac%3A1%3Arn%3A362215095%3Arqn%3A6%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670183378342%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670183382&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(6)aw(1)ecs(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 04 Dec 2022 19:49:44 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 19:49:44 GMT
last-modified: Sun, 04-Dec-2022 19:49:44 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/11/cf/48/11cf48d4558fb051074d81f264532bb0/1669734286.png
45.133.44.9200 OK 133 kB URL HTTP/2 cdn.cloudimagesb.com/si/11/cf/48/11cf48d4558fb051074d81f264532bb0/1669734286.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size 133 kB (133206 bytes)
Hash cdfb8db89366e933cc7475f5309eaea6
a310f5e5f738447abf8c43b5df2ba01d0f61d206
eeca6aa074302eecc1294fa1a44297f08adf932abd6c579541a535736a9ec0de
GET /si/11/cf/48/11cf48d4558fb051074d81f264532bb0/1669734286.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:44 GMT
content-type: image/png
content-length: 133206
server: nginx/1.17.6
last-modified: Tue, 29 Nov 2022 15:04:55 GMT
etag: "63861f97-20856"
expires: Tue, 06 Dec 2022 19:49:44 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:44 GMT
content-length: 0
set-cookie: nauid=3OLFcTqTnNWsZqYO9dBr; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:44 GMT
content-length: 0
set-cookie: nauid=ORPFzyV6J6qfcLBBiFDF; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/ae/aa/f6/aeaaf64c11bf62877f097a925a641d6b/1669388807.png
45.133.44.9200 OK 91 kB URL HTTP/2 cdn.cloudimagesb.com/si/ae/aa/f6/aeaaf64c11bf62877f097a925a641d6b/1669388807.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c1718772ca810c6c121fa1d02672bb44
22c20701dcd78b1bd41ada8b04576f73d3e42253
91561b48a3e4957afb6aaefbfa5c6463534db30a9bdc2a0f0aabbeef28486a33
GET /si/ae/aa/f6/aeaaf64c11bf62877f097a925a641d6b/1669388807.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:44 GMT
content-type: image/png
content-length: 91434
server: nginx/1.17.6
last-modified: Fri, 25 Nov 2022 15:06:56 GMT
etag: "6380da10-1652a"
expires: Tue, 06 Dec 2022 19:49:44 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:44 GMT
content-length: 0
set-cookie: nauid=3uPnVrxXlldjySaIjDV6; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:44 GMT
content-length: 0
set-cookie: nauid=D5zAgE7rDzAds0IJvYwi; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fanimate.css&l=79249&fd=166
173.233.139.164200 OK 0 B URL HTTP/1.1 peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fanimate.css&l=79249&fd=166
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fanimate.css&l=79249&fd=166 HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
lassistslegisten.com/ejMyVnMbUVE7TBsOUHAGCF8Pc0E8FgAQF0lHCmEcFVwCYEpNQwp4EBZcRzIVCFxcIl0UVkZzQTx6fRIhIGpYABEtSVETMBFLVgYlQn52ISUdZWMXFiJaXRgkSlR4GQkSWFYDFx1mei4pL3dgEyIveWMMNTNnZBAmSXFjMRYvZ1EUMDtYYRkyIGtwBzFfAXQQGCxramQiImQDLiEqREY0KyxxF2Q1PAJjECQuamsONShqfRMQMlVVEEAvW3MdMTJ2ZA41IGJ8PiU9e2MMAz52dzIxF19mFCEjdlQQNUl7YwwDPGVKATIXAnoUHRVhU2c5NHdVFEsva1EyMRceWQciAgN6ETU3dXYEAwpgShc4OHcGHiUWfVAwNThJcTEhFWZVAzk4dFoeMQ1bYRsxOGJqOgASYUUyVkhxcAEfInRFMSA2dQoTVRBAXTgDR1FoBz4JCgAfEh5e
108.157.229.125200 OK 1.2 kB URL HTTP/2 lassistslegisten.com/ejMyVnMbUVE7TBsOUHAGCF8Pc0E8FgAQF0lHCmEcFVwCYEpNQwp4EBZcRzIVCFxcIl0UVkZzQTx6fRIhIGpYABEtSVETMBFLVgYlQn52ISUdZWMXFiJaXRgkSlR4GQkSWFYDFx1mei4pL3dgEyIveWMMNTNnZBAmSXFjMRYvZ1EUMDtYYRkyIGtwBzFfAXQQGCxramQiImQDLiEqREY0KyxxF2Q1PAJjECQuamsONShqfRMQMlVVEEAvW3MdMTJ2ZA41IGJ8PiU9e2MMAz52dzIxF19mFCEjdlQQNUl7YwwDPGVKATIXAnoUHRVhU2c5NHdVFEsva1EyMRceWQciAgN6ETU3dXYEAwpgShc4OHcGHiUWfVAwNThJcTEhFWZVAzk4dFoeMQ1bYRsxOGJqOgASYUUyVkhxcAEfInRFMSA2dQoTVRBAXTgDR1FoBz4JCgAfEh5e
IP 108.157.229.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3038), with no line terminators
Hash 76118e06d42c4c8aa3045806754c8dfb
eddd1c48205b17e8e75df61560cd307cdcfbad14
d0045115199c3defd2211e3bc44ab7f8650e55c715fa0fa059d183a2b5648555
GET /ejMyVnMbUVE7TBsOUHAGCF8Pc0E8FgAQF0lHCmEcFVwCYEpNQwp4EBZcRzIVCFxcIl0UVkZzQTx6fRIhIGpYABEtSVETMBFLVgYlQn52ISUdZWMXFiJaXRgkSlR4GQkSWFYDFx1mei4pL3dgEyIveWMMNTNnZBAmSXFjMRYvZ1EUMDtYYRkyIGtwBzFfAXQQGCxramQiImQDLiEqREY0KyxxF2Q1PAJjECQuamsONShqfRMQMlVVEEAvW3MdMTJ2ZA41IGJ8PiU9e2MMAz52dzIxF19mFCEjdlQQNUl7YwwDPGVKATIXAnoUHRVhU2c5NHdVFEsva1EyMRceWQciAgN6ETU3dXYEAwpgShc4OHcGHiUWfVAwNThJcTEhFWZVAzk4dFoeMQ1bYRsxOGJqOgASYUUyVkhxcAEfInRFMSA2dQoTVRBAXTgDR1FoBz4JCgAfEh5e HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1189
date: Sun, 04 Dec 2022 19:49:44 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 36510edbc7ba8916907c18e15b00f64c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 8R5QnzJWb87eky3ZOy1mTRp8ZW7Pf7ba2Mj96tp9UTYhQSqxbldGCA==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fstyle.css&l=3672&fd=152
173.233.139.164200 OK 0 B URL HTTP/1.1 peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fstyle.css&l=3672&fd=152
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fstyle.css&l=3672&fd=152 HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
lassistslegisten.com/SXFjeVAoEwAUbyhMAV8lOx1eXGIPVFE/NHoFW04/Jh5TT2l+AVtXMyUeFh02Ox4NDX4nFBdcYg86MRc/eSsZKDwPJww7EzM4NywWJj8APDcMJwQ7Nww0ADAHIysrHTh8JiktBmxDJS88LUIlARkdJQozGAs0JSAaMSM3LjgAGyU/NCgzNDgyHDA2MzMlCSI/YToFMUkzAicKOAQRIzk9ADESMDw8H0YlSCMtKTAWBx8kKj4RDEkCLygPQTARJxgpMB41HgkhMQl5FiY6BQsbMDgCHjMkERsMJzFLCXkWJjwWeR43OBIKMxQrNgsdBzQzDEUxLxgTGzA4fRgnMhQeAxU1IBUqQDI8BCE3Uyo8BDI1AGAfNDUvKS00DD8GPiNQKjcfMiEXCSopMS8CADM1NAEuKCIqJxsiJBcKKiA1FhZvGxAWPjlMIQAyKj4oSDN4HA
108.157.229.125200 OK 1.2 kB URL HTTP/2 lassistslegisten.com/SXFjeVAoEwAUbyhMAV8lOx1eXGIPVFE/NHoFW04/Jh5TT2l+AVtXMyUeFh02Ox4NDX4nFBdcYg86MRc/eSsZKDwPJww7EzM4NywWJj8APDcMJwQ7Nww0ADAHIysrHTh8JiktBmxDJS88LUIlARkdJQozGAs0JSAaMSM3LjgAGyU/NCgzNDgyHDA2MzMlCSI/YToFMUkzAicKOAQRIzk9ADESMDw8H0YlSCMtKTAWBx8kKj4RDEkCLygPQTARJxgpMB41HgkhMQl5FiY6BQsbMDgCHjMkERsMJzFLCXkWJjwWeR43OBIKMxQrNgsdBzQzDEUxLxgTGzA4fRgnMhQeAxU1IBUqQDI8BCE3Uyo8BDI1AGAfNDUvKS00DD8GPiNQKjcfMiEXCSopMS8CADM1NAEuKCIqJxsiJBcKKiA1FhZvGxAWPjlMIQAyKj4oSDN4HA
IP 108.157.229.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash 85c4d02f7d5419d3e4f43bf30a38dac9
d23f580d2d6d173c5995c560917f72fe1cda89e3
f9aca0b7a4147714ff691a547e043898da9ed001a75851311a2e493342136c10
GET /SXFjeVAoEwAUbyhMAV8lOx1eXGIPVFE/NHoFW04/Jh5TT2l+AVtXMyUeFh02Ox4NDX4nFBdcYg86MRc/eSsZKDwPJww7EzM4NywWJj8APDcMJwQ7Nww0ADAHIysrHTh8JiktBmxDJS88LUIlARkdJQozGAs0JSAaMSM3LjgAGyU/NCgzNDgyHDA2MzMlCSI/YToFMUkzAicKOAQRIzk9ADESMDw8H0YlSCMtKTAWBx8kKj4RDEkCLygPQTARJxgpMB41HgkhMQl5FiY6BQsbMDgCHjMkERsMJzFLCXkWJjwWeR43OBIKMxQrNgsdBzQzDEUxLxgTGzA4fRgnMhQeAxU1IBUqQDI8BCE3Uyo8BDI1AGAfNDUvKS00DD8GPiNQKjcfMiEXCSopMS8CADM1NAEuKCIqJxsiJBcKKiA1FhZvGxAWPjlMIQAyKj4oSDN4HA HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1184
date: Sun, 04 Dec 2022 19:49:44 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 36510edbc7ba8916907c18e15b00f64c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 4fTLOE165V7ItYuc_T_-x1e-IuCBxTXkSbWoUMZYMTq52x_BvgF38g==
X-Firefox-Spdy: h2
lassistslegisten.com/eHFZSk4ZEzoncRlMO2w7Ch1kb3w+VGsMKksFYX0hFx5pfHdPAWFkLRQeLC4oCh43PmAWFC1vfD4DAycfASYBIQg7QC5vfD4jMQMALhwLCxs+KBorCwwwHSELSjchEBQhGWAACBQoEQIfORkbej5dQx8OHA8wHXgiHjI+HC0oGgsLDy4GbxgIHDIMMH4aJmgLGzQzMSgNLkEzDw8XOAx5NjQ4Hw8tGSchHxg6HiwPDx8wARl6MyBoEw02BmgOGB87NhkbECQfeCFPIGgTDTQZGAMbHythGScqMxgNJTokHwsWGRstDhgfOCsOfjYpOngmMiRpJQ0bNyEfGD5cDHIJH0EVDHwLVGsMGD4gHSsbFCkPCwBAImgTDS8IKikPOQUSLAsLFg8bBAsnaBANKkMLA2gSAjYkPkUhH3o+SkQdMwkbCQ
108.157.229.125200 OK 1.2 kB URL HTTP/2 lassistslegisten.com/eHFZSk4ZEzoncRlMO2w7Ch1kb3w+VGsMKksFYX0hFx5pfHdPAWFkLRQeLC4oCh43PmAWFC1vfD4DAycfASYBIQg7QC5vfD4jMQMALhwLCxs+KBorCwwwHSELSjchEBQhGWAACBQoEQIfORkbej5dQx8OHA8wHXgiHjI+HC0oGgsLDy4GbxgIHDIMMH4aJmgLGzQzMSgNLkEzDw8XOAx5NjQ4Hw8tGSchHxg6HiwPDx8wARl6MyBoEw02BmgOGB87NhkbECQfeCFPIGgTDTQZGAMbHythGScqMxgNJTokHwsWGRstDhgfOCsOfjYpOngmMiRpJQ0bNyEfGD5cDHIJH0EVDHwLVGsMGD4gHSsbFCkPCwBAImgTDS8IKikPOQUSLAsLFg8bBAsnaBANKkMLA2gSAjYkPkUhH3o+SkQdMwkbCQ
IP 108.157.229.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Hash e00609cb8ee1a7341dda2c5c1de61916
81d79a9bc864bae93a9ae8c5856b5f5c89c1956c
641773cff6f37e70078b163ef1a62a1c21185f4e7b6317e533ca805bfb32b23a
GET /eHFZSk4ZEzoncRlMO2w7Ch1kb3w+VGsMKksFYX0hFx5pfHdPAWFkLRQeLC4oCh43PmAWFC1vfD4DAycfASYBIQg7QC5vfD4jMQMALhwLCxs+KBorCwwwHSELSjchEBQhGWAACBQoEQIfORkbej5dQx8OHA8wHXgiHjI+HC0oGgsLDy4GbxgIHDIMMH4aJmgLGzQzMSgNLkEzDw8XOAx5NjQ4Hw8tGSchHxg6HiwPDx8wARl6MyBoEw02BmgOGB87NhkbECQfeCFPIGgTDTQZGAMbHythGScqMxgNJTokHwsWGRstDhgfOCsOfjYpOngmMiRpJQ0bNyEfGD5cDHIJH0EVDHwLVGsMGD4gHSsbFCkPCwBAImgTDS8IKikPOQUSLAsLFg8bBAsnaBANKkMLA2gSAjYkPkUhH3o+SkQdMwkbCQ HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1170
date: Sun, 04 Dec 2022 19:49:44 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 36510edbc7ba8916907c18e15b00f64c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: qwgea3izbLh-9bFz855WTqzkEeqBvzwao85uQabu3FOoHYFJIQx0Rg==
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194942%3Aet%3A1670183382%3Ac%3A1%3Arn%3A39177933%3Arqn%3A5%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670183378342%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183382%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20%28SD%202021%29%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29ecs%281%29fip%281%29ti%282%29
93.158.134.119200 OK 628 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194942%3Aet%3A1670183382%3Ac%3A1%3Arn%3A39177933%3Arqn%3A5%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670183378342%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183382%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20%28SD%202021%29%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29ecs%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
Hash 61364091a85b7ce72e9882508f840e11
d3843a230eaf06cfa00afe76db826680b7885d34
d3498e59444a73f091d3e2d62cbce1d4611f65135b0c66853c0b6ae797abd104
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194942%3Aet%3A1670183382%3Ac%3A1%3Arn%3A39177933%3Arqn%3A5%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670183378342%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183382%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20%28SD%202021%29%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29ecs%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 04 Dec 2022 19:49:44 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 19:49:44 GMT
last-modified: Sun, 04-Dec-2022 19:49:44 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5e178f3b526edee352d9b28af2257f11
07b38a86e9afe9a3aa168eacb99ae717d54829f4
d9ecd0706d265906b70d78272c9ddeec7bc96e61f7e5554372d08e019a91e4ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D9ECD0706D265906B70D78272C9DDEEC7BC96E61F7E5554372D08E019A91E4CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9332
Expires: Sun, 04 Dec 2022 22:25:16 GMT
Date: Sun, 04 Dec 2022 19:49:44 GMT
Connection: keep-alive
peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=50
173.233.139.164200 OK 0 B URL HTTP/1.1 peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=50
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=50 HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
172.64.108.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
IP 172.64.108.13:0
Hash 21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/ssp/utility/social-media/facebook/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:44 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1663065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uu%2F48CLA8u8D1WEvmLlWgIRJ13rdIiusKs7VOHu1BWLUnfinPtkBdFxHHpABz%2BqLunUbgXP0cXBNP1Jqc3v1WD60zA5hEaY5ZiO%2BFp9taUyIP9ir43R5KZ78GwPVxmXSz9lWhEe7NAf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77471128eb257201-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lynormationpas.com/VmFFekR5XiYJeQwMPUwlATsjLBFnABA8cTAwKUsQADcxORw6OGMOLTJcfEx2ZlBxXDQ/BXhLYiUVJA4xJVx0XC04BypHYiBcdFR3Yk92S2pnRzBHdXAVNRsja1BjCjAiDXhLcmFRdEJ3ZVl3S3xl
188.114.96.1204 No Content 0 B URL HTTP/2 lynormationpas.com/VmFFekR5XiYJeQwMPUwlATsjLBFnABA8cTAwKUsQADcxORw6OGMOLTJcfEx2ZlBxXDQ/BXhLYiUVJA4xJVx0XC04BypHYiBcdFR3Yk92S2pnRzBHdXAVNRsja1BjCjAiDXhLcmFRdEJ3ZVl3S3xl
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VmFFekR5XiYJeQwMPUwlATsjLBFnABA8cTAwKUsQADcxORw6OGMOLTJcfEx2ZlBxXDQ/BXhLYiUVJA4xJVx0XC04BypHYiBcdFR3Yk92S2pnRzBHdXAVNRsja1BjCjAiDXhLcmFRdEJ3ZVl3S3xl HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 19:49:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fcQ6ihVQoya5Cpo2InZUgBaV3TgpgDTeV8UHS0vjJ2cCqAftD%2Fm14GoKq0Me5NBMuP2zfbh43b63hvq3oCaNiF607TSBU4%2B6Zg7Mj0Q1v1l1nn%2BOqgUKjGLEdbBwI6TX10dPLlw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7747112a99ab0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
