xfantazy.com/video/62379c1c76373a1d22aeaaeb
172.64.204.27302 Found 0 B URL HTTP/1.1 xfantazy.com/video/62379c1c76373a1d22aeaaeb
IP 172.64.204.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/62379c1c76373a1d22aeaaeb HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 10:21:03 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bJFEbXvnJ1TN4PmEe9kcyMH4o%2ByG5M8y5ydILTMdtVyDMs2zcUiuSvdfVPnHGYeSeQwatOV7XiwKrypeHAENlRYqFQ6W6ZxhFvxshyFnHjC2IHhZI4k9VOIh%2FCNJU4A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793232a33ca68862-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12925
Expires: Thu, 02 Feb 2023 13:56:29 GMT
Date: Thu, 02 Feb 2023 10:21:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6173
Expires: Thu, 02 Feb 2023 12:03:57 GMT
Date: Thu, 02 Feb 2023 10:21:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 09:36:05 GMT
content-type: application/json
age: 2699
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15968
Expires: Thu, 02 Feb 2023 14:47:12 GMT
Date: Thu, 02 Feb 2023 10:21:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: O5sR9kibqKGvtv4I0tq58AlpBhoOvs9qkNx32txdiseNCk5Reu7GUyvhrEi4RWuVbGNSMENILAc=
x-amz-request-id: SZ2Z838CF8ERB28F
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 09:51:56 GMT
age: 1748
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/VPvL6SobR40
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/VPvL6SobR40
IP 142.250.74.131:0
Hash e99b997230503ee646e88f130937a783
c21dbfe6ccf5ac8f596b918fdd04ee8fcbd4d377
05cb6ccfe8f5ea9065d6bba9331eb86d6ff9bb9254723e77ab57585ca9461a3a
POST /s/gts1p5/VPvL6SobR40 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 09:30:30 GMT
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
age: 3034
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13710
Expires: Thu, 02 Feb 2023 14:09:34 GMT
Date: Thu, 02 Feb 2023 10:21:04 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/VPvL6SobR40
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/VPvL6SobR40
IP 142.250.74.131:0
Hash e99b997230503ee646e88f130937a783
c21dbfe6ccf5ac8f596b918fdd04ee8fcbd4d377
05cb6ccfe8f5ea9065d6bba9331eb86d6ff9bb9254723e77ab57585ca9461a3a
POST /s/gts1p5/VPvL6SobR40 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.205.27200 OK 1.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.205.27:0
File type ASCII text, with very long lines (1568), with no line terminators
Hash 7f6adf115e8390479597a164c0047867
34bbe8b59e6a7e0d424b10e4a44c7b69d3f2bf94
cec4d6eda3755cc41667fa5da8cb5b0dc1cb52bb8484facbd6b095ed59caa907
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-1852f08c10f"
last-modified: Tue, 20 Dec 2022 10:16:21 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2520277
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mh45YzeFW%2FG5cmCimAl9QVX5RDqhxRpZoqwcKxH744jxA1RkUmcQIo4m9HjGCL7hs%2F2Dgm6r1E9ELXyGW960%2BXvmsG3X9apWuaNDBMgI827mlr%2F6TCiSRmg8ozYwrFQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9ed1d3853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2751084b42dd111d0a7f28241a77201b
680a9ac2f4cf451c9a8449c4df3587595ed9cc4c
1c68a770afbcdb5405fe330f2eabefa576ea1d08740719956083d7f6b490ccf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.205.27200 OK 6.7 kB URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.205.27:0
File type ASCII text, with very long lines (20298), with no line terminators
Hash acefba887671571310cd2f97ae777cb3
2c9d5cc57ec5431d8a30a8babd51b5a54d181c8f
489fcbcf791561ed8adfc19b0c6e2b55961d7cae31f618a5bbe9b66a68327d8f
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3862580
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gpHyYKWjfaMJ6HVkhCWu9GDl0GY5lg0u2gJ0UvamqlKjaSPgBV6dDewdsfrOFBCmkbvnegwJD%2FXMgrdsesvoWNfxdBuESNpk36VTUYD56ZzvUHryVpNvqJScXzlnNU4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9dd123853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.72200 OK 55 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.72:0
File type ASCII text, with very long lines (15971)
Hash 0c2770aa77cc08d6f369c0d49dcde650
cfd773202fa629dfad919caab7d5495d48f224d8
0bdd845aa597d64a8a59534717ca7eab32279fcd34fecc1d29ef5f1416e76e5c
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 Feb 2023 10:21:05 GMT
expires: Thu, 02 Feb 2023 10:21:05 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 Feb 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54702
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JryUuXagzfrtqm7C9g/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JryUuXagzfrtqm7C9g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c64759ac6fe8cc43172640ee68dcfab0
7eef557f11a283c8769e7b0b871ebf09fbfa297d
48df40721a60a91d2603205ef4b1f856fe58fb4ebc53d889652ca2c524f88f7e
GET /thumbnail/JryUuXagzfrtqm7C9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 02 Feb 2023 10:21:05 GMT
content-type: image/jpeg
content-length: 11045
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IuqbtSDyza64_TzFqg/w320h240/0.jpeg
188.72.235.186200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IuqbtSDyza64_TzFqg/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 2b6cf2e10ad693c980996b0175d80b03
4b02304b4f5d9d0272572136944dfbb3fd59e484
e5134f1c4f0d7a81264c263b5a16db2a2fa9da2e1d3d1490750db376845523d0
GET /thumbnail/IuqbtSDyza64_TzFqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 02 Feb 2023 10:21:05 GMT
content-type: image/jpeg
content-length: 10540
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 162719
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
172.64.205.27200 OK 17 kB URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 172.64.205.27:0
File type ASCII text, with very long lines (1564), with no line terminators
Hash d65b021e7c6e30f9ccb1e23ffea8dc79
16b0daea5155779baf0fef0d469055722b4273af
04ee78740182b9c6f13ead06a05eb288d6549ee4c15a0b688f12aa6a803d72cb
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"61c-183501608b4"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8564215
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rv0ilYKOVnXSEMk8qSSbW6nxruzndfx7iAkmgRuawYGkedS4cRksMSuWOUEyVL6%2B4lANQF6HOhp5WmR12BJSJSEeP%2BzywGJYOypVZU3yAu4QNi8y7Y9hv4SIIM2YYVM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9ed203853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2751084b42dd111d0a7f28241a77201b
680a9ac2f4cf451c9a8449c4df3587595ed9cc4c
1c68a770afbcdb5405fe330f2eabefa576ea1d08740719956083d7f6b490ccf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 303545
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/a5c5941a8a2d9/main/0.jpeg
188.72.235.186200 OK 125 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/a5c5941a8a2d9/main/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.54.100", baseline, precision 8, 1920x1080, components 3\012- data
Size 125 kB (125029 bytes)
Hash 38deebb57626fe5a08144ccc5706ce05
807d4381ae3c375b3d89f52092b0a9c68c1a76db
3621a0397f1dd7e9826c8384f98e44dc9bccb0391082d98cbef1df09fe7602db
GET /thumbnail/a5c5941a8a2d9/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 02 Feb 2023 10:21:05 GMT
content-type: image/jpeg
content-length: 125029
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: MISS
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/deXGv3aunqzurT-Vqw/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/deXGv3aunqzurT-Vqw/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 065bc4b15626e8b9a756796c272add70
92936c99695d4c1bfd782f639da4ed43820a5972
3d8cacbfabf0468b8c1a54a11639c3466b9b68f0a8df49dbcc4bfb078a1cc1b0
GET /thumbnail/deXGv3aunqzurT-Vqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 02 Feb 2023 10:21:05 GMT
content-type: image/jpeg
content-length: 11284
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash fd6a8ea54d6522ccb41d11c88d2d081b
ad435cb1713904e120b9741183c5123454858f9f
1641554ff367f334d6dab0d87f29f8c1746249c5c65d1bf8605ef9b461376dc0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 15:14:23 GMT
Expires: Tue, 07 Feb 2023 15:14:22 GMT
Etag: "ad435cb1713904e120b9741183c5123454858f9f"
Cache-Control: max-age=448996,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793232aa8d56b52d-OSL
xfantazy.com/_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js
172.64.205.27200 OK 5.4 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js
IP 172.64.205.27:0
File type ASCII text, with very long lines (12210), with no line terminators
Hash f3e2f821461da4adce65329e74801ccb
8741ce2897cf36075b995e4085c965aacc512bc2
0d6618b4e40a253123b64088ea2db1e0563f6bc8979a30d0154056fbc113c4cf
GET /_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-185ecc5e0e5"
last-modified: Thu, 26 Jan 2023 06:31:09 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 587002
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MpQwKze22%2FJSCt5eJIlAb061ot6zK4bOReu%2F%2B1d9rroIFzis2SjY1jttHaWfsD63KYmYVyb9ASQ8e2YF89bP60dMjxejXLOOd%2B%2Fm04QkvrK8ite252Vduq%2FnUlEuWAE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9ed223853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/static/logo-tv-light.svg
172.64.205.27200 OK 1.8 kB URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.205.27:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1395)
Hash b455241dfcc7622dc64f84f809e12301
51c4d568bd0232197cbf1571eb445cc988a8e699
0d41dfddf9baedf72433bbd2595b6e64d4e0618ceaa96e75669a33b7bfdbac99
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Thu, 26 Jan 2023 06:25:57 GMT
etag: W/"101b-185ecc11f86"
cf-cache-status: HIT
age: 2563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q5sZpdJTI6quuOjqm7ngwCxSNTEQ%2BN%2BNZbwblgc0uGpZfj4B2Nc2MskfiJlXvKXjjMRPGr4PterAbT2s87fNrBUDwj9eQ6wBRYRbI0zYqNgoJa7L2Tr6QODCsOPP%2FlE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9fd383853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 02 Feb 2023 09:44:08 GMT
expires: Thu, 02 Feb 2023 11:44:08 GMT
cache-control: public, max-age=7200
age: 2217
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.129.229200 OK 86 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.129.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash ddf45926107f7a74103f5d00d3bf564c
03c2b22623ccf1d593513956829f891ff07f3169
c709076ef37b9b1720b78c124e329645762b476d566ed204a23cadd762e9c580
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.257.0
x-jsd-version-type: version
etag: W/"34e3a-eIUrj6hD3pmnKAQZCp7YaNtM0Rc"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:05 GMT
age: 31474
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1670-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85751
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 40 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash 395f3ca1dacbac6966a8c0950df07e68
fb52b0f21b3b368cfad76c3cee3e58e0ef28014b
61f23ebc7bb0ff965de8337092124d64d639ada0d93a46fa3ac839e702c11c73
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:05 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "5918612FDE72AAFA915509B6F584450D52900C1D"
Expires: Thu, 02 Feb 2023 21:00:00 GMT
Last-Modified: Thu, 02 Feb 2023 09:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1324
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793232ae9ed7fac0-OSL
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 60cf7644befed9c5d0a4ae572bf40834
af134838c9340e8ef49e019bc0b61e530e264659
d070fc56f70bc7f38f4d2fd41e9b72377f71a5b2f0ace15351103fd36d3f86bb
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:06 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Mon, 06 Feb 2023 07:10:20 GMT
ETag: "af134838c9340e8ef49e019bc0b61e530e264659"
Last-Modified: Thu, 02 Feb 2023 07:10:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 789
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793232b198edfac0-OSL
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1372%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102131%3Aet%3A1675333292%3Ac%3A1%3Arn%3A399971984%3Arqn%3A1%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C141%2C534%2C0%2C352%2C0%2C%2C204%2C9%2C%2C%2C%2C1398%3Aco%3A0%3Ans%3A1675333289475%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.250.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1372%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102131%3Aet%3A1675333292%3Ac%3A1%3Arn%3A399971984%3Arqn%3A1%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C141%2C534%2C0%2C352%2C0%2C%2C204%2C9%2C%2C%2C%2C1398%3Aco%3A0%3Ans%3A1675333289475%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 5493cdcc2df8e4e2b281693a5ab397b1
d5b852b4c9e1bb23dbe8481066b9a55c225ac91e
e679ea664a814fa55374caaba7440503ad74e23fb96f47109d98f3ea1fd9f31c
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1372%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102131%3Aet%3A1675333292%3Ac%3A1%3Arn%3A399971984%3Arqn%3A1%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C141%2C534%2C0%2C352%2C0%2C%2C204%2C9%2C%2C%2C%2C1398%3Aco%3A0%3Ans%3A1675333289475%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1372%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102131%3Aet%3A1675333292%3Ac%3A1%3Arn%3A399971984%3Arqn%3A1%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C141%2C534%2C0%2C352%2C0%2C%2C204%2C9%2C%2C%2C%2C1398%3Aco%3A0%3Ans%3A1675333289475%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=1133266741675333266; Path=/; SameSite=None; Secure
i=cr/g8IGc7LJ9wzsp2FWvYSB5pKyG9GHdQ/2ZnZam2wF2hPKH6ki4a0bDvv3ZylRbkh7WdfkVkjr2sr5wGMTz8Cy40RQ=; Expires=Sun, 30-Jan-2033 10:20:58 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=8514754191675333266; Expires=Fri, 02-Feb-2024 10:21:06 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8514754191675333266; Expires=Fri, 02-Feb-2024 10:21:06 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706869266.yc.1675333266#1706869266.yrts.1675333266#1706869266.yrtsi.1675333266; Expires=Fri, 02-Feb-2024 10:21:06 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 02-Feb-2023 10:21:06 GMT
last-modified: Thu, 02-Feb-2023 10:21:06 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16046
Expires: Thu, 02 Feb 2023 14:48:32 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16046
Expires: Thu, 02 Feb 2023 14:48:32 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16046
Expires: Thu, 02 Feb 2023 14:48:32 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16046
Expires: Thu, 02 Feb 2023 14:48:32 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16046
Expires: Thu, 02 Feb 2023 14:48:32 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3ec8b878955719e846affdf101852ff1
e1da96f8a801899e2987a00df071b556b279e8a9
570c9998c39a1a0bd1203a11db10a473f7b5eb89f54776ef1e40ffc7037d8351
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "570C9998C39A1A0BD1203A11DB10A473F7B5EB89F54776EF1E40FFC7037D8351"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10744
Expires: Thu, 02 Feb 2023 13:20:10 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1715c268cfd78fabf711831c9121ac53
a9c5e418b35f1d91212c46f885041b877e53fb65
5a4a0650a4360b9b48c2c92344dfc538eafb58692961a43ea5e2010cc9aeee9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A4A0650A4360B9B48C2C92344DFC538EAFB58692961A43EA5E2010CC9AEEE9B"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1729
Expires: Thu, 02 Feb 2023 10:49:55 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F601fd155-b928-42c6-bfb0-f3599f52fdf5.jpeg
34.120.237.76200 OK 2.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F601fd155-b928-42c6-bfb0-f3599f52fdf5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a1ddd54f3c344b36a26476a33ccfe20
3cc3a77f6a59cafed25fa0882e13644f4eebef50
65cef0476175fca421fef73419440b82dcb763879b79385f2cacc43f42b3237b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F601fd155-b928-42c6-bfb0-f3599f52fdf5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2530
x-amzn-requestid: 3ce99c09-61b5-4a51-97ec-c40c443238ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: freplHVZoAMFz5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dade3d-605687635e0a740e49ff78b9;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:48:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Hs72kBEkTiVNiWczvw7UONt_cbyvWuU_erpoJHQS8z1s1M601xIdug==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:28 GMT
age: 44618
etag: "3cc3a77f6a59cafed25fa0882e13644f4eebef50"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df4a4906103a8f409c066b1cded71384
22847e3926db3e3d5f6b529297a4abe8b377c3a6
84a14b73b2cc7f4641eaa5539cbee0a109ae2b05cf88d06797a2b00c8d4f0c43
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9221
x-amzn-requestid: 209c2ad4-7a1f-4867-bf98-4ca8621111a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdTBFv5IAMFgqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc13-1627a9d603c69f7760ad013b;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kAkcQOKAvuq3k-X081MLCqon-cnQJqGryVeE0fwX0a7bcXgJlySIvg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:21:38 GMT
age: 43168
etag: "22847e3926db3e3d5f6b529297a4abe8b377c3a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i697kJpdT4ZPeMLWIftWf16pWCic0-v4tL4GDKfVfTZLo-E4-3FwDQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:21:38 GMT
age: 43168
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 91987222-d376-4099-a4e9-5f877b5212be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzO2FSDIAMFktg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce325e-281a7e062ee3039d42ae8f83;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SEH32iK4aCkxhxQyu3fSlW8uVM1Oj5hwnl2U09k_THEOdAqdEeVMJw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:03:43 GMT
age: 44243
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f8260f-0039-4dd4-be49-93afef573ecb.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f8260f-0039-4dd4-be49-93afef573ecb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c56d08c13f357f91a14309b48d75e88
739ff0319e25b99fbf69b6a1c12159d4dda7549b
7f2a2004b2b587a18e99bae5ef216de0a0a12f4ab8e7c817df8eb8aa41f4be73
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f8260f-0039-4dd4-be49-93afef573ecb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5011
x-amzn-requestid: 0760d4c6-1e6b-4e68-8c90-37229f8110e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5JE0AIAMFn8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6d-43fb25a727dd969b6219bd6f;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zQlfIcpWrJw9N6I7WNmV5feaR9QNy3FUSCOJQeyAnYS0oEH12dtzqg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:35 GMT
age: 44491
etag: "739ff0319e25b99fbf69b6a1c12159d4dda7549b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23ac16a6-b0c6-4c81-9bd1-78ee332bf49a.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23ac16a6-b0c6-4c81-9bd1-78ee332bf49a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ceb09fa3caa0fcda4a6314141e2d019
d08f43956f6859e4c2385231bb5506262257445f
a2100701c69f86920b14714b19ec14db9ebfd91000f0ec2397b8f27d981bc1ee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23ac16a6-b0c6-4c81-9bd1-78ee332bf49a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14593
x-amzn-requestid: 796fc590-5a08-4765-b861-e5f707e4d7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdLoFHQoAMFaAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbe3-3f93635c337e77e453bba394;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gYo5IyA5mM2B5nw6O2QkkZ6-go2CzG8Nwb_pWSixGplAl7LsbmWUiQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:55:43 GMT
age: 44723
etag: "d08f43956f6859e4c2385231bb5506262257445f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Thu, 02 Feb 2023 11:21:06 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1149150382.1675333292&jid=1205142989&gjid=735158724&_gid=385980329.1675333292&_u=YGBAiEABBAAAAEAAI~&z=1553988467
64.233.162.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1149150382.1675333292&jid=1205142989&gjid=735158724&_gid=385980329.1675333292&_u=YGBAiEABBAAAAEAAI~&z=1553988467
IP 64.233.162.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1149150382.1675333292&jid=1205142989&gjid=735158724&_gid=385980329.1675333292&_u=YGBAiEABBAAAAEAAI~&z=1553988467 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 02 Feb 2023 10:21:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.61.225200 OK 45 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash 2f53c90c0346c78cbbe82b672ae5513e
b742bcb0bec6219f024b4206cb9f3e9f0ebdcd11
c1f1f118e618f26535cd1432bbb8d54a6726bf0742cae46e1757bdab1cf4ee62
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bf397da7efce91e5b8e13a252df75be5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d3t87ooo0697p8.cloudfront.net/?oootd=971975
143.204.42.2200 OK 114 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP 143.204.42.2:0
File type Unicode text, UTF-8 text, with very long lines (15955)
Size 114 kB (113855 bytes)
Hash 0cc1e7ef5779ac87b65a19ce9562b0da
aa6a657367c22f192877820088eaa6f74807f77c
f677f42639bede46a308ce973e52c6fa3ee5684107cea62637deb89439d2dd17
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 113855
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fVQCV2UFPQdl6ju2a2Ke7wyFzRi9E76q6GkSMknT_I0C3koT7eohCg==
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A698021506%3Arqn%3A2%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A698021506%3Arqn%3A2%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A698021506%3Arqn%3A2%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 02-Feb-2023 10:21:06 GMT
last-modified: Thu, 02-Feb-2023 10:21:06 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A546463032%3Arqn%3A5%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A546463032%3Arqn%3A5%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A546463032%3Arqn%3A5%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 02-Feb-2023 10:21:06 GMT
last-modified: Thu, 02-Feb-2023 10:21:06 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A748450774%3Arqn%3A3%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A748450774%3Arqn%3A3%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A748450774%3Arqn%3A3%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 02-Feb-2023 10:21:06 GMT
last-modified: Thu, 02-Feb-2023 10:21:06 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A58148672%3Arqn%3A4%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A58148672%3Arqn%3A4%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A58148672%3Arqn%3A4%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 02-Feb-2023 10:21:06 GMT
last-modified: Thu, 02-Feb-2023 10:21:06 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A719584857%3Arqn%3A6%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A719584857%3Arqn%3A6%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A719584857%3Arqn%3A6%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 02-Feb-2023 10:21:06 GMT
last-modified: Thu, 02-Feb-2023 10:21:06 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37182), with no line terminators
Hash 80c8df4ec85f356b835f50e38bfbcc66
bca14bcdf756700654165a7dcb63758f8f983cba
1408a3a0175b8fee277d061c1b69fdf3f6817b8c8d40a70dc059bd4a8fb625ad
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 02 Feb 2023 10:21:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 559ad576426af00684e07a806def9a8a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A210388535%3Arqn%3A7%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A210388535%3Arqn%3A7%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A210388535%3Arqn%3A7%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 02-Feb-2023 10:21:06 GMT
last-modified: Thu, 02-Feb-2023 10:21:06 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e70e9e5d74eea4fe2727fac986865133
0b1a570e9520def8578d434b6ea0cbf204a58098
ac8d96ba934b1a398256d1b309d27f6f028575ea4dd88678d0c83d2688bf86fb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AC8D96BA934B1A398256D1B309D27F6F028575EA4DD88678D0C83D2688BF86FB"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=22
Expires: Thu, 02 Feb 2023 10:21:28 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 80f52df5e0a02860681823dcf39a1486
d111804cbf5a2d82c76ef23ba669cce449f58a2b
dc92cc3256aa62c665e792c752d00c325ba5ba885c3c19052ab9a2165ce84475
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=99744
Date: Thu, 02 Feb 2023 10:21:06 GMT
Etag: "63da6996-1d7"
Expires: Fri, 03 Feb 2023 14:03:30 GMT
Last-Modified: Wed, 01 Feb 2023 13:31:02 GMT
Server: ECS (bsa/EB20)
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9OoHjn0jMRjph-Wn1gD61rDVvS7vZGqII_jMdTNWaJgsqbsEGz8L8w==
Age: 1948
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash af1288fd8b990b8ee2acb16890447255
52068ac3c8ff2ed58a9a0af148773ed42f9fd133
748f727854e72307c9073c24250156c6ecb24ae20cbdf3058cf7a29a8beff5fa
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=8bd138f5-820f-4d9e-87f0-bb1fc020e22e:1:1; expires=Sun, 30 Jan 2033 10:21:06 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7d9658ab51d515dc13f1c7f42f955b42
0cdcccbd462b02685a2fb7621b7a2b89b89688cf
6166e834b5baf8925b4a5cbe92c65cde09a87910fbe73c3834e1d3ac0409fe1f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6166E834B5BAF8925B4A5CBE92C65CDE09A87910FBE73C3834E1D3AC0409FE1F"
Last-Modified: Wed, 01 Feb 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17261
Expires: Thu, 02 Feb 2023 15:08:47 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7d9658ab51d515dc13f1c7f42f955b42
0cdcccbd462b02685a2fb7621b7a2b89b89688cf
6166e834b5baf8925b4a5cbe92c65cde09a87910fbe73c3834e1d3ac0409fe1f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6166E834B5BAF8925B4A5CBE92C65CDE09A87910FBE73C3834E1D3AC0409FE1F"
Last-Modified: Wed, 01 Feb 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17261
Expires: Thu, 02 Feb 2023 15:08:47 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7d9658ab51d515dc13f1c7f42f955b42
0cdcccbd462b02685a2fb7621b7a2b89b89688cf
6166e834b5baf8925b4a5cbe92c65cde09a87910fbe73c3834e1d3ac0409fe1f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6166E834B5BAF8925B4A5CBE92C65CDE09A87910FBE73C3834E1D3AC0409FE1F"
Last-Modified: Wed, 01 Feb 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17261
Expires: Thu, 02 Feb 2023 15:08:47 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash b1b4196883bba7470bf16128088279a6
84cabc3906f69745eacf2e79b165e75b83d06653
917f8e8a89d9481ffab9c912c1d9c88256cf0b8f4691f2c498eee257cdf27531
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=b102d4b2-1294-41bb-8e08-faae9597b22a:3:1; expires=Sun, 30 Jan 2033 10:21:06 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A298105816%3Arqn%3A9%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A298105816%3Arqn%3A9%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A298105816%3Arqn%3A9%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675333289475%3Aadb%3A2%3Ast%3A1675333292&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 02-Feb-2023 10:21:06 GMT
last-modified: Thu, 02-Feb-2023 10:21:06 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A657566194%3Arqn%3A8%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675333289475%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A657566194%3Arqn%3A8%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675333289475%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A657566194%3Arqn%3A8%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675333289475%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 02-Feb-2023 10:21:06 GMT
last-modified: Thu, 02-Feb-2023 10:21:06 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e70e9e5d74eea4fe2727fac986865133
0b1a570e9520def8578d434b6ea0cbf204a58098
ac8d96ba934b1a398256d1b309d27f6f028575ea4dd88678d0c83d2688bf86fb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AC8D96BA934B1A398256D1B309D27F6F028575EA4DD88678D0C83D2688BF86FB"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19545
Expires: Thu, 02 Feb 2023 15:46:51 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
pyoungstersofto.xyz/OWhMeVIWVy8Kb3QwLwMBUgMFKAN/XCkeBH8qfwEqeFgNOzRxH2oNO11VdU5jAF95XyJQDHFKYB8bOBgmTBtxSHRQBioWbx8ecUl8AEZ9V2IfHXFIdE0YLR5vCE48DSZVVX1PZQxbf0pgAFp4TWM
172.67.207.205204 No Content 0 B URL HTTP/2 pyoungstersofto.xyz/OWhMeVIWVy8Kb3QwLwMBUgMFKAN/XCkeBH8qfwEqeFgNOzRxH2oNO11VdU5jAF95XyJQDHFKYB8bOBgmTBtxSHRQBioWbx8ecUl8AEZ9V2IfHXFIdE0YLR5vCE48DSZVVX1PZQxbf0pgAFp4TWM
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OWhMeVIWVy8Kb3QwLwMBUgMFKAN/XCkeBH8qfwEqeFgNOzRxH2oNO11VdU5jAF95XyJQDHFKYB8bOBgmTBtxSHRQBioWbx8ecUl8AEZ9V2IfHXFIdE0YLR5vCE48DSZVVX1PZQxbf0pgAFp4TWM HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fb01aFc5wos1butyIEOIZ2JlzwlVbMGChvthy5pSwgnumakv2IUOItZdyk6LHu6KIpf82OEnx8MwtmLMMVsKkGWvZVJpMdFv74Zp6z7bl8Cp7cwC7KbmL0oSqwL%2FL3uonXlK0eGX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232b5ce33b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
racterdeet.com/bXFjMFUMEwBdagxMARYgHx1eFWcrVFF2MV4FWwc6Ah5TBmxaAVseNgEeFlQzHx4NRHsDFBcVZysJNXUtKCM7U2YkCAxaBi4wD3kdBT46A2RUEgh6LCcbAEESPiMbeiwnMzlYYS8SG2kmJQZXAAA+MFF5HQU5AFkUATobciUMGCZCEyodWmk8PCUtXhMaKBR9PiQIWgQUBx4MeQYgFCxZPgooFHlkDiIIQRE5QQR7Fj8iOVclFRBTVC0LHzFEFClBCnkWAjApAjlfFTFbMgwpOQEHACMKVBIvNCVdOV8VMnFsJB8pSAAAEixpDQk5L3glGigmYQIMKU5qZC8iKUAxGiMkah0BAAdmYBUXDWE8KBsAXh5fMyV1O1hBB3UxBhc7YmU4HDkIHAQGJX0GAgMzZh8AMg1mZDwfEwgMBzMoagRLGxBfOx1MAFdjXyMmBjQVIilB
54.192.99.24200 OK 1.2 kB URL HTTP/2 racterdeet.com/bXFjMFUMEwBdagxMARYgHx1eFWcrVFF2MV4FWwc6Ah5TBmxaAVseNgEeFlQzHx4NRHsDFBcVZysJNXUtKCM7U2YkCAxaBi4wD3kdBT46A2RUEgh6LCcbAEESPiMbeiwnMzlYYS8SG2kmJQZXAAA+MFF5HQU5AFkUATobciUMGCZCEyodWmk8PCUtXhMaKBR9PiQIWgQUBx4MeQYgFCxZPgooFHlkDiIIQRE5QQR7Fj8iOVclFRBTVC0LHzFEFClBCnkWAjApAjlfFTFbMgwpOQEHACMKVBIvNCVdOV8VMnFsJB8pSAAAEixpDQk5L3glGigmYQIMKU5qZC8iKUAxGiMkah0BAAdmYBUXDWE8KBsAXh5fMyV1O1hBB3UxBhc7YmU4HDkIHAQGJX0GAgMzZh8AMg1mZDwfEwgMBzMoagRLGxBfOx1MAFdjXyMmBjQVIilB
IP 54.192.99.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3041), with no line terminators
Hash 6239d7380f61decadacdd2429e3d190c
f118478f1ca19434b44b14ea7c0729c43f3f43b7
f838552f90c41049419b13f6312cfb7e58cdf8140d9baca0b3a4f2fa636bc5cb
GET /bXFjMFUMEwBdagxMARYgHx1eFWcrVFF2MV4FWwc6Ah5TBmxaAVseNgEeFlQzHx4NRHsDFBcVZysJNXUtKCM7U2YkCAxaBi4wD3kdBT46A2RUEgh6LCcbAEESPiMbeiwnMzlYYS8SG2kmJQZXAAA+MFF5HQU5AFkUATobciUMGCZCEyodWmk8PCUtXhMaKBR9PiQIWgQUBx4MeQYgFCxZPgooFHlkDiIIQRE5QQR7Fj8iOVclFRBTVC0LHzFEFClBCnkWAjApAjlfFTFbMgwpOQEHACMKVBIvNCVdOV8VMnFsJB8pSAAAEixpDQk5L3glGigmYQIMKU5qZC8iKUAxGiMkah0BAAdmYBUXDWE8KBsAXh5fMyV1O1hBB3UxBhc7YmU4HDkIHAQGJX0GAgMzZh8AMg1mZDwfEwgMBzMoagRLGxBfOx1MAFdjXyMmBjQVIilB HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1191
date: Thu, 02 Feb 2023 10:21:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: XgnLv_0KTPsaWlWZQuTtOeZyFC5SiilrxmgT25CuY3yaKOT9bK11tg==
X-Firefox-Spdy: h2
pyoungstersofto.xyz/OHc3WDMXSFQrDnUwZSFhfC5wDWZyTnYZaWAmWRVwehtPH1BfMhEsWlxKDm8ADEAEfkNREwppCx4EQzlHTQQKaRVRGVE3Dh4BCmkdCFkFdgEeAgppFUwHVj8OCVFHLEdUSgZuBA1EBGsBAUUDbQE
172.67.207.205204 No Content 0 B URL HTTP/2 pyoungstersofto.xyz/OHc3WDMXSFQrDnUwZSFhfC5wDWZyTnYZaWAmWRVwehtPH1BfMhEsWlxKDm8ADEAEfkNREwppCx4EQzlHTQQKaRVRGVE3Dh4BCmkdCFkFdgEeAgppFUwHVj8OCVFHLEdUSgZuBA1EBGsBAUUDbQE
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OHc3WDMXSFQrDnUwZSFhfC5wDWZyTnYZaWAmWRVwehtPH1BfMhEsWlxKDm8ADEAEfkNREwppCx4EQzlHTQQKaRVRGVE3Dh4BCmkdCFkFdgEeAgppFUwHVj8OCVFHLEdUSgZuBA1EBGsBAUUDbQE HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ED%2BZJDEtTKltH5YbrroNlvbNEs4DSeQ2cv%2Bl2eKuw4R6nn8mj1OKJ3ialHC%2Btv9Eqg%2BNXE6BC7sa6nZS7pxtw5F83BK9%2FJ0dnUW47t%2BZokFbSAp9xhFqCLfi07WxvRCJ5zWZQiR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232b5de38b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pyoungstersofto.xyz/dFBXR0tbbzQ0dhUIPy8GGDQGEyc5EQ0Bej8GBhU9I2BuEwkzGXEzIhBtbnB6TWdiYTsdNGp0eVIjIyY/ASNqdXtEZ3EuJRI/anZtAm1naXJaYXl3bQFtZmE/BDEwenpSICMzJ0lhYXB+R2NkdXJGZGN0
172.67.207.205204 No Content 0 B URL HTTP/2 pyoungstersofto.xyz/dFBXR0tbbzQ0dhUIPy8GGDQGEyc5EQ0Bej8GBhU9I2BuEwkzGXEzIhBtbnB6TWdiYTsdNGp0eVIjIyY/ASNqdXtEZ3EuJRI/anZtAm1naXJaYXl3bQFtZmE/BDEwenpSICMzJ0lhYXB+R2NkdXJGZGN0
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dFBXR0tbbzQ0dhUIPy8GGDQGEyc5EQ0Bej8GBhU9I2BuEwkzGXEzIhBtbnB6TWdiYTsdNGp0eVIjIyY/ASNqdXtEZ3EuJRI/anZtAm1naXJaYXl3bQFtZmE/BDEwenpSICMzJ0lhYXB+R2NkdXJGZGN0 HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WFpfYb7p%2F0ceGvRiKEUMQClaSWwgzrWb%2Fq%2BIQv2blayaEbvZOTN%2Fh13Vb9yYJULZb%2FIrlHJn%2FDh92NjLx%2BJxUVB4c5tsy2TYRdUMXqoTQwdaeB4poglcq3bbb%2FIbshrjok7nI69q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232b5de3eb4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pyoungstersofto.xyz/eWRCTFJWWyE/bzRUKTYfLFwGKTUwJScdEEElNRpnOCwxABExUGQ4Ox1Ze3pgSVV2aiIQAH99dAoQIzgnCllzajsXAi1xdA9Zc2JhTUpxfXxLQjdxY18QMi01RFVkPCYNCH99ZE5RcX9hS11weGpM
172.67.207.205204 No Content 0 B URL HTTP/2 pyoungstersofto.xyz/eWRCTFJWWyE/bzRUKTYfLFwGKTUwJScdEEElNRpnOCwxABExUGQ4Ox1Ze3pgSVV2aiIQAH99dAoQIzgnCllzajsXAi1xdA9Zc2JhTUpxfXxLQjdxY18QMi01RFVkPCYNCH99ZE5RcX9hS11weGpM
IP 172.67.207.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eWRCTFJWWyE/bzRUKTYfLFwGKTUwJScdEEElNRpnOCwxABExUGQ4Ox1Ze3pgSVV2aiIQAH99dAoQIzgnCllzajsXAi1xdA9Zc2JhTUpxfXxLQjdxY18QMi01RFVkPCYNCH99ZE5RcX9hS11weGpM HTTP/1.1
Host: pyoungstersofto.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hfTOjsy%2BF%2FUZlUCV0KupSCtJFWco3pKu3mRM5pshmtfc0JuDRIsssx6grLxz99GpC1hxkB%2BYR%2FDrFZvCHmgymbz4TvEA45n9%2FOhZGdMKGPsWjOFYzhap%2FQPGAUaBrgdmxHFB5uRD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232b5ee43b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
racterdeet.com/c0dobHkSJQsBRhJ6CkoMAStVSUs1YloqHUAzUFsWHChYWkBEN1BCGh8oHQgfASgGGFcdIhxJSzUXCQcRRh0EPTM5PwstGAtzACQvBzMwNA09Ej8INDogByY2GzdZIRAQJioWDgcBKjlMMC4qLTAxBhs+Pyk+KgUSKwY/ADQ/FQsqGCUzHSs4OnU+XwEVAhI6ITkVMQ8pIh4DKzw9KiQkSCsRBiogFgEtPikiFhsqETYpPF8JOQQrLikWLAQ0IzYVXDQ/JhA8Xwk5AjxcPBUsWSgjCi8cP0gqNDAkARAROjYpFiwDOTAYfl8jPxcsMF4jORNbKiAWBUVYPT0wLQIhNRY7OzEbDj4BKxEiLQQ9KSsHGTwxFhAoOhAFOV4gACI9AC0WKxgZPTUzBEoTACgGHEQ4BiYBDSc1KT87Kg
54.192.99.24200 OK 1.2 kB URL HTTP/2 racterdeet.com/c0dobHkSJQsBRhJ6CkoMAStVSUs1YloqHUAzUFsWHChYWkBEN1BCGh8oHQgfASgGGFcdIhxJSzUXCQcRRh0EPTM5PwstGAtzACQvBzMwNA09Ej8INDogByY2GzdZIRAQJioWDgcBKjlMMC4qLTAxBhs+Pyk+KgUSKwY/ADQ/FQsqGCUzHSs4OnU+XwEVAhI6ITkVMQ8pIh4DKzw9KiQkSCsRBiogFgEtPikiFhsqETYpPF8JOQQrLikWLAQ0IzYVXDQ/JhA8Xwk5AjxcPBUsWSgjCi8cP0gqNDAkARAROjYpFiwDOTAYfl8jPxcsMF4jORNbKiAWBUVYPT0wLQIhNRY7OzEbDj4BKxEiLQQ9KSsHGTwxFhAoOhAFOV4gACI9AC0WKxgZPTUzBEoTACgGHEQ4BiYBDSc1KT87Kg
IP 54.192.99.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Hash c59f26fedacd7f2f982c599441841f8d
d64cb051b6c0eee5f0ab35bae60d86c98481f984
1907f8c4c0ca5ea0a9b47104546362c6b24b6dd2a77f539a2a93c4f858f4de71
GET /c0dobHkSJQsBRhJ6CkoMAStVSUs1YloqHUAzUFsWHChYWkBEN1BCGh8oHQgfASgGGFcdIhxJSzUXCQcRRh0EPTM5PwstGAtzACQvBzMwNA09Ej8INDogByY2GzdZIRAQJioWDgcBKjlMMC4qLTAxBhs+Pyk+KgUSKwY/ADQ/FQsqGCUzHSs4OnU+XwEVAhI6ITkVMQ8pIh4DKzw9KiQkSCsRBiogFgEtPikiFhsqETYpPF8JOQQrLikWLAQ0IzYVXDQ/JhA8Xwk5AjxcPBUsWSgjCi8cP0gqNDAkARAROjYpFiwDOTAYfl8jPxcsMF4jORNbKiAWBUVYPT0wLQIhNRY7OzEbDj4BKxEiLQQ9KSsHGTwxFhAoOhAFOV4gACI9AC0WKxgZPTUzBEoTACgGHEQ4BiYBDSc1KT87Kg HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Thu, 02 Feb 2023 10:21:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: Gf4JRXIsW-Xv71ThX5x0FtKTNKTbzHoi9o1YI9SKbl7DGXbwpLQT1g==
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 62eaeb13a1754898f3cf9705521d7006
1e19795248e9fdc846b4e21cfac713d909c6f56f
d634fb511d5e7c62267de7f4bc580692a4d2115a5010b3c47c5283bc4bb4e9bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D634FB511D5E7C62267DE7F4BC580692A4D2115A5010B3C47C5283BC4BB4E9BF"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2044
Expires: Thu, 02 Feb 2023 10:55:10 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 62eaeb13a1754898f3cf9705521d7006
1e19795248e9fdc846b4e21cfac713d909c6f56f
d634fb511d5e7c62267de7f4bc580692a4d2115a5010b3c47c5283bc4bb4e9bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D634FB511D5E7C62267DE7F4BC580692A4D2115A5010B3C47C5283BC4BB4E9BF"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2044
Expires: Thu, 02 Feb 2023 10:55:10 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7d9658ab51d515dc13f1c7f42f955b42
0cdcccbd462b02685a2fb7621b7a2b89b89688cf
6166e834b5baf8925b4a5cbe92c65cde09a87910fbe73c3834e1d3ac0409fe1f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6166E834B5BAF8925B4A5CBE92C65CDE09A87910FBE73C3834E1D3AC0409FE1F"
Last-Modified: Wed, 01 Feb 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17261
Expires: Thu, 02 Feb 2023 15:08:47 GMT
Date: Thu, 02 Feb 2023 10:21:06 GMT
Connection: keep-alive
racterdeet.com/dmppOEcXCApVeBdXCx4yBAZUHXUwT1t+I0UeUQ8oGQVZDn5BGlEWJBoFHFwhBAUHTGkYDx0ddTAiDQgrOyc+dRI8AyNgHzcnDnMGDgs4YDNOKy9cFT8QUF0DJw5ZfHY/Wzh7DgQzE3IBOj0ZfgAkJFleBRU6L1EkBC4sbRQ8E1F1EhovBnMBOA84Cn9COzhPJBIpBV4CETNQdBE/Oi9rdgc4KHIMPCkndAQeGQV0FSQ4JGA/Hys8YgETPTt/BB4BHXF3Lzs8VjNOMhFcFBNZHnkSRwZcWRY/AjxWM044DlcdEFkObRIyPBpeIDMIOGB2BisAfhQTWURAAzA8Iw4DJyg9aSoSUi59HTAPOkwSNygeVSYnJwVqHxpTKG4JMQ8xCBIjPwpODSMnLn0UL1ovfgIODyFPAiI/DU4IJxI6Hi0FBQdIejUJPw8sETg4CiM
54.192.99.24200 OK 1.2 kB URL HTTP/2 racterdeet.com/dmppOEcXCApVeBdXCx4yBAZUHXUwT1t+I0UeUQ8oGQVZDn5BGlEWJBoFHFwhBAUHTGkYDx0ddTAiDQgrOyc+dRI8AyNgHzcnDnMGDgs4YDNOKy9cFT8QUF0DJw5ZfHY/Wzh7DgQzE3IBOj0ZfgAkJFleBRU6L1EkBC4sbRQ8E1F1EhovBnMBOA84Cn9COzhPJBIpBV4CETNQdBE/Oi9rdgc4KHIMPCkndAQeGQV0FSQ4JGA/Hys8YgETPTt/BB4BHXF3Lzs8VjNOMhFcFBNZHnkSRwZcWRY/AjxWM044DlcdEFkObRIyPBpeIDMIOGB2BisAfhQTWURAAzA8Iw4DJyg9aSoSUi59HTAPOkwSNygeVSYnJwVqHxpTKG4JMQ8xCBIjPwpODSMnLn0UL1ovfgIODyFPAiI/DU4IJxI6Hi0FBQdIejUJPw8sETg4CiM
IP 54.192.99.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash 02c66166f596595f300de9bba0abe7a2
24e238bc224853ec111ac967979f9640279be23a
fdff2a056917e7dd3821a16fc53e24bb2cba7f058d6c39d08f41f8b33c53e325
GET /dmppOEcXCApVeBdXCx4yBAZUHXUwT1t+I0UeUQ8oGQVZDn5BGlEWJBoFHFwhBAUHTGkYDx0ddTAiDQgrOyc+dRI8AyNgHzcnDnMGDgs4YDNOKy9cFT8QUF0DJw5ZfHY/Wzh7DgQzE3IBOj0ZfgAkJFleBRU6L1EkBC4sbRQ8E1F1EhovBnMBOA84Cn9COzhPJBIpBV4CETNQdBE/Oi9rdgc4KHIMPCkndAQeGQV0FSQ4JGA/Hys8YgETPTt/BB4BHXF3Lzs8VjNOMhFcFBNZHnkSRwZcWRY/AjxWM044DlcdEFkObRIyPBpeIDMIOGB2BisAfhQTWURAAzA8Iw4DJyg9aSoSUi59HTAPOkwSNygeVSYnJwVqHxpTKG4JMQ8xCBIjPwpODSMnLn0UL1ovfgIODyFPAiI/DU4IJxI6Hi0FBQdIejUJPw8sETg4CiM HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1188
date: Thu, 02 Feb 2023 10:21:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: SxVmGc2zz3UvYOrsHNE7HcDCPANU-GLrOJ01nI4GdifEfbbWI9FmtQ==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/xVExERXc3IyojSCAlIHhOY319ckJyJjcqGSRxJyJBZh4BcxYsHw40USA2IHhHciAlKxBpaiErFGl9YiQTNnFwYwMkIy94AjooISMeOikgYwI1cSkqDT0gKCRSZgpxa0dxfnRtAD0iICoAJ2l2dRkgaXZ1RmRidGBEFml2dQA9InJxUmcOYXdHLHpwYEQWaX-Z1BSJpdwRGZHlqdV5xfnQiEjcnK2BFEn50dEdkfXR0UmZ8IiwFMSorPVJmCnV1Qnp8YjBKZQ
143.204.42.2200 OK 332 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/xVExERXc3IyojSCAlIHhOY319ckJyJjcqGSRxJyJBZh4BcxYsHw40USA2IHhHciAlKxBpaiErFGl9YiQTNnFwYwMkIy94AjooISMeOikgYwI1cSkqDT0gKCRSZgpxa0dxfnRtAD0iICoAJ2l2dRkgaXZ1RmRidGBEFml2dQA9InJxUmcOYXdHLHpwYEQWaX-Z1BSJpdwRGZHlqdV5xfnQiEjcnK2BFEn50dEdkfXR0UmZ8IiwFMSorPVJmCnV1Qnp8YjBKZQ
IP 143.204.42.2:0
File type ASCII text, with very long lines (416), with no line terminators
Hash 3ab5472cd581b7346e92448dc077dadc
bcc601dfe71aa98261e7bbcc51362623d7e683f3
dddaf301175df5cab46e00902aac2fc52bd2f0998e4dd8a4571c5810dcad0835
GET /xVExERXc3IyojSCAlIHhOY319ckJyJjcqGSRxJyJBZh4BcxYsHw40USA2IHhHciAlKxBpaiErFGl9YiQTNnFwYwMkIy94AjooISMeOikgYwI1cSkqDT0gKCRSZgpxa0dxfnRtAD0iICoAJ2l2dRkgaXZ1RmRidGBEFml2dQA9InJxUmcOYXdHLHpwYEQWaX-Z1BSJpdwRGZHlqdV5xfnQiEjcnK2BFEn50dEdkfXR0UmZ8IiwFMSorPVJmCnV1Qnp8YjBKZQ HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://racterdeet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 332
date: Thu, 02 Feb 2023 10:21:07 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _38MfsXDpyQ_Nmwu7uqVBDEqyS5re-FKvEuPYbceH0bUa4Fofzs8Xw==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/Pakh5ZlQJJxcAax4hHVttXXtNUWdMIgoJOhp1MicaBzwtFBU5CiBAIBAsRFZyBikXAWlMLRcFaVtuGAI2V3xfEzVXJRYcPQYkGENmLH1XVnFYeFERPQQsFhEnT3pJCCBPeklXZER4XFUWT3pJET0Efk1DZyhtS1YsXHxcVRZPekkUIk97OFdkX2ZJT3FYeB-4DNwEnXFQSWHhIVmRbeEhDZlouEBQxDCcBQ2YseUlTelpuDFtl
143.204.42.2200 OK 182 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/Pakh5ZlQJJxcAax4hHVttXXtNUWdMIgoJOhp1MicaBzwtFBU5CiBAIBAsRFZyBikXAWlMLRcFaVtuGAI2V3xfEzVXJRYcPQYkGENmLH1XVnFYeFERPQQsFhEnT3pJCCBPeklXZER4XFUWT3pJET0Efk1DZyhtS1YsXHxcVRZPekkUIk97OFdkX2ZJT3FYeB-4DNwEnXFQSWHhIVmRbeEhDZlouEBQxDCcBQ2YseUlTelpuDFtl
IP 143.204.42.2:0
File type ASCII text, with no line terminators
Hash ab80cb8f8fabf8fc52afd8487d15f067
e21789d9fe914501b913ecac55c8ff121d12c8a3
db87429f14f9b8ab90abd08afd65ecaf0023df50b05684ee1e7f33dda0722c73
GET /Pakh5ZlQJJxcAax4hHVttXXtNUWdMIgoJOhp1MicaBzwtFBU5CiBAIBAsRFZyBikXAWlMLRcFaVtuGAI2V3xfEzVXJRYcPQYkGENmLH1XVnFYeFERPQQsFhEnT3pJCCBPeklXZER4XFUWT3pJET0Efk1DZyhtS1YsXHxcVRZPekkUIk97OFdkX2ZJT3FYeB-4DNwEnXFQSWHhIVmRbeEhDZlouEBQxDCcBQ2YseUlTelpuDFtl HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://racterdeet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 182
date: Thu, 02 Feb 2023 10:21:07 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: daE1c4MrsXbzJmb7nxYYjnuxpToMA8_cqJlE5TBZraNw82Nu598jvQ==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/Hd0lMMWMUJiJXXAMgKAxaQXt8AFdRIz9eDQd0D1I1QCIrYzJFLWpFGRN0fBcPFicrDEUSJy8MUlEoKFNeQ284QQwcdClfEgY9LVIPFS1qRAJKJCNLChslLRRRMXxiAUZFeWRGChktI0YQUnt8XxdSe3wAU1l5aQIhUnt8RgoZf3gUUDVsfgEbQX1pAiFSe3-xDFVJ6DQBTQmd8GEZFeStUABwmaQMlRXl9AVNGeX0UUUcvJUMGESY0FFExeHwETUdvOQxS
143.204.42.2200 OK 563 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/Hd0lMMWMUJiJXXAMgKAxaQXt8AFdRIz9eDQd0D1I1QCIrYzJFLWpFGRN0fBcPFicrDEUSJy8MUlEoKFNeQ284QQwcdClfEgY9LVIPFS1qRAJKJCNLChslLRRRMXxiAUZFeWRGChktI0YQUnt8XxdSe3wAU1l5aQIhUnt8RgoZf3gUUDVsfgEbQX1pAiFSe3-xDFVJ6DQBTQmd8GEZFeStUABwmaQMlRXl9AVNGeX0UUUcvJUMGESY0FFExeHwETUdvOQxS