172.64.108.13200 OK 210 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
IP 172.64.108.13:0
Hash 14c6a15c2c7729c885b33c990f37d2a5
865d9621a3a4c2b446ec535471412bf491a1e60e
bd7b0405bc197d2564e68c4366fdbfc06c0711a10231877d33c8c6cdd05fe7f0
GET /sb/ssp/utility/social-media/facebook/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:44 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1663065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2BfFl5CvFRVCdk%2FNNbe1kSMu039k2x3tldcvg0FwUBBNChOE8HgMYuDITCqiHIpY2J2tW2qDKF6DGVz0ZhQw4%2B3VBAbi2wm6JQjYL5L37jvMPRnDoBJJWJn4KsxB6yHA5Uu7ljF4RjkS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77471128fb407201-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lynormationpas.com/bUpmeE5CdQULcz8nVy0dBjoRIAk3fQBLHAgTCAg3DgxTEy1eA0AMJwl3X09/VH1TXj4ELltLfEs5Ehk6GDlbSWgEJAAXc0s8W0hgVWRXS2BdbBNFf0s+FhkpUHtACDoZJltJeFp6V0B9XnJUSXpc
188.114.96.1204 No Content 0 B URL HTTP/2 lynormationpas.com/bUpmeE5CdQULcz8nVy0dBjoRIAk3fQBLHAgTCAg3DgxTEy1eA0AMJwl3X09/VH1TXj4ELltLfEs5Ehk6GDlbSWgEJAAXc0s8W0hgVWRXS2BdbBNFf0s+FhkpUHtACDoZJltJeFp6V0B9XnJUSXpc
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bUpmeE5CdQULcz8nVy0dBjoRIAk3fQBLHAgTCAg3DgxTEy1eA0AMJwl3X09/VH1TXj4ELltLfEs5Ehk6GDlbSWgEJAAXc0s8W0hgVWRXS2BdbBNFf0s+FhkpUHtACDoZJltJeFp6V0B9XnJUSXpc HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 19:49:44 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7BvEqIX7JTKfRCDrypCERfF3Vm6TPa9I6qXLzxZ241%2FOZI39LjCmGt4FUjEhWPjKplPu5fOmToRAgq%2BxtMYmKYHYswzWcv1OqJkmlC5T4e8WvjdlwfLyLRtqiCwx%2B0JHQSN%2F6R8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7747112b0a350b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=57
173.233.139.164200 OK 0 B URL HTTP/1.1 peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=57
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=57 HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fjs%2Fscript.js&l=775&fd=88
173.233.139.164200 OK 0 B URL HTTP/1.1 peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fjs%2Fscript.js&l=775&fd=88
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fjs%2Fscript.js&l=775&fd=88 HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
d3t87ooo0697p8.cloudfront.net/KRno0ZzQlFVoBCzITUFoNcEgEVgBgEEcIWjZHdh5WJTV/Vld3FxITTiJHBEFYJxRTWhIjFFdaBWAbUAUJclxAF1stR0cKViATXRZDPxcSElV7F1sdXSoWVUIGAE8aVxF0ShwQXSgeWxBHY0gECUBjSARWBGhKEVR2Y0gEEF0oTABCBwRfBldMcE4RVHZjSA-QVQmNJdVYEc1QEThF0SlMCVy0VEVVydEoFVwR3SgVCBnYcXRVRIBVMQgYASwRSGnZcQVoF
143.204.42.128200 OK 599 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/KRno0ZzQlFVoBCzITUFoNcEgEVgBgEEcIWjZHdh5WJTV/Vld3FxITTiJHBEFYJxRTWhIjFFdaBWAbUAUJclxAF1stR0cKViATXRZDPxcSElV7F1sdXSoWVUIGAE8aVxF0ShwQXSgeWxBHY0gECUBjSARWBGhKEVR2Y0gEEF0oTABCBwRfBldMcE4RVHZjSA-QVQmNJdVYEc1QEThF0SlMCVy0VEVVydEoFVwR3SgVCBnYcXRVRIBVMQgYASwRSGnZcQVoF
IP 143.204.42.128:0
File type ASCII text, with very long lines (830), with no line terminators
Hash 39f62b69cda790f51434df3da0caf60d
a355a9191edbf78d2951175d3ade0ecfaf4ac30a
96f7970ff728af3f8859ef5a6fcc1d66e1e4adba40d94b39b24544693841d804
GET /KRno0ZzQlFVoBCzITUFoNcEgEVgBgEEcIWjZHdh5WJTV/Vld3FxITTiJHBEFYJxRTWhIjFFdaBWAbUAUJclxAF1stR0cKViATXRZDPxcSElV7F1sdXSoWVUIGAE8aVxF0ShwQXSgeWxBHY0gECUBjSARWBGhKEVR2Y0gEEF0oTABCBwRfBldMcE4RVHZjSA-QVQmNJdVYEc1QEThF0SlMCVy0VEVVydEoFVwR3SgVCBnYcXRVRIBVMQgYASwRSGnZcQVoF HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lassistslegisten.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 599
date: Sun, 04 Dec 2022 19:49:44 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DGRZX9NQ8mjEFmXorFCMdm-PUVhrkpn-Ez9OwN6MyyRTJLYZBm58zw==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/IODRZYjVbWzcECkxdPV8MDwVgVQAeXioNW0gJOzhkdUdgUHxZUDREQUJQZFITVFU3BQgeUTcBCAkSOAZXBQB/FkVXX2QXW1xRPwtbXVB/F1QFWTYYXFRYOEcHfgF3UhAKBHEVXFZQNhVGHQZpDEEdBmlTBRYEfFF3HQZpFVxWAm1HBnoRa1JNDgB8UXcdBm-kQQx0HGFMFDRppSxAKBD4HVlNbfFBzCgRoUgUJBGhHBwhSMBBQXlshRwd+BWlXGwgSLF8E
143.204.42.128200 OK 334 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/IODRZYjVbWzcECkxdPV8MDwVgVQAeXioNW0gJOzhkdUdgUHxZUDREQUJQZFITVFU3BQgeUTcBCAkSOAZXBQB/FkVXX2QXW1xRPwtbXVB/F1QFWTYYXFRYOEcHfgF3UhAKBHEVXFZQNhVGHQZpDEEdBmlTBRYEfFF3HQZpFVxWAm1HBnoRa1JNDgB8UXcdBm-kQQx0HGFMFDRppSxAKBD4HVlNbfFBzCgRoUgUJBGhHBwhSMBBQXlshRwd+BWlXGwgSLF8E
IP 143.204.42.128:0
File type ASCII text, with very long lines (423), with no line terminators
Hash 938bd788154edfd5b94d620dedd976e8
99caaeed6d1d7c5547e0a1c7a52059dbf75457c0
a0b020692b4e8f2214a205b5ca98bd5952327cb2f782c5f216bd2ba2068e06a4
GET /IODRZYjVbWzcECkxdPV8MDwVgVQAeXioNW0gJOzhkdUdgUHxZUDREQUJQZFITVFU3BQgeUTcBCAkSOAZXBQB/FkVXX2QXW1xRPwtbXVB/F1QFWTYYXFRYOEcHfgF3UhAKBHEVXFZQNhVGHQZpDEEdBmlTBRYEfFF3HQZpFVxWAm1HBnoRa1JNDgB8UXcdBm-kQQx0HGFMFDRppSxAKBD4HVlNbfFBzCgRoUgUJBGhHBwhSMBBQXlshRwd+BWlXGwgSLF8E HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lassistslegisten.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 334
date: Sun, 04 Dec 2022 19:49:44 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wxEH0wyiRgLf2UmP8pj-yEAjX4zQFEsrNjaDVvx_wW_VPSO78Qd65A==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/rZmQyWXkFC1w/RhINVmRAUFYCaEtADkE2FxZZYh9JFlYHHQAhB0p/DRwAD2lfCgVcPkRAAVw6RFdCUz0bW1AULBhbCV0jEAoIU3xLIFEcaVxUVBouEAgAXS4KQ1YCNw1DVgJoSUhUF2o7Q1YCLhAIUgZ8SiRBAGkBUFAXajtDVgIrD0NXc2hJU0oCcFxUVF-U8Gg0LF2s/VFQDaUlXVAN8S1YCWyscAAtKfEsgVQJsV1ZCR2RI
143.204.42.128200 OK 189 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/rZmQyWXkFC1w/RhINVmRAUFYCaEtADkE2FxZZYh9JFlYHHQAhB0p/DRwAD2lfCgVcPkRAAVw6RFdCUz0bW1AULBhbCV0jEAoIU3xLIFEcaVxUVBouEAgAXS4KQ1YCNw1DVgJoSUhUF2o7Q1YCLhAIUgZ8SiRBAGkBUFAXajtDVgIrD0NXc2hJU0oCcFxUVF-U8Gg0LF2s/VFQDaUlXVAN8S1YCWyscAAtKfEsgVQJsV1ZCR2RI
IP 143.204.42.128:0
File type ASCII text, with no line terminators
Hash 8c2e2564780608cdc4eda25a35f7d3c4
787846136c8b2ff69f2dc086709bf3c739a70bee
b8458fb05445e117d1ff75909974415bc51275d568e9ae376bd363fb259c67e4
GET /rZmQyWXkFC1w/RhINVmRAUFYCaEtADkE2FxZZYh9JFlYHHQAhB0p/DRwAD2lfCgVcPkRAAVw6RFdCUz0bW1AULBhbCV0jEAoIU3xLIFEcaVxUVBouEAgAXS4KQ1YCNw1DVgJoSUhUF2o7Q1YCLhAIUgZ8SiRBAGkBUFAXajtDVgIrD0NXc2hJU0oCcFxUVF-U8Gg0LF2s/VFQDaUlXVAN8S1YCWyscAAtKfEsgVQJsV1ZCR2RI HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lassistslegisten.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 189
date: Sun, 04 Dec 2022 19:49:44 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Y3Os5mFnuGty-bCmXvrQG9v6Gd_A44XOAABcYCz4yVIpymc2BoooxQ==
X-Firefox-Spdy: h2
peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=72
173.233.139.164200 OK 0 B URL HTTP/1.1 peacocktypewriter.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=72
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=72 HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
peacocktypewriter.com/pixel/sbs?c=1
173.233.139.164200 OK 0 B URL HTTP/1.1 peacocktypewriter.com/pixel/sbs?c=1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:45 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
peacocktypewriter.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhihcP6iCCCbiz%2FWtmZxJkMcZIMCYhieTipbqqeqbcmq6mqmt6di%2BGBCSHoBNPHnvfbHZRg5iD4EUIvYrIgpDxEPbg4v8gBrzJ7A6sfg79eV3vU%2FDe%2B9Qn626P%2BHB098r7ek0qRRdbTb9x8obMuC5t49L1RuA3%2FTONGzJrx2cao9nHDE8Hfqvpn2q8K9iKXgz9wPcDP2icl0akerS4z0LmD7pBs%2Bs347AZtGKMzH%2F%2FrfNgqQc%2B3CPPQ%2FLp%2F%2Fq%2FPIRkNbLBt%2BeEXSl0%2FsY7A6dooQ2GfOuDbCXTZYbBIUyNhzTbmk9D2ykhXxyBzrbmDqCHGzMHSOSUeE8CJNnWXCaS4f0DpYmCyJDw4yiHNYSqIWkNpm9D8scEYByXLiMbbF7SpqSrByydsVNy7OmfkOWUHPv9BWSDb84qOWpc08oVUmcWo7SCHNWQvRq520ax5kGW22DFLUj%2BK1l8ehHZYOOyVRqS777WDeNuIlpigXd4eyHm7XSh007ShTCNWr7fpm2asP2IpKwh0xpKjEHtUTjrwUkPLvXgcg8DvtugrW7q%2B0tpkkZRJ2aMRRFjrU6bt3gUd1Ifjs08jFHkYzA1BjM3kZubWJH3poTc2oBxj2D7FSz3YAuCIa9QCoLSEpSUoJQEZUFQDqv7XNnQVptcWZcE8x7Oe1RNdNFbp%2Fd10RMZWc%2F3yHOz9LxnP34dK2K3EQapiLotP42DUPhhm0VRGiRtJkQ7iERCYWUFaY%2BAWg9rckpebh1HLqfk%2F8uPkNBtWLUNJk%2BAupdAy8lS6IP2J3HHx1r2fUYLZ6jqC6qKvtXOMNFkyiXgukJeHEOx6q2rPfLi%2FkZPv3kCgu0s%2F1R%2F9uHJv7bBTIXcVPhI%2FkjQU3cmV3VJNq7q0pKHl%2FNCDuQanW37WkELcfSr98RqqQ2%2FcM6Ov3yLzYgZfHBd2OIizbjMepZ8fVZyLsx5bZggP1ywN0Ryxdn%2BWWcyl1%2B88vb5C4PcCGulzmpQ%2BdjeBZNT8sydT%2Fff8SuvGkhTw7gKA7dD5gWpa7D8Jmx%2BqN5qAqMOZ5LcQ%2BmqiQmTw0MlpySmf0CJneXPT5%2F6eXXzO9CkghX%2FuniI1%2B0d9IwHWtxGNqgwNBWGqgJVY1h3dFLkZmf5t2i%2FkChvkijjbSTKqHsH8Vq522gFsegknSXGeSIYD5bCqBP5fsh5vNQVQReFnbK7fz%2F5BwAA%2F%2F8BAAD%2F%2F90F2zOjBAAA
173.233.139.164200 OK 7 B URL HTTP/1.1 peacocktypewriter.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhihcP6iCCCbiz%2FWtmZxJkMcZIMCYhieTipbqqeqbcmq6mqmt6di%2BGBCSHoBNPHnvfbHZRg5iD4EUIvYrIgpDxEPbg4v8gBrzJ7A6sfg79eV3vU%2FDe%2B9Qn626P%2BHB098r7ek0qRRdbTb9x8obMuC5t49L1RuA3%2FTONGzJrx2cao9nHDE8Hfqvpn2q8K9iKXgz9wPcDP2icl0akerS4z0LmD7pBs%2Bs347AZtGKMzH%2F%2FrfNgqQc%2B3CPPQ%2FLp%2F%2Fq%2FPIRkNbLBt%2BeEXSl0%2FsY7A6dooQ2GfOuDbCXTZYbBIUyNhzTbmk9D2ykhXxyBzrbmDqCHGzMHSOSUeE8CJNnWXCaS4f0DpYmCyJDw4yiHNYSqIWkNpm9D8scEYByXLiMbbF7SpqSrByydsVNy7OmfkOWUHPv9BWSDb84qOWpc08oVUmcWo7SCHNWQvRq520ax5kGW22DFLUj%2BK1l8ehHZYOOyVRqS777WDeNuIlpigXd4eyHm7XSh007ShTCNWr7fpm2asP2IpKwh0xpKjEHtUTjrwUkPLvXgcg8DvtugrW7q%2B0tpkkZRJ2aMRRFjrU6bt3gUd1Ifjs08jFHkYzA1BjM3kZubWJH3poTc2oBxj2D7FSz3YAuCIa9QCoLSEpSUoJQEZUFQDqv7XNnQVptcWZcE8x7Oe1RNdNFbp%2Fd10RMZWc%2F3yHOz9LxnP34dK2K3EQapiLotP42DUPhhm0VRGiRtJkQ7iERCYWUFaY%2BAWg9rckpebh1HLqfk%2F8uPkNBtWLUNJk%2BAupdAy8lS6IP2J3HHx1r2fUYLZ6jqC6qKvtXOMNFkyiXgukJeHEOx6q2rPfLi%2FkZPv3kCgu0s%2F1R%2F9uHJv7bBTIXcVPhI%2FkjQU3cmV3VJNq7q0pKHl%2FNCDuQanW37WkELcfSr98RqqQ2%2FcM6Ov3yLzYgZfHBd2OIizbjMepZ8fVZyLsx5bZggP1ywN0Ryxdn%2BWWcyl1%2B88vb5C4PcCGulzmpQ%2BdjeBZNT8sydT%2Fff8SuvGkhTw7gKA7dD5gWpa7D8Jmx%2BqN5qAqMOZ5LcQ%2BmqiQmTw0MlpySmf0CJneXPT5%2F6eXXzO9CkghX%2FuniI1%2B0d9IwHWtxGNqgwNBWGqgJVY1h3dFLkZmf5t2i%2FkChvkijjbSTKqHsH8Vq522gFsegknSXGeSIYD5bCqBP5fsh5vNQVQReFnbK7fz%2F5BwAA%2F%2F8BAAD%2F%2F90F2zOjBAAA
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhihcP6iCCCbiz%2FWtmZxJkMcZIMCYhieTipbqqeqbcmq6mqmt6di%2BGBCSHoBNPHnvfbHZRg5iD4EUIvYrIgpDxEPbg4v8gBrzJ7A6sfg79eV3vU%2FDe%2B9Qn626P%2BHB098r7ek0qRRdbTb9x8obMuC5t49L1RuA3%2FTONGzJrx2cao9nHDE8Hfqvpn2q8K9iKXgz9wPcDP2icl0akerS4z0LmD7pBs%2Bs347AZtGKMzH%2F%2FrfNgqQc%2B3CPPQ%2FLp%2F%2Fq%2FPIRkNbLBt%2BeEXSl0%2FsY7A6dooQ2GfOuDbCXTZYbBIUyNhzTbmk9D2ykhXxyBzrbmDqCHGzMHSOSUeE8CJNnWXCaS4f0DpYmCyJDw4yiHNYSqIWkNpm9D8scEYByXLiMbbF7SpqSrByydsVNy7OmfkOWUHPv9BWSDb84qOWpc08oVUmcWo7SCHNWQvRq520ax5kGW22DFLUj%2BK1l8ehHZYOOyVRqS777WDeNuIlpigXd4eyHm7XSh007ShTCNWr7fpm2asP2IpKwh0xpKjEHtUTjrwUkPLvXgcg8DvtugrW7q%2B0tpkkZRJ2aMRRFjrU6bt3gUd1Ifjs08jFHkYzA1BjM3kZubWJH3poTc2oBxj2D7FSz3YAuCIa9QCoLSEpSUoJQEZUFQDqv7XNnQVptcWZcE8x7Oe1RNdNFbp%2Fd10RMZWc%2F3yHOz9LxnP34dK2K3EQapiLotP42DUPhhm0VRGiRtJkQ7iERCYWUFaY%2BAWg9rckpebh1HLqfk%2F8uPkNBtWLUNJk%2BAupdAy8lS6IP2J3HHx1r2fUYLZ6jqC6qKvtXOMNFkyiXgukJeHEOx6q2rPfLi%2FkZPv3kCgu0s%2F1R%2F9uHJv7bBTIXcVPhI%2FkjQU3cmV3VJNq7q0pKHl%2FNCDuQanW37WkELcfSr98RqqQ2%2FcM6Ov3yLzYgZfHBd2OIizbjMepZ8fVZyLsx5bZggP1ywN0Ryxdn%2BWWcyl1%2B88vb5C4PcCGulzmpQ%2BdjeBZNT8sydT%2Fff8SuvGkhTw7gKA7dD5gWpa7D8Jmx%2BqN5qAqMOZ5LcQ%2BmqiQmTw0MlpySmf0CJneXPT5%2F6eXXzO9CkghX%2FuniI1%2B0d9IwHWtxGNqgwNBWGqgJVY1h3dFLkZmf5t2i%2FkChvkijjbSTKqHsH8Vq522gFsegknSXGeSIYD5bCqBP5fsh5vNQVQReFnbK7fz%2F5BwAA%2F%2F8BAAD%2F%2F90F2zOjBAAA HTTP/1.1
Host: peacocktypewriter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=9249be5e-d8d6-4d6f-86bf-2f35006a6abc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:45 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 115aec71064d7fc8140dcef43fb2fcab
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cb439dd80ba82164b879c340b9778147
2bbd26b48daa0b8d2a190f7e8857c716dea279ca
3ab3afbcebe7c744b6446fbb471bda45722313cae36b3020e152e75425a3f760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cb439dd80ba82164b879c340b9778147
2bbd26b48daa0b8d2a190f7e8857c716dea279ca
3ab3afbcebe7c744b6446fbb471bda45722313cae36b3020e152e75425a3f760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 779 B IP 93.184.220.29:0
Hash b1d7bc162b9454886088b48cec637fdf
1b2070ed63df9a8afa316e6aefb647c5d0eb01ba
40576bb778bd88cd35a2f311f061a96915222943278b086d9ce133ec8d8177f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6501
Cache-Control: max-age=151176
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:45 GMT
Etag: "638c8bfc-1d7"
Expires: Tue, 06 Dec 2022 13:49:21 GMT
Last-Modified: Sun, 04 Dec 2022 12:01:00 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