IP 143.204.42.2:0
File type ASCII text, with very long lines (810), with no line terminators
Hash e018121c1dc990100e3148d33c6c790b
0b35dd17aba118a4741f86caeca7832a42b36ab5
09d996618b3c6a612cde443bbb79ade6fa819fd79ebe6ca1e5f651d0c1d16dad
GET /Hd0lMMWMUJiJXXAMgKAxaQXt8AFdRIz9eDQd0D1I1QCIrYzJFLWpFGRN0fBcPFicrDEUSJy8MUlEoKFNeQ284QQwcdClfEgY9LVIPFS1qRAJKJCNLChslLRRRMXxiAUZFeWRGChktI0YQUnt8XxdSe3wAU1l5aQIhUnt8RgoZf3gUUDVsfgEbQX1pAiFSe3-xDFVJ6DQBTQmd8GEZFeStUABwmaQMlRXl9AVNGeX0UUUcvJUMGESY0FFExeHwETUdvOQxS HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://racterdeet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 563
date: Thu, 02 Feb 2023 10:21:07 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6r8wbN8ZOVEJJchlGvDva6tj52k51WQ1td8Vhwof6zTcp5EVkRilGg==
X-Firefox-Spdy: h2
sweepfrequencydissolved.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.137.52200 OK 29 kB URL HTTP/1.1 sweepfrequencydissolved.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash db7fa51129d2a978efc96d3c96617172
ab8bd4516c88036c7d93e290e32289672d89fde6
f780ca4186f7b4fa787a2f02be66222ee30ee819481c6b66bf5a18dd69031e85
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 928ba0d04a700074c53514090fb0d706
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sweepfrequencydissolved.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.137.52200 OK 29 kB URL HTTP/1.1 sweepfrequencydissolved.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 3df89e38d3dff1e2e88f2d3c9c5a6328
03d44db69f3a5854771b1378ecabc430fceda270
de0e43df95ea745ecbdf6be37864de837ac63dedf407b8e0adf0d9a966768044
Analyzer Verdict Alert quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b003b00538bbfdc01571a640846167d8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sweepfrequencydissolved.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=b102d4b2-1294-41bb-8e08-faae9597b22a%3A3%3A1
173.233.137.52200 OK 4.0 kB URL HTTP/1.1 sweepfrequencydissolved.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=b102d4b2-1294-41bb-8e08-faae9597b22a%3A3%3A1
IP 173.233.137.52:0
File type JSON data\012- , ASCII text, with very long lines (5727), with no line terminators
Hash cff27ff69a6466ef9e34a30d29a58785
c6953e2333c521706303708561c57e45275f59b9
d4054de2f5354eab6b4b286f0d7c4b282afdbd6be01917805d02d4c31014b0a9
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=b102d4b2-1294-41bb-8e08-faae9597b22a%3A3%3A1 HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:07 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Fri, 03 Feb 2023 10:21:07 GMT; secure; SameSite=None
uid_id2=b102d4b2-1294-41bb-8e08-faae9597b22a:3:1; expires=Thu, 09 Feb 2023 10:21:07 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 03 Feb 2023 10:21:07 GMT; secure; SameSite=None
uncs=1; expires=Fri, 03 Feb 2023 10:21:07 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 03 Feb 2023 10:21:07 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 03 Feb 2023 10:21:07 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3870583]; expires=Thu, 02 Feb 2023 10:21:12 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8bc4a3d765d608a0e37cf307e4cf815f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 47d3156a01937914d3788651a5a1df4e
9f757e95fa9ba9ea3949d29f2617040b3088464a
95796fa7ec26c1f9f6f4d1503b0034405e323786758ae835de2ae53f6e378ec5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "95796FA7EC26C1F9F6F4D1503B0034405E323786758AE835DE2AE53F6E378EC5"
Last-Modified: Thu, 02 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8275
Expires: Thu, 02 Feb 2023 12:39:02 GMT
Date: Thu, 02 Feb 2023 10:21:07 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A657566194%3Arqn%3A8%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675333289475%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
87.250.250.119302 Found 4.1 kB URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A657566194%3Arqn%3A8%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675333289475%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
File type gzip compressed data, from Unix\012- data
Hash ab2e435f4d61b5d7a1144ef5ad3a856d
9262a5c7745b1769a95bcaabdf456f15a2945eb4
5e297e92923a366aafc6bd579da8ddaaf7bfae38de7df84cc227584f0cc44fd4
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A657566194%3Arqn%3A8%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675333289475%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&charset=utf-8&hittoken=1675333266_6a1048ca878fb35453728bb9243c4aa391e7c8b2b79da5b00a4b635c8d84a1ce&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A374404018413%3Ahid%3A582854468%3Az%3A0%3Ai%3A20230202102132%3Aet%3A1675333292%3Ac%3A1%3Arn%3A657566194%3Arqn%3A8%3Au%3A1675333292310154128%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675333289475%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675333292%3At%3AOnlyfans%20-%20Bee%20-%20petitefeetbee%20-%20petitefeetbeeWould%20you%20let%20me%20rest%20my%20feet%20on%20your%20lap%20whilst%20we%20watch%20TV%20-%2022-09-2021%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
date: Thu, 02 Feb 2023 10:21:06 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=1305995021675333266; Path=/; SameSite=None; Secure
i=XmBUN/OqOhIhvxIdAlFDuFo0JToEpcEfLft5o1NDo8/igNyCDeJ1GqTvi+kX9fJ+11WxCY231Pv/P2qftqcaOKYvE4U=; Expires=Sun, 30-Jan-2033 10:21:05 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=5651375041675333266; Expires=Fri, 02-Feb-2024 10:21:06 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=5651375041675333266; Expires=Fri, 02-Feb-2024 10:21:06 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706869266.yc.1675333266#1706869266.yrts.1675333266#1706869266.yrtsi.1675333266; Expires=Fri, 02-Feb-2024 10:21:06 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 02-Feb-2023 10:21:06 GMT
last-modified: Thu, 02-Feb-2023 10:21:06 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
inflectedminimalbits.com/pixel/purst?dl=0&th=0&sc=0&rs=3523&rd=3523&fd=736&bv=22.10.v.10&tmpl=136
192.243.61.225200 OK 0 B URL HTTP/1.1 inflectedminimalbits.com/pixel/purst?dl=0&th=0&sc=0&rs=3523&rd=3523&fd=736&bv=22.10.v.10&tmpl=136
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=3523&rd=3523&fd=736&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: inflectedminimalbits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b13b109c8c5fcca2b6ab28ec0a971cdf
b34d9e1f8e6d72be674ae7f5153b7b03eea87380
877e2f970a48c0081a4cad7a7833d24e1ca1a38a0ed7891137b032bdfbf67ce1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "877E2F970A48C0081A4CAD7A7833D24E1CA1A38A0ED7891137B032BDFBF67CE1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=908
Expires: Thu, 02 Feb 2023 10:36:15 GMT
Date: Thu, 02 Feb 2023 10:21:07 GMT
Connection: keep-alive
sweepfrequencydissolved.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l0vKviDvYiIc%2FCgYCbVPTOZaXNYjGskuGbD7krEW%2F3qSZmerqaqe3oyIIRdkD3JLF48dr5JNugGcfEmLMjEi%2BTkeJBBzME%2FwIvgVZnJwOg79Htffw%2Fqe997nx3k54QiZ5OtD0xfxzFbblRp5fVtnUhTuMrmnYpPq3S1sq2TlfpqpTf92O5bPm1U6RuV95TYNcsB9Sn1qV9Z11ZFprc8Y6HTk9CvhrRaD6p%2Bo46e%2FT92uQfHPMjuOXkRWo6f2vnpMbQYIel8e1253cykb77byWOWGYuuPP4w2U1MkaCzKCPrIUqO590wbkzIl5dgkuP5BDDdw%2BkE4HpMvF998OR4LhO8e3ShlMdQCbh8BkV3BBWPoNkIwtyDlj8TQEhs3kTSebhpbMH2Llg2Zcfkyt9%2FQRdjcuX3q0g636zFule5beI80yZx6EUldG8E3R4hzU%2BR9T3o4hQiuwstCZJOCS0nr3GfBrLOgyU%2FCOtLdZ%2FzpZairaWIMRU2wiYPAjazRusRdDRCrAZg7jJy5yHXHvLIQ5566MhJhTXCiNJmxKNarVUXQtRqQjRaK7Iha%2FVWRJGLqfYBsnQAEQ8g7D5Su49d%2FWBMyN1D2PwHuJ0STnpwGUFXligUQeEICkZQaIIiIyi65ZGMXeDKhzJ2OffnOZjnWjk0WfuAHZmsrRJykJ6TF2au%2Ffns99hVkwoLojCkkU%2FrzRW64oumH0pf%2BIzVWKCEDOB0Ce0ugTkPfT0mV1%2F%2BA%2Bl0lZ%2F%2BA85O4eJTCP08WP4KWDFsBhRsZ1hvUfSTk17Ekoz196rCdCBNiTS7gmzPO4jPyUszHavPFVDi7Np3tVlA2BKpLfGJ%2FpGgHd8f3jIFObxlCkce30wz3dF9Nt3s7Yxl6vLX76u9wli5cd0NvnpbTIlpeXJHuewGS6RO2o48WtNSKrturFDkyYbbVnwrdztruU3y9MbWO%2BsbndQq57RJRmB6TMhkA0KPydNPPp5d7auPPoK2I9i8RCc%2FI%2FOANqcQ6T5cutDvDIGNFz089VDk5dAGfPEz1gSxWmDGS7j%2FYL6oD9x9tK0Hlt2b3WrXlujGJVg8gMsvD7PUnl37Zf44j70hj613yGMbP7gw1%2BlJRTUiGikaKB6FPGoyKsOoHnIW%2BqrJG8xH5sbit8%2B%2F%2BBcAAP%2F%2FAQAA%2F%2F9uBtzTjQQAAA%3D%3D
173.233.137.52200 OK 42 B URL HTTP/1.1 sweepfrequencydissolved.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l0vKviDvYiIc%2FCgYCbVPTOZaXNYjGskuGbD7krEW%2F3qSZmerqaqe3oyIIRdkD3JLF48dr5JNugGcfEmLMjEi%2BTkeJBBzME%2FwIvgVZnJwOg79Htffw%2Fqe997nx3k54QiZ5OtD0xfxzFbblRp5fVtnUhTuMrmnYpPq3S1sq2TlfpqpTf92O5bPm1U6RuV95TYNcsB9Sn1qV9Z11ZFprc8Y6HTk9CvhrRaD6p%2Bo46e%2FT92uQfHPMjuOXkRWo6f2vnpMbQYIel8e1253cykb77byWOWGYuuPP4w2U1MkaCzKCPrIUqO590wbkzIl5dgkuP5BDDdw%2BkE4HpMvF998OR4LhO8e3ShlMdQCbh8BkV3BBWPoNkIwtyDlj8TQEhs3kTSebhpbMH2Llg2Zcfkyt9%2FQRdjcuX3q0g636zFule5beI80yZx6EUldG8E3R4hzU%2BR9T3o4hQiuwstCZJOCS0nr3GfBrLOgyU%2FCOtLdZ%2FzpZairaWIMRU2wiYPAjazRusRdDRCrAZg7jJy5yHXHvLIQ5566MhJhTXCiNJmxKNarVUXQtRqQjRaK7Iha%2FVWRJGLqfYBsnQAEQ8g7D5Su49d%2FWBMyN1D2PwHuJ0STnpwGUFXligUQeEICkZQaIIiIyi65ZGMXeDKhzJ2OffnOZjnWjk0WfuAHZmsrRJykJ6TF2au%2Ffns99hVkwoLojCkkU%2FrzRW64oumH0pf%2BIzVWKCEDOB0Ce0ugTkPfT0mV1%2F%2BA%2Bl0lZ%2F%2BA85O4eJTCP08WP4KWDFsBhRsZ1hvUfSTk17Ekoz196rCdCBNiTS7gmzPO4jPyUszHavPFVDi7Np3tVlA2BKpLfGJ%2FpGgHd8f3jIFObxlCkce30wz3dF9Nt3s7Yxl6vLX76u9wli5cd0NvnpbTIlpeXJHuewGS6RO2o48WtNSKrturFDkyYbbVnwrdztruU3y9MbWO%2BsbndQq57RJRmB6TMhkA0KPydNPPp5d7auPPoK2I9i8RCc%2FI%2FOANqcQ6T5cutDvDIGNFz089VDk5dAGfPEz1gSxWmDGS7j%2FYL6oD9x9tK0Hlt2b3WrXlujGJVg8gMsvD7PUnl37Zf44j70hj613yGMbP7gw1%2BlJRTUiGikaKB6FPGoyKsOoHnIW%2BqrJG8xH5sbit8%2B%2F%2BBcAAP%2F%2FAQAA%2F%2F9uBtzTjQQAAA%3D%3D
IP 173.233.137.52:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58cc9f48234dcdcd5cf2a3a510899cb1
4e3675cfc04e44f6484e1a5acc8baef3dc452103
b3b0462ce05f0ccdb9c82354de8011e4a9b34a4cbfbab623976713ab8d080629
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l0vKviDvYiIc%2FCgYCbVPTOZaXNYjGskuGbD7krEW%2F3qSZmerqaqe3oyIIRdkD3JLF48dr5JNugGcfEmLMjEi%2BTkeJBBzME%2FwIvgVZnJwOg79Htffw%2Fqe997nx3k54QiZ5OtD0xfxzFbblRp5fVtnUhTuMrmnYpPq3S1sq2TlfpqpTf92O5bPm1U6RuV95TYNcsB9Sn1qV9Z11ZFprc8Y6HTk9CvhrRaD6p%2Bo46e%2FT92uQfHPMjuOXkRWo6f2vnpMbQYIel8e1253cykb77byWOWGYuuPP4w2U1MkaCzKCPrIUqO590wbkzIl5dgkuP5BDDdw%2BkE4HpMvF998OR4LhO8e3ShlMdQCbh8BkV3BBWPoNkIwtyDlj8TQEhs3kTSebhpbMH2Llg2Zcfkyt9%2FQRdjcuX3q0g636zFule5beI80yZx6EUldG8E3R4hzU%2BR9T3o4hQiuwstCZJOCS0nr3GfBrLOgyU%2FCOtLdZ%2FzpZairaWIMRU2wiYPAjazRusRdDRCrAZg7jJy5yHXHvLIQ5566MhJhTXCiNJmxKNarVUXQtRqQjRaK7Iha%2FVWRJGLqfYBsnQAEQ8g7D5Su49d%2FWBMyN1D2PwHuJ0STnpwGUFXligUQeEICkZQaIIiIyi65ZGMXeDKhzJ2OffnOZjnWjk0WfuAHZmsrRJykJ6TF2au%2Ffns99hVkwoLojCkkU%2FrzRW64oumH0pf%2BIzVWKCEDOB0Ce0ugTkPfT0mV1%2F%2BA%2Bl0lZ%2F%2BA85O4eJTCP08WP4KWDFsBhRsZ1hvUfSTk17Ekoz196rCdCBNiTS7gmzPO4jPyUszHavPFVDi7Np3tVlA2BKpLfGJ%2FpGgHd8f3jIFObxlCkce30wz3dF9Nt3s7Yxl6vLX76u9wli5cd0NvnpbTIlpeXJHuewGS6RO2o48WtNSKrturFDkyYbbVnwrdztruU3y9MbWO%2BsbndQq57RJRmB6TMhkA0KPydNPPp5d7auPPoK2I9i8RCc%2FI%2FOANqcQ6T5cutDvDIGNFz089VDk5dAGfPEz1gSxWmDGS7j%2FYL6oD9x9tK0Hlt2b3WrXlujGJVg8gMsvD7PUnl37Zf44j70hj613yGMbP7gw1%2BlJRTUiGikaKB6FPGoyKsOoHnIW%2BqrJG8xH5sbit8%2B%2F%2BBcAAP%2F%2FAQAA%2F%2F9uBtzTjQQAAA%3D%3D HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=b102d4b2-1294-41bb-8e08-faae9597b22a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:07 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: db7cdb4236227be0c479c2f1706f59e0
Strict-Transport-Security: max-age=0; includeSubdomains
inflectedminimalbits.com/pixel/purst?dl=0&th=0&sc=0&rs=3508&rd=3508&fd=586&bv=22.10.v.10&tmpl=136
192.243.61.225200 OK 0 B URL HTTP/1.1 inflectedminimalbits.com/pixel/purst?dl=0&th=0&sc=0&rs=3508&rd=3508&fd=586&bv=22.10.v.10&tmpl=136
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=3508&rd=3508&fd=586&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: inflectedminimalbits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
sweepfrequencydissolved.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l1BXMQfePGgzk0FmXRPzyQZcwjGNRJcs3F3JeKtfvVMmZqupqprepKLYRdkTzKLF4%2Bdb5INuou4ePGysEy8SE62Bwli%2FgnBs8xkYPRB1Xuvvgf1fe%2B9rw78OQnh6dnWx2ZPaU0XWvWw9ta2SoUpXG3zdi0K6%2BFKbVuli82V2mBy2f67Udiqh2%2FXPpR8xyw0wigMozCqrSsrEzNYmKJQ2aN2VG%2BH9WajHrWaGNj%2F584HcDSA6J%2BTl6FE9Uz318dQfIy09%2BM16XZyk73zQc9rmhuLvjj%2BNN1JTZGiNw8TGyBJj2fVMK4i5NtLMOnxTAFM%2F3CiAExVJPgjAkuPZzTB%2BkcXTJmGTMHEVRT9MaQeQ9ExuLkLJX4jABfYvIG092DT2ILuXqB0glbkyj9%2FQxUVufLXK0h7P6xpNajdMtrnyqQOg6SEGoyhOmNk%2FgT5XgBVnIDnd6AEQdoroUQ5Va3UGCoZQ8shqAvgJ0cF8EkAnwXoibMabbWTMFxKWBLHy03OeRxz3lpeFC0RN5eTEJ5PaA2RZ0NwPQS3%2B8jsPnbU%2FYqQO4ew%2Filct4QTAVxekeCTffRFiUISFI6goASFIihygqJfHgntGq58ILTzLJr5xszH5cjknQN6ZPKOTMlBdk5emjQleP7LN7Ejz2qNKJFxuxUmzaghw8Yij%2BMkYotcysUolozCqRLKXZrq3VMVeb11FZmqyLOrT8HoCZw%2BAVcvgvrXQIvRUiME7Y6ayyH20p9TmntLdVdSnXed8ZbLOteeQZgSWX4F%2BW5woM%2FJq9NBrbxQQPLT1Z%2FiqYHbEpkt8YX6haCj741umoIc3jSFI49vZLnqqT06GeKtnOby8vcfyd3CWLFxzQ2%2Fe49PgEn46LZ0%2BXWaCpV2HHm4poSQdt1YLsmTDbct2ZZ33TVvU59d33p%2FfaOXWemcMukYVFWEnG2Aq4o89%2BTz6YK%2B8fAzKDuG9SV6%2FpTMDMqcgGf7cNmcvzMEVs9rWBag8OXINtj8USsCLec5ZSXcf3I2jw%2FcPXRsAJrfna5l35bo6xJUD%2BH85VGe2dPV32efMx2MmLbBIdNW379orlNnNdlKwkSGDcmSNkuWaCjaSbPNaDuSS6xFI%2BSu4n9%2B%2Fc2%2FAAAA%2F%2F8BAAD%2F%2F8BTrt14BAAA
173.233.137.52200 OK 7 B URL HTTP/1.1 sweepfrequencydissolved.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l1BXMQfePGgzk0FmXRPzyQZcwjGNRJcs3F3JeKtfvVMmZqupqprepKLYRdkTzKLF4%2Bdb5INuou4ePGysEy8SE62Bwli%2FgnBs8xkYPRB1Xuvvgf1fe%2B9rw78OQnh6dnWx2ZPaU0XWvWw9ta2SoUpXG3zdi0K6%2BFKbVuli82V2mBy2f67Udiqh2%2FXPpR8xyw0wigMozCqrSsrEzNYmKJQ2aN2VG%2BH9WajHrWaGNj%2F584HcDSA6J%2BTl6FE9Uz318dQfIy09%2BM16XZyk73zQc9rmhuLvjj%2BNN1JTZGiNw8TGyBJj2fVMK4i5NtLMOnxTAFM%2F3CiAExVJPgjAkuPZzTB%2BkcXTJmGTMHEVRT9MaQeQ9ExuLkLJX4jABfYvIG092DT2ILuXqB0glbkyj9%2FQxUVufLXK0h7P6xpNajdMtrnyqQOg6SEGoyhOmNk%2FgT5XgBVnIDnd6AEQdoroUQ5Va3UGCoZQ8shqAvgJ0cF8EkAnwXoibMabbWTMFxKWBLHy03OeRxz3lpeFC0RN5eTEJ5PaA2RZ0NwPQS3%2B8jsPnbU%2FYqQO4ew%2Filct4QTAVxekeCTffRFiUISFI6goASFIihygqJfHgntGq58ILTzLJr5xszH5cjknQN6ZPKOTMlBdk5emjQleP7LN7Ejz2qNKJFxuxUmzaghw8Yij%2BMkYotcysUolozCqRLKXZrq3VMVeb11FZmqyLOrT8HoCZw%2BAVcvgvrXQIvRUiME7Y6ayyH20p9TmntLdVdSnXed8ZbLOteeQZgSWX4F%2BW5woM%2FJq9NBrbxQQPLT1Z%2FiqYHbEpkt8YX6haCj741umoIc3jSFI49vZLnqqT06GeKtnOby8vcfyd3CWLFxzQ2%2Fe49PgEn46LZ0%2BXWaCpV2HHm4poSQdt1YLsmTDbct2ZZ33TVvU59d33p%2FfaOXWemcMukYVFWEnG2Aq4o89%2BTz6YK%2B8fAzKDuG9SV6%2FpTMDMqcgGf7cNmcvzMEVs9rWBag8OXINtj8USsCLec5ZSXcf3I2jw%2FcPXRsAJrfna5l35bo6xJUD%2BH85VGe2dPV32efMx2MmLbBIdNW379orlNnNdlKwkSGDcmSNkuWaCjaSbPNaDuSS6xFI%2BSu4n9%2B%2Fc2%2FAAAA%2F%2F8BAAD%2F%2F8BTrt14BAAA
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l1BXMQfePGgzk0FmXRPzyQZcwjGNRJcs3F3JeKtfvVMmZqupqprepKLYRdkTzKLF4%2Bdb5INuou4ePGysEy8SE62Bwli%2FgnBs8xkYPRB1Xuvvgf1fe%2B9rw78OQnh6dnWx2ZPaU0XWvWw9ta2SoUpXG3zdi0K6%2BFKbVuli82V2mBy2f67Udiqh2%2FXPpR8xyw0wigMozCqrSsrEzNYmKJQ2aN2VG%2BH9WajHrWaGNj%2F584HcDSA6J%2BTl6FE9Uz318dQfIy09%2BM16XZyk73zQc9rmhuLvjj%2BNN1JTZGiNw8TGyBJj2fVMK4i5NtLMOnxTAFM%2F3CiAExVJPgjAkuPZzTB%2BkcXTJmGTMHEVRT9MaQeQ9ExuLkLJX4jABfYvIG092DT2ILuXqB0glbkyj9%2FQxUVufLXK0h7P6xpNajdMtrnyqQOg6SEGoyhOmNk%2FgT5XgBVnIDnd6AEQdoroUQ5Va3UGCoZQ8shqAvgJ0cF8EkAnwXoibMabbWTMFxKWBLHy03OeRxz3lpeFC0RN5eTEJ5PaA2RZ0NwPQS3%2B8jsPnbU%2FYqQO4ew%2Filct4QTAVxekeCTffRFiUISFI6goASFIihygqJfHgntGq58ILTzLJr5xszH5cjknQN6ZPKOTMlBdk5emjQleP7LN7Ejz2qNKJFxuxUmzaghw8Yij%2BMkYotcysUolozCqRLKXZrq3VMVeb11FZmqyLOrT8HoCZw%2BAVcvgvrXQIvRUiME7Y6ayyH20p9TmntLdVdSnXed8ZbLOteeQZgSWX4F%2BW5woM%2FJq9NBrbxQQPLT1Z%2FiqYHbEpkt8YX6haCj741umoIc3jSFI49vZLnqqT06GeKtnOby8vcfyd3CWLFxzQ2%2Fe49PgEn46LZ0%2BXWaCpV2HHm4poSQdt1YLsmTDbct2ZZ33TVvU59d33p%2FfaOXWemcMukYVFWEnG2Aq4o89%2BTz6YK%2B8fAzKDuG9SV6%2FpTMDMqcgGf7cNmcvzMEVs9rWBag8OXINtj8USsCLec5ZSXcf3I2jw%2FcPXRsAJrfna5l35bo6xJUD%2BH85VGe2dPV32efMx2MmLbBIdNW379orlNnNdlKwkSGDcmSNkuWaCjaSbPNaDuSS6xFI%2BSu4n9%2B%2Fc2%2FAAAA%2F%2F8BAAD%2F%2F8BTrt14BAAA HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=b102d4b2-1294-41bb-8e08-faae9597b22a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:07 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ac701c34a0dd222148840f9ed11755f5
Strict-Transport-Security: max-age=0; includeSubdomains
friendshipmale.com/sfp.js
172.64.203.23200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 4e8ec174152bcd8fe9d0d9f4740d62fe
e69f5933989deeee755a57c5d7209b9b55f4bd96
182b3cd0dcb268d4421a20568921f71fbd1800c68f5c334f39e58cf94147d9f0
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:06 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 9843e86dbb0e5f04e01994bbac92a222
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 02 Feb 2023 10:21:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0XO4exDoWvl7tnNZwojS5BIid%2BGkqPaS1sPxDYc8M%2Fbuh25I0jGGV959RhyCMFuW589Gxj5k%2FobPL%2B4UWZcCpKomphM7sZfOOvB2DqhYOYfpCrJNrspAEKZrf2rM6tUyjUOGq0k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232b519f07759-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.167.9200 OK 4.9 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.167.9:0
Hash 03fb672566efdc1ff7a0efbceae71bb1
d653c3d353ad1f29601204772e163348e2acef29
834351a0a29294f2121f90cb81df35860e059ce22f28861b105ab77f3a392cc7
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5114874
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0RcspM%2F4Ne5IbXdQI9wPcw7ZeQFu%2FPWf4dH6KvCxZG56a%2B03fS9FPFVgcrPVON5kWZ9Ys3DMMtiUXHxLoOCKFyIbmCH7HSI%2FiuTKypv9n7RvjLesDLRtaJpy0FFGPjqSrq5ZtlBpIS6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232bd49f223e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
172.64.167.9200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
IP 172.64.167.9:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5115496
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yA5SPI8GUCjmqqqNpse35zB%2BBN0R2P7D7pCk7cGFU%2BsFvW6FhYeFrEE1hXfKcpoGfRpd7SZkeDM5i%2FmKDTgjIHkIM1HxWuF6c61WxYIGff4UPt095kYdoBjowrYhp3MCdp8m%2FYp%2FG9kl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232bd6a2423e7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d5aa8840f812da83fc823da528a74c1a
9e7bad3462506164bd4bdb87a761352ef8131ba9
abaa07021a967e89f7786ac14efa3ce48f24e4c032376a36421cca12f5ecaeeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b1a7b37ab41ab2c241ca4b4a3bb3319a
daf83e4a20f0849dc16777ed18d21806f978c555
4b423ec7676253213ed3bab15af479edcfa43ee8bd23da39b5ee34589020e033
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4B423EC7676253213ED3BAB15AF479EDCFA43EE8BD23DA39B5EE34589020E033"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4589
Expires: Thu, 02 Feb 2023 11:37:37 GMT
Date: Thu, 02 Feb 2023 10:21:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d5aa8840f812da83fc823da528a74c1a
9e7bad3462506164bd4bdb87a761352ef8131ba9
abaa07021a967e89f7786ac14efa3ce48f24e4c032376a36421cca12f5ecaeeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e55279b0641fb8435b27a53d5af7d6e8
cd3ac0125fc6e1705f9340d797e76d4cd1045ff4
0e8644ff039742611260e8288f1466bcce8bdfa61b0bc9b6223b75836225dc34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0E8644FF039742611260E8288F1466BCCE8BDFA61B0BC9B6223B75836225DC34"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7263
Expires: Thu, 02 Feb 2023 12:22:11 GMT
Date: Thu, 02 Feb 2023 10:21:08 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bae868356becb6470806e213f97e8aa6
1a3c7ffdce0f4e9c1f59aa0cd7715f22bade5117
c9930f2471f9a8a87fddfe3989391d65e1c41b3457a3f0fbf2e2357566f81a1b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5054
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:08 GMT
Last-Modified: Thu, 02 Feb 2023 08:56:54 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d1ede23ab1ddbc0d7fa930fd3810e49e
879f79b820606c514ae97d5a3c2be12533440a51
7ec120a673fc6ae1a147829269069666ef47b0258b832030906da7dc97ab2a14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7EC120A673FC6AE1A147829269069666EF47B0258B832030906DA7DC97AB2A14"
Last-Modified: Tue, 31 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1213
Expires: Thu, 02 Feb 2023 10:41:21 GMT
Date: Thu, 02 Feb 2023 10:21:08 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 390 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash 939fb2ea74942b143e1d7dc46622b996
8272123693fad135a4584490086ecff8fd1b2044
148a3930d00b7df169f47cdff47d406ee604fc43727b8b731911825e6880ed2d
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Feb 2023 10:21:08 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-234877899%3A1675333268161852&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeBjQK2i3DZdiMAvAmRr8hKhjUEPF9jjbxXe0mfUDojMJeU_IUm7FYl9n4ALZdvAbBO1qIk
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-fyKF-T-TSCf0AckAUu_z0g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:DOewosqEp3SDyoTT9Ug4yw2TZOPzPw:lhaw2tFaToO08q3u;Path=/;Expires=Sat, 01-Feb-2025 10:21:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
racterdeet.com/utx?cb=1Q1HwgDlymlp&top=xfantazy.com&tid=971975
54.192.99.24204 No Content 0 B URL HTTP/2 racterdeet.com/utx?cb=1Q1HwgDlymlp&top=xfantazy.com&tid=971975