lassistslegisten.com/utx?cb=yXe7Xuazrlf7&top=xfantazy.com&tid=971975
108.157.229.125204 No Content 0 B URL HTTP/2 lassistslegisten.com/utx?cb=yXe7Xuazrlf7&top=xfantazy.com&tid=971975
IP 108.157.229.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=yXe7Xuazrlf7&top=xfantazy.com&tid=971975 HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 19:49:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 04 Dec 2022 19:50:45 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 36510edbc7ba8916907c18e15b00f64c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: pFdf3jeEHndaEKw-c3dKflGw0-nZg9_o4okAGZrXneVdlKyCOpWZNQ==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 391 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash fc499f559ab936bb68a19283919b7fe3
c9d747652fe08c23810c875ddb990a10edc8d5ed
f9d98de1b52ad5421d99d2fe018ed4cce376677af1a6b387b12b7e791e18fce5
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 19:49:45 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-653634316%3A1670183385171825&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAutxVVWcm3vg0Z2_7EAnvW-aYT-g1BW4MHV-xr7Ft_Fmg1LCGP8Cf3j4VRvZcIIqjZLEyV5
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-YpZCWcJnfKkfcOk73HnCjA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:cxt7ySu4kFmZj98bZ_OOBWaLwSlDcQ:UbuYiQLjl2RawgPw;Path=/;Expires=Tue, 03-Dec-2024 19:49:45 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lassistslegisten.com/utx?cb=NX8tECBpDoUk&top=xfantazy.com&tid=962014
108.157.229.125204 No Content 0 B URL HTTP/2 lassistslegisten.com/utx?cb=NX8tECBpDoUk&top=xfantazy.com&tid=962014
IP 108.157.229.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=NX8tECBpDoUk&top=xfantazy.com&tid=962014 HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 19:49:45 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 04 Dec 2022 19:50:45 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 36510edbc7ba8916907c18e15b00f64c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: TN71dKD-1hrHrK-3GFwbU1Qp2AHBcXSIUqBfXb_m1UkBiTvtrLEZsA==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 32de36da85ba43a3705b08d763573b5e
6219a018ccec441a043c93a5f137e753398da7c2
519509adea3c79602150ded3cc8dba5b5475ec792e4dbc212df985436eb8767b
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 19:49:45 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-2080083104%3A1670183385210211&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvXKv81j58XV7erYSwYgj8j1hM9HJVaC1uJGB1-GnmI9i7D0jvzWy-5VBN4JEV1cscX5vYu
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-uwGnaf3y2nYMj4tLjxnW8g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:IQxV1dBdNyCDrmNvh4efG8l0m0vZBw:XKFQgyUtcbweHCTO;Path=/;Expires=Tue, 03-Dec-2024 19:49:45 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/v3/signin/identifier?dsh=S-653634316%3A1670183385171825&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAutxVVWcm3vg0Z2_7EAnvW-aYT-g1BW4MHV-xr7Ft_Fmg1LCGP8Cf3j4VRvZcIIqjZLEyV5
142.250.74.109403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-653634316%3A1670183385171825&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAutxVVWcm3vg0Z2_7EAnvW-aYT-g1BW4MHV-xr7Ft_Fmg1LCGP8Cf3j4VRvZcIIqjZLEyV5
IP 142.250.74.109:0
Hash 167c3f927e9d421f69583ec3c1a5e9f8
803ced35b6c469fbabd8665618ad0c682fec1e27
2d08bab11c99e17d7f0602b60f06e334a79e136a3d259532c645a2b1b99d8d6c
GET /v3/signin/identifier?dsh=S-653634316%3A1670183385171825&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAutxVVWcm3vg0Z2_7EAnvW-aYT-g1BW4MHV-xr7Ft_Fmg1LCGP8Cf3j4VRvZcIIqjZLEyV5 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 19:49:45 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-0Bil6WNP24ibit71iRv4ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 527ec109f6e1d31ffadf09d73e34f233
3a214d9e7ff9796507c93f250a89c5e8f8571410
5753d2d7f52438fdffc4c692b66ff3372ef3fa4779ccbf65d7074e9546139d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1798
Cache-Control: max-age=132440
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:45 GMT
Etag: "638c552b-116"
Expires: Tue, 06 Dec 2022 08:37:05 GMT
Last-Modified: Sun, 04 Dec 2022 08:07:07 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 278
static-cache.k2s.cc/thumbnail/ceyR6Sfzzqm4q22U9g/w320h240/0.jpeg
188.72.235.186200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ceyR6Sfzzqm4q22U9g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 3b14b5193a3bb1c58efa0a40db3b6106
e3495833e4315c7cec06f4a699be430f2339b4fe
742f5e81822e69bdb361252a9741b46c12efe485755981a87961bb823ea40233
GET /thumbnail/ceyR6Sfzzqm4q22U9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: image/jpeg
content-length: 13272
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
45.133.44.4200 OK 14 kB URL HTTP/2 cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash 663e2da0574933693c2c0e994681304f
3240c362ce07a9c43516ae26fdeca66a3549ecea
080285ca92c5a98e29b3b1534a9016e214e9db8d33bea3860d2ac9ea00e0510d
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:44 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 04 Dec 2022 20:49:44 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JeWVvST0w_y_qm6X_w/w320h240/0.jpeg
188.72.235.186200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JeWVvST0w_y_qm6X_w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 3881f14ffa684e592b3443456d858725
aa96060f10213a4896a26ca18741d83fae85c05b
09b494bd9c74ea73f4dd4d92e83fbea28b0c01e6a0be21d11c01ab2ea9f46d62
GET /thumbnail/JeWVvST0w_y_qm6X_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: image/jpeg
content-length: 15410
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Iu3HuSX1nvzt_Gqf-w/w320h240/0.jpeg
188.72.235.186200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Iu3HuSX1nvzt_Gqf-w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 4fb475909acc3c444cea8a955a68e641
8620e9a49ab2edc387d77851408332558f361056
8f73a4bebd746b4ffd1624249bf29d17948d50186e2317248f67ebefabfbe6a7
GET /thumbnail/Iu3HuSX1nvzt_Gqf-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: image/jpeg
content-length: 14331
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IunB7iSimKbo-z-e-Q/w320h240/0.jpeg
188.72.235.186200 OK 5.7 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IunB7iSimKbo-z-e-Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash f58416af07dbe7375ae81c99e3bc4a75
eb3b719b43c5fa92962cf2e41b423f118fb3e088
329adb2644c8d13f11b677963a3b67610aa54f9e9e0a35d79b6017b88115dfae
GET /thumbnail/IunB7iSimKbo-z-e-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: image/jpeg
content-length: 5724
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash be970c0d98a56f1d7f819e916984a282
9e7fc42718ca84b2be18604ff375ba9c90d3a65a
cb71068b310fad20817a9c6169a116a4a782be8625f3e91158b335c4f2228992
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB71068B310FAD20817A9C6169A116A4A782BE8625F3E91158B335C4F2228992"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3687
Expires: Sun, 04 Dec 2022 20:51:12 GMT
Date: Sun, 04 Dec 2022 19:49:45 GMT
Connection: keep-alive
soldierreproduceadmiration.com/pixel/sbs?c=1
173.233.137.44200 OK 0 B URL HTTP/1.1 soldierreproduceadmiration.com/pixel/sbs?c=1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c1b9d69d-2772-40b4-9a45-d15d8500ad3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:45 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
soldierreproduceadmiration.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRutzp8cfvWQSC4q4hw8GHBnq3t6dqaTw2KMkWDchCQS0YvVVdW75VZ3NVXd07MLQkhAcvAw8WT00vtmkyUaxIB6EESZFVQWlIyHsAf34F0vQsCTMpPB4IPu76t63%2BG999W7G%2BUeoSjZ7tlXzbrSms23m7Tx3EWVCVO5xtKFhk%2Bb9FjjosoWwmON%2FuRne0d92m7SI42XJV818wH1KfWp3ziprExMf37KQuW3I78Z0WYYNP12iL7979mVHhzzIHp75HEoMT6w8uMdKD5Cln52QrrVwuTPv5SWmhXGoie2XstWM1NlSB%2B2ifWQZFuzaRg3JuSDfTDZ1swBTG9z4gCxGhPvno8425rJRNy78UBprCEzxOJRVL0RpB5BsRG4uQIl7hKACyydQZbeXDK2YmsPWDZhx2T%2F%2FT%2BhqjHZ%2F%2BthZOmnx7XqN84bXRbKZA79pIbqj6CWR8jLbRTrHlS1DV5chhI%2Fkfn7p5Glm2ecNlBi91nux5FYiMRc0OkEcyGNw7mIhe054bdFt00pE61kGpFSI6hkBC0HYM5DOfmUhzLxUOYeUrHbYO0oobSTxEmr1Q05560W5%2B3ugmiLVthNKEo%2B8TBAkQ%2FA9QDcXkJuL2FVXRsTcnkTtvwWbqWGEx5cQdATNSpJUDmCihFUiqAqCKpefUNoF7j6ptCujP1ZDWa1VQ9NsbzBbphiWWZkI98jh6bp%2FfHYV1iVuw0WJFFEE5%2BGnQW64POOHwmf%2B4y1WCC5COBUDeX2Tb2uqzE5%2FNRvyCcrfedvxGwbTm%2BDq4Ng5dNg1bATULCVYdilWM9u9xOWFWx9rclNCmFq5MV%2BFGveht4jT0x1HH3zZ0i%2Bs3jnhPno%2BtKT4LZGbmu8rb4jWNZXh%2BdMRTbPmcqRO2fyQqVqnU02fL5ghTzw8StyrTJWnDrhBrde4BNi0t6%2BIF1xmmVCZcuOfHJcCSHtSWO5JF%2BfchdlfLZ0K8dLm5X56bMvnjyV5lY6p0w2AlN33%2FoGXI3JI4ND07f7TPcNKDuCLWuk5Q6ZAcqMwPNLcPnO4q3rE3wIZwisfjgT5x6qsh7aIH54qdWYtP7%2FO7TcWXz%2F6JHv125%2BARbXcHJn8csfPo9ePxgjlv9GsuGuYtl6YMUVZGmNnq3R0zWYHsCV%2FxsWud1Z%2FKU1BWLtDWNtvc1YW33tQbxO7Tbafii7cbfDhYglF34naHVblAZChJ1I%2BhEKN%2Bbv%2FXXvHwAAAP%2F%2FAQAA%2F%2F8d4dTrlwQAAA%3D%3D
173.233.137.44200 OK 7 B URL HTTP/1.1 soldierreproduceadmiration.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRutzp8cfvWQSC4q4hw8GHBnq3t6dqaTw2KMkWDchCQS0YvVVdW75VZ3NVXd07MLQkhAcvAw8WT00vtmkyUaxIB6EESZFVQWlIyHsAf34F0vQsCTMpPB4IPu76t63%2BG999W7G%2BUeoSjZ7tlXzbrSms23m7Tx3EWVCVO5xtKFhk%2Bb9FjjosoWwmON%2FuRne0d92m7SI42XJV818wH1KfWp3ziprExMf37KQuW3I78Z0WYYNP12iL7979mVHhzzIHp75HEoMT6w8uMdKD5Cln52QrrVwuTPv5SWmhXGoie2XstWM1NlSB%2B2ifWQZFuzaRg3JuSDfTDZ1swBTG9z4gCxGhPvno8425rJRNy78UBprCEzxOJRVL0RpB5BsRG4uQIl7hKACyydQZbeXDK2YmsPWDZhx2T%2F%2FT%2BhqjHZ%2F%2BthZOmnx7XqN84bXRbKZA79pIbqj6CWR8jLbRTrHlS1DV5chhI%2Fkfn7p5Glm2ecNlBi91nux5FYiMRc0OkEcyGNw7mIhe054bdFt00pE61kGpFSI6hkBC0HYM5DOfmUhzLxUOYeUrHbYO0oobSTxEmr1Q05560W5%2B3ugmiLVthNKEo%2B8TBAkQ%2FA9QDcXkJuL2FVXRsTcnkTtvwWbqWGEx5cQdATNSpJUDmCihFUiqAqCKpefUNoF7j6ptCujP1ZDWa1VQ9NsbzBbphiWWZkI98jh6bp%2FfHYV1iVuw0WJFFEE5%2BGnQW64POOHwmf%2B4y1WCC5COBUDeX2Tb2uqzE5%2FNRvyCcrfedvxGwbTm%2BDq4Ng5dNg1bATULCVYdilWM9u9xOWFWx9rclNCmFq5MV%2BFGveht4jT0x1HH3zZ0i%2Bs3jnhPno%2BtKT4LZGbmu8rb4jWNZXh%2BdMRTbPmcqRO2fyQqVqnU02fL5ghTzw8StyrTJWnDrhBrde4BNi0t6%2BIF1xmmVCZcuOfHJcCSHtSWO5JF%2BfchdlfLZ0K8dLm5X56bMvnjyV5lY6p0w2AlN33%2FoGXI3JI4ND07f7TPcNKDuCLWuk5Q6ZAcqMwPNLcPnO4q3rE3wIZwisfjgT5x6qsh7aIH54qdWYtP7%2FO7TcWXz%2F6JHv125%2BARbXcHJn8csfPo9ePxgjlv9GsuGuYtl6YMUVZGmNnq3R0zWYHsCV%2FxsWud1Z%2FKU1BWLtDWNtvc1YW33tQbxO7Tbafii7cbfDhYglF34naHVblAZChJ1I%2BhEKN%2Bbv%2FXXvHwAAAP%2F%2FAQAA%2F%2F8d4dTrlwQAAA%3D%3D
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRutzp8cfvWQSC4q4hw8GHBnq3t6dqaTw2KMkWDchCQS0YvVVdW75VZ3NVXd07MLQkhAcvAw8WT00vtmkyUaxIB6EESZFVQWlIyHsAf34F0vQsCTMpPB4IPu76t63%2BG999W7G%2BUeoSjZ7tlXzbrSms23m7Tx3EWVCVO5xtKFhk%2Bb9FjjosoWwmON%2FuRne0d92m7SI42XJV818wH1KfWp3ziprExMf37KQuW3I78Z0WYYNP12iL7979mVHhzzIHp75HEoMT6w8uMdKD5Cln52QrrVwuTPv5SWmhXGoie2XstWM1NlSB%2B2ifWQZFuzaRg3JuSDfTDZ1swBTG9z4gCxGhPvno8425rJRNy78UBprCEzxOJRVL0RpB5BsRG4uQIl7hKACyydQZbeXDK2YmsPWDZhx2T%2F%2FT%2BhqjHZ%2F%2BthZOmnx7XqN84bXRbKZA79pIbqj6CWR8jLbRTrHlS1DV5chhI%2Fkfn7p5Glm2ecNlBi91nux5FYiMRc0OkEcyGNw7mIhe054bdFt00pE61kGpFSI6hkBC0HYM5DOfmUhzLxUOYeUrHbYO0oobSTxEmr1Q05560W5%2B3ugmiLVthNKEo%2B8TBAkQ%2FA9QDcXkJuL2FVXRsTcnkTtvwWbqWGEx5cQdATNSpJUDmCihFUiqAqCKpefUNoF7j6ptCujP1ZDWa1VQ9NsbzBbphiWWZkI98jh6bp%2FfHYV1iVuw0WJFFEE5%2BGnQW64POOHwmf%2B4y1WCC5COBUDeX2Tb2uqzE5%2FNRvyCcrfedvxGwbTm%2BDq4Ng5dNg1bATULCVYdilWM9u9xOWFWx9rclNCmFq5MV%2BFGveht4jT0x1HH3zZ0i%2Bs3jnhPno%2BtKT4LZGbmu8rb4jWNZXh%2BdMRTbPmcqRO2fyQqVqnU02fL5ghTzw8StyrTJWnDrhBrde4BNi0t6%2BIF1xmmVCZcuOfHJcCSHtSWO5JF%2BfchdlfLZ0K8dLm5X56bMvnjyV5lY6p0w2AlN33%2FoGXI3JI4ND07f7TPcNKDuCLWuk5Q6ZAcqMwPNLcPnO4q3rE3wIZwisfjgT5x6qsh7aIH54qdWYtP7%2FO7TcWXz%2F6JHv125%2BARbXcHJn8csfPo9ePxgjlv9GsuGuYtl6YMUVZGmNnq3R0zWYHsCV%2FxsWud1Z%2FKU1BWLtDWNtvc1YW33tQbxO7Tbafii7cbfDhYglF34naHVblAZChJ1I%2BhEKN%2Bbv%2FXXvHwAAAP%2F%2FAQAA%2F%2F8d4dTrlwQAAA%3D%3D HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c1b9d69d-2772-40b4-9a45-d15d8500ad3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 19:49:45 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 289a6295862b208c0175801e394a2133
Strict-Transport-Security: max-age=0; includeSubdomains
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 1.7 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
Hash 53f365c8f210304c85280765768afb24
9c32edf83d9ff99992ba6ac4790aadda044e43d3
e82edc676075ee76ea008e921989d98d6f2461acf11ac4f8f7b0d95f44057d5c
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: text/html; charset=utf-8
content-length: 1631
cache-control: no-cache
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cLjGviP1yqm-_D6e_w/w320h240/0.jpeg