IP 54.192.99.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=1Q1HwgDlymlp&top=xfantazy.com&tid=971975 HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 10:21:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 02 Feb 2023 10:22:08 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: 4fw4OMZGuOgq0550KTz8-TTKA0mq6XLGVJ0mLUe6KTawximPAmr0JQ==
X-Firefox-Spdy: h2
racterdeet.com/utx?cb=gCk8aHdciZBa&top=xfantazy.com&tid=962014
54.192.99.24204 No Content 0 B URL HTTP/2 racterdeet.com/utx?cb=gCk8aHdciZBa&top=xfantazy.com&tid=962014
IP 54.192.99.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=gCk8aHdciZBa&top=xfantazy.com&tid=962014 HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 02 Feb 2023 10:21:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 02 Feb 2023 10:22:08 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: cTPnu63OZin_pfjm6UDPqs32p61h_NFL1yV3BdToV-C1ioDsMsovrg==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 390 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 5b4417353288d42f94381fd69a1c50ee
7639f989f23408532ac0b55f75daca4580cc26d8
f23be2131b8799633f36390984ee3f3b159119263aba43b46dd0df62ade590e8
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Feb 2023 10:21:08 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S487488246%3A1675333268201421&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfEuGif0rMGGZSXiguvHtGLOxRG0gCayyg-A2Eq8uigNIAbISpeNpk8KnMQhaKZAmBW0X86
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-WP6AkgMkBesAOya0sxmEZQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:uYXfZnkGJIYriqkAIVVdXTeL1m8EGw:wxqyQk1R8ip1rMW0;Path=/;Expires=Sat, 01-Feb-2025 10:21:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d06fd066caf4dfa1e21a722a5c468158
acb765577662906ae8e11242bed487ce1051db28
4b45760de269e60345d43ff2da6c5803722f7c052edd0a9f5258ce69b2ffa32f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
45.133.44.10200 OK 78 kB URL HTTP/2 cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash da6e8937f3fcec61da25fb1ea7f619e8
c1f12b107da32a253a8cd69ded672148eeda5743
29b3dcf70160206a05807816cf001886c4715a0fa27bf39170909041a50a2c6e
GET /si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: image/png
content-length: 78410
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:11 GMT
etag: "63a12937-1324a"
expires: Sat, 04 Feb 2023 10:21:08 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391866?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid=
135.181.208.216200 OK 881 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391866?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash ca295aa2a2174d2ebb8f906c28f74bf6
6e3fc313f8f993f08754b8c9212c24259b02ff54
a4650e03ec58755817df79b8c2606bab60f2063b531bd9df00bab9e1ceb451eb
GET /api/spots/391866?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=4RuU4RxSEnKoQwiOAGwk; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bae868356becb6470806e213f97e8aa6
1a3c7ffdce0f4e9c1f59aa0cd7715f22bade5117
c9930f2471f9a8a87fddfe3989391d65e1c41b3457a3f0fbf2e2357566f81a1b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5054
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:08 GMT
Last-Modified: Thu, 02 Feb 2023 08:56:54 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
racterdeet.com/floater?cs=R0ZsS1N%2BcF55YHN0WH1rdXFefWY&abt=0&red=1&sm=83&k=xfantazy%202021%20petitefeetbee%20rest%20feet%20your%20whilst%20watch%20onlyfans&v=0.9.1.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_8fMY=1675333293168&crc=1
54.192.99.24200 OK 1.5 kB URL HTTP/2 racterdeet.com/floater?cs=R0ZsS1N%2BcF55YHN0WH1rdXFefWY&abt=0&red=1&sm=83&k=xfantazy%202021%20petitefeetbee%20rest%20feet%20your%20whilst%20watch%20onlyfans&v=0.9.1.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_8fMY=1675333293168&crc=1
IP 54.192.99.24:0
File type ASCII text, with very long lines (2119), with no line terminators
Hash c88ccbf2599b3cd579d8b29f6f2266f6
3cc976e02f81d3cc091a5a8a232cd9fbb2986f49
97dea59914d3fafab61415817878bbe5d4c45d20b4b669f5f15d88a27231cd53
GET /floater?cs=R0ZsS1N%2BcF55YHN0WH1rdXFefWY&abt=0&red=1&sm=83&k=xfantazy%202021%20petitefeetbee%20rest%20feet%20your%20whilst%20watch%20onlyfans&v=0.9.1.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62379c1c76373a1d22aeaaeb&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_8fMY=1675333293168&crc=1 HTTP/1.1
Host: racterdeet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1468
date: Thu, 02 Feb 2023 10:21:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=ddf3f16e-48f7-4185-a60b-2a5cee9686bd
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: yx559M0F2Zpz4dgiyxQjH7SD5G9kwFI40maJ91eQ5QbjrceGIG_xRQ==
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 14 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
Hash 9f0302bbf5fc925290291767bc3aea9e
30ce16764da7d2884a811882c6ed1b3b03480fef
721ec592994ce9f6e405337b7c9f064c9d0e5cd7dc38b0ad695e798fce3eee19
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 7C9YjO8DTreHX6OI0RLAxidMshD1L93yONu/4CkbyeeedX2Of/53LlKGcOiapqH55GlU12IqVmyCBiZiFwQP/g==
date: Thu, 02 Feb 2023 10:21:08 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 112 kB IP 172.64.173.27:0
Size 112 kB (111736 bytes)
Hash fb4baa14042264031516349331c87156
a86964c32181351a58fa7def71ddac2480284de5
1672755b97a9c72e1b35c37176aad52d94c7209cf4da43839ec174cf6aaa5ec4
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4910
last-modified: Thu, 02 Feb 2023 08:59:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WvJJzWcqIWzNKNrppIB6FkBfRt4Q77CC7BiFdFlYzZeEMn1ZCYvu1l508dA2%2FVCV9ALNW1YK1Ry2Y1GHQEKex3c0jufIPpOjq89Xqf40KYg78i51MSI2zG0Fzv7q8OHj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232be188573fb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IuzGvnXyw67u_Dyf-A/w320h240/0.jpeg
188.72.235.186200 OK 8.0 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IuzGvnXyw67u_Dyf-A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 4b6a28fd5456c55fbeaf037c1ce0f080
f6424ce19d38f6c861537879aa129bbe36b546fd
a5635c33ec380bda92622a95fe1462c105953d05732e679636b56e72fbaf68a7
GET /thumbnail/IuzGvnXyw67u_Dyf-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: image/jpeg
content-length: 8034
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JOmV7yTwzq_krDuf_g/w320h240/0.jpeg
188.72.235.186200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JOmV7yTwzq_krDuf_g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 8f346de0f6544fb9e624b89d08762a33
2e47145bd08b2153483d0fe08478fb5620873003
1ce9226039b957835aa5f92e17a19ed29c2768b4571a5149ecef9632aa8eabd7
GET /thumbnail/JOmV7yTwzq_krDuf_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: image/jpeg
content-length: 10009
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I7jF7HLyzPi5_TyT_Q/w320h240/0.jpeg
188.72.235.186200 OK 7.2 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I7jF7HLyzPi5_TyT_Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 996ef3fc6578a9bfab8cc7f2f8e07f70
016d412e1b3fe0c9e6b40c1e1d9ab32ec1a733ee
e0c8f5f90ce9c0e2a23a398c771fa527b747096409375a7b31f7573bb9e1066a
GET /thumbnail/I7jF7HLyzPi5_TyT_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: image/jpeg
content-length: 7248
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 13 kB IP 172.64.173.27:0
File type ASCII text, with no line terminators
Hash b37e474fa86a9f4850ae49a9c085de25
b8ba3de20d5a8e7bb93ce1b9c5b433d457e912bb
5ac6324afe6cd1a67ed247f4a92be6043bc916f4ade04c01463460643519da4a
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/plain
set-cookie: csu=314768512823341@1@1675333268; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZrPqFlgZdVNTKZN8V3zjGh7lEZH2qBLHRsd3YbI5yXTbo1%2Bdqsv%2BjaqlcNCpjkKQXlkYwN%2BkZ4S81q9ynFgDzvHXmKH3bHccRdOsq2F5NUPOKt3MDXaSIazwHs8bHXit"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232be28a073fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 115 kB IP 172.64.173.27:0
Size 115 kB (114590 bytes)
Hash 83adf0e8dfed69cd1875784d204b7fb9
48e95886ed36ac76736cb899d6642b401bd4a79d
d3f9b1bceaff200e7b44e7bea74b02fb17078a52cd1c8c68df3d855f035517b5
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4910
last-modified: Thu, 02 Feb 2023 08:59:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cp6OyFPiDSiRqrcKlRWSdjPU8JciuqlCw1hgfbBNs0fCHY4NUJb6oEAzxS05owq8DFFrQDeQAy4XJ9BqIEciU8QfcCsVt4NL59Bj0aUcqbItQVTFaIHqI0BsdCMxTClu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232be289e73fb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-3GuSWgyv258TqfqQ/w320h240/0.jpeg
188.72.235.186200 OK 7.9 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-3GuSWgyv258TqfqQ/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash fc3308253139797a0a1b0bce38701c34
15afe37ccef541773657183146997e937e0200fb
b15fea8ff40b24ebe0b0fdcd40c2d2938580b5a1edd326bbe9f32f5543982c46
GET /thumbnail/J-3GuSWgyv258TqfqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: image/jpeg
content-length: 7925
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ce-b7nKkyPq__WmR-g/w320h240/0.jpeg
188.72.235.186200 OK 16 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ce-b7nKkyPq__WmR-g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash ecfd67ba720871328a9f498e37c83143
95b702571e79d3690da73b6b9d14be9c61ce83b0
551eabfcb4c47a0708e16b7d9c3640526c41ea454aa04c6360303c009c99dbf8
GET /thumbnail/ce-b7nKkyPq__WmR-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: image/jpeg
content-length: 16386
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.0 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash e87bdd8a7faea550cc54cd425f733443
f52030fa686dbf4204d07e82894defc424b33cbd
a114ed697d224699c54d97eaf7382afe076fd82b300217d7293ab23c4617265e
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=h6QfMHfxlICQ0HMdloEj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 1.6 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (579)
Hash 0f52e9957e0c8b965ca2dd4653b9010e
c834be58ae080ba5145b76edd7b9ea9baf2a656d
f1dbef69e582155e35d091f65cd50e949db6cbf0ee957c712ca78b58a65541c3
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/html; charset=utf-8
content-length: 1631
cache-control: no-cache
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.4 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 1c4586e8554d675be887e91674fe3967
756c247767915645affa6b4768d2588823341989
bae46eea229233680c3640b9760258cbd265f8b8e1836f1ed235cacf12090fea
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=h6QfMHfxlICQ0HMdloEj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420557?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.4 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/420557?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash 463365e02067bc43dacd28d3f5a24507
4486d7205d4e162fc9c2779b09903431c7255f13
fe5fddea60371c07edde19f4de0172c3941c3a0f0e827d83112d13e6a216bf37
GET /api/spots/420557?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=h6QfMHfxlICQ0HMdloEj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.3200 OK 19 kB URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash 45b3d64a55d47028def614d8e745fb29
b43cd3944a140598b180e7876b307ea39a81df68
1e402a46e07c90bcc87e815a2f6ee8d35c9b4374e26b8755eb9518e9cbe1287e
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:07 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 02 Feb 2023 11:21:07 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
sweepfrequencydissolved.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL HTTP/1.1 sweepfrequencydissolved.com/pixel/sbs?c=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=b102d4b2-1294-41bb-8e08-faae9597b22a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 52 kB URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 61ccef36e475c5d043f8a699c98749ad
b7eed4f3ad03ece3d9ee485cd6747214d5b3adee
763a38ff13342259db362218000b9d1360fef57962a281db424ac81ead53d66c
Analyzer Verdict Alert fortinet Malware
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:05 GMT
content-type: application/javascript
last-modified: Wed, 01 Feb 2023 14:03:33 GMT
etag: W/"63da7135-2a59f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0edd9f6bc061f9d64e77285b1cac290c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Elb3yTS-XloTntPZRRBO8vBhL5DdZoQ0fdWRiDH83enFfKlIeJ_kMg==
age: 86
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891822&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
95.211.229.245200 OK 1.9 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891822&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3553), with no line terminators
Hash 7f00e1f33cb8be3edd4e8c22d861d33a
708e791a4e6e7897aa08fb37a19dd1bd39ede34f
44e262f184793fa55636c678e479cf9247186b6671eff8241079ed68f00d65a9
GET /splash.php?native-settings=1&idzone=4891822&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 10:21:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c59701.602197921035113910%22%3B%7D; expires=Sat, 01 Feb 2025 10:21:08 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnxgxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnsgxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcce; expires=Fri, 03 Feb 2023 10:21:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891822%7C74337954%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 03 Feb 2023 10:21:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
95.211.229.245200 OK 1.9 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3553), with no line terminators
Hash e90e26efa91a4d435acda8e20d770c27
6b3c8c920f22255a011a77027198b476ede320bc
8f649b068caca1c5088a189c66153fbeb6bf9b1ffb918e939097d7efd59c4fda
GET /splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 10:21:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c60b92.852549163818810121%22%3B%7D; expires=Sat, 01 Feb 2025 10:21:08 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnxgxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnsgxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcce; expires=Fri, 03 Feb 2023 10:21:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C74337954%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 03 Feb 2023 10:21:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 6.1 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type assembler source, ASCII text, with very long lines (3443)
Hash 40464322b8b5ef807bdfb3672592d94c
c7ad588f78266e395ea4c545dc6fc461a280703e
0966bfc4e809b396af7b8aeb1d356ed80d4a2bce6ce9d0888dd0c943bc45f681
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=h6QfMHfxlICQ0HMdloEj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
95.211.229.245200 OK 2.0 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3639), with no line terminators
Hash 3e79ff3c48accdd602db16f1fefcec70
e60c8a198bab45d30e974e21e689b1f4357f3d9f
ac9392471cb21526ae61afde134c91cc4393b1342d2fefafe10222b0ccfc84b8
GET /splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 10:21:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c6a0d4.132279781813763769%22%3B%7D; expires=Sat, 01 Feb 2025 10:21:08 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnxgxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnogxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcceimcssmlrenxgxamrsssoabgxcce; expires=Fri, 03 Feb 2023 10:21:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C74337950%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 03 Feb 2023 10:21:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/420555?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.1 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/420555?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 8fc5730e882f51f0b8f571611dad575b
2f6bb167b9266a9a72704424122ab18ae717af41
aebd6432cdf14a7c4d9680a50c2ca90419bc875c90b9aefdae151d59e92be894
GET /api/spots/420555?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=h6QfMHfxlICQ0HMdloEj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fc5299c62612247f6a9647af817ec84a
937523a2996f7cccbe2cd42e0b821dfb8256d540
ea0dfca5fd85b2cbd392c950f05911be89f6306ede403b5cebe3a54a1da3eea9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EA0DFCA5FD85B2CBD392C950F05911BE89F6306EDE403B5CEBE3A54A1DA3EEA9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15164
Expires: Thu, 02 Feb 2023 14:33:53 GMT
Date: Thu, 02 Feb 2023 10:21:09 GMT
Connection: keep-alive
a.realsrv.com/iframe.js?idzone=4891804
185.76.9.24200 OK 3.7 kB URL HTTP/2 a.realsrv.com/iframe.js?idzone=4891804
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type Unicode text, UTF-8 text, with very long lines (10018), with no line terminators
Hash 42f5a4d8be99f33ab8af747436be949c
94129bee4d53b226c5f340b93ffc98fce86ce08a
bef1c907a99e9aad361de80905c63c6fed700ca4e0709b0bffbe6d87e20f870c
GET /iframe.js?idzone=4891804 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891804&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c6a0d4.132279781813763769%22%3B%7D; impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnxgxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnogxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcceimcssmlrenxgxamrsssoabgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C74337950%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: application/javascript
etag: W/"42b3ff9efab596b8f9adc467d91"
expires: Wed, 01 Feb 2023 17:13:40 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675337074
server: CDN77-Turbo
x-77-nzt: AblMCRSxl8//UhsAAA
x-77-nzt-ray: af585630c315a169948edb63de2d1737
x-cache: HIT
x-age: 6994
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
95.211.229.245200 OK 3.1 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5802), with no line terminators
Hash 1db5e2282d04e3612bd566fcf50e7f04
c320ce87c2ef9eb3da0ac5c0d1a0d5b440fb65c3
f6a838f4e96cae53cc506212d4917982dfe69165bbc6d978052128ae97beffab
GET /splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c6a0d4.132279781813763769%22%3B%7D; impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnxgxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnogxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcceimcssmlrenxgxamrsssoabgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C74337950%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c6a0d4.132279781813763769%22%3B%7D; expires=Sat, 01 Feb 2025 10:21:09 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrsssoalgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrsssoalgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnxgxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnogxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcceimcssmlrenogxamrsssoabgxcceimxxerrecnxgxamrsssoalgxcce; expires=Fri, 03 Feb 2023 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C41873820%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63db8e94c6a0d4.132279781813763769%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 03 Feb 2023 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C71105504%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63db8e94c6a0d4.132279781813763769%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 03 Feb 2023 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C74337950%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63db8e94c6a0d4.132279781813763769%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 03 Feb 2023 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
95.211.229.245200 OK 3.2 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5994), with no line terminators
Hash 60dbfdda7dbc13976d491980f6001121
7b848f53c67b8108673183dc2b5a9ced91344b0b
a6fabb3cb882bc6ecdf5e936e81e53bc8c54015a8a7309d85256b967c890821e
GET /splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c6a0d4.132279781813763769%22%3B%7D; impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnxgxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnogxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcceimcssmlrenxgxamrsssoabgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C74337950%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c6a0d4.132279781813763769%22%3B%7D; expires=Sat, 01 Feb 2025 10:21:09 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamrsssoalgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsssoalgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnxgxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnsgxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimxxerrxenxgxamrsssoalgxcce; expires=Fri, 03 Feb 2023 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C71105510%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63db8e94c6a0d4.132279781813763769%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 03 Feb 2023 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C74337954%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63db8e94c6a0d4.132279781813763769%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 03 Feb 2023 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C23975193%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63db8e94c6a0d4.132279781813763769%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 03 Feb 2023 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891824&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1