188.72.235.186200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cLjGviP1yqm-_D6e_w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 4a21423ac7c4fc244235746226009ad0
9ff867a8823abd9641fca695b280f96f7b7e5d44
f9a9a5249c7fd676eebf3c8553dad194f671335420866ec08e5eddcabdb42194
GET /thumbnail/cLjGviP1yqm-_D6e_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: image/jpeg
content-length: 13830
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IuqXvyOiwq7v-WiTrg/w320h240/0.jpeg
188.72.235.186200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IuqXvyOiwq7v-WiTrg/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 16cf3e2d2a09338fe56e31b779dc0732
6669fca65dde093bd3bdb67197fbdcf8649efb0d
56a1eb9b1726d1cbe04c178ad08d7f725802c84707deb75bfd2f7dda64e3148a
GET /thumbnail/IuqXvyOiwq7v-WiTrg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: image/jpeg
content-length: 11693
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.0 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 38bac92e7b1b0acaecda0b7111e26b82
abe88a373b9b7ae2c67b4b75cd74dde381aae84c
dbf9c8bfb618e319a86fa14c69c9a4e90157aa05999edfa74951ea24cd0fc44c
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=D5zAgE7rDzAds0IJvYwi
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1473), with no line terminators
Hash 0df8eaf4a6feaef0ab9055b3fc881f99
aab910cac83a2df6bc7c2783b47ca2f302b3e65b
309306aca95b7799db5d6c7849936850c5d98eacf5b88a2ef0011cdd9aef4e0c
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9b55310.385164992133418356%22%3B%7D; expires=Tue, 03-Dec-2024 19:49:45 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
media.aso1.net/js/ifr.html
104.21.234.223200 OK 1.8 kB URL HTTP/2 media.aso1.net/js/ifr.html
IP 104.21.234.223:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 349da2ee3adcd093ddda9dca68d0736f
7134cb23458a73c339b37b45c27a3eca520697b1
bdc1dab326772d2f2a25a089daab2f6af2b364e9736572b664ddff531310d7f9
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: text/html
last-modified: Thu, 24 Nov 2022 16:06:01 GMT
etag: W/"637f9669-6ff"
expires: Mon, 28 Nov 2022 07:22:28 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 748620
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WlEYCn%2FWQmRk0h9IJSYov8ItGQuw%2FfA2%2Fk6bN6I2GFUMC0WXV%2FnboBeX0ix0TdlgEYiVTF7J6GsQCYJwbXhp2UdKUpzxik%2FBCzZttBkc2ELh7Po48kMUj6E%2FBRJmc18DfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747112f5bf6dd2f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 2a6a4cffe26a138a5aa240dc5cb2c665
41307dc5b6cab45040d1e5157b59a1047bbf085a
2cdfb4803d52393180742872a654ab1810118e8bfa8b2a7da5f4f4dbcf7ce4b8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 05:56:27 GMT
Expires: Fri, 09 Dec 2022 05:56:26 GMT
Etag: "41307dc5b6cab45040d1e5157b59a1047bbf085a"
Cache-Control: max-age=381400,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77471130af7cb4fd-OSL
cdn.tsyndicate.com/sdk/v1/master.spot.js
8.248.225.238200 OK 13 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/master.spot.js
IP 8.248.225.238:0
File type ASCII text, with very long lines (28267)
Hash 2302d49bf491a9778085df04b4da3cf0
5ef4ce33d0fd46d9c5d399ed7f15f0d9031a92ad
0591e83eaf13b272e80594297303e0435272faed43520f07773da71e989c4135
GET /sdk/v1/master.spot.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: application/javascript
content-length: 12771
last-modified: Wed, 23 Nov 2022 12:53:01 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"637e17ad-890f"
age: 974717
accept-ranges: bytes
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.14200 OK 23 kB URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (51260)
Hash 3d37e46b4e8c6241a3df46240a4553bc
33314a27bab5764e10e10424de64c6d91fad7e2c
e9268d963ec5d3190a0670402ae1f9594a21e14b4a4eb47ee0a6a287285e95b2
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: application/javascript
etag: W/"f26c91d131ffc1bbddb296d644e"
expires: Fri, 02 Dec 2022 12:50:41 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1670190687
server: CDN77-Turbo
x-77-nzt: AblMCQ2G+wj/qg0AAA
x-77-nzt-ray: c0a4cc289ed85fe2d9f98c63815ece20
x-cache: HIT
x-age: 3498
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VQS2pDMQy8Si8QI+trZ99tC4EewH55jyxCCvlACnP4Pic0u2oQjKRhkMTEvMm8IX3LutW6VUPNqVJSTtkUH587aMapXW/ndjzM7Xg9XL5v52lO0/HWoexkFeau1VGDSBwaxa0WGJXBw8IRwV48FEoQ0Ao2UR0sEXGppJZLSA0XFML71+6RGTmRRAVDiO5stLbGVsNIV073Ybb3WXJkrbP3PtVo3n0f0Zr2ZeUyhGjp3zvoiUTmq5T/akhWYWVs8qtQrEF4jNvl5zQBL/kT9jAQaBnLoguV3teXaC80WVm6lKXKZAtLydZ+ATkxh8qFAQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VQS2pDMQy8Si8QI+trZ99tC4EewH55jyxCCvlACnP4Pic0u2oQjKRhkMTEvMm8IX3LutW6VUPNqVJSTtkUH587aMapXW/ndjzM7Xg9XL5v52lO0/HWoexkFeau1VGDSBwaxa0WGJXBw8IRwV48FEoQ0Ao2UR0sEXGppJZLSA0XFML71+6RGTmRRAVDiO5stLbGVsNIV073Ybb3WXJkrbP3PtVo3n0f0Zr2ZeUyhGjp3zvoiUTmq5T/akhWYWVs8qtQrEF4jNvl5zQBL/kT9jAQaBnLoguV3teXaC80WVm6lKXKZAtLydZ+ATkxh8qFAQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VQS2pDMQy8Si8QI+trZ99tC4EewH55jyxCCvlACnP4Pic0u2oQjKRhkMTEvMm8IX3LutW6VUPNqVJSTtkUH587aMapXW/ndjzM7Xg9XL5v52lO0/HWoexkFeau1VGDSBwaxa0WGJXBw8IRwV48FEoQ0Ao2UR0sEXGppJZLSA0XFML71+6RGTmRRAVDiO5stLbGVsNIV073Ybb3WXJkrbP3PtVo3n0f0Zr2ZeUyhGjp3zvoiUTmq5T/akhWYWVs8qtQrEF4jNvl5zQBL/kT9jAQaBnLoguV3teXaC80WVm6lKXKZAtLydZ+ATkxh8qFAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9b55310.385164992133418356%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9b55310.385164992133418356%22%3B%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b55310.385164992133418356%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.5 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (1482)
Hash 9c0c23fd3c63fe83193cd70c7e7e347b
35a9b129a8eb823bc9a07c9e07d0047aff5313e5
4501d072e9655cd9234481134d42f9d7a97e1de178a9657f2f9b4a7158524ff0
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=D5zAgE7rDzAds0IJvYwi
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1461), with no line terminators
Hash 62b3bc4a98aef219512af75166a8b640
5303dd4296fe260d535b30d99b404f83521183e4
98a63b1ba478e157d168698ac0e718b2b19e51a6127305db1e3c6b0eba54714a
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9b5d8d5.443579853844039546%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDMQz8lf7AGllPK/deWwj0AxzvLjksKeQBKejjayc0t2oQjKRhGCEgThkn4LfMO/YdS3hODokxZeH4+NwH5zjV6+1ct+NSt+vx8n07tyW17XYIRgXxEFV2DTcA0mArKl5CoAxuYhpmqEWNgyEooAOFmAdLAOiZhYobOmqOAvH+tX90jpyAzAODAO4o0Fcj1TDizuE+zHSdwcykKhF4JbcGCzPOKuorrUMYNf37BzyRQI26Fv8WQZkJGWPKr4GjF8TjXC8/pxbxkj8hDwMKLiNtHBr2x1qe29qz8DLLQqVIq9xzrvP8C39xmj6GAQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDMQz8lf7AGllPK/deWwj0AxzvLjksKeQBKejjayc0t2oQjKRhGCEgThkn4LfMO/YdS3hODokxZeH4+NwH5zjV6+1ct+NSt+vx8n07tyW17XYIRgXxEFV2DTcA0mArKl5CoAxuYhpmqEWNgyEooAOFmAdLAOiZhYobOmqOAvH+tX90jpyAzAODAO4o0Fcj1TDizuE+zHSdwcykKhF4JbcGCzPOKuorrUMYNf37BzyRQI26Fv8WQZkJGWPKr4GjF8TjXC8/pxbxkj8hDwMKLiNtHBr2x1qe29qz8DLLQqVIq9xzrvP8C39xmj6GAQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDMQz8lf7AGllPK/deWwj0AxzvLjksKeQBKejjayc0t2oQjKRhGCEgThkn4LfMO/YdS3hODokxZeH4+NwH5zjV6+1ct+NSt+vx8n07tyW17XYIRgXxEFV2DTcA0mArKl5CoAxuYhpmqEWNgyEooAOFmAdLAOiZhYobOmqOAvH+tX90jpyAzAODAO4o0Fcj1TDizuE+zHSdwcykKhF4JbcGCzPOKuorrUMYNf37BzyRQI26Fv8WQZkJGWPKr4GjF8TjXC8/pxbxkj8hDwMKLiNtHBr2x1qe29qz8DLLQqVIq9xzrvP8C39xmj6GAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9b5d8d5.443579853844039546%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9b5d8d5.443579853844039546%22%3B%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b5d8d5.443579853844039546%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 1.6 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash 2e6884d372e64600b45afbdb3d22ddac
333702fe8f49ade431329278ca26dd1017a18988
815eb98afb0ec971c951d338a0e1d43be0819986824f91da754a205584c0eeef
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9b5d8d5.443579853844039546%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMRC7Si/wzHw9nuy7bSHQAziOQxYhhXwghTl87ReaXS0MskYWGgKiBWkBeUPZiG8kh2NySEIJVeLjcxuCca63+6Wejr2ebsfr9/3Semqn+y6EMqiH5iw+vhoA5xArOQOEQpnc1HKYOjuXIUBwwAApi0yWAMhRlIsbOWWMAvH+tV0vBiZg86BggAcpDGm2mkEyODxmmOK+t9KtoyobVWm1dOBmZPVwUJ7GqOnfPeCJBJp9eOlPCEZhEooFXw+JcSDWcb3+nFvEy/6ErgEcUmbbGC3aLpdCsLdmBzfzhtip1x3mfcVfp0RT1oYBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMRC7Si/wzHw9nuy7bSHQAziOQxYhhXwghTl87ReaXS0MskYWGgKiBWkBeUPZiG8kh2NySEIJVeLjcxuCca63+6Wejr2ebsfr9/3Semqn+y6EMqiH5iw+vhoA5xArOQOEQpnc1HKYOjuXIUBwwAApi0yWAMhRlIsbOWWMAvH+tV0vBiZg86BggAcpDGm2mkEyODxmmOK+t9KtoyobVWm1dOBmZPVwUJ7GqOnfPeCJBJp9eOlPCEZhEooFXw+JcSDWcb3+nFvEy/6ErgEcUmbbGC3aLpdCsLdmBzfzhtip1x3mfcVfp0RT1oYBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMRC7Si/wzHw9nuy7bSHQAziOQxYhhXwghTl87ReaXS0MskYWGgKiBWkBeUPZiG8kh2NySEIJVeLjcxuCca63+6Wejr2ebsfr9/3Semqn+y6EMqiH5iw+vhoA5xArOQOEQpnc1HKYOjuXIUBwwAApi0yWAMhRlIsbOWWMAvH+tV0vBiZg86BggAcpDGm2mkEyODxmmOK+t9KtoyobVWm1dOBmZPVwUJ7GqOnfPeCJBJp9eOlPCEZhEooFXw+JcSDWcb3+nFvEy/6ErgEcUmbbGC3aLpdCsLdmBzfzhtip1x3mfcVfp0RT1oYBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9e00848.945962052552389789%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b55310.385164992133418356%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9e00848.945962052552389789%22%3B%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b55310.385164992133418356%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/426059/c1a24994bc881cf022e6d63ef9c1eec8b98cbb02.mp4
185.76.9.23206 Partial Content 15 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/c1a24994bc881cf022e6d63ef9c1eec8b98cbb02.mp4
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 84aab959c68075ee40e677cd10aa257e
c1a24994bc881cf022e6d63ef9c1eec8b98cbb02
84fcda8fecea6427923cfe5641d88565f323d5f1dccf9e1e33d8115ff20cd132
GET /library/426059/c1a24994bc881cf022e6d63ef9c1eec8b98cbb02.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: video/mp4
content-length: 15306
last-modified: Thu, 11 Aug 2022 15:21:08 GMT
etag: "62f51e64-3bca"
expires: Tue, 28 Nov 2023 15:54:26 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701186888
server: CDN77-Turbo
x-77-nzt: AblMCRRZI8z/EiAIAA
x-77-nzt-ray: af585630c794742ddaf98c632433db06
x-cache: HIT
x-age: 532498
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-15305/15306
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.26200 OK 568 B URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type ASCII text, with CRLF line terminators
Hash 9e152ce62dd625375dbf1bfe1d160d47
b0a3acf719822cd0898ce7e83ccf8c9a9f2d01aa
7c2c254a85d2407ccf302bb6d1a2d87de8925ee9f75acfc1f760b86cb3bf08ce
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1670929677
server: CDN77-Turbo
x-77-nzt: AblMCRT1zKf/zW4EAA
x-77-nzt-ray: af5856302a9c682cdaf98c63e6dc4d01
x-cache: HIT
x-age: 290509
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/317632/98142af05ccff3cdb516d98d31340e6cdb23e7e8.gif
185.76.9.23200 OK 49 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/317632/98142af05ccff3cdb516d98d31340e6cdb23e7e8.gif
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type GIF image data, version 89a, 900 x 250\012- data
Hash 41b41ae511930314a33b5f067f96e5e7
98142af05ccff3cdb516d98d31340e6cdb23e7e8
8a161dfd958b7c91c54d9be27dd75a29ef0d2fd1dd514abf2d3937a63b8424f7
GET /library/317632/98142af05ccff3cdb516d98d31340e6cdb23e7e8.gif HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: image/gif
content-length: 48770
last-modified: Thu, 28 Apr 2022 14:04:31 GMT
etag: "626a9eef-be82"
expires: Sat, 25 Nov 2023 08:05:07 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1700902318
server: CDN77-Turbo
x-77-nzt: AblMCRQ4TXj/rHcMAA
x-77-nzt-ray: af585630c794742ddaf98c63d37fe206
x-cache: HIT
x-age: 817068
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/426059/abe8366f90aeda3c433717df3802e10d8a79c862.webp
185.76.9.23200 OK 9.5 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/abe8366f90aeda3c433717df3802e10d8a79c862.webp
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e964bddc07278a2dd02cbeffb72337c5
abe8366f90aeda3c433717df3802e10d8a79c862
a9e0fd45a1f14b3689a5dd8a1004f4d092d168313ba39dbfa5406022141ae7b4
GET /library/426059/abe8366f90aeda3c433717df3802e10d8a79c862.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: image/webp
content-length: 9542
last-modified: Thu, 22 Sep 2022 15:19:31 GMT
etag: "632c7d03-2546"
expires: Tue, 28 Nov 2023 15:03:47 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701671352
server: CDN77-Turbo
x-77-nzt: AblMCRSrHkD/orsAAA
x-77-nzt-ray: af585630c794742ddaf98c63813d1409
x-cache: HIT
x-age: 48034