95.211.229.245200 OK 2.0 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891824&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3731), with no line terminators
Hash b07211f50fee354165e6db01ce554e21
f324755a3dbb586d13c4f7cecfd52c28a6032da7
f82cd4beed6be406401a84e41e6fec7d028c10b7b44f22066ff8cabf8cb32a89
GET /splash.php?native-settings=1&idzone=4891824&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c6a0d4.132279781813763769%22%3B%7D; impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnxgxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnogxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcceimcssmlrenxgxamrsssoabgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C74337950%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c6a0d4.132279781813763769%22%3B%7D; expires=Sat, 01 Feb 2025 10:21:09 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnogxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnogxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcceimcssmlrenogxamrsssoabgxcce; expires=Fri, 03 Feb 2023 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891824%7C74337950%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63db8e94c6a0d4.132279781813763769%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 03 Feb 2023 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.pncloudfl.com/pn/b0a/10a/a6c/b0a10aa6c9f37143f4a63e2bb1bfb8be79b3ef4b.png
104.22.58.221200 OK 27 kB URL HTTP/2 cdn.pncloudfl.com/pn/b0a/10a/a6c/b0a10aa6c9f37143f4a63e2bb1bfb8be79b3ef4b.png
IP 104.22.58.221:0
File type gzip compressed data, max compression\012- data
Hash 0e92f0b7533dcf71fe72c410e704b96e
5030177e9a101d1046137ac2efbfe3b3b27c8986
0a22ed5ee2696b198cafc1cd6db6089723a8cb55731460012dcf3f134c73fa70
GET /pn/b0a/10a/a6c/b0a10aa6c9f37143f4a63e2bb1bfb8be79b3ef4b.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/webp
content-length: 26892
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=70331
content-disposition: inline; filename="b0a10aa6c9f37143f4a63e2bb1bfb8be79b3ef4b.webp"
etag: def74d9769fe75363891a2868865d99a
expires: Fri, 03 Feb 2023 21:53:36 GMT
last-modified: Tue, 22 Nov 2022 09:19:36 GMT
vary: Accept
x-openstack-request-id: txa3bf70e532dd40ea8f5b2-00637c9634
x-proxy-cache: HIT
x-timestamp: 1669108775.40440
x-trans-id: txa3bf70e532dd40ea8f5b2-00637c9634
cf-cache-status: HIT
age: 44853
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 793232c408400b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 1.2 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1597), with no line terminators
Hash 49b0c70c7f443e59d9f7fe297bc7160c
a743a0af721b985d340cf5ac31010e2fb39b2e3d
381d13d04564da3f642d8c63e0ea9463a5415f4dcd53486450a588e44281ab66
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c6a0d4.132279781813763769%22%3B%7D; impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnxgxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnogxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcceimcssmlrenxgxamrsssoabgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C74337950%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
rxeosevsso.com/chicken.gif?z=1963297&pb=22b9e520451ae011ac0207bd96c1305c1675340468&psp=0iJiWxME1IOJ6z7_K6ATiMksZTkx6N8Ewc9syBi47eBjyUphx4RWFzsqMFh2EqAdwtOqA0zc0xAtj5CG82lWBkWO1DpErPfk-HK72EtZSyH_77pZuE1iY4G6qHYY3Jca1rhyJzNe4BC77dSLFi31McSc56ZfF-nlldJuDCaWdnjp3O68SB8RWvSvOT_Mzzs9IsZ5u_vsdncs7AEASK70IIbxY0K75w8H2C7FyYlpDz7jKoiYUlaQv15he2e0PFih1gWj9wHsfzjsoJj4Vwr5b9YgrOfaiuVtiSK6mVEWlMP3jFe4vuIjMQOYin8OS1Tz0czZmCGEaR7hgXAApHB3lFx5Hn_040A_yPUdxyGlKBh8V7ZBmTNI9KXgeFjiis86U8Kr6j6_1JsFtTbzQIunJq1aOGKH7sru9x9ImXmXP5rFxfWI62ktE1KBsb2Jr1oh5VPnVIy0F3_jR6THsyesiqyCiE2AW1CJ9cB_PWUxFhqi9YOcIg61BmHq_of-TiApIwR_mqiqudtzZrdo2w9MdSwGkGIiA8Ute5m5TNtd6BJU8LweKtOzNHWin7tDBSvJaz3MOdoGZpWXADIGfRSI76aQcHYyAIxyX9-acTJoaFYs_Nk4FkZ2r0kSVei88NoLw7AQarkxqc4oVbuTsNWXC-XhKCNNGcK3daf0HhSJTXSMHAI0Ru_3licLM7LFUcmutGyWvICL7xeOTXsi_xYVUTutRwHUj3Bfu5b0ZBKzwCGsIb7r4pio_OlNJGywIdfIRtvZA4QUxKYGtEf6-lQ7tOv-EYY4NxFFcm0LEGokGI9AOh-hEBk3x6Ps3l1TA6gdwXniY59X9MnWQ-n1dyWmBEcwMhj62zi_6VM3PdUhTrXVFyT4FdF1eXW3eb93IngmKLchsF1anxDR-Fpsq627ZdJ79NwgEfH98X7FP4vsJXDM2ZQHWECH7hhEElzwgF0dtG7C1SeMfnfWQxBNlZxxrjetBzAU9gZvq5xM&abvar=3&os=0
62.122.171.6200 OK 43 B URL HTTP/2 rxeosevsso.com/chicken.gif?z=1963297&pb=22b9e520451ae011ac0207bd96c1305c1675340468&psp=0iJiWxME1IOJ6z7_K6ATiMksZTkx6N8Ewc9syBi47eBjyUphx4RWFzsqMFh2EqAdwtOqA0zc0xAtj5CG82lWBkWO1DpErPfk-HK72EtZSyH_77pZuE1iY4G6qHYY3Jca1rhyJzNe4BC77dSLFi31McSc56ZfF-nlldJuDCaWdnjp3O68SB8RWvSvOT_Mzzs9IsZ5u_vsdncs7AEASK70IIbxY0K75w8H2C7FyYlpDz7jKoiYUlaQv15he2e0PFih1gWj9wHsfzjsoJj4Vwr5b9YgrOfaiuVtiSK6mVEWlMP3jFe4vuIjMQOYin8OS1Tz0czZmCGEaR7hgXAApHB3lFx5Hn_040A_yPUdxyGlKBh8V7ZBmTNI9KXgeFjiis86U8Kr6j6_1JsFtTbzQIunJq1aOGKH7sru9x9ImXmXP5rFxfWI62ktE1KBsb2Jr1oh5VPnVIy0F3_jR6THsyesiqyCiE2AW1CJ9cB_PWUxFhqi9YOcIg61BmHq_of-TiApIwR_mqiqudtzZrdo2w9MdSwGkGIiA8Ute5m5TNtd6BJU8LweKtOzNHWin7tDBSvJaz3MOdoGZpWXADIGfRSI76aQcHYyAIxyX9-acTJoaFYs_Nk4FkZ2r0kSVei88NoLw7AQarkxqc4oVbuTsNWXC-XhKCNNGcK3daf0HhSJTXSMHAI0Ru_3licLM7LFUcmutGyWvICL7xeOTXsi_xYVUTutRwHUj3Bfu5b0ZBKzwCGsIb7r4pio_OlNJGywIdfIRtvZA4QUxKYGtEf6-lQ7tOv-EYY4NxFFcm0LEGokGI9AOh-hEBk3x6Ps3l1TA6gdwXniY59X9MnWQ-n1dyWmBEcwMhj62zi_6VM3PdUhTrXVFyT4FdF1eXW3eb93IngmKLchsF1anxDR-Fpsq627ZdJ79NwgEfH98X7FP4vsJXDM2ZQHWECH7hhEElzwgF0dtG7C1SeMfnfWQxBNlZxxrjetBzAU9gZvq5xM&abvar=3&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1963297&pb=22b9e520451ae011ac0207bd96c1305c1675340468&psp=0iJiWxME1IOJ6z7_K6ATiMksZTkx6N8Ewc9syBi47eBjyUphx4RWFzsqMFh2EqAdwtOqA0zc0xAtj5CG82lWBkWO1DpErPfk-HK72EtZSyH_77pZuE1iY4G6qHYY3Jca1rhyJzNe4BC77dSLFi31McSc56ZfF-nlldJuDCaWdnjp3O68SB8RWvSvOT_Mzzs9IsZ5u_vsdncs7AEASK70IIbxY0K75w8H2C7FyYlpDz7jKoiYUlaQv15he2e0PFih1gWj9wHsfzjsoJj4Vwr5b9YgrOfaiuVtiSK6mVEWlMP3jFe4vuIjMQOYin8OS1Tz0czZmCGEaR7hgXAApHB3lFx5Hn_040A_yPUdxyGlKBh8V7ZBmTNI9KXgeFjiis86U8Kr6j6_1JsFtTbzQIunJq1aOGKH7sru9x9ImXmXP5rFxfWI62ktE1KBsb2Jr1oh5VPnVIy0F3_jR6THsyesiqyCiE2AW1CJ9cB_PWUxFhqi9YOcIg61BmHq_of-TiApIwR_mqiqudtzZrdo2w9MdSwGkGIiA8Ute5m5TNtd6BJU8LweKtOzNHWin7tDBSvJaz3MOdoGZpWXADIGfRSI76aQcHYyAIxyX9-acTJoaFYs_Nk4FkZ2r0kSVei88NoLw7AQarkxqc4oVbuTsNWXC-XhKCNNGcK3daf0HhSJTXSMHAI0Ru_3licLM7LFUcmutGyWvICL7xeOTXsi_xYVUTutRwHUj3Bfu5b0ZBKzwCGsIb7r4pio_OlNJGywIdfIRtvZA4QUxKYGtEf6-lQ7tOv-EYY4NxFFcm0LEGokGI9AOh-hEBk3x6Ps3l1TA6gdwXniY59X9MnWQ-n1dyWmBEcwMhj62zi_6VM3PdUhTrXVFyT4FdF1eXW3eb93IngmKLchsF1anxDR-Fpsq627ZdJ79NwgEfH98X7FP4vsJXDM2ZQHWECH7hhEElzwgF0dtG7C1SeMfnfWQxBNlZxxrjetBzAU9gZvq5xM&abvar=3&os=0 HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=230202052111d2a5323771474289ddc54b7a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACMMLgAAAAAAAAAB; Path=/; Expires=Sat, 04 Mar 2023 10:21:09 GMT; Secure; SameSite=None
OACIBLOCK=ACMMLgAAAABj24mg; Path=/; Expires=Sat, 04 Mar 2023 10:21:09 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Fri, 03 Feb 2023 10:21:09 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
rxeosevsso.com/chicken.gif?z=1963298&pb=22b9e520451ae011ac0207bd96c1305c1675340468&psp=s7R62ieVsaWmrkrO2HWIXrveaosNT-yGsUG4n2vzfJQQFDaCsQ2Xi97icFAaFK45B0V9I5no59OAHBq7AUulYLUzvQ2srvA5rn_PeV3S21bHfnpfISylX_Eu9T8TIV7WGB9CbhXrVYaPi8bXQ1Ey9dDvpFf6vvaYXXFr-P-OqR2NP0kLB0VPBivT2vqLQTSZi3YQ8w0vQ8bTACTui_Axe7VBKkWrjW1M-DTajh3vNgzOx13H05ODy2UgsbcTwMoIhLwnlNEA-9fkB8OW8_2UlZzKnlmFDyXHSt6uJMa0iiqmGSblpVWgb5prgupoG8ZeMkcTdMRNLs1ZehUzap2aywduC1_JTY6mVpGpMUhaPF_CJvqD3O98kACiAtMPdcwUEp6TUyeVHIsoQdYXV-U7CUyu_2scvhoB7UiXxiChtXWpXrIFiA_QtB2TOJvlqGgrLBcM93yTGw7m3zRbmm-BwimMkTqowEVFN_fIw33oeSoz1fK_cFNaWbn_dTxXrDzkibar2XkfD2DvCedwzhgd62Kb2SBJv5fOka2V49_3CTzW_Foc-bl0IyQ5GYoQt4jMN72T63rY9yvmyAoJ38xr8s3eUtIodR090M9rXyUAd5OD6BO7mpPLB_ixfIg9YDbRwSgdXxREs-72sMW1SL5HnhJGYpwdvqKwN7kBjj56uxoOOFjWWCSxxcWJpNcmcAKdYjSwzGWK3Go8TAJ7w48H4X4gciC-zScVJxIkmYUy53kKY3IwziWHOgk9MdvqMqO2pbLXnI4HT5bz4Yxndw5BvG3-ZS0hZtVQnrC-tEdMjeuzf85aCWLFicVmPvod-D9AC36GJwr3jPRCS7aZc5suzu5muoJByC3VbBGif-4fW7pYqkzPtH8Jf_GI2C9dsFUAo4BML9If1VkE4QUi-m-k5bHRSkF3pFouXm7QV4pB-juSV9vHUb_ATy8s83GFFEu2gstQ9je6vS7zzoHnfXLuRN7wOCxvyU3_LiUi&abvar=2&os=0
62.122.171.6200 OK 43 B URL HTTP/2 rxeosevsso.com/chicken.gif?z=1963298&pb=22b9e520451ae011ac0207bd96c1305c1675340468&psp=s7R62ieVsaWmrkrO2HWIXrveaosNT-yGsUG4n2vzfJQQFDaCsQ2Xi97icFAaFK45B0V9I5no59OAHBq7AUulYLUzvQ2srvA5rn_PeV3S21bHfnpfISylX_Eu9T8TIV7WGB9CbhXrVYaPi8bXQ1Ey9dDvpFf6vvaYXXFr-P-OqR2NP0kLB0VPBivT2vqLQTSZi3YQ8w0vQ8bTACTui_Axe7VBKkWrjW1M-DTajh3vNgzOx13H05ODy2UgsbcTwMoIhLwnlNEA-9fkB8OW8_2UlZzKnlmFDyXHSt6uJMa0iiqmGSblpVWgb5prgupoG8ZeMkcTdMRNLs1ZehUzap2aywduC1_JTY6mVpGpMUhaPF_CJvqD3O98kACiAtMPdcwUEp6TUyeVHIsoQdYXV-U7CUyu_2scvhoB7UiXxiChtXWpXrIFiA_QtB2TOJvlqGgrLBcM93yTGw7m3zRbmm-BwimMkTqowEVFN_fIw33oeSoz1fK_cFNaWbn_dTxXrDzkibar2XkfD2DvCedwzhgd62Kb2SBJv5fOka2V49_3CTzW_Foc-bl0IyQ5GYoQt4jMN72T63rY9yvmyAoJ38xr8s3eUtIodR090M9rXyUAd5OD6BO7mpPLB_ixfIg9YDbRwSgdXxREs-72sMW1SL5HnhJGYpwdvqKwN7kBjj56uxoOOFjWWCSxxcWJpNcmcAKdYjSwzGWK3Go8TAJ7w48H4X4gciC-zScVJxIkmYUy53kKY3IwziWHOgk9MdvqMqO2pbLXnI4HT5bz4Yxndw5BvG3-ZS0hZtVQnrC-tEdMjeuzf85aCWLFicVmPvod-D9AC36GJwr3jPRCS7aZc5suzu5muoJByC3VbBGif-4fW7pYqkzPtH8Jf_GI2C9dsFUAo4BML9If1VkE4QUi-m-k5bHRSkF3pFouXm7QV4pB-juSV9vHUb_ATy8s83GFFEu2gstQ9je6vS7zzoHnfXLuRN7wOCxvyU3_LiUi&abvar=2&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1963298&pb=22b9e520451ae011ac0207bd96c1305c1675340468&psp=s7R62ieVsaWmrkrO2HWIXrveaosNT-yGsUG4n2vzfJQQFDaCsQ2Xi97icFAaFK45B0V9I5no59OAHBq7AUulYLUzvQ2srvA5rn_PeV3S21bHfnpfISylX_Eu9T8TIV7WGB9CbhXrVYaPi8bXQ1Ey9dDvpFf6vvaYXXFr-P-OqR2NP0kLB0VPBivT2vqLQTSZi3YQ8w0vQ8bTACTui_Axe7VBKkWrjW1M-DTajh3vNgzOx13H05ODy2UgsbcTwMoIhLwnlNEA-9fkB8OW8_2UlZzKnlmFDyXHSt6uJMa0iiqmGSblpVWgb5prgupoG8ZeMkcTdMRNLs1ZehUzap2aywduC1_JTY6mVpGpMUhaPF_CJvqD3O98kACiAtMPdcwUEp6TUyeVHIsoQdYXV-U7CUyu_2scvhoB7UiXxiChtXWpXrIFiA_QtB2TOJvlqGgrLBcM93yTGw7m3zRbmm-BwimMkTqowEVFN_fIw33oeSoz1fK_cFNaWbn_dTxXrDzkibar2XkfD2DvCedwzhgd62Kb2SBJv5fOka2V49_3CTzW_Foc-bl0IyQ5GYoQt4jMN72T63rY9yvmyAoJ38xr8s3eUtIodR090M9rXyUAd5OD6BO7mpPLB_ixfIg9YDbRwSgdXxREs-72sMW1SL5HnhJGYpwdvqKwN7kBjj56uxoOOFjWWCSxxcWJpNcmcAKdYjSwzGWK3Go8TAJ7w48H4X4gciC-zScVJxIkmYUy53kKY3IwziWHOgk9MdvqMqO2pbLXnI4HT5bz4Yxndw5BvG3-ZS0hZtVQnrC-tEdMjeuzf85aCWLFicVmPvod-D9AC36GJwr3jPRCS7aZc5suzu5muoJByC3VbBGif-4fW7pYqkzPtH8Jf_GI2C9dsFUAo4BML9If1VkE4QUi-m-k5bHRSkF3pFouXm7QV4pB-juSV9vHUb_ATy8s83GFFEu2gstQ9je6vS7zzoHnfXLuRN7wOCxvyU3_LiUi&abvar=2&os=0 HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=230202052111d2a5323771474289ddc54b7a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACMMSgAAAAAAAAAB; Path=/; Expires=Sat, 04 Mar 2023 10:21:09 GMT; Secure; SameSite=None
OACIBLOCK=ACMMSgAAAABj24mg; Path=/; Expires=Sat, 04 Mar 2023 10:21:09 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Fri, 03 Feb 2023 10:21:09 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.227200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 00:48:39 GMT
expires: Tue, 30 Jan 2024 00:48:39 GMT
cache-control: public, max-age=31536000
age: 293550
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fc5299c62612247f6a9647af817ec84a
937523a2996f7cccbe2cd42e0b821dfb8256d540
ea0dfca5fd85b2cbd392c950f05911be89f6306ede403b5cebe3a54a1da3eea9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EA0DFCA5FD85B2CBD392C950F05911BE89F6306EDE403B5CEBE3A54A1DA3EEA9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15164
Expires: Thu, 02 Feb 2023 14:33:53 GMT
Date: Thu, 02 Feb 2023 10:21:09 GMT
Connection: keep-alive
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02QQWoDMQxFr9ILxEiybMtZt9sWUnIAe2KTQtLAJFOy+IevZxal+gJ/hJCeJSR+RzLyhcJeeE8ZmV0mp+I4KN4/DlDGd3ksc7mcW7k8zvfbMk/NTZelQtU0MEKMmiNyIvIRapmNFIEMgVMyIiQzpSQGJXjQkASvujpHNJpghLfjAcfP11HKnAUMgSd6SqDhVxQIQYenJyH6U7WWdYqFTurYi6ScjI19iiMzWGuIVLm1IMw1+cY9nnLv0WxwrkMJxc3jV/f5x0236wa2IQXvt/30px1vzwjC5r76XK4N+NezKm1jB6XqugHmzY8bcGpdOtepawyt1CItjjNN+gsm6LFJhAEAAA==
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02QQWoDMQxFr9ILxEiybMtZt9sWUnIAe2KTQtLAJFOy+IevZxal+gJ/hJCeJSR+RzLyhcJeeE8ZmV0mp+I4KN4/DlDGd3ksc7mcW7k8zvfbMk/NTZelQtU0MEKMmiNyIvIRapmNFIEMgVMyIiQzpSQGJXjQkASvujpHNJpghLfjAcfP11HKnAUMgSd6SqDhVxQIQYenJyH6U7WWdYqFTurYi6ScjI19iiMzWGuIVLm1IMw1+cY9nnLv0WxwrkMJxc3jV/f5x0236wa2IQXvt/30px1vzwjC5r76XK4N+NezKm1jB6XqugHmzY8bcGpdOtepawyt1CItjjNN+gsm6LFJhAEAAA==
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA02QQWoDMQxFr9ILxEiybMtZt9sWUnIAe2KTQtLAJFOy+IevZxal+gJ/hJCeJSR+RzLyhcJeeE8ZmV0mp+I4KN4/DlDGd3ksc7mcW7k8zvfbMk/NTZelQtU0MEKMmiNyIvIRapmNFIEMgVMyIiQzpSQGJXjQkASvujpHNJpghLfjAcfP11HKnAUMgSd6SqDhVxQIQYenJyH6U7WWdYqFTurYi6ScjI19iiMzWGuIVLm1IMw1+cY9nnLv0WxwrkMJxc3jV/f5x0236wa2IQXvt/30px1vzwjC5r76XK4N+NezKm1jB6XqugHmzY8bcGpdOtepawyt1CItjjNN+gsm6LFJhAEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263db8e94c6a0d4.132279781813763769%22%3B%7D; impressions=oslmrxbrnxgxamrolmocogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoancgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronsgxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacncgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronxogxamroabxmcgxcceimblelamansgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconsgxamroalrecgxcceimaoobbebnxgxamromrcocgxcceimromobabnxgxamromrcocgxcceimbrscsxcnogxamrobbbclgxcceimxlbmoscnogxamrobbbclgxcceixaoosscrnxgxamrobbbclgxcceixaoossalnxgxamrobbbclgxcceimbrsslsanogxamrobbbclgxcceimxlbmosenogxamroblrlcgxcceimsacexoonxgxamroblablgxcceimxlbalscnxgxamrolmocogxcceimxlbmxlenogxamrolmocogxcceimbbcemobnsgxamrolmocsgxcceimaooloranxgxamrolmocsgxcceimxlbmxbbnogxamrolmocsgxcceimblelambnogxamrsexccmgxcceimlxoblmonxgxamrsexccmgxcceimlxoblabnxgxamrsexccmgxcceimblelabonxgxamrsexccmgxcceimblelaabnxgxamrsexccmgxcceimblelamenxgxamrsexccmgxcceiceecmorsnxgxamrsexccmgxcceimcssmlrcnogxamrseoscsgxcceimclsaoxbncgxamrseoscsgxcceimeembescnogxamrseoscsgxcceialaroxrcnxgxamrserbeegxcceimexexabbnxgxamrserbesgxcceimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonxgxamrsxxxmrgxcceimbleabcanxgxamrsxsscagcbeimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnxgxamrssomelgxcceimcssmlrenogxamrsssoabgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891824%7C74337950%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63db8e94c6a0d4.132279781813763769%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263db8e94c6a0d4.132279781813763769%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sat, 01 Feb 2025 10:21:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/623611/08383e72ee30f54920b69f036aa7050b9906cf65.webp
185.76.9.18200 OK 10 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/08383e72ee30f54920b69f036aa7050b9906cf65.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e456e1fcd5b9782e95a8a4beafdaa6f7
08383e72ee30f54920b69f036aa7050b9906cf65
652ef2a4170f9f3331fa3efbbf4f76a170be4d96c0b22a8ad23b490ccab9b534
GET /library/623611/08383e72ee30f54920b69f036aa7050b9906cf65.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/webp
content-length: 10274
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-2822"
expires: Tue, 24 Oct 2023 13:33:05 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1702160426
server: CDN77-Turbo
x-77-nzt: AblMCQ3Rhv7/69lHAA
x-77-nzt-ray: c0a4cc28094cd916958edb632f64e915
x-cache: HIT
x-age: 4708843
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
a.medfoodsafety.com/i?tid=d4dab2e7-0ddb-40ff-9a16-6f1662120f81&cf=afgecccbfi
172.64.139.21200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=d4dab2e7-0ddb-40ff-9a16-6f1662120f81&cf=afgecccbfi
IP 172.64.139.21:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=d4dab2e7-0ddb-40ff-9a16-6f1662120f81&cf=afgecccbfi HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l9EPhTa4Hj9EThnoKov68DwO2ppi5mSYiyk%2FbiXsjevyU%2F5NmNBhOzbUPiePsX7op0FfLV96g48T3Uw9Nh5C98gzLlfmmyh60L4Q8V8kesbs%2Bd6qBYv5D1GOWnFtxrMtP%2BBbOulh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232c4ce2071f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rxeosevsso.com/get/1963297?zoneid=1963297&jp=_cl1924xyovt0w3tnftcozu&nojs=0&ix=0&abvar=3&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6583719107143783
62.122.171.6200 OK 73 kB URL HTTP/2 rxeosevsso.com/get/1963297?zoneid=1963297&jp=_cl1924xyovt0w3tnftcozu&nojs=0&ix=0&abvar=3&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6583719107143783
IP 62.122.171.6:0
Hash 6fdcafc0d8dc0fdf499da6a5ec503048
a57822ffbc635eb3205f3c78154cd824b46f1afd
f0afdff5a718ea1b83859f297fef61b736f1c7539345642992a5037043d5e3e1
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1963297?zoneid=1963297&jp=_cl1924xyovt0w3tnftcozu&nojs=0&ix=0&abvar=3&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6583719107143783 HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=230202052111d2a5323771474289ddc54b7a; Path=/; Expires=Fri, 02 Feb 2024 10:21:08 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/759202/14cdf1353d64a64ee271f5211a0dc1e60cf6f0e6.webp
185.76.9.18200 OK 7.8 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/759202/14cdf1353d64a64ee271f5211a0dc1e60cf6f0e6.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d207740399aab46e880de871c8aaed60
14cdf1353d64a64ee271f5211a0dc1e60cf6f0e6
2eeb7427375b10973a39daaccbc7adac1a143988e3fe2768ec7cacac8aa73c48
GET /library/759202/14cdf1353d64a64ee271f5211a0dc1e60cf6f0e6.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/webp
content-length: 7778
last-modified: Thu, 04 Nov 2021 11:46:24 GMT
etag: "6183c810-1e62"
expires: Tue, 24 Oct 2023 16:35:29 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1699449825
server: CDN77-Turbo
x-77-nzt: AblMCQ2hJB3/NDZxAA
x-77-nzt-ray: c0a4cc28094cd916958edb63ad386a16
x-cache: HIT
x-age: 7419444
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/140058/d35401b29d0c4fd1079651c0fde2f01f97ec11a4.webp
185.76.9.18200 OK 10 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/140058/d35401b29d0c4fd1079651c0fde2f01f97ec11a4.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dca61ca44b9a87b631eb5200c12f234c
d35401b29d0c4fd1079651c0fde2f01f97ec11a4
bc0c8c5a132af93ccc2cfbc1784f2e67119a9c72e289b8ab502561e16be71b03
GET /library/140058/d35401b29d0c4fd1079651c0fde2f01f97ec11a4.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/webp
content-length: 10254
last-modified: Wed, 03 Nov 2021 11:53:34 GMT
etag: "6182783e-280e"
expires: Fri, 30 Jun 2023 11:13:36 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195317
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ0A99z/IPEcAQ
x-77-nzt-ray: c0a4cc28094cd916958edb63538cce16
x-cache: HIT
x-age: 18673952
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/759202/f72869e4bd197ef9893235f814688df859ec2897.webp
185.76.9.18200 OK 6.6 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/759202/f72869e4bd197ef9893235f814688df859ec2897.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e02c2c5b08ffad9dbb8a645fbd759d7a
f72869e4bd197ef9893235f814688df859ec2897
736653c2e46389e17dfd30e6d9b43c7651e72789b37470c7aabbc1e8d6acccaf
GET /library/759202/f72869e4bd197ef9893235f814688df859ec2897.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/webp
content-length: 6562
last-modified: Thu, 04 Nov 2021 11:46:24 GMT
etag: "6183c810-19a2"
expires: Tue, 24 Oct 2023 14:40:02 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1699449868
server: CDN77-Turbo
x-77-nzt: AblMCQ1sVDb/CTZxAA
x-77-nzt-ray: c0a4cc28094cd916958edb63be841117
x-cache: HIT
x-age: 7419401
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/475567/e72a53ae5879bf69b140f8bde5b9881a79c6125e.webp
185.76.9.18200 OK 7.0 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/e72a53ae5879bf69b140f8bde5b9881a79c6125e.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ff0bbd45091e70de5fbd6cac20c82ead
e72a53ae5879bf69b140f8bde5b9881a79c6125e
eaa55492a10b1b8ee30f52ecd7eb3208626a4642f9241cd9bf5e416f7fdbd889
GET /library/475567/e72a53ae5879bf69b140f8bde5b9881a79c6125e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/webp
content-length: 7024
last-modified: Wed, 03 Nov 2021 19:53:39 GMT
etag: "6182e8c3-1b70"
expires: Fri, 30 Jun 2023 18:09:49 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195260
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3i5Kb/WfEcAQ
x-77-nzt-ray: c0a4cc28094cd916958edb638d306517
x-cache: HIT
x-age: 18674009
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/676799/334f1a6c3f1ff0b5f417b1d2f32991bb7e5367a0.webp
185.76.9.18200 OK 15 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/334f1a6c3f1ff0b5f417b1d2f32991bb7e5367a0.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e75534030234907de7ea4c78aeffe5e8
334f1a6c3f1ff0b5f417b1d2f32991bb7e5367a0
1fde854971dbb1f4dd0d678f46c7be0e2bc8b8c9e111a5c6e2b64435b10bed3c