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WPS2oDMRBEr5ILWPRfau+zTcCQA0iaGbwwDtgecKAPH41NvIsKQanUeqgIiHZIO5A3lL34Xiwck0MSSqgSH5+HEIxzva2XejrO9XQ7Xr/XS59TP60thAzUQ83Ex9MMwBaSixlAKJTNZ80WWZ2dywggOGCIlEU2lwDIUZSLZ3IyjALx/nV4bAxMwNmDggHupDCi7VcbSIaHO4Rx6YtP3nQqkyYR1uxlAEWAXUepyWbGjOKztdY9V2s25VyrtGV43kBR07894akEpmXM0l8QjMIkFDt8HSTGgnhc1+vPuUe8xp/SB4BDytYmpCv7XD13IwHVgcElL7Uvk3iD+gszHq6gpgEAAA==
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WPS2oDMRBEr5ILWPRfau+zTcCQA0iaGbwwDtgecKAPH41NvIsKQanUeqgIiHZIO5A3lL34Xiwck0MSSqgSH5+HEIxzva2XejrO9XQ7Xr/XS59TP60thAzUQ83Ex9MMwBaSixlAKJTNZ80WWZ2dywggOGCIlEU2lwDIUZSLZ3IyjALx/nV4bAxMwNmDggHupDCi7VcbSIaHO4Rx6YtP3nQqkyYR1uxlAEWAXUepyWbGjOKztdY9V2s25VyrtGV43kBR07894akEpmXM0l8QjMIkFDt8HSTGgnhc1+vPuUe8xp/SB4BDytYmpCv7XD13IwHVgcElL7Uvk3iD+gszHq6gpgEAAA==
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3WPS2oDMRBEr5ILWPRfau+zTcCQA0iaGbwwDtgecKAPH41NvIsKQanUeqgIiHZIO5A3lL34Xiwck0MSSqgSH5+HEIxzva2XejrO9XQ7Xr/XS59TP60thAzUQ83Ex9MMwBaSixlAKJTNZ80WWZ2dywggOGCIlEU2lwDIUZSLZ3IyjALx/nV4bAxMwNmDggHupDCi7VcbSIaHO4Rx6YtP3nQqkyYR1uxlAEWAXUepyWbGjOKztdY9V2s25VyrtGV43kBR07894akEpmXM0l8QjMIkFDt8HSTGgnhc1+vPuUe8xp/SB4BDytYmpCv7XD13IwHVgcElL7Uvk3iD+gszHq6gpgEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9e00848.945962052552389789%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b55310.385164992133418356%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9e00848.945962052552389789%22%3B%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b55310.385164992133418356%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/426059/c1a24994bc881cf022e6d63ef9c1eec8b98cbb02.mp4
185.76.9.23206 Partial Content 15 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/c1a24994bc881cf022e6d63ef9c1eec8b98cbb02.mp4
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 84aab959c68075ee40e677cd10aa257e
c1a24994bc881cf022e6d63ef9c1eec8b98cbb02
84fcda8fecea6427923cfe5641d88565f323d5f1dccf9e1e33d8115ff20cd132
GET /library/426059/c1a24994bc881cf022e6d63ef9c1eec8b98cbb02.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: video/mp4
content-length: 15306
last-modified: Thu, 11 Aug 2022 15:21:08 GMT
etag: "62f51e64-3bca"
expires: Tue, 28 Nov 2023 15:54:26 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701186888
server: CDN77-Turbo
x-77-nzt: AblMCRQAMR7/EiAIAA
x-77-nzt-ray: af585630c794742ddaf98c6373e01d09
x-cache: HIT
x-age: 532498
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-15305/15306
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.227200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 12:29:21 GMT
expires: Fri, 01 Dec 2023 12:29:21 GMT
cache-control: public, max-age=31536000
age: 285625
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash f08cf8ce54f98cdb1d223d60e93312e8
77f15dc79aa0c1aeadfe1889e972e5abb5c7fe74
4c8823ac52daee9094402a4f0f6e3c22156f637f61db2680fea217dc6ceb8917
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3327
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:46 GMT
Last-Modified: Sun, 04 Dec 2022 18:54:21 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 227de73c2950d257905eda6128f90ea9
d700e7cbc5c620f274ec53c336dba15988f046d9
306cc0e4114a9e5b3f9125f9a6fe9746e2db74d94c7991c714e6abb2de046fbc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "306CC0E4114A9E5B3F9125F9A6FE9746E2DB74D94C7991C714E6ABB2DE046FBC"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19402
Expires: Mon, 05 Dec 2022 01:13:08 GMT
Date: Sun, 04 Dec 2022 19:49:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 227de73c2950d257905eda6128f90ea9
d700e7cbc5c620f274ec53c336dba15988f046d9
306cc0e4114a9e5b3f9125f9a6fe9746e2db74d94c7991c714e6abb2de046fbc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "306CC0E4114A9E5B3F9125F9A6FE9746E2DB74D94C7991C714E6ABB2DE046FBC"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19402
Expires: Mon, 05 Dec 2022 01:13:08 GMT
Date: Sun, 04 Dec 2022 19:49:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 227de73c2950d257905eda6128f90ea9
d700e7cbc5c620f274ec53c336dba15988f046d9
306cc0e4114a9e5b3f9125f9a6fe9746e2db74d94c7991c714e6abb2de046fbc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "306CC0E4114A9E5B3F9125F9A6FE9746E2DB74D94C7991C714E6ABB2DE046FBC"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19402
Expires: Mon, 05 Dec 2022 01:13:08 GMT
Date: Sun, 04 Dec 2022 19:49:46 GMT
Connection: keep-alive
syndication.realsrv.com/splash.php?idzone=4856708&cookieconsent=true
95.211.229.247200 OK 2.7 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4856708&cookieconsent=true
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1574)
Hash 762a7a3c780077ce9a8734a81fc50f15
4ecc89a9a2bfdc100cb9938934119bbab01606c0
00a59b4c03149b445c2c00ff6c5695c4273395604ce4c62b36d492389f15310e
GET /splash.php?idzone=4856708&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9e00848.945962052552389789%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b55310.385164992133418356%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9e00848.945962052552389789%22%3B%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4856708%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C638cf9d9e00848.945962052552389789%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Mon, 05 Dec 2022 19:49:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cams.gratis/banner/300x250.php?site=xfanta
172.64.194.8200 OK 1.1 kB URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.194.8:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (739)
Hash 40c4a723917050b7a3949ee110847616
5c9a120ec28fcd62538e433d1dc2c040cc428bf6
96c332bc7598ea6d2063e4e679c8c425e15bc1c13a1987bead29454da1013270
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGoOIUEYcu7o74r%2B7ymi%2FfDydpig4FFfZ8f8GGMnirYxvFe3VEiZPaOl7lvaI%2FrdnW75PubN39IGMxpcYAbTDx6%2BbUnKVm1dzImrboiOiJAA7O4Y3YMRfEcBTSwu1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77471134893d72ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash f08cf8ce54f98cdb1d223d60e93312e8
77f15dc79aa0c1aeadfe1889e972e5abb5c7fe74
4c8823ac52daee9094402a4f0f6e3c22156f637f61db2680fea217dc6ceb8917
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3327
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:46 GMT
Last-Modified: Sun, 04 Dec 2022 18:54:21 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 278
cams.gratis/banner/leer.gif
172.64.194.8200 OK 290 B URL HTTP/2 cams.gratis/banner/leer.gif
IP 172.64.194.8:0
File type GIF image data, version 89a, 192 x 192\012- data
Hash 72e33229faa7e5ba8930deac92a1aae0
496e880a0024b268b4e3987c0863cdbf8a64d696
a556ed9ee99be72f01ac6bf6232e3357ad104cf28d05afd91efbaf5953df1a6a
GET /banner/leer.gif HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/banner/300x250.php?site=xfanta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: image/gif
content-length: 290
last-modified: Sun, 13 Jan 2019 11:23:18 GMT
cache-control: max-age=2592000
expires: Thu, 22 Dec 2022 08:27:50 GMT
cf-cache-status: HIT
age: 1077716
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=78HevLiU2d6ErhYdvlpPwLSrEfoYdsf%2F2VcMbpBVRR0a3wjFooNfpqX80WZo4GJ%2BZB4pjm0Uzt6BnbtBC49rpqUXFl%2FZVWLPutvC77sSEVaz%2BTB1uIzP%2FY5SPHPPyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747113509e572ca-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads.js
185.94.236.245301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.236.245:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
cams.gratis/banner/bg6.jpg
172.64.194.8200 OK 37 kB URL HTTP/2 cams.gratis/banner/bg6.jpg
IP 172.64.194.8:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 405x252, components 3\012- data
Hash 7ee983f81d742869a176e874651c7231
3072b7ce2833a2611d679374493a5533bd1bd32e
ab168995f8ac84c48b20c8850d35aa43723211710953253ce75c1811bbb0ecbc
GET /banner/bg6.jpg HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/banner/300x250.php?site=xfanta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: image/jpeg
content-length: 37209
last-modified: Tue, 18 Oct 2022 10:44:50 GMT
cache-control: max-age=2592000
expires: Tue, 27 Dec 2022 21:03:31 GMT
cf-cache-status: HIT
age: 600375
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xaQ%2BgefkXYHRJVQKnHee3Y0PFZbyOgoPefxfRGQV6Vwv2cf4OA8SYZi2Cd10WMS1SgXsddsbyR5J2s4zdkDjDcpPCZXaLt8%2BIrkUGV%2FpAxdjb5Rt3eH6vKgzjp8nzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774711352a2172ca-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 68f67d0394c161ab3aa71bfb1e44fcc9
b5c3784975f18603b756842bd973c390a40eba05
3c2d6999c8667e14ed91de576193f33cbe9af3865c407d1701ae381108041b5e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2612
Cache-Control: max-age=92943
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:46 GMT
Etag: "638bb7b5-116"
Expires: Mon, 05 Dec 2022 21:38:49 GMT
Last-Modified: Sat, 03 Dec 2022 20:55:17 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 278
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1510), with no line terminators
Hash ebf0e05cdab116c198520637dd899002
1d24c825ae477969300bb8a2e7e07fff6efaf93e
f3671fb39a0e3508112f7f1d843bfd79972a72718756b4cc56670ee899b64bd8
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 284
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9e00848.945962052552389789%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b55310.385164992133418356%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 72d1139e9f2e6ebe3f51c9193edb4439
cd356eb9eaab433ac792406ba36d4304b6450571
74553d0effe74cd6a4f1424940f7fd133c5457ff1d5c53030e651ec6612bec88
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: W/"5f6dbe8d-12fee"
Expires: Mon, 05 Dec 2022 08:33:15 GMT
Cache-Control: max-age=86400, public
X-77-NZT: Abk73hHqLMj/j54AAA
X-77-NZT-Ray: f4787b27bfffe269daf98c63a3aa9419
X-Cache: HIT
X-Age: 40591
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1QQW4DIQz8Sj+wyDZjwD333Eqt+gDYgJpDEqnJIZX8+LLbKowsjw0ajxESWVgWwhPjGfaM5MbBKEACK/z17d3B3r8vt+O6fPXzrR7Dejk5g0iL58wk7AZLLI6iKRNcqTgX5cjZOYnECHWQR6cJ0QhsLBDxVPDPj5c9eEI8Et1FafJtuAs5Jqc7eYplHXawTlRQgkEtCamoSiyWi3luY1QkRm+FC62Vc5KURiL03EfZhPzUD8ca6vXC4dxvu6XdTIq6G/hveGREgfjCjwI+D/l+Xa8/59X98fwPugvMTYAtee2rtazNsjXWw/yv0QpklWENo6ZfHr3l8IIBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1QQW4DIQz8Sj+wyDZjwD333Eqt+gDYgJpDEqnJIZX8+LLbKowsjw0ajxESWVgWwhPjGfaM5MbBKEACK/z17d3B3r8vt+O6fPXzrR7Dejk5g0iL58wk7AZLLI6iKRNcqTgX5cjZOYnECHWQR6cJ0QhsLBDxVPDPj5c9eEI8Et1FafJtuAs5Jqc7eYplHXawTlRQgkEtCamoSiyWi3luY1QkRm+FC62Vc5KURiL03EfZhPzUD8ca6vXC4dxvu6XdTIq6G/hveGREgfjCjwI+D/l+Xa8/59X98fwPugvMTYAtee2rtazNsjXWw/yv0QpklWENo6ZfHr3l8IIBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1QQW4DIQz8Sj+wyDZjwD333Eqt+gDYgJpDEqnJIZX8+LLbKowsjw0ajxESWVgWwhPjGfaM5MbBKEACK/z17d3B3r8vt+O6fPXzrR7Dejk5g0iL58wk7AZLLI6iKRNcqTgX5cjZOYnECHWQR6cJ0QhsLBDxVPDPj5c9eEI8Et1FafJtuAs5Jqc7eYplHXawTlRQgkEtCamoSiyWi3luY1QkRm+FC62Vc5KURiL03EfZhPzUD8ca6vXC4dxvu6XdTIq6G/hveGREgfjCjwI+D/l+Xa8/59X98fwPugvMTYAtee2rtazNsjXWw/yv0QpklWENo6ZfHr3l8IIBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9e00848.945962052552389789%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b55310.385164992133418356%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4856708%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C638cf9d9e00848.945962052552389789%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9e00848.945962052552389789%22%3B%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b55310.385164992133418356%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0490099501%22%7D; expires=Tue, 03 Dec 2024 19:49:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ca20b22868f83d258c3424c2781dd1ce
b05abeced5046120a19a25cc81afad35d9fd2f1f
64b156fb7487e9228a06309481051507f616e2fc551856b05fdc97c169e353ac
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4742
Cache-Control: max-age=164891
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:46 GMT
Etag: "638cc86f-118"
Expires: Tue, 06 Dec 2022 17:37:57 GMT
Last-Modified: Sun, 04 Dec 2022 16:18:55 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
s3t3d2y8.afcdn.net/library/140058/1db5ab8c09794fb5312da1d29e8f6ff486d4dd36.mp4
185.76.9.23206 Partial Content 12 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/140058/1db5ab8c09794fb5312da1d29e8f6ff486d4dd36.mp4
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 1c24a2b26b383ccaf0771fc031457c14
1db5ab8c09794fb5312da1d29e8f6ff486d4dd36
a7cd92b2b5fc93c47c0af720d1edda0fdee50f2741e1098d062403cb786f5b51
GET /library/140058/1db5ab8c09794fb5312da1d29e8f6ff486d4dd36.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: video/mp4
content-length: 12104