GET /library/676799/334f1a6c3f1ff0b5f417b1d2f32991bb7e5367a0.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/webp
content-length: 14960
last-modified: Tue, 15 Mar 2022 12:26:31 GMT
etag: "623085f7-3a70"
expires: Fri, 30 Jun 2023 12:16:28 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195632
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ15nWz/5e8cAQ
x-77-nzt-ray: c0a4cc28094cd916958edb638d14d517
x-cache: HIT
x-age: 18673637
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cams.gratis/banner/leer.gif
172.64.164.31200 OK 290 B URL HTTP/2 cams.gratis/banner/leer.gif
IP 172.64.164.31:0
File type GIF image data, version 89a, 192 x 192\012- data
Hash 72e33229faa7e5ba8930deac92a1aae0
496e880a0024b268b4e3987c0863cdbf8a64d696
a556ed9ee99be72f01ac6bf6232e3357ad104cf28d05afd91efbaf5953df1a6a
GET /banner/leer.gif HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/banner/300x250.php?site=xfanta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/gif
content-length: 290
last-modified: Sun, 13 Jan 2019 11:23:18 GMT
cache-control: max-age=2592000
expires: Mon, 20 Feb 2023 08:27:51 GMT
cf-cache-status: HIT
age: 1043598
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x0whm%2FcrGJFkYUp6gkCe4536VIeLW4aFeUmWJgmbPqtlv0Bj2BV4Q7CNu%2BkhZolQGaE1D89R6dDh6h9nb9Jj3j86SloQeoonrOE1zAvn1gikL9bWRvqTnCzst90fcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232c5bb677761-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
185.76.9.18200 OK 25 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash dbe31828ea0277ab9845bf67aa749927
cc7211683ae26562c2df637755f311868f37c8ea
6499cca4ce115e6dcb44a71342a5c705f938fbffbe5c410b55e60051a417b917
GET /library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/jpeg
content-length: 25056
last-modified: Thu, 30 Mar 2017 09:55:25 GMT
etag: "58dcd60d-61e0"
expires: Fri, 30 Jun 2023 14:29:46 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195223
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ0oltT/fvEcAQ
x-77-nzt-ray: c0a4cc28094cd916958edb6385cfd917
x-cache: HIT
x-age: 18674046
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cams.gratis/banner/bg6.jpg
172.64.164.31200 OK 37 kB URL HTTP/2 cams.gratis/banner/bg6.jpg
IP 172.64.164.31:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 405x252, components 3\012- data
Hash 7ee983f81d742869a176e874651c7231
3072b7ce2833a2611d679374493a5533bd1bd32e
ab168995f8ac84c48b20c8850d35aa43723211710953253ce75c1811bbb0ecbc
GET /banner/bg6.jpg HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/banner/300x250.php?site=xfanta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/jpeg
content-length: 37209
last-modified: Tue, 18 Oct 2022 10:44:50 GMT
cache-control: max-age=2592000
expires: Sat, 25 Feb 2023 23:04:08 GMT
cf-cache-status: HIT
age: 559021
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3KhZH%2BGWCCybXIjhXeyMKZQ2bcDNAXW5rtG6lc0QqHEaTUlB5mOP89Amm6RqicWLtosbDNI9E5WomHqlGVohu8vClIl1Fwlzp6XNQPEA80309FV%2F3FvVgAX653O7Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232c5cb807761-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d4a52a6de3e34cfce9dac30029f3d100
75c46e62ee3052e3e004a62afb350459bbec0784
684f0a268e7f1dbb38fe0e99d1be76aad024017a11dace9c29c744803dd46736
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "684F0A268E7F1DBB38FE0E99D1BE76AAD024017A11DACE9C29C744803DD46736"
Last-Modified: Tue, 31 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13927
Expires: Thu, 02 Feb 2023 14:13:16 GMT
Date: Thu, 02 Feb 2023 10:21:09 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d4a52a6de3e34cfce9dac30029f3d100
75c46e62ee3052e3e004a62afb350459bbec0784
684f0a268e7f1dbb38fe0e99d1be76aad024017a11dace9c29c744803dd46736
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "684F0A268E7F1DBB38FE0E99D1BE76AAD024017A11DACE9C29C744803DD46736"
Last-Modified: Tue, 31 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13927
Expires: Thu, 02 Feb 2023 14:13:16 GMT
Date: Thu, 02 Feb 2023 10:21:09 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d4a52a6de3e34cfce9dac30029f3d100
75c46e62ee3052e3e004a62afb350459bbec0784
684f0a268e7f1dbb38fe0e99d1be76aad024017a11dace9c29c744803dd46736
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "684F0A268E7F1DBB38FE0E99D1BE76AAD024017A11DACE9C29C744803DD46736"
Last-Modified: Tue, 31 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13927
Expires: Thu, 02 Feb 2023 14:13:16 GMT
Date: Thu, 02 Feb 2023 10:21:09 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash a021df3d5f11377fc9087586dbe908f2
0d604f39b0279508d7b3f39c81e38995d5b6fc01
490d54522ae3d7a2b51d63f6813876f5ffe07465c61823a6793cbe814731eeb4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1824
Cache-Control: max-age=138113
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:09 GMT
Etag: "63dafff6-13a"
Expires: Sat, 04 Feb 2023 00:43:02 GMT
Last-Modified: Thu, 02 Feb 2023 00:12:38 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 314
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: "5f6dbe8d-12fee"
Expires: Fri, 03 Feb 2023 08:34:11 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgG0qwn/EhkAAA
X-77-NZT-Ray: 382b0f198e578653958edb6396ea7f17
X-Cache: HIT
X-Age: 6418
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ad6425ae068870e52d1d8bcd49e2c547
64bf7db6fa91834cf7e8f2b64d1e35df3b93f96d
ebd55d4fadc8d67e0ff6206c593ed0c5cd80cb194cb801371eca73325ad9bbe9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBD55D4FADC8D67E0FF6206C593ED0C5CD80CB194CB801371ECA73325AD9BBE9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4310
Expires: Thu, 02 Feb 2023 11:32:59 GMT
Date: Thu, 02 Feb 2023 10:21:09 GMT
Connection: keep-alive
cams.gratis/banner/300x250.php?site=xfanta
172.64.164.31200 OK 866 B URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.164.31:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (739), with CRLF line terminators
Hash f0d6a90e2300355fdd8b2823af8ace70
3e737d08931504b6b1dbeb944bd6d28c4f67298e
490ffc307c33b3d3f375ff6f14d6dfa092c7f4e0bb81efcdb0dd6e7c910e8eed
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdxWWBtEVmQ6Q%2F1pGgU%2Bd9HghtJ1hrUQylBTWy7oVUerD8%2BZUe5SmHoOle8Ef8NkUR51JXumHfXQUjEMihzUS4Q9lbwr7j17ARRBNGAMiSYSBpJYH2UuI9s3kwFdvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232c53ace7761-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.131:0
Hash d761e1c07d308221dc376a1f736b2ed7
db08f84371e46e5129f491bfa85cc1364983ecad
2a8aa8c64b3eb1cf49095f697a652a5270ec1d7068d0d482af1b14c5d20ab140
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675333294451&t_i=1675333294895&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=7546531a-fe95-4e3e-87aa-5698e519da97&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=4f09698e-a2e3-11ed-93df-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1675333294895&fpid=&feid_sa=1675333294895&sid_sa=1675333294895&feid=03e74eafdc93ae8aa7d9ec76d837b280&sid=1b35f5093a51bb3fa0edd5999cffc6f1&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.383
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675333294451&t_i=1675333294895&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=7546531a-fe95-4e3e-87aa-5698e519da97&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=4f09698e-a2e3-11ed-93df-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1675333294895&fpid=&feid_sa=1675333294895&sid_sa=1675333294895&feid=03e74eafdc93ae8aa7d9ec76d837b280&sid=1b35f5093a51bb3fa0edd5999cffc6f1&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.383
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675333294451&t_i=1675333294895&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=7546531a-fe95-4e3e-87aa-5698e519da97&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=4f09698e-a2e3-11ed-93df-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1675333294895&fpid=&feid_sa=1675333294895&sid_sa=1675333294895&feid=03e74eafdc93ae8aa7d9ec76d837b280&sid=1b35f5093a51bb3fa0edd5999cffc6f1&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.383 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Length: 0
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 31a272ef6a6e6d6a07e6d9c1fd42fee7
Strict-Transport-Security: max-age=0; includeSubdomains
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.51.106302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 02 Feb 2023 10:21:09 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7mdARiu87L2opG; SameSite=None; Secure; path=/; expires=Fri, 03-Feb-23 09:21:09 GMT; HttpOnly
server: cloudflare
cf-ray: 793232c73b0bb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ef1f5f92183aac16cdd24ec6b7e295b4
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash a021df3d5f11377fc9087586dbe908f2
0d604f39b0279508d7b3f39c81e38995d5b6fc01
490d54522ae3d7a2b51d63f6813876f5ffe07465c61823a6793cbe814731eeb4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1824
Cache-Control: max-age=138113
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:09 GMT
Etag: "63dafff6-13a"
Expires: Sat, 04 Feb 2023 00:43:02 GMT
Last-Modified: Thu, 02 Feb 2023 00:12:38 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 314
unseenreport.com/pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 832746afc1de1f79c76778852386f36e
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=b102d4b2-1294-41bb-8e08-faae9597b22a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Feb 2023 10:21:09 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8ff9b62cc21ed3b06135ffd2ffa39e77
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/s/gts1p5/1BOUYFPgk3I
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/1BOUYFPgk3I
IP 142.250.74.131:0
Hash 185a0eec589d83498058f1620cbe5f66
f98f7e14d80034efb21d9ce306332b3c1acb4233
1d5fe14083809e74061341b0f3d27fd66492a33604c2ca82b3d533e1b3bed98c
POST /s/gts1p5/1BOUYFPgk3I HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
camschat.net/900250/adnium.php
66.230.180.98200 OK 918 B URL HTTP/2 camschat.net/900250/adnium.php
IP 66.230.180.98:0
Hash 32d5f5b87518e0c4fab5fce4f02a71b5
d317a0ec83e250beaa2543e37c5897be56ff71bb
d533daaef8ccd0c4c1368882331c1732ace05b4e0671cd60d42062439dce5791
GET /900250/adnium.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3-4ubuntu2.17
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.131:0
Hash d761e1c07d308221dc376a1f736b2ed7
db08f84371e46e5129f491bfa85cc1364983ecad
2a8aa8c64b3eb1cf49095f697a652a5270ec1d7068d0d482af1b14c5d20ab140
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/1BOUYFPgk3I
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/1BOUYFPgk3I
IP 142.250.74.131:0
Hash 185a0eec589d83498058f1620cbe5f66
f98f7e14d80034efb21d9ce306332b3c1acb4233
1d5fe14083809e74061341b0f3d27fd66492a33604c2ca82b3d533e1b3bed98c
POST /s/gts1p5/1BOUYFPgk3I HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ju08g.xyz/images/campaigns/creativity-2308521-16693108308667.png
172.67.200.60200 OK 25 kB URL HTTP/2 ju08g.xyz/images/campaigns/creativity-2308521-16693108308667.png
IP 172.67.200.60:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash c168c6b74312da308388c450def122b4
99a9c781305e19ad2134e843d25a4730c5485737
0f3dddc67a27688b19dc772302fd59dfaed3f16312d3ea6e7e0d31d515a56297
GET /images/campaigns/creativity-2308521-16693108308667.png HTTP/1.1
Host: ju08g.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/png
content-length: 24894
cdn-pullzone: 283898
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "637fa96f-613e"
last-modified: Thu, 24 Nov 2022 17:27:11 GMT
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/24/2022 17:34:52
cdn-edgestorageid: 860
cdn-status: 200
cdn-requestid: 36f0851433561e9a9e00f70d2e077fd8
cdn-cache: HIT
cf-cache-status: HIT
age: 6014054
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26GRgqv66p3guUrfi87LbUrC%2F0ASLTkVqduAzIMkd9JvddcW4cOT9REk76rQvDaLsbVIcD5qZubrEkZIKeznwCxcxu39N7aEdmXz3glcOr%2FpZ%2BnDxaKxXGyhtnQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232c85b2db4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
104.18.51.106200 OK 5.0 kB URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP 104.18.51.106:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash db604147466157a9f193b314f87c534e
ec0bf3e0b460cfad8d3ef34838508fd96501958d
80cc9924f2e1a1fa867eb9290c25f7a59230a19fb562e355c84d12e1b4f6887d
GET /widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: text/html
last-modified: Tue, 31 Jan 2023 09:49:21 GMT
expires: Thu, 02 Feb 2023 10:21:15 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 2
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232c79b9db4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash b504f7f246b2b83e3270b0eaf5a0b83a
6a129f0a05e7ed5fc5d4a9c044072b11b263726e
be6541cc29509a1895ed72b6f852e88fcbf422bcd91441cf137ed7ada2548570
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4156
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:09 GMT
Last-Modified: Thu, 02 Feb 2023 09:11:53 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash b504f7f246b2b83e3270b0eaf5a0b83a
6a129f0a05e7ed5fc5d4a9c044072b11b263726e
be6541cc29509a1895ed72b6f852e88fcbf422bcd91441cf137ed7ada2548570
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4156
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:09 GMT
Last-Modified: Thu, 02 Feb 2023 09:11:53 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash b504f7f246b2b83e3270b0eaf5a0b83a
6a129f0a05e7ed5fc5d4a9c044072b11b263726e
be6541cc29509a1895ed72b6f852e88fcbf422bcd91441cf137ed7ada2548570
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4156
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:09 GMT
Last-Modified: Thu, 02 Feb 2023 09:11:53 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 314
roomimg.stream.highwebmedia.com/riw/yesonee.jpg?1675333260
104.19.242.83200 OK 12 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/yesonee.jpg?1675333260
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 959x960, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 07c6f374978a799826e393f090202857
61814150cfd844c3f80f9d466053dfe528a777c6
e580b429d82b04ba0218eab0fe6ff72df945a2a0e56bee634514211a22c795b6
GET /riw/yesonee.jpg?1675333260 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/jpeg
content-length: 12131
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 17
last-modified: Thu, 02 Feb 2023 10:20:52 GMT
expires: Thu, 02 Feb 2023 10:21:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMhEBIIzNFi%2F8DFIeaMJqKTaINoqqiZmuKHSkRdmib9vWDY1Yt96GCNVI9IVIh9DSt6EMHeH2%2FW%2FXL8QOaYhOyewfHMLwy1vAAOAtCt5dXPCVprJbtIUD%2FcWq64bJfdkaCIFON5sJXkHW1hrls9kqkM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Lt_x92hGRkn.HDL_gNWCp8.rKHoXLlauIsxEsuB4cBw-1675333269976-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 793232c94dedb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/annrainbow.jpg?1675333260
104.19.242.83200 OK 14 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/annrainbow.jpg?1675333260
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash d3c62db0ab998ae0c9bf94d1fc2042e1
53db7365204f9d5abf1876edbda9b136ef739236
6fa5fb797c5ca9f259069a3a5435564a409b4f2b7f8819c8cc5fc49b4fbca44d
GET /riw/annrainbow.jpg?1675333260 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/jpeg
content-length: 13670
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=13745
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 4
last-modified: Thu, 02 Feb 2023 10:21:05 GMT
expires: Thu, 02 Feb 2023 10:21:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vKRny9nJQQRgmveaORs2lMbNZAhNwmac4244krznTlBJYR5gosgYT%2FdKj6bshsdwhsvwvCNfOuL4sRu1jxUtwYvC%2BD0GsdhVx81xJbjuhpsRzCn0F9o5Dd5kckgVLYb0VdMA1bjVN%2BBTEDyVIPD3Jo8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Lt_x92hGRkn.HDL_gNWCp8.rKHoXLlauIsxEsuB4cBw-1675333269976-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 793232c94debb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/alicepreuoston.jpg?1675333260
104.19.242.83200 OK 13 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/alicepreuoston.jpg?1675333260
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 85941689c5f596cbe931acaa0db14f97
d7999b198b6a371682d0aa2cd5b07cf745fa85fe
a6216dbfefbe113e16f501619909b934d7e4f0c33efe76c66160c9f077147972
GET /riw/alicepreuoston.jpg?1675333260 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/jpeg
content-length: 13361
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 16
last-modified: Thu, 02 Feb 2023 10:20:53 GMT
expires: Thu, 02 Feb 2023 10:21:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2FYNSmNJr8KM0cbFjJlFKocH9G3rqXqmcjjQ3nHzlJDDvT7UAr3%2BfgKGiGpyih7502q9ONwSep78nQi830%2BfhrhqshrEwe%2BawkVNs5sX%2BslTfyI2GG%2Bhii3HZA0C%2F%2BNj7x62LKTDB%2FU9wvzW%2Fh4P10I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=3DFQP7anawoOfKoueNrpqOjKtemMjeKuMO76bZl8EEw-1675333269983-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 793232c94df1b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 66549050cb78bb4fd953ab9fb5cd453d
0f3d71bc10c76aa872f4ac05e1732f180cbc1809
d6f4c312d1beb5e0d43215c7c578c82e5ee6df8b92d5934cc02d9fe2a1ff842e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5493
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:10 GMT
Last-Modified: Thu, 02 Feb 2023 08:49:37 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash b504f7f246b2b83e3270b0eaf5a0b83a
6a129f0a05e7ed5fc5d4a9c044072b11b263726e
be6541cc29509a1895ed72b6f852e88fcbf422bcd91441cf137ed7ada2548570
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4314
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:10 GMT
Last-Modified: Thu, 02 Feb 2023 09:09:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 314
camschat.net/900250/game.php
66.230.180.98200 OK 33 kB URL HTTP/2 camschat.net/900250/game.php
IP 66.230.180.98:0
Hash 50d93c01581bded750aa90ef6e64103c
5bc673b3452901f2744e290ad6d938ff70723fd2
8f1c080e5e66dd0e629676d8da9302c367cb37e183bcac03b91451f5e92687f1
GET /900250/game.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3-4ubuntu2.17
content-encoding: gzip
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.48.21200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.48.21:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:10 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 6181
expires: Thu, 02 Feb 2023 14:21:10 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232c9ce02b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
camschat.net/900250/awe900250.php
66.230.180.98200 OK 583 B URL HTTP/2 camschat.net/900250/awe900250.php
IP 66.230.180.98:0
Hash 16b652019af083cdfa4758bd43d61422
6e3cfb9cc5424b01c0d7d2736d490ccc93ae4c4d
ae38d06f4423e5b30a941a43fd0ee07925c8d8f17ed9f442f93a9b51842e46f9
GET /900250/awe900250.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3-4ubuntu2.17
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d508fc74e60203be62d7bdc2d2a716ea
009bb64239b9bb6a4099cfd7de83edb38563d626
b568002cc645c9b3b2e3dfd40f23a8099a729b635a2c900f6c5a124ad7e40b28
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B568002CC645C9B3B2E3DFD40F23A8099A729B635A2C900F6C5A124AD7E40B28"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20113
Expires: Thu, 02 Feb 2023 15:56:23 GMT
Date: Thu, 02 Feb 2023 10:21:10 GMT
Connection: keep-alive
js-agent.newrelic.com/859.95d4308d-1222.js
151.101.66.137200 OK 4.2 kB URL HTTP/2 js-agent.newrelic.com/859.95d4308d-1222.js
IP 151.101.66.137:0
Hash ca45013ff854b80dadf28e58b7199632
5abcb2eb9d5896b1041a9bad46ef535a4c8e1948
cad384e8806eb688e7f7d18633f9d98cde7b00bacbd3e9fb8ca34db0693f7bc9
GET /859.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PAOkWJ6WiOdnSUVZHZQv79Edy7uPwU81uM9fUJQx6T8UpQupKV3O9whnAR+3HGoYTBPmehtRe7k=
x-amz-request-id: WFN4FJZ1XN6DZ8EG
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "b087387593417c0b63259918da3584e3"
x-amz-version-id: GtNmis6Y3zB4SbtciuRtabFzp3T7wBIy
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 5142
x-timer: S1675333270.192464,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2975
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9853cdf762d617058e15a6ebf8cf6007
bac2b32ed54e1efb9e4006b74704ae972bbf3a47
31d0fd314bad4bb07426823578583418b6f84de540c23afc0b9a280b531e1d78
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1052
Cache-Control: max-age=158262
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:10 GMT
Etag: "63db51b0-118"
Expires: Sat, 04 Feb 2023 06:18:52 GMT
Last-Modified: Thu, 02 Feb 2023 06:01:20 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
img.strpst.com/thumbs/1675333201/95501563
104.18.63.132200 OK 37 kB URL HTTP/2 img.strpst.com/thumbs/1675333201/95501563
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 3308eb2ca9b4ed59138259254b75dcef
c9df249ba87da33af8d484660b8a6139cb5bcbf8
59b0557a4f94d0c79cbcab7a07a36c7c9a33969c5f052398ba96c4630f0e4751
GET /thumbs/1675333201/95501563 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:10 GMT
content-type: image/jpeg
content-length: 37177
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=38622, status=webp_bigger
etag: "6fca860e6b6381d809e9a9707d2eec04"
last-modified: Thu, 02 Feb 2023 10:19:51 GMT
cf-cache-status: HIT
age: 21
expires: Thu, 02 Feb 2023 10:51:10 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232cacf8ab527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9853cdf762d617058e15a6ebf8cf6007
bac2b32ed54e1efb9e4006b74704ae972bbf3a47
31d0fd314bad4bb07426823578583418b6f84de540c23afc0b9a280b531e1d78
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1052
Cache-Control: max-age=158262
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:10 GMT
Etag: "63db51b0-118"
Expires: Sat, 04 Feb 2023 06:18:52 GMT
Last-Modified: Thu, 02 Feb 2023 06:01:20 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
js-agent.newrelic.com/885.95d4308d-1222.js
151.101.66.137200 OK 27 kB URL HTTP/2 js-agent.newrelic.com/885.95d4308d-1222.js
IP 151.101.66.137:0
Hash 887085fd93502e10f885578e72b019c5
b16cc94957f4b562e7546ff53be76632a690bf45
a225bc7194343e23595aba3c039562e36372434e808c984c1c980d2fd84f2a9c
GET /885.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: iuZsFv406u1sMvs0ma20vGvuMApZWTFFZj+faC5P7Ry157RP7v+m+H8/pYueXH7fkGpYpHbtGFk=
x-amz-request-id: 99ZMGE3ZKMAWH9CW
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "fb9bb822463bccec4200657d3ae33dc0"
x-amz-version-id: PKmhKUoshrjILDxYc6QEKM_sGJ.F4FNB
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 1978
x-timer: S1675333270.247056,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5930
X-Firefox-Spdy: h2
js-agent.newrelic.com/569.95d4308d-1222.js
151.101.66.137200 OK 3.2 kB URL HTTP/2 js-agent.newrelic.com/569.95d4308d-1222.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (7513), with no line terminators
Hash 8d0953404ce6fdf0926ef6bf37d7e041
8cec9d9883f8b7720721bb33bffb4afe45193b1d
83966eef1899edd421692b78cda8df58dfb9b0b2b27a7485183c5b4cb44a336d
GET /569.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: v+E2uK5EOShfz1aeDzYcwNWitGv9mKnF6hMwgfWjfoR/qfIZPK6AF+v3z+by8JUQg3fSUYcltK4=
x-amz-request-id: WFNFJ5TESSHD3FE6
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "e97726ab932639fed09971b1d682788c"
x-amz-version-id: umZj.yHws5JPiBHG1j096ELWHEKx7rh0
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 5125
x-timer: S1675333270.246961,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3173
X-Firefox-Spdy: h2
js-agent.newrelic.com/620.95d4308d-1222.js
151.101.66.137200 OK 1.3 kB URL HTTP/2 js-agent.newrelic.com/620.95d4308d-1222.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (2989), with no line terminators
Hash 7094c3f93699a846fe91edd766391f01
25e8c79409acc2bb73a728c0768e1eda66019255
85eb01219e8aaa7c7968aa175c2421454f99615ae66350b15c60465f4616826f
GET /620.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: QggJtv+14rx8wEd4C6ZTDmmxUSe6+8jiYhTGnWcIRu6DC5pRiaL5fPRx8/lgChduQ7GqRSlO6xY=
x-amz-request-id: WFN5FXFSJTZYM7K6
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "ca9b029ff66dd9146273984d16e20abc"
x-amz-version-id: HYguQMwVKEHCmodKuQRUzW1qxlElK9Xr
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 5140
x-timer: S1675333270.248182,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1342
X-Firefox-Spdy: h2
js-agent.newrelic.com/41.95d4308d-1222.js
151.101.66.137200 OK 2.0 kB URL HTTP/2 js-agent.newrelic.com/41.95d4308d-1222.js
IP 151.101.66.137:0
Hash 20a5c71adc84e2eccb3da2b8b05f36ce
faa24d3c044f9bd0d6f91874905b4a734f332ea3
a1413f9f46aabedd1e8d1517d04a88f85923440bd62e4b5cb75adf05889facc8
GET /41.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2TG7kVMnt5x5EwbcjDgF/pAaH/jmgGXStlMFEbvOUPNYaRTe14pFRmwb0VQGFJQN7uXfEncHoqkNLs4TYWl92Q==
x-amz-request-id: MFEHG5GPGK6ZYQVP
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "29dd8aef66100e4c69e07fd60fc88b12"
x-amz-version-id: 6FOFyXAonMoqJqLGEMhx7HWIp32cv4MT
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 5173
x-timer: S1675333270.248034,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 439
X-Firefox-Spdy: h2
js-agent.newrelic.com/457.95d4308d-1222.js
151.101.66.137200 OK 2.0 kB URL HTTP/2 js-agent.newrelic.com/457.95d4308d-1222.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (4809), with no line terminators
Hash 09c0cca8d2a9fd69f1892a1c2d1319b9
b46f4fe3b0adc98785d22a092818b74145a91cc0
593022809e272793157f8280bae176bfa74a02f9f9a6d3269384e2dd434be046
GET /457.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 6YLQBRWWkaavoi6QR5dS+9cRhXVrpaQK5v3G9/iqQ5oKPUxxFI0Uv2tN9ar51sQUG2xwVmTWBnY=
x-amz-request-id: WFN1Z9NXJZGF8XE5
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "c16abc7fa2e34cbb7baf3e290120ad5a"
x-amz-version-id: qROfxBD9CF8WXmbywdhvCmImuu9HvRNA
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 5136
x-timer: S1675333270.248052,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1953
X-Firefox-Spdy: h2
js-agent.newrelic.com/244.95d4308d-1222.js
151.101.66.137200 OK 2.6 kB URL HTTP/2 js-agent.newrelic.com/244.95d4308d-1222.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (6871), with no line terminators
Hash f3fa38d9e10cf246f158644ebd64b342
c2730a8b130475b903b30148ea5cf79eb7de1873
6aea0ff08f0ed145b42d52f81d167df30a300f3da22b687fa2de3be48df1badb
GET /244.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: HqAuLbtc4kLXjp/HM/sZyPqsDbRk1eMZXQl1gAv0l9/yRrGf//JiuVcahDTT5bis4NqiPxfG4OQ=
x-amz-request-id: D866GB1QGPTYVJ4R
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "a24fd7e602a6b44ab4c03cab69c843c6"
x-amz-version-id: wm7C04ehQ1WMJgMW5R_.Vg0x6NJINoji
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 2941
x-timer: S1675333270.248507,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2607
X-Firefox-Spdy: h2
js-agent.newrelic.com/736.95d4308d-1222.js
151.101.66.137200 OK 2.1 kB URL HTTP/2 js-agent.newrelic.com/736.95d4308d-1222.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (4688), with no line terminators
Hash a0dd1bd64e5912ed2b69ab00c181333c
9f4001e3f6c7fd3105972022cde6a67638ba8083
2ea47cc022696e899accbc531bbb7e3abc01f1598cedaa9f23e071d47ee510a0
GET /736.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: wZ5lT7Qk1E9hmsxWDncLcs+Ic+aBtWHWGPUcVxaeVym/k+6uixaPTXfOiP+keWUZ+GKP0xL2SDo=
x-amz-request-id: MFESCF9VXQC5P35J
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "def1dc24974c16a4e78c08e349b92860"
x-amz-version-id: i.8rfLhEckzO44oBXwNAK9an0lbXu.5p
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 2949
x-timer: S1675333270.248831,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2132
X-Firefox-Spdy: h2
js-agent.newrelic.com/142.95d4308d-1222.js
151.101.66.137200 OK 880 B URL HTTP/2 js-agent.newrelic.com/142.95d4308d-1222.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (2014), with no line terminators
Hash c962fb555005bf74b5010cd5c748c721
5c7c22b348a994aad18e8162bb1f78b9fd49c491
077c18d946bf505b4efe75b1b3c3d9c6b3ad6af3e5b5d08a41fedf7aceb84233
GET /142.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: /ZtX43ynOvSaYlrJ/LhlDymHqsr4/Ext49IQ1RQZxLK2MPDMHv59yC5Li6+9oNRuTnKxUqkvJhI=
x-amz-request-id: MFEMFHWSJ1CY7RPR
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "082c9f0a95ce6870ed4d9266fa0e41e5"
x-amz-version-id: ed_.QNbbUDaLQJRSZtC0TghsoJcp2gVk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 2945
x-timer: S1675333270.249100,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 880
X-Firefox-Spdy: h2
js-agent.newrelic.com/466.95d4308d-1222.js
151.101.66.137200 OK 2.8 kB URL HTTP/2 js-agent.newrelic.com/466.95d4308d-1222.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (6842), with no line terminators
Hash 0545743760ba9995e8efbe879105162f
889887ac56edaf2cfe41752ec0893a9ac5d23db0
91a431e85d69e797b8a8817bb15aee94a9fbe38355a6890f75e8947a55386ee0
GET /466.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Y3xfvlvSw36CE9GOKklvJeG0iBkCsl/ss+e4vNwZhrKvjIdjtQLayCw3yQPVxbIyEllIzLdCgUw=
x-amz-request-id: MFEHC9QF926X2AZG
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "2b339e4b3b0435de10496ee00de8446a"
x-amz-version-id: joCLqMlafBXUuB094SKQ5Jhlrbz7F.ON
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Feb 2023 10:21:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 2946
x-timer: S1675333270.251598,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2760
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9cc68e933a703ab17858b65432c675f7
8ba7f07b32b4c3fdeb40aaf9bb47126c86010cd3
35479672fb8118dfee89e1ba4c16fdee728920bdd349854b39e090ef6a8d2354
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3006
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 10:21:10 GMT
Last-Modified: Thu, 02 Feb 2023 09:31:04 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3babbccdd7cfdfbb8146a70e67fabfc5
f8c5c9f62f555ac207abab4c7441384185c82343
98335f0c3e0924c119531616e3d545b880233c5c4802f7aa1e473a74ea7e039d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98335F0C3E0924C119531616E3D545B880233C5C4802F7AA1E473A74EA7E039D"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7129
Expires: Thu, 02 Feb 2023 12:19:59 GMT
Date: Thu, 02 Feb 2023 10:21:10 GMT
Connection: keep-alive
bam.nr-data.net/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=966&ck=0&s=ad4c81432e784b4f&ref=https://chaturbate.com/tours/3/&ap=21&be=532&fe=235&dc=147&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1675333295064,%22n%22:0,%22r%22:1,%22re%22:282,%22f%22:282,%22dn%22:282,%22dne%22:282,%22c%22:282,%22s%22:282,%22ce%22:282,%22rq%22:286,%22rp%22:472,%22rpe%22:474,%22dl%22:494,%22di%22:672,%22ds%22:678,%22de%22:685,%22dc%22:766,%22l%22:766,%22le%22:769%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=664&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8KBwoDAgYMBwZTVAFTDBh4Yy8TFUMhJTshCU0XAwlZHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw5VVFdRB1UJGA8GV1MUVQQBBk5eDgUBHFZVWlZRAlBRBApWChNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtQWwZSCFoAVQFVV1MbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
162.247.241.14200 OK 72 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=966&ck=0&s=ad4c81432e784b4f&ref=https://chaturbate.com/tours/3/&ap=21&be=532&fe=235&dc=147&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1675333295064,%22n%22:0,%22r%22:1,%22re%22:282,%22f%22:282,%22dn%22:282,%22dne%22:282,%22c%22:282,%22s%22:282,%22ce%22:282,%22rq%22:286,%22rp%22:472,%22rpe%22:474,%22dl%22:494,%22di%22:672,%22ds%22:678,%22de%22:685,%22dc%22:766,%22l%22:766,%22le%22:769%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=664&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8KBwoDAgYMBwZTVAFTDBh4Yy8TFUMhJTshCU0XAwlZHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw5VVFdRB1UJGA8GV1MUVQQBBk5eDgUBHFZVWlZRAlBRBApWChNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtQWwZSCFoAVQFVV1MbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=966&ck=0&s=ad4c81432e784b4f&ref=https://chaturbate.com/tours/3/&ap=21&be=532&fe=235&dc=147&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1675333295064,%22n%22:0,%22r%22:1,%22re%22:282,%22f%22:282,%22dn%22:282,%22dne%22:282,%22c%22:282,%22s%22:282,%22ce%22:282,%22rq%22:286,%22rp%22:472,%22rpe%22:474,%22dl%22:494,%22di%22:672,%22ds%22:678,%22de%22:685,%22dc%22:766,%22l%22:766,%22le%22:769%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=664&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8KBwoDAgYMBwZTVAFTDBh4Yy8TFUMhJTshCU0XAwlZHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw5VVFdRB1UJGA8GV1MUVQQBBk5eDgUBHFZVWlZRAlBRBApWChNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtQWwZSCFoAVQFVV1MbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 793232cc3a6cb4f7-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
93.93.51.191200 OK 6.3 kB URL HTTP/2 awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash adb62afc4d0416f68c28c4e0fb8d757a
46ec5f8d309a39cfbfb744fba1225d9e256d6ad9
1f395a3ae49ba43814542eb78f6358125e55cd0f31a8f083c5f5b43d8bf002de
GET /embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID} HTTP/1.1
Host: awecre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
cache-control: no-cache
date: Thu, 02 Feb 2023 10:21:10 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 04-Mar-23 10:21:10 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1258&ck=0&s=ad4c81432e784b4f&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1258&ck=0&s=ad4c81432e784b4f&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1258&ck=0&s=ad4c81432e784b4f&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1681
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:10 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 793232cd8cd4b4f7-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1003&ck=0&s=ad4c81432e784b4f&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1003&ck=0&s=ad4c81432e784b4f&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1003&ck=0&s=ad4c81432e784b4f&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1684
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:10 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 793232ce4fa2b517-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 91e7efce93300ded3a011dd3a5c871bf
9a9b6cf5cc7faf112bd50bcd404ec3aa2475d6d0
aa346ff13868bbbd0f253efd0cf330b23250b8683f9c20e1b9663bf2d69810a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA346FF13868BBBD0F253EFD0CF330B23250B8683F9C20E1B9663BF2D69810A5"
Last-Modified: Thu, 02 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7178
Expires: Thu, 02 Feb 2023 12:20:49 GMT
Date: Thu, 02 Feb 2023 10:21:11 GMT
Connection: keep-alive
pt-static3.ptwmstcnt.com/npe/_common/script/adblock/advertisement-v612853.js
93.93.51.200200 OK 21 B URL HTTP/2 pt-static3.ptwmstcnt.com/npe/_common/script/adblock/advertisement-v612853.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with no line terminators
Hash 01c6e7ecb819ef28b0c9b962513a1596
1a49f493db7b91ed34a7040d36732352b9a5dc39
e97a9988dce8067f81f57557b349dd481e0335e75175179b6b01322be2ff13a5
GET /npe/_common/script/adblock/advertisement-v612853.js HTTP/1.1
Host: pt-static3.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:11 GMT
content-type: application/javascript
content-length: 21
last-modified: Wed, 01 Feb 2023 12:20:24 GMT
etag: "63da5908-15"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pt-static1.ptwmstcnt.com/npe/image/smilies_ex.png
93.93.51.200200 OK 8.5 kB URL HTTP/2 pt-static1.ptwmstcnt.com/npe/image/smilies_ex.png
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type PNG image data, 536 x 138, 8-bit colormap, non-interlaced\012- data
Hash 53fc00ebf44066190d5faea2a7931e7c
21178ac1ffb10f958d26d17a0fe49d5d31a00720
63526a6642f64fadb44cd33d634bb626f8e96af3f850215cfdd78a9c609fc85c
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:11 GMT
content-type: image/png
content-length: 8533
last-modified: Tue, 17 Jan 2023 08:36:49 GMT
etag: "63c65e21-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
216.127.52.250200 3.0 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
IP 216.127.52.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 574acda845cb11e65f1f7baf8f2ae782
0145cf755f07e623764978eac93d591ca4abcb6b
06da979fcc27e24eea435039c1370b72aa6a305e15dde05905783ba82277d3cd
GET /as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Thu, 02 Feb 2023 10:21:11 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11675333271937_0_5106_4398=0001000; expires=Sat, 04-Mar-2023 10:21:11 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=9823-1675333271; expires=Sun, 30-Jan-2033 10:21:11 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
216.127.52.250200 4.9 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
IP 216.127.52.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (629)
Hash c5895fe395769ae2b5a7492fb4254dad
d506a0b0a2a3daa3f6be0b794a295566e51346ab
cb6bbc6bf8b54ef5754d2c43bf41dcc256081342c813a7355ae1abf866dd5cef
GET /as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Thu, 02 Feb 2023 10:21:11 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11675333271937_0_5104_5671=0001000; expires=Sat, 04-Mar-2023 10:21:11 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=552-1675333271; expires=Sun, 30-Jan-2033 10:21:11 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1b/b89ae14ec3d3b6d5ff35be7b5500448e_glamour_896x504.jpg
93.93.51.190200 OK 73 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1b/b89ae14ec3d3b6d5ff35be7b5500448e_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash e5083a75c07d4dab9a1395a5946d3e90
936f02c022d0315e244a6c7b39a0a9ffa1474bc2
8b94661097929d2d7b8baa978d92d5646f32538a36040142538731ae51fa1289
GET /ff268cab8d9fbae1ed7506f97496274f1b/b89ae14ec3d3b6d5ff35be7b5500448e_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:11 GMT
content-type: image/jpeg
content-length: 73445
last-modified: Thu, 06 Jan 2022 18:24:13 GMT
etag: "e5083a75c07d4dab9a1395a5946d3e90"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Thu, 16 Feb 2023 10:21:11 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f19/9754c693edde0c0a20f7401e2896487f_glamour_896x504.jpg
93.93.51.190200 OK 61 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f19/9754c693edde0c0a20f7401e2896487f_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash cf22c2cc64d73c97e9fe69127986273f
82ba8f151c35298bef98ed2540c448662075e267
d839b0f188212ff0c4602dd3ec256aa9a8503198f12d063eacc15046d2a5b77a
GET /ff268cab8d9fbae1ed7506f97496274f19/9754c693edde0c0a20f7401e2896487f_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:11 GMT
content-type: image/jpeg
content-length: 60970
last-modified: Sat, 03 Dec 2022 22:50:02 GMT
etag: "cf22c2cc64d73c97e9fe69127986273f"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Thu, 16 Feb 2023 10:21:11 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1e/e71935c1a9fb1c0a5b862be6fba5924b_glamour_896x504.jpg
93.93.51.190200 OK 74 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1e/e71935c1a9fb1c0a5b862be6fba5924b_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 2e187aed92aa54675da9f63ff5d598d1
fe86cdc322a21fc8dda1fde3b9d36370d5287480
dd85e1ab2ea37f955706878591bf7fabfc293c0e91039fc7d675782aa4175423
GET /ff268cab8d9fbae1ed7506f97496274f1e/e71935c1a9fb1c0a5b862be6fba5924b_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:11 GMT
content-type: image/jpeg
content-length: 74304
last-modified: Sat, 21 Jan 2023 07:58:08 GMT
etag: "2e187aed92aa54675da9f63ff5d598d1"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Thu, 16 Feb 2023 10:21:11 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f11/1f76584d5bcc5f95f5fe078d407416f1_glamour_896x504.jpg
93.93.51.190200 OK 55 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f11/1f76584d5bcc5f95f5fe078d407416f1_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash e452f0180d38b9c7d2dfad784bbc6b96
40440266b45be561e2af3707faf8d41257ff2ccd
dffea4f468e7aee9ff7e6c2266f0488de1655d8a0b82603d7af23c6c9c4e049a
GET /ff268cab8d9fbae1ed7506f97496274f11/1f76584d5bcc5f95f5fe078d407416f1_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:11 GMT
content-type: image/jpeg
content-length: 54928
last-modified: Wed, 07 Dec 2022 13:49:35 GMT
etag: "e452f0180d38b9c7d2dfad784bbc6b96"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Thu, 16 Feb 2023 10:21:11 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jquery.com/jquery-2.1.3.min.js
69.16.175.10200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-2.1.3.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32180)
Hash de4fdb8e2e5d9b9624bad7ed2b726525
053a31e8e83b261e3863c4f9e652caba910a2b89
f44c9556d0ecebc0716a7fce2899c0b40ed96394bebafb2937f4305bf3b118f3
GET /jquery-2.1.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:11 GMT
content-encoding: gzip
content-length: 29507
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-14960"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675333271.dop012.sk1.t,1675333271.cds023.sk1.hn,1675333271.cds215.sk1.c
X-Firefox-Spdy: h2
pt.ctsdwm.com/mCbbM/IfC.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 43 B URL HTTP/2 pt.ctsdwm.com/mCbbM/IfC.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /mCbbM/IfC.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:11 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 04-Mar-23 10:21:11 GMT; SameSite=None; Secure
expires: Thu, 02 Feb 2023 10:21:10 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
m.sancdn.net/common/videojs/videojs.min-original-v2.css
69.16.175.10200 OK 12 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs.min-original-v2.css
IP 69.16.175.10:0
File type ASCII text, with very long lines (11336)
Hash 4b6813504d31e3b11655aafacf165db4
96517f0033bd59f277cd2eefa7d088ae6ff82dad
063b4a568733054fea7f238a10b384170ce29c136d3194feed44d8c8b451f55d
GET /common/videojs/videojs.min-original-v2.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:11 GMT