last-modified: Thu, 26 Mar 2020 19:07:11 GMT
etag: "5e7cfd5f-2f48"
expires: Fri, 30 Jun 2023 11:13:02 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195214
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRSy5j//zFzOAA
x-77-nzt-ray: af585630c794742ddaf98c63683de81d
x-cache: HIT
x-age: 13524172
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-12103/12104
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 106a636c03743b27d1a76598f24e8b28
Strict-Transport-Security: max-age=0; includeSubdomains
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 04 Dec 2022 19:49:46 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLE7gcTag8J3tuJ; SameSite=None; Secure; path=/; expires=Mon, 05-Dec-22 18:49:46 GMT; HttpOnly
server: cloudflare
cf-ray: 774711356bb5b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c9584a0b7cf76349b0431931007d6cbe
Strict-Transport-Security: max-age=0; includeSubdomains
poweredby.jads.co/js/jads2.js
185.94.236.245200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.236.245:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 68f67d0394c161ab3aa71bfb1e44fcc9
b5c3784975f18603b756842bd973c390a40eba05
3c2d6999c8667e14ed91de576193f33cbe9af3865c407d1701ae381108041b5e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2612
Cache-Control: max-age=92943
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:46 GMT
Etag: "638bb7b5-116"
Expires: Mon, 05 Dec 2022 21:38:49 GMT
Last-Modified: Sat, 03 Dec 2022 20:55:17 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 278
unseenreport.com/pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 94f665cd8249c2a6e6d01db93ebf27b6
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9249be5e-d8d6-4d6f-86bf-2f35006a6abc&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3fca71de455b1aed49d835005d50928b
Strict-Transport-Security: max-age=0; includeSubdomains
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptqrsltdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrot14u2u3lltptjupqurnlqnqqnotustuc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4856708&p1=4581534&skipOffset=00:00:05
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptqrsltdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrot14u2u3lltptjupqurnlqnqqnotustuc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4856708&p1=4581534&skipOffset=00:00:05
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptqrsltdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrot14u2u3lltptjupqurnlqnqqnotustuc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4856708&p1=4581534&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 04 Dec 2022 19:49:46 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptqrsltdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrot14u2u3lltptjupqurnlqnqqnotustuc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4856708&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
access-control-allow-origin: https://media.aso1.net
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.29475; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSF4mw3pyDiW7pxsKgiNpDqtQA8; SameSite=None; Secure; path=/; expires=Mon, 05-Dec-22 18:49:46 GMT; HttpOnly
server: cloudflare
cf-ray: 77471135be45b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ca20b22868f83d258c3424c2781dd1ce
b05abeced5046120a19a25cc81afad35d9fd2f1f
64b156fb7487e9228a06309481051507f616e2fc551856b05fdc97c169e353ac
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4742
Cache-Control: max-age=164891
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:46 GMT
Etag: "638cc86f-118"
Expires: Tue, 06 Dec 2022 17:37:57 GMT
Last-Modified: Sun, 04 Dec 2022 16:18:55 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1670183383407&t_i=1670183383739&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=1f9f98f6-c128-42ab-80ad-d5862470561a&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=cd8e88be-740c-11ed-b29d-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1670183383739&fpid=&feid_sa=1670183383739&sid_sa=1670183383739&feid=516dcd18ab5ea411383b83539d1ac7fe&sid=59160ceca1b4af129d76730a798e5558&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.4
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1670183383407&t_i=1670183383739&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=1f9f98f6-c128-42ab-80ad-d5862470561a&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=cd8e88be-740c-11ed-b29d-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1670183383739&fpid=&feid_sa=1670183383739&sid_sa=1670183383739&feid=516dcd18ab5ea411383b83539d1ac7fe&sid=59160ceca1b4af129d76730a798e5558&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.4
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1670183383407&t_i=1670183383739&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=1f9f98f6-c128-42ab-80ad-d5862470561a&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=cd8e88be-740c-11ed-b29d-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1670183383739&fpid=&feid_sa=1670183383739&sid_sa=1670183383739&feid=516dcd18ab5ea411383b83539d1ac7fe&sid=59160ceca1b4af129d76730a798e5558&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.4 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Length: 0
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 3279ca14ee2c3dc935cecf5ecb724a40
8bd7924af1b28d81298df71c0e725cc093e2395a
3e37dd0a64bfb3067e6d9e0d2d51373497d0b7ddf94ba2661726a517e7d093a5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:46 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 15:56:18 GMT
Expires: Sat, 10 Dec 2022 15:56:17 GMT
Etag: "8bd7924af1b28d81298df71c0e725cc093e2395a"
Cache-Control: max-age=503790,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77471136591db50f-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=7f9d841c-66df-4aa7-8e9d-9765c0f577ba; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYuAFDho0cN3DY6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 23449123
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 6482364d1fcfd8c75afca513ad11f122
f30e4d12755ea508c7d36874e2e00c418b4dd392
d0cbef7bd032b84c5fc7dd1cd7f094cbc369d959d7ed6d9f813abd16914d855b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3809
Cache-Control: max-age=166495
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:46 GMT
Etag: "638cd258-139"
Expires: Tue, 06 Dec 2022 18:04:41 GMT
Last-Modified: Sun, 04 Dec 2022 17:01:12 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2f24fad0b0fd8e8c377f6ca44f754776
2554471bfeebca173f9c6b60c2b092fb8054eafb
52178458b71696363e913ce0961f56c820f00edcbc5b6934dfb915559513d4b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4084
Cache-Control: max-age=114931
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 19:49:46 GMT
Etag: "638c07d9-117"
Expires: Tue, 06 Dec 2022 03:45:17 GMT
Last-Modified: Sun, 04 Dec 2022 02:37:13 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
video.ktkjmp.com/adsbygoogle.js
104.18.59.150200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.59.150:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 5767
expires: Sun, 04 Dec 2022 23:49:46 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774711380d080af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/do2/gtpedNcWKkqbcJr5gX4hNBaeGvryR5tY/master?w=1280&h=1024&tz=0&count=5
136.243.134.97200 OK 2.9 kB URL HTTP/2 tsyndicate.com/do2/gtpedNcWKkqbcJr5gX4hNBaeGvryR5tY/master?w=1280&h=1024&tz=0&count=5
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
Hash f0a114f39b06c891e9622c2e9df93a2b
63180f67e7994d5f92c2a4b5f116c9e7416b1ed9
24bdf2605b2bd22d4049efd88321d0b01db7c6cf0232b9fe6945914cf2f64f5d
GET /do2/gtpedNcWKkqbcJr5gX4hNBaeGvryR5tY/master?w=1280&h=1024&tz=0&count=5 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.naturalhealthsource.club
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 2280853e3740b55d
set-cookie: ts_uid=7f9d841c-66df-4aa7-8e9d-9765c0f577ba; expires=Sun, 04 Jun 2023 19:49:46 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYuAFDho0cN3DY6NJH; expires=Mon, 05 Dec 2022 19:49:46 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/bloomyogi.jpg?1670183370
104.19.242.83200 OK 12 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/bloomyogi.jpg?1670183370
IP 104.19.242.83:0
Hash aa7c926f8987a46f735cb48db2057cf6
43b140486dced1618ed9d4d961f0f07d3f933f7d
a9cee80e65fc8115690b8063bba43ba69423c3916b1f3f99ea4cfbb1fbe63d54
GET /riw/bloomyogi.jpg?1670183370 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: image/jpeg
content-length: 11418
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=11581
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 0
last-modified: Sun, 04 Dec 2022 19:49:46 GMT
expires: Sun, 04 Dec 2022 19:50:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HQWnkawWiQWHzBK0Gaqc8ph2ExP7VcpOECVF6yJxuTj6FPtsozxjNrt2yfE5q88DdA62WZTKARx4LpeoZIX5nrSnhuBCjjntIDuc8qHPhrn%2F%2FyJyhd3EMfontVmyVBncEdztjgfo8Cs0pzNqianX9Q4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=x1R058UuyV2bSd3hT9nLwyMZXPkBE9.GxYyrxtm.Yjw-1670183386991-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77471138acf61bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/paaulina.jpg?1670183370
104.19.242.83200 OK 7.3 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/paaulina.jpg?1670183370
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 959x960, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 6cca9bb4f25f5afeb5bd1e2ab999aa55
e4a591fd425db24815af9092de2a57a6b9901189
287fcccd0297982391f39d4805c4ec28915d857396b4ae64815c0c061771572a
GET /riw/paaulina.jpg?1670183370 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: image/jpeg
content-length: 7329
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 15
last-modified: Sun, 04 Dec 2022 19:49:31 GMT
expires: Sun, 04 Dec 2022 19:50:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F8ExBpFWvDioDftD7FsviNYb5Gy62Xzjg4LtC%2BoNKoirlldIs1dglcUvswh4ZounxI9mvgAwgEA7cIa2PeuH6U6GaoHACjWmXj%2FaPps3VEPDABcFw7S42P26g5%2FB93AFgtRcUTspGASd8UYI9U%2BPI5o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=cYRVKf8Ud.wmjsmmQP1NoB.rArhqkI7c1UZ4CDzi_wk-1670183386992-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77471138acf91bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
104.18.100.40200 OK 22 kB URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP 104.18.100.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (31162)
Hash 76ca4154613665c58adc26910db05e44
86013de728263a883dd9f3fd183af67d6de7fc76
a1090a73944c517bf0194bdeb212982a47ab132e8c01fe7f611a3c040c0b77bf
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=Vkn4DjU1R.XBtyoavVUNMSDfpFUUVe234Fh8sYcateY-1670183386-0-ATa2X4A07KU5LperyD0t0LOUai6jbOPafSdQeM4f8bgy6bKniOZxTAy+cL9+Xqx17A/fkH1ZAfaPWIp1ptTfrjA=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: stcki="iuhY4r=0"; expires=Tue, 03-Jan-2023 19:49:46 GMT; Max-Age=2592000; Path=/
affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Tue, 03-Jan-2023 19:49:46 GMT; Max-Age=2592000; Path=/
sbr=sec:sbre83bacd4-772c-4c22-95d2-4c0c75add088:1p1uzi:X7hXg2Vf7sdLeod0h5MuwfJXwRY; Domain=.chaturbate.com; expires=Fri, 29-Aug-2025 19:49:46 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 774711366e020afe-OSL
content-encoding: br
X-Firefox-Spdy: h2
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:47 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10721591
X-HW: 1670183387.dop211.sk1.t,1670183387.cds240.sk1.shn,1670183387.dop211.sk1.t,1670183387.cds228.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 9.6 kB URL HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:0
Hash 14217080db5982c5864f6ec1b397b629
2b7e593ebd14851cac0b6c43dfbf4d226377ea86
acb1eccb8cdcac62288dc8347002fc665f3933f7ce5db54ebcf4014864dd4cd7
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:47 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10624026
X-HW: 1670183386.dop013.sk1.t,1670183387.cds233.sk1.shn,1670183387.dop013.sk1.t,1670183387.cds225.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/1/1322/814271/1028051/1028051_logo.png
205.185.208.20200 OK 62 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/1/1322/814271/1028051/1028051_logo.png
IP 205.185.208.20:0
File type PNG image data, 900 x 250, 8-bit colormap, non-interlaced\012- data
Hash ebcac7407da9e155302da2b91f4553fa
6e7b2ac10f618dfa219c2cf1334e4319e2be0cbc
784092a284f36151de8169050ef3e25db944e48f6852092e1a6da74001e3ae9c
GET /a7/creatives/1/1322/814271/1028051/1028051_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:47 GMT
Connection: Keep-Alive
ETag: "1648748302"
Content-Length: 61941
Content-Type: image/png
Last-Modified: Thu, 31 Mar 2022 17:38:22 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10757791
X-HW: 1670183386.dop067.sk1.t,1670183387.cds205.sk1.shn,1670183387.dop067.sk1.t,1670183387.cds024.sk1.c
Access-Control-Allow-Origin: *
img.strpst.com/thumbs/1670182801/83018537
104.18.63.132200 OK 23 kB URL HTTP/2 img.strpst.com/thumbs/1670182801/83018537
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 86d60d8cd544eb4b91cfb9ef7fd7e53e
17a5d9fccb6a8ff32ac6c67a08529bc0e3e2a74d
f72aed0a6f43c4a7350ddbdd880d28893996f1636a27e74bd3a5054bb6b678f9
GET /thumbs/1670182801/83018537 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:47 GMT
content-type: image/jpeg
content-length: 23412
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: PUT, POST, GET, DELETE, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=24477, status=webp_bigger
etag: "a8ed01abbee7125c1ad4817a3e047dd5"
last-modified: Sun, 04 Dec 2022 19:39:57 GMT
cf-cache-status: HIT
age: 346
expires: Sun, 04 Dec 2022 19:50:47 GMT
cache-control: public, max-age=60
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774711396f8d0af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c9fb0b778bb3dadb1146acdc233d1961
89d61a58270bbd6493fa740f17e03c8054dbe105
a9a9fa486a504eb299e590eb7c3892792a8d5595ab25908e3ff3cb27c63c34a5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A9A9FA486A504EB299E590EB7C3892792A8D5595AB25908E3FF3CB27C63C34A5"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=852
Expires: Sun, 04 Dec 2022 20:03:59 GMT
Date: Sun, 04 Dec 2022 19:49:47 GMT
Connection: keep-alive
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.66.137200 OK 33 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.66.137:0
Hash ab1a17311e6f3ecac7884576a319c47f
df3b3f5feb90973bf3aab56bc7cd32542d937aa7
6e3eb9140f93845fed2ebf7cd963db8c85a0b65cfef3d2f48b76774c6b7d0ac5
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 19:49:47 GMT
via: 1.1 varnish
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 4143
x-timer: S1670183387.373918,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQiCFmhg0YN2S0kGGjDIwWNHDYqNEiTA4ZOFrUCEmjzI0bNWmIySHiYZg6YzLWoBHmRkQYZFqIEWMjBsoYOVjmmHFjTIscOcjkKDMDRhmVMGL0hEjGzkIbOWzIeAinjhiKMnKE9QkHzkIcOGc8nANnoo4ZOGAExoHjYRu-fmnAWFmD5MMxbezqoCGjBlaHZM0shPlQjBs3mwPHwFEDcxs3GHXIuOExB9vTqVdufFhHrI6BdOjAmaPjxYswLgzSQe1izJs2L86UofMiBoywMGSk_EEnTZsyPRq-pJGDO8yQNrjUeU4yDJ0xPShbjiqevI0wcMT0sGJljpUaZMTUqMNmSpIhZdQhhRs3zLHGE2jU4AYeL9VgxhVBqIHGEUcQQQMSWNxBRxNRLBdFREng4YYRb1BRxhlfmGFGFVqsIUQS-6ERgxFCZKGFHDfoIYcWRLDhhh1UrAGHDV9wpQQeMxCBRx5B6DFHDkLYIUQOcUhRAxRGOLfEFFPYoIUZcHxxRhVJECFFFWmMBUcbFD30xpptikDGcRkB54Z5dcgRBhsE7UkHGnO8kecYZRTHhltjjWHeQlvMEEMXbMkRlA4wuPBcRSKIoRmllmIqhx2SNURbHWnedoMZWeGwkVU22ECGGSiFUVQLOJSR1VU3rDQGDGbMdIMYYYyVhmQi5BCDC3K5QJkLDdEwlhxfDJuRschWumyzY9UR7G1NvKFHGmywEcYLNVgKAgpXpOHGnHfMAYITVIDgnKU7gJCuGzbQUC8e-db7KUMwlAtDCiAcUcYYa7zxggzQQRcDCEakIUcZZryBR3MBW5ropCI48cRYb0A7Bscej8UGx0U4MdZBdnwxMRsU-YqDR4HB8JAcZ4CmWg14PcTyF2LIcVdhcpbRchtvkBFaUz7L8cZCeonwhkKTRWpxHgvRcDPFGaGR2269_ebCnXTkuWefbPwZ6KCFjnGoGC-MdUdGMcAEw1ho0B2ds3t9mpHTdJgXcgt1uJEGHS105QIZY9S9MscHfcG44xaxyZANN4Q1M2A2VC4DRZhrPgPnNDTmExkul8HXF4tenvloo6v0kNGss4EQHVQ3SgOkEInhV9Fm_JS2micvZLMIY6QGQx8KBAQ%3D&s=5f289d2723526b9e23952babed4f60a25ce7e528c915249472b3365decffa2461670183386&w=t&r=1&d=560&priv=false
136.243.46.131200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQiCFmhg0YN2S0kGGjDIwWNHDYqNEiTA4ZOFrUCEmjzI0bNWmIySHiYZg6YzLWoBHmRkQYZFqIEWMjBsoYOVjmmHFjTIscOcjkKDMDRhmVMGL0hEjGzkIbOWzIeAinjhiKMnKE9QkHzkIcOGc8nANnoo4ZOGAExoHjYRu-fmnAWFmD5MMxbezqoCGjBlaHZM0shPlQjBs3mwPHwFEDcxs3GHXIuOExB9vTqVdufFhHrI6BdOjAmaPjxYswLgzSQe1izJs2L86UofMiBoywMGSk_EEnTZsyPRq-pJGDO8yQNrjUeU4yDJ0xPShbjiqevI0wcMT0sGJljpUaZMTUqMNmSpIhZdQhhRs3zLHGE2jU4AYeL9VgxhVBqIHGEUcQQQMSWNxBRxNRLBdFREng4YYRb1BRxhlfmGFGFVqsIUQS-6ERgxFCZKGFHDfoIYcWRLDhhh1UrAGHDV9wpQQeMxCBRx5B6DFHDkLYIUQOcUhRAxRGOLfEFFPYoIUZcHxxRhVJECFFFWmMBUcbFD30xpptikDGcRkB54Z5dcgRBhsE7UkHGnO8kecYZRTHhltjjWHeQlvMEEMXbMkRlA4wuPBcRSKIoRmllmIqhx2SNURbHWnedoMZWeGwkVU22ECGGSiFUVQLOJSR1VU3rDQGDGbMdIMYYYyVhmQi5BCDC3K5QJkLDdEwlhxfDJuRschWumyzY9UR7G1NvKFHGmywEcYLNVgKAgpXpOHGnHfMAYITVIDgnKU7gJCuGzbQUC8e-db7KUMwlAtDCiAcUcYYa7zxggzQQRcDCEakIUcZZryBR3MBW5ropCI48cRYb0A7Bscej8UGx0U4MdZBdnwxMRsU-YqDR4HB8JAcZ4CmWg14PcTyF2LIcVdhcpbRchtvkBFaUz7L8cZCeonwhkKTRWpxHgvRcDPFGaGR2269_ebCnXTkuWefbPwZ6KCFjnGoGC-MdUdGMcAEw1ho0B2ds3t9mpHTdJgXcgt1uJEGHS105QIZY9S9MscHfcG44xaxyZANN4Q1M2A2VC4DRZhrPgPnNDTmExkul8HXF4tenvloo6v0kNGss4EQHVQ3SgOkEInhV9Fm_JS2micvZLMIY6QGQx8KBAQ%3D&s=5f289d2723526b9e23952babed4f60a25ce7e528c915249472b3365decffa2461670183386&w=t&r=1&d=560&priv=false
IP 136.243.46.131:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQiCFmhg0YN2S0kGGjDIwWNHDYqNEiTA4ZOFrUCEmjzI0bNWmIySHiYZg6YzLWoBHmRkQYZFqIEWMjBsoYOVjmmHFjTIscOcjkKDMDRhmVMGL0hEjGzkIbOWzIeAinjhiKMnKE9QkHzkIcOGc8nANnoo4ZOGAExoHjYRu-fmnAWFmD5MMxbezqoCGjBlaHZM0shPlQjBs3mwPHwFEDcxs3GHXIuOExB9vTqVdufFhHrI6BdOjAmaPjxYswLgzSQe1izJs2L86UofMiBoywMGSk_EEnTZsyPRq-pJGDO8yQNrjUeU4yDJ0xPShbjiqevI0wcMT0sGJljpUaZMTUqMNmSpIhZdQhhRs3zLHGE2jU4AYeL9VgxhVBqIHGEUcQQQMSWNxBRxNRLBdFREng4YYRb1BRxhlfmGFGFVqsIUQS-6ERgxFCZKGFHDfoIYcWRLDhhh1UrAGHDV9wpQQeMxCBRx5B6DFHDkLYIUQOcUhRAxRGOLfEFFPYoIUZcHxxRhVJECFFFWmMBUcbFD30xpptikDGcRkB54Z5dcgRBhsE7UkHGnO8kecYZRTHhltjjWHeQlvMEEMXbMkRlA4wuPBcRSKIoRmllmIqhx2SNURbHWnedoMZWeGwkVU22ECGGSiFUVQLOJSR1VU3rDQGDGbMdIMYYYyVhmQi5BCDC3K5QJkLDdEwlhxfDJuRschWumyzY9UR7G1NvKFHGmywEcYLNVgKAgpXpOHGnHfMAYITVIDgnKU7gJCuGzbQUC8e-db7KUMwlAtDCiAcUcYYa7zxggzQQRcDCEakIUcZZryBR3MBW5ropCI48cRYb0A7Bscej8UGx0U4MdZBdnwxMRsU-YqDR4HB8JAcZ4CmWg14PcTyF2LIcVdhcpbRchtvkBFaUz7L8cZCeonwhkKTRWpxHgvRcDPFGaGR2269_ebCnXTkuWefbPwZ6KCFjnGoGC-MdUdGMcAEw1ho0B2ds3t9mpHTdJgXcgt1uJEGHS105QIZY9S9MscHfcG44xaxyZANN4Q1M2A2VC4DRZhrPgPnNDTmExkul8HXF4tenvloo6v0kNGss4EQHVQ3SgOkEInhV9Fm_JS2micvZLMIY6QGQx8KBAQ%3D&s=5f289d2723526b9e23952babed4f60a25ce7e528c915249472b3365decffa2461670183386&w=t&r=1&d=560&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=7f9d841c-66df-4aa7-8e9d-9765c0f577ba; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYuAFDho0cN3DY6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:47 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1032&ck=1&ref=https://chaturbate.com/tours/3/&ap=24&be=488&fe=883&dc=669&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1670183383972,%22n%22:0,%22r%22:0,%22re%22:222,%22f%22:222,%22dn%22:222,%22dne%22:222,%22c%22:222,%22s%22:222,%22ce%22:222,%22rq%22:229,%22rp%22:449,%22rpe%22:450,%22dl%22:462,%22di%22:646,%22ds%22:668,%22de%22:674,%22dc%22:882,%22l%22:882,%22le%22:883%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=647&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFENAggAUgcPBFJRVAIAXBh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwEBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1xZUQEFAAINGA4GU1IUVQFRVk5fDFELHFVSCQJVVgUHAgkNARNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsECAFVB11RW1JSAlUbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQx8e&jsonp=NREUM.setToken
162.247.241.14200 OK 72 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1032&ck=1&ref=https://chaturbate.com/tours/3/&ap=24&be=488&fe=883&dc=669&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1670183383972,%22n%22:0,%22r%22:0,%22re%22:222,%22f%22:222,%22dn%22:222,%22dne%22:222,%22c%22:222,%22s%22:222,%22ce%22:222,%22rq%22:229,%22rp%22:449,%22rpe%22:450,%22dl%22:462,%22di%22:646,%22ds%22:668,%22de%22:674,%22dc%22:882,%22l%22:882,%22le%22:883%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=647&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFENAggAUgcPBFJRVAIAXBh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwEBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1xZUQEFAAINGA4GU1IUVQFRVk5fDFELHFVSCQJVVgUHAgkNARNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsECAFVB11RW1JSAlUbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQx8e&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1032&ck=1&ref=https://chaturbate.com/tours/3/&ap=24&be=488&fe=883&dc=669&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1670183383972,%22n%22:0,%22r%22:0,%22re%22:222,%22f%22:222,%22dn%22:222,%22dne%22:222,%22c%22:222,%22s%22:222,%22ce%22:222,%22rq%22:229,%22rp%22:449,%22rpe%22:450,%22dl%22:462,%22di%22:646,%22ds%22:668,%22de%22:674,%22dc%22:882,%22l%22:882,%22le%22:883%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=647&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFENAggAUgcPBFJRVAIAXBh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwEBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1xZUQEFAAINGA4GU1IUVQFRVk5fDFELHFVSCQJVVgUHAgkNARNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsECAFVB11RW1JSAlUbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQx8e&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:47 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7747113ba962b4f9-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=29c1af6a0681887; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=969388
185.94.236.245200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=969388
IP 185.94.236.245:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1332), with CRLF, LF line terminators
Hash 4a7d7429de1303a43f9c379edab462d7
8cd4e4809f943a963ed0260d8e50c5186ead9d86
d1e5d15ece0bd58798a46e6cb7f59a53d06ef563c497e0006d0dfb4866f132a9
GET /adshow.php?adzone=969388 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:49:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ac26f30f9878a78e89e0626e00863379; expires=Mon, 04-Dec-2023 19:49:46 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Wed, 07-Dec-2022 19:49:46 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Wed, 07-Dec-2022 19:49:46 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1241&ck=1&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1241&ck=1&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1241&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1776
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 19:49:47 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 7747113ccb55b4f9-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
i.jads.co/1x1.gif
69.16.175.10200 OK 43 B IP 69.16.175.10:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=ac26f30f9878a78e89e0626e00863379; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:47 GMT
etag: "1457030838"
cache-control: max-age=17041879
content-length: 43
content-type: image/gif
last-modified: Thu, 03 Mar 2016 18:47:18 GMT
accept-ranges: bytes
x-hw: 1670183387.dop012.sk1.t,1670183387.cds201.sk1.hn,1670183387.cds217.sk1.c
X-Firefox-Spdy: h2
i.jads.co/network/user1037/78-1639151702-0195345001639151702.jpg
69.16.175.10200 OK 75 kB URL HTTP/2 i.jads.co/network/user1037/78-1639151702-0195345001639151702.jpg
IP 69.16.175.10:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 900x250, components 3\012- data
Hash ecd36c8fc2cee07a0b3396b8b21335cd
ca29134b764a3611fe752338b8f472d937cf5015
30bb6c8297b47fbcf0bed2eba60d37ad2e3099732eeeda2a7effd6be8d521bb1
GET /network/user1037/78-1639151702-0195345001639151702.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=ac26f30f9878a78e89e0626e00863379; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:47 GMT
etag: "1639151702"
cache-control: max-age=9504466
content-length: 74596
content-type: image/jpeg
last-modified: Fri, 10 Dec 2021 15:55:02 GMT
accept-ranges: bytes
x-hw: 1670183387.dop012.sk1.t,1670183387.cds201.sk1.hn,1670183387.cds250.sk1.c
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.100.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.100.40:0
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Fri, 09-Dec-2022 19:49:46 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Tue, 03-Jan-2023 19:49:46 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Mon, 05-Dec-2022 01:49:46 GMT; Max-Age=21600; Path=/
stcki="iuhY4r=0"; expires=Tue, 03-Jan-2023 19:49:46 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr15ab12ef-cf48-4d00-b34e-2186ec1102cc:1p1uzi:7QHzTNB9_fEKhL_1CXDuOCJZEl0; Domain=.chaturbate.com; expires=Fri, 29-Aug-2025 19:49:46 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=Vkn4DjU1R.XBtyoavVUNMSDfpFUUVe234Fh8sYcateY-1670183386-0-ATa2X4A07KU5LperyD0t0LOUai6jbOPafSdQeM4f8bgy6bKniOZxTAy+cL9+Xqx17A/fkH1ZAfaPWIp1ptTfrjA=; path=/; expires=Sun, 04-Dec-22 20:19:46 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 774711353c660afe-OSL