Connection: Keep-Alive
ETag: "1385146323"
Cache-Control: max-age=86400
Content-Length: 11451
Content-Type: text/css
Last-Modified: Fri, 22 Nov 2013 18:52:03 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1675333271.dop202.sk1.t,1675333271.cds014.sk1.shn,1675333271.cds014.sk1.c
m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
69.16.175.10200 OK 20 kB URL HTTP/1.1 m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
IP 69.16.175.10:0
File type HTML document, ASCII text, with very long lines (14756)
Hash 70d492eca4141bdd1452977dd893dd63
9cd9504b3afdeca86a03251591e1afab36ae2c57
ce0f70d9e807bb959717d8350c21a107f5b6b7221a774b6d1ed057219468a260
GET /jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:11 GMT
Connection: Keep-Alive
ETag: "1367368554"
Cache-Control: max-age=86400
Content-Length: 19484
Content-Type: application/javascript
Last-Modified: Wed, 01 May 2013 00:35:54 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1675333271.dop221.sk1.t,1675333271.cds003.sk1.shn,1675333271.cds003.sk1.c
m.sancdn.net/common/fontawesome-430/font-awesome.min.css
69.16.175.10200 OK 24 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/font-awesome.min.css
IP 69.16.175.10:0
File type ASCII text, with very long lines (23523)
Hash 3738ef90dad175977dc8a695809bb71a
98aa676ba7987caa86d49ab1b71f73896d08ad13
c86f7b62a894d5799f1aa0a535efb34ed6f914447f901f1da50c837dee13fa72
GET /common/fontawesome-430/font-awesome.min.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:11 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 23685
Content-Type: text/css
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1675333271.dop022.sk1.t,1675333271.cds263.sk1.shn,1675333271.dop022.sk1.t,1675333271.cds206.sk1.c
m.sancdn.net/common/videojs/videojs-411.js
69.16.175.10200 OK 71 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs-411.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (691)
Hash 532c3b3953d350e917649027f2c2accc
ffa74d9d511742bcf131580f71475dda94b962bc
16d0f10631780e6f883d0ec99240c59cc9836c76121d31111331732aac932fe0
GET /common/videojs/videojs-411.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:11 GMT
Connection: Keep-Alive
ETag: "1448403647"
Cache-Control: max-age=86400
Content-Length: 71023
Content-Type: application/javascript
Last-Modified: Tue, 24 Nov 2015 22:20:47 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1675333271.dop220.sk1.t,1675333271.cds020.sk1.shn,1675333271.dop220.sk1.t,1675333271.cds205.sk1.c
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.250200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.250:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
Cookie: iid=552-1675333271
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Thu, 02 Feb 2023 10:21:12 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1675333272; expires=Sun, 30-Jan-2033 10:21:12 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.250200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.250:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
Cookie: iid=552-1675333271
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Thu, 02 Feb 2023 10:21:12 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1675333272; expires=Sun, 30-Jan-2033 10:21:12 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
69.16.175.10200 OK 57 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
IP 69.16.175.10:0
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://as.sexad.net
Connection: keep-alive
Referer: https://m.sancdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 10:21:12 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=5388
Content-Length: 56780
Content-Type: application/octet-stream
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1675333272.dop017.sk1.t,1675333272.cds204.sk1.shn,1675333272.cds204.sk1.c
pt.ctsdwm.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
93.93.51.191200 OK 193 kB URL HTTP/2 pt.ctsdwm.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 193 kB (193059 bytes)
Hash 9bae83a5916681dee92c9230e45ac537
59f28f6320bd5b832166f0dbb75a37c81c492df3
4174db1ccc341a2e450f454b528570a5c495bcbc520afaef414df1d6ed8f9afb
GET /live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3 HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Thu, 02 Feb 2023 10:21:11 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 04-Mar-23 10:21:11 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2316ceffffd01ca693e0387e2297b50e
99518ff377ec7e73ec082b34cb0a0c75622286af
96488d5e78230aa1daed5214e8275626a301fb1b24e566dcf35d30cc287e54ac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96488D5E78230AA1DAED5214E8275626A301FB1B24E566DCF35D30CC287E54AC"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12950
Expires: Thu, 02 Feb 2023 13:57:02 GMT
Date: Thu, 02 Feb 2023 10:21:12 GMT
Connection: keep-alive
pt.ctsdwm.com/ih6YR/K3M.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3
93.93.51.191200 OK 43 B URL HTTP/2 pt.ctsdwm.com/ih6YR/K3M.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /ih6YR/K3M.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3 HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:12 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 04-Mar-23 10:21:12 GMT; SameSite=None; Secure
expires: Thu, 02 Feb 2023 10:21:11 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
m1.nsimg.net//media/1/3/6/13682718.jpg
207.178.0.93200 OK 18 kB URL HTTP/1.1 m1.nsimg.net//media/1/3/6/13682718.jpg
IP 207.178.0.93:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 320x240, components 3\012- data
Hash e8241bb937737166f07755f4206d5f5a
d461bb34411cc5a83180683779f3cbedca697fd7
aa1b3e9e16d21600a046d1872000a64c1a7782689e60d21820dbf75ab4d368ba
GET //media/1/3/6/13682718.jpg HTTP/1.1
Host: m1.nsimg.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 10:21:12 GMT
Content-Type: image/jpeg
Content-Length: 18277
Connection: keep-alive
Last-Modified: Thu, 29 Dec 2022 07:47:23 GMT
ETag: "63ad460b-4765"
Expires: Thu, 11 Jan 2024 02:13:33 GMT
Cache-Control: max-age=31536000
X-Varnish: 693276721 609915401
Age: 1928217
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=302_1&streamType=rtmp&category=girl&performerIds[]=AllisonDesire
93.93.51.225200 OK 27 kB URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=302_1&streamType=rtmp&category=girl&performerIds[]=AllisonDesire
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash a8a826dbf2f89231e3fecbac1227d026
53eb515a88d50d17899a451674c7911a0a73122e
e38bd0e796c340ba3753c3ba32dd0ce709dac3a8ad11ca08fb415ac4c755ac11
GET /v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=302_1&streamType=rtmp&category=girl&performerIds[]=AllisonDesire HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pt.ctsdwm.com/
Origin: https://pt.ctsdwm.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:12 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/video/62379c1c76373a1d22aeaaeb
172.64.205.27200 OK 0 B URL HTTP/2 xfantazy.com/video/62379c1c76373a1d22aeaaeb
IP 172.64.205.27:0
GET /video/62379c1c76373a1d22aeaaeb HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=yfd0eg20c4rh494rje9e; Domain=xfantazy.com; Path=/; Expires=Wed, 02 Feb 2033 10:21:04 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Thu, 09 Feb 2023 10:21:04 GMT
experiment-save-to-button-2=0; Path=/; Expires=Thu, 09 Feb 2023 10:21:04 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FvytCMGm%2F6y5Jof8JLTZk%2B%2F5BxU%2FZeeF3LZHJSqPntRe%2F0c1i7yp19EGPw4F3dFS4bh%2FJIuHsD2nVvd021d5pZ6SfCe9hn4gqUab%2FMZNsiiaJAtTBi0adxQvSNzq7vI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a5ef983853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.205.27200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.205.27:0
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-1835016572f"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8564254
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5y%2FG66M%2Bc5pS5PVaBk8HCES%2BZqnh5uFZyBNux1HNcNJ5X%2BxPkqt5FBpx97Ax3bpVMr2xS%2FPeGZvQbtKXRx9jp8WSEHyfUeVOTuZgEJQDfJ9lZ8TjO05qJqFvHVJfCMM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9fd373853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:07 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 02 Feb 2023 11:21:07 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:58 GMT
etag: W/"62ceb706-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5115496
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WFAq7roZTj4cGeiR99hDISDpgyKP0FolrqRm2nhvZE9ae7ZpIA%2F3MQ0FDw5NXoNmDOobBwGzNjKjoedyCXh%2BI9p39KUzt2fUb%2FWUJcNas943144CkYU6o6Oo2fRVR9vW6WB46JMtsmk8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232bd6a2523e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rxeosevsso.com/lv/esnk/1963298/code.js
62.122.171.6200 OK 0 B URL HTTP/2 rxeosevsso.com/lv/esnk/1963298/code.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1963298/code.js HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: application/javascript
last-modified: Tue, 31 Jan 2023 12:24:53 GMT
vary: Accept-Encoding
etag: W/"63d90895-1ac20"
x-js-ab1: var2
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.24200 OK 0 B URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891804&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: application/javascript
etag: W/"e2bbca1c479226a45392909d6a4"
expires: Wed, 01 Feb 2023 17:13:26 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675336622
server: CDN77-Turbo
x-77-nzt: AblMCRQjeFP/Fh0AAA
x-77-nzt-ray: af585630c315a169948edb6321f6c632
x-cache: HIT
x-age: 7446
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.138:0
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 02 Feb 2023 10:21:04 GMT
date: Thu, 02 Feb 2023 10:21:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/420556?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=h6QfMHfxlICQ0HMdloEj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=h6QfMHfxlICQ0HMdloEj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static5.ptwmstcnt.com/npe/ba/fklf/script/fk.lf-v612853.js
93.93.51.200200 OK 0 B URL HTTP/2 pt-static5.ptwmstcnt.com/npe/ba/fklf/script/fk.lf-v612853.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/ba/fklf/script/fk.lf-v612853.js HTTP/1.1
Host: pt-static5.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:11 GMT
content-type: application/javascript
last-modified: Wed, 01 Feb 2023 12:20:25 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63da5909-504a8"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
172.64.139.21200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
IP 172.64.139.21:0
GET /loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7s9CTWzYBPyP7mrpTCa3bvTkVjN8q9jaYit6yH6CzS0WCu3WwiHAt012SvZHCY22HpWFbafE3YjspXMje6A1Pb8Qj%2BY4XcnTy%2Bhx%2F1OrYSVbkpKauax0LRmf%2FXOWXdzxRfq2daTh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232c38c8d71f3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391865?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391865?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391865?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=sZ5EtXwrAGfFyerSoG3U; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 0 B URL HTTP/2 pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Thu, 02 Feb 2023 10:21:10 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 04-Mar-23 10:21:10 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.80405a2d3f491416f5b9.js
172.64.205.27200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/commons.80405a2d3f491416f5b9.js
IP 172.64.205.27:0
GET /_next/static/chunks/commons.80405a2d3f491416f5b9.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388393
etag: W/"152f69-185ecc5d3b2"
last-modified: Thu, 26 Jan 2023 06:31:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 618532
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SDjVcJpi%2BeHWZT2zPOVquWHujObnk1v8ddTx0r3%2B4sisnJnUu6WxUS4Ve%2BqsmbF6Et%2BDKtvAfLCL%2FYsTGm3m1p5kFfFVMKLY%2FdkQO9lo%2B%2B5tNKqQ5XaJVmNSMJiiI6g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9dd073853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.205.27200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.205.27:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-183501608b0"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8564244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cIn4Zsxn2HiPgq18mRXD2NIifrRe1zMZWhDX8382%2FdyfCpeBkZxm0fNTVn6IqAVX8Y%2BRrhmJzjX9jdBPpWM9JkwfOmcP1ggMiDO1OPqg4LvZQB%2BS4FTmakgrHG5gn4g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9dd133853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rxeosevsso.com/lv/esnk/1963297/code.js
62.122.171.6200 OK 0 B URL HTTP/2 rxeosevsso.com/lv/esnk/1963297/code.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1963297/code.js HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: application/javascript
last-modified: Tue, 31 Jan 2023 12:39:48 GMT
vary: Accept-Encoding
etag: W/"63d90c14-1ac59"
x-js-ab1: var3
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4788752?r=50412
172.64.197.35200 OK 0 B URL HTTP/2 a.bestcontentfood.top/warp/4788752?r=50412
IP 172.64.197.35:0
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788752?r=50412 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bpqMk5AEDV%2BOlhr4%2FGk3NT22BWNaktEfDMK%2FpSvXtA0N0mYnGvGcgm7oZ2oN%2BaKzCRgyIX9YquAulMARobQXplNVi7EOqMFd1vq6YrZl%2FkmeKwRC%2BAkHzrsF%2F2k8dwcGJX%2B%2B1JZE92k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232c1985d8877-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pt-static1.ptwmstcnt.com/npe/ba/elf/css/elf-v612853.css
93.93.51.200200 OK 0 B URL HTTP/2 pt-static1.ptwmstcnt.com/npe/ba/elf/css/elf-v612853.css
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/ba/elf/css/elf-v612853.css HTTP/1.1
Host: pt-static1.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:12 GMT
content-type: text/css
last-modified: Wed, 01 Feb 2023 12:20:25 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63da5909-2e86"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js
172.64.205.27200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js
IP 172.64.205.27:0
GET /_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-185ecc6528a"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 618516
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TGZYDdWi%2BHTgWhpTxSqw5NK7MnNCxEgKVUy%2BaUB3D0meBkb2sI2qFuTubnY09C1CCbZPLV%2B6ik4XA9VD1CGMwXvLAcQRaRDLrCYdt1Ob2VVa1rhs5XAYisoMnikkhzk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9dd043853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.205.27200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.205.27:0
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-183501656f3"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8564243
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8gZYQFnIXgYFZ%2FLMenxhDEE%2FsC%2F7a11VIbf%2Biw7GJXrvazR0remrK%2BWzc9nYUhV1o6wQCcRqQR9RRI5UhVb2zQbrpkA8UQzTjdGmoztxRkGR9SI66AbxMvuttDx2rw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9dd083853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
172.64.205.27200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 172.64.205.27:0
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-185ecc5d3f1"
last-modified: Thu, 26 Jan 2023 06:31:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 586747
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bysmfn%2BUDytpQ%2Fr80w2auJlShdywAajYSZn1Z3BHUfJgStAj3OuVv4Z%2F4BBLEEoeNLBpEwHC4GgVs8fCjIiTqLfA2nXdKt9wiQXJ5mBDZHkwtqNPR7zmX8Ra7Vy3tPg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9dd0c3853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.93.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: 8ewmTI2jy/M5oxfm1Zo8bv1SqrieGnfrMfmtZmR336jUoc4rRdbotq/wectU+HY8mdvt156QxDvmJAhJfohIWQ==
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: CHGKMTPSKZ4AFT0N
cf-cache-status: HIT
age: 1232024
expires: Sat, 04 Mar 2023 10:21:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpNFZDy0Af6JYe%2F6Y6Lh8b7Q3FJ2b51hnAV%2Bkx9ySyctZTR7WMGi5%2FRUUhrXTtoK%2F8Ub2Gv%2FjBnb3HBb3r6TzopslEV5OzcPhOKkiuGXsmUVvAPlNDDr5Ww96X%2Fn349IrM%2B7gaE3lHIs9PEtEJD0Gw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=qqNH_HLVBx_njPGrzGZ6ztyrtJdN4G2ok3MldyqSMGE-1675333269962-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 793232c93d0bb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.101.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.101.40:0
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Tue, 07 Feb 2023 10:21:09 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Sat, 04 Mar 2023 10:21:09 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Thu, 02 Feb 2023 16:21:09 GMT; Max-Age=21600; Path=/
sbr=sec:sbre67039f6-e8e8-4f01-b881-ecee18f39885:1pNWiL:xB3B1LP8E7HRfwDWMoNGUFIS4so; Domain=.chaturbate.com; expires=Tue, 28 Oct 2025 10:21:09 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=7vz3PududdTN5.UsO7kgxfp4k0ENqsfgEahhlye36VM-1675333269-0-Ac4LnKHls046nM2WdZrQpxGjL/IsNtFB6eMEb+Vpx2SPn+PY94QGsNS2YUqYstJvxavefc2EzCyIJUzQv0l0clQ=; path=/; expires=Thu, 02-Feb-23 10:51:09 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 793232c64eec0b55-OSL
X-Firefox-Spdy: h2
camschat.net/900250/cuntempire.webp
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/cuntempire.webp
IP 66.230.180.98:0
GET /900250/cuntempire.webp HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/game.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: image/webp
last-modified: Mon, 12 Apr 2021 15:04:52 GMT
vary: Accept-Encoding
etag: W/"60746194-1dc40"
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-234877899%3A1675333268161852&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeBjQK2i3DZdiMAvAmRr8hKhjUEPF9jjbxXe0mfUDojMJeU_IUm7FYl9n4ALZdvAbBO1qIk
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-234877899%3A1675333268161852&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeBjQK2i3DZdiMAvAmRr8hKhjUEPF9jjbxXe0mfUDojMJeU_IUm7FYl9n4ALZdvAbBO1qIk
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S-234877899%3A1675333268161852&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeBjQK2i3DZdiMAvAmRr8hKhjUEPF9jjbxXe0mfUDojMJeU_IUm7FYl9n4ALZdvAbBO1qIk HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Feb 2023 10:21:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-vRzYJTwNijHkmidK69Qd_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/settings/382499
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/settings/382499
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Malware
GET /api/settings/382499 HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:06 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391868?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391868?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391868?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=rgRBzqdrXvsb27PONjVG; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406857?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406857?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/406857?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=h6QfMHfxlICQ0HMdloEj; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.25200 OK 0 B URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:09 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1676019710
server: CDN77-Turbo
x-77-nzt: AblMCRSpfAX/l1gFAA
x-77-nzt-ray: af58563068155c6e958edb63c8b08f01
x-cache: HIT
x-age: 350359
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js
172.64.205.27200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js
IP 172.64.205.27:0
GET /_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62379c1c76373a1d22aeaaeb
Cookie: visitorId=yfd0eg20c4rh494rje9e; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-185ecc65286"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 586657
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NpTuxfNOcouRqC%2F5GFIAHDpAV01hAgdf8JZEuXyTQoi5xOMkHPx8LiLg16VMN5zntXVJ4tmdW07AgBSDSYfUA9%2Fsjfk%2BhTE4pUOagQk71uVgmA2hP3xX4FNOxrxMrZQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793232a9dd053853-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5113810
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lyxkF%2BQPTa4pyDtdOG%2FkMbn4%2FIgsG44Fg3U259PCm9ZXL8p%2BR0EIvfXbf%2BowUFdVY375gVBOSNnIOo%2FhQxj0ZIExqmRz3aW0keSzcpFOwxXvjf%2Fm2WYfmYYCXik2VzIn0U2Yigm2dqBw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793232bddb0923e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/382499?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/382499?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/382499?host=xfantazy.com&ev=203&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 10:21:08 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=aJPUW1CZ7WnkI8oElvBi; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2