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:44 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5984
last-modified: Sun, 04 Dec 2022 18:10:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mewzXokjAT8svMuUNAC9p9PcyN%2BgWfEu96RSRK0MsdYvx%2FAO%2FEM6uxae3j8%2FU%2BjmX20ixNrchScdF88eAiPDIoF9chVGZOCfRQ3hHqH7tHULLYddgjuF1L7VKY8TfiLg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747112a7c8806d9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=D5zAgE7rDzAds0IJvYwi
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
media.aso1.net/js/ifr.html
104.21.234.223200 OK 0 B URL HTTP/2 media.aso1.net/js/ifr.html
IP 104.21.234.223:0
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: text/html
last-modified: Thu, 24 Nov 2022 16:06:01 GMT
etag: W/"637f9669-6ff"
expires: Mon, 28 Nov 2022 07:22:28 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 748620
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7xyq%2FphmElVmKDVOiM72zBU8YI41TY3ClFL9hVbhJ42IvbadTAdmRqJNGGoOJytCp%2B%2FEc68%2FT2PBCMtbEuUA5orN7jklsNSQqvRGsHdOC%2F9OpB%2BMYgXeTVmm5iLFVoYIDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747112fdd6add2f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=D5zAgE7rDzAds0IJvYwi
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
IP 104.16.93.42:0
GET /CACHE/css/output.ef7436bc2788.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29618
etag: W/"ade681e2fa92be6f93f43294ddc58941"
last-modified: Thu, 17 Nov 2022 16:34:23 GMT
x-amz-id-2: azvjfLhsZQz0cag4muV1nCoqw4kMQf5PSauhF7VXnYrO6hWxTMgQHmT8X4/+31fVT28kfu+Uu6Q=
x-amz-meta-s3cmd-attrs: md5:ade681e2fa92be6f93f43294ddc58941
x-amz-request-id: X33R15MJ639RYB32
cf-cache-status: HIT
age: 1480392
expires: Tue, 03 Jan 2023 19:49:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YGZL%2BcAESYNp0TV6gJslxHptlEjobRwJpeY4Uk3ebamXK8TEzxVOtxqdXfyNATn5vOxdLjz3vJTeINVdaQkGjbOi5poriEPpDHY2ttVNdbR1OvUIJtHeU6D5fPqsF1RBIzKvk8Rg0IuSKwV9nDCliw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=qi33YcY3nQjtei.Gbs7v4MD.nTeqEwqlSBjTLuN5PEw-1670183386953-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 774711386b450b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.93.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 1549343
expires: Tue, 03 Jan 2023 19:49:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2BxSSb%2BvbcoBE%2B8AU9lnFHiIMHV3vjApyMTJUwyFTwo%2BzeEtd4ax6FrEdT6rBxFz3WYbs1qLxXVSyK3tfI6ok1Bvd3spZCGVTX38lGt1DhY7R69VGA5h7w0GJJfTfRPGE1P%2BbKvnL6bXkdx%2FcngtFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=vmI8fDxBYXUJD9hS9aT266XogbN2lrzfFLMITJb5NNo-1670183386967-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 774711387b720b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=D5zAgE7rDzAds0IJvYwi
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/video/63215686df915905ff622722
188.114.96.1200 OK 0 B URL HTTP/2 xfantazy.com/video/63215686df915905ff622722
IP 188.114.96.1:0
GET /video/63215686df915905ff622722 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:41 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=coouwlwaepdv4nrr9obx6; Domain=xfantazy.com; Path=/; Expires=Sat, 04 Dec 2032 19:49:41 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Sun, 11 Dec 2022 19:49:41 GMT
experiment-save-to-button-2=0; Path=/; Expires=Sun, 11 Dec 2022 19:49:41 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2F1WEwHGaRRrR9cLfUBw%2FAo5YFww4Z1sg%2FsYYlTxHSgv%2FhkkJny8Kj7dCQWjjG9n1GvMplvUlgLqIXrWhWVXJx75sQH%2FZ%2Bxe0M72WUvpmuJJw4oqpEkmkDUxyPX1LC8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77471114fe6e0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:42 GMT
content-type: application/javascript
last-modified: Sat, 22 Oct 2022 11:28:35 GMT
etag: W/"6353d3e3-1cfaf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 efe5edfc97620ce0a17f2dafd5991870.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: y_Feb9qtIaMpc1CSXuwqQ3tg_aQcBinaRusjrGdIr6t8WCSPofD_Qg==
age: 3396683
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194942%3Aet%3A1670183382%3Ac%3A1%3Arn%3A39177933%3Arqn%3A5%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670183378342%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183382%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20(SD%202021)%20-%20XFantazy.com&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)fip(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194942%3Aet%3A1670183382%3Ac%3A1%3Arn%3A39177933%3Arqn%3A5%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670183378342%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183382%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20(SD%202021)%20-%20XFantazy.com&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)fip(1)ti(2)
IP 93.158.134.119:0
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194942%3Aet%3A1670183382%3Ac%3A1%3Arn%3A39177933%3Arqn%3A5%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670183378342%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183382%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20(SD%202021)%20-%20XFantazy.com&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&hittoken=1670183383_0a3239940ee22d3f9207ed3a3ac0437714041ca47c37170b8aef738072781ccf&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194942%3Aet%3A1670183382%3Ac%3A1%3Arn%3A39177933%3Arqn%3A5%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670183378342%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183382%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20%28SD%202021%29%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29ecs%281%29fip%281%29ti%282%29
date: Sun, 04 Dec 2022 19:49:44 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=1501092581670183384; Path=/; SameSite=None; Secure
i=X9JGYKou0DoXWRDiLWuwYcAuORSDtG3fvZ4Pmz40xp6o0V0TgWAlpsQ9RKgnymzqHo4qOySKbctTOUIvZ0wSsQYDJYk=; Expires=Wed, 01-Dec-2032 19:49:40 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=2431727411670183384; Expires=Mon, 04-Dec-2023 19:49:44 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=2431727411670183384; Expires=Mon, 04-Dec-2023 19:49:44 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1701719384.yc.1670183384#1701719384.yrts.1670183384#1701719384.yrtsi.1670183384; Expires=Mon, 04-Dec-2023 19:49:44 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 19:49:44 GMT
last-modified: Sun, 04-Dec-2022 19:49:44 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=D5zAgE7rDzAds0IJvYwi
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 19:49:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.141.24200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.141.24:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:43 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 757a8086ab2841bbd509275e83a71cdd
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 04 Dec 2022 19:49:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wyTUyhjexXjrWxsoV9rx3cFzK7063QUzJ0bFTISRuVGEwvTUXNTR14YD50ZNJb1CmaXErDbZdJN2dVPAIIYJJx2fXubrCqgYA6uHYacm1tuj3t%2B6u9%2FSRAXdVM3U8%2BmlkJEhnAw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774711216dfc8873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/video-slider.js
185.76.9.14200 OK 0 B URL HTTP/2 a.realsrv.com/video-slider.js
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
GET /video-slider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638cf9d9e00848.945962052552389789%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638cf9d9b55310.385164992133418356%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: application/javascript
etag: W/"bfe8e0d358572ef0cbb85c26f8a"
expires: Fri, 02 Dec 2022 12:50:42 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1670190688
server: CDN77-Turbo
x-77-nzt: AblMCQ3wrfD/qg0AAA
x-77-nzt-ray: c0a4cc289ed85fe2daf98c63b4b57b13
x-cache: HIT
x-age: 3498
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=ATRFW4OsbxpDz9ZFZNs7Ju2rfiKSNUZip0IrTF7ooey3YRf1dFXhv07CwPm_IK1qxt9nnfD2LfDK9RUGems3dXNiwCt7rCzQDUY2t5Bh-7db9qN-0D3w_gUIDRUi
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=ATRFW4OsbxpDz9ZFZNs7Ju2rfiKSNUZip0IrTF7ooey3YRf1dFXhv07CwPm_IK1qxt9nnfD2LfDK9RUGems3dXNiwCt7rCzQDUY2t5Bh-7db9qN-0D3w_gUIDRUi
IP 66.254.114.171:0
GET /get/10010248?time=1592494928726&atc=425995&apb=ATRFW4OsbxpDz9ZFZNs7Ju2rfiKSNUZip0IrTF7ooey3YRf1dFXhv07CwPm_IK1qxt9nnfD2LfDK9RUGems3dXNiwCt7rCzQDUY2t5Bh-7db9qN-0D3w_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 04 Dec 2022 19:49:46 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KBmOM+do/G2cGX07pAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded6974; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 638CF9DA-42FE72AB01BB4C5B-6B9D9B5
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194940%3Aet%3A1670183381%3Ac%3A1%3Arn%3A938659487%3Arqn%3A1%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C128%2C346%2C45%2C370%2C0%2C%2C380%2C4%2C%2C%2C%2C1279%3Aco%3A0%3Ans%3A1670183378342%3Anp%3ATGludXggeDg2XzY0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183381%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20(SD%202021)%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194940%3Aet%3A1670183381%3Ac%3A1%3Arn%3A938659487%3Arqn%3A1%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C128%2C346%2C45%2C370%2C0%2C%2C380%2C4%2C%2C%2C%2C1279%3Aco%3A0%3Ans%3A1670183378342%3Anp%3ATGludXggeDg2XzY0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183381%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20(SD%202021)%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194940%3Aet%3A1670183381%3Ac%3A1%3Arn%3A938659487%3Arqn%3A1%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C128%2C346%2C45%2C370%2C0%2C%2C380%2C4%2C%2C%2C%2C1279%3Aco%3A0%3Ans%3A1670183378342%3Anp%3ATGludXggeDg2XzY0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183381%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20(SD%202021)%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63215686df915905ff622722&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1279%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A538070569078%3Ahid%3A740966980%3Az%3A0%3Ai%3A20221204194940%3Aet%3A1670183381%3Ac%3A1%3Arn%3A938659487%3Arqn%3A1%3Au%3A1670183381694857898%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C128%2C346%2C45%2C370%2C0%2C%2C380%2C4%2C%2C%2C%2C1279%3Aco%3A0%3Ans%3A1670183378342%3Anp%3ATGludXggeDg2XzY0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670183381%3At%3ANika%20Venom%20-%20Nika%20Brings%20The%20Heat%20-%20nym0234%20-%20Nympho%20%28SD%202021%29%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sun, 04 Dec 2022 19:49:43 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=1107560241670183383; Path=/; SameSite=None; Secure
i=ApJx+iSJNF/LCBzVMosj+B9q9Ui0ZoHPGZxB7l4hCJe4X5nW50edBObRne8lSH+ClFA6jkS0Qyu7t9yeslDn1EUO79A=; Expires=Wed, 01-Dec-2032 19:49:42 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=8512182031670183383; Expires=Mon, 04-Dec-2023 19:49:43 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8512182031670183383; Expires=Mon, 04-Dec-2023 19:49:43 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1701719383.yc.1670183383#1701719383.yrts.1670183383#1701719383.yrtsi.1670183383; Expires=Mon, 04-Dec-2023 19:49:43 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 19:49:43 GMT
last-modified: Sun, 04-Dec-2022 19:49:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-2080083104%3A1670183385210211&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvXKv81j58XV7erYSwYgj8j1hM9HJVaC1uJGB1-GnmI9i7D0jvzWy-5VBN4JEV1cscX5vYu
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-2080083104%3A1670183385210211&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvXKv81j58XV7erYSwYgj8j1hM9HJVaC1uJGB1-GnmI9i7D0jvzWy-5VBN4JEV1cscX5vYu
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S-2080083104%3A1670183385210211&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvXKv81j58XV7erYSwYgj8j1hM9HJVaC1uJGB1-GnmI9i7D0jvzWy-5VBN4JEV1cscX5vYu HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 19:49:45 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-CzvOo2mBZ5Eq2hHxqY_C2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.240.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.240.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: HkXA+m/7aYfMxcQaOtFngEyq5+poEsuQ8L2qnMe4RkIvG5w/yGXDdUlx8GxjATNjKPdI+KXQVCtFyHc7prYa4Q==
date: Sun, 04 Dec 2022 19:49:45 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2