redfans.org/celine-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524
172.67.184.161301 Moved Permanently 0 B URL HTTP/1.1 redfans.org/celine-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524
IP 172.67.184.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /celine-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524 HTTP/1.1
Host: redfans.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 05 Dec 2022 21:44:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 05 Dec 2022 22:44:15 GMT
Location: https://redfans.org/celine-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oBaXEnmai1jwpAjs60swYwfIpldcmvIrJI1LAu3Rkz%2FMtYzvgtMpMZZbpbdR7xH70F7bkGR0qaseTZUGf1M1d7r7A%2BJ5SEcrYt0PVp%2BoAnff9AmgSFPRqj9LQTO7dA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774ff64b1df9b518-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5828
Expires: Mon, 05 Dec 2022 23:21:24 GMT
Date: Mon, 05 Dec 2022 21:44:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6139
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:16 GMT
Last-Modified: Mon, 05 Dec 2022 20:01:57 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 21:18:31 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1545
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2183
Expires: Mon, 05 Dec 2022 22:20:39 GMT
Date: Mon, 05 Dec 2022 21:44:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Z5M1kgDD6a/25CD9+AmgWmgJ64mvxskhqoMtv4JyVo8zvbKRsUMPh6zN0iCFOs+/zSJ5eyLCmqY=
x-amz-request-id: K0WADDZ177E91BDW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 20:46:49 GMT
age: 3447
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 99aedde2cdcf6fa0b97262c9e3582976
d0907dfb856cd0a4a9ad894198fd6bec732d8a4f
0ee4f04a3eeba507185eef95ae10e2a0ce40b09999b2fbfa1c9f25decb15e616
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=132062
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:16 GMT
Etag: "638dc70e-117"
Expires: Wed, 07 Dec 2022 10:25:18 GMT
Last-Modified: Mon, 05 Dec 2022 10:25:18 GMT
Server: nginx
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 99aedde2cdcf6fa0b97262c9e3582976
d0907dfb856cd0a4a9ad894198fd6bec732d8a4f
0ee4f04a3eeba507185eef95ae10e2a0ce40b09999b2fbfa1c9f25decb15e616
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=132062
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:16 GMT
Etag: "638dc70e-117"
Expires: Wed, 07 Dec 2022 10:25:18 GMT
Last-Modified: Mon, 05 Dec 2022 10:25:18 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
redfans.org/celine-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524
172.67.184.161200 OK 15 kB URL HTTP/2 redfans.org/celine-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524
IP 172.67.184.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3881)
Hash 4d1c2118fc3697d3ced7fd0d13dee3a9
e5af2dba48861fd101610bf23da80fcdc3f1d05f
30bd27e74ba54ff68a3a6627be30da7137c54368f2d10104f682169fda161796
GET /celine-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524 HTTP/1.1
Host: redfans.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:16 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XHFlUduQUeAHtiTbrv5m8i%2BoehWyucvP5inrxbxyYMQg%2FkxkxF0msCGxKqN7LEGLciHY2OV%2FbYQZI1POSyhy3aVX4R7G0zrHeZMOFbGWdg%2BznVEsOiaHrJVQfzX4hA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774ff64e0c40b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/vanilla-lazyload@17.3.0/dist/lazyload.min.js
151.101.129.229200 OK 2.7 kB URL HTTP/2 cdn.jsdelivr.net/npm/vanilla-lazyload@17.3.0/dist/lazyload.min.js
IP 151.101.129.229:0
File type ASCII text, with very long lines (7520), with CRLF line terminators
Hash a2f06c1ee814be40480534619e3fed2e
48b35ebd2f272dbb3557615c80a54815dd30a544
3338fd0f74e9003b2974b5daafd6166ab74cbf6a987503ef8c50ce47ea3e6c99
GET /npm/vanilla-lazyload@17.3.0/dist/lazyload.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 17.3.0
x-jsd-version-type: version
etag: W/"1d62-c0Z+DhO7ZPaNpz2fxoAkt/b3Opo"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 05 Dec 2022 21:44:16 GMT
age: 14416838
x-served-by: cache-fra19121-FRA, cache-bma1660-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2686
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.fluidplayer.com/v2/current/fluidplayer.min.css
205.185.216.10200 OK 5.6 kB URL HTTP/1.1 cdn.fluidplayer.com/v2/current/fluidplayer.min.css
IP 205.185.216.10:0
Hash 0671a852c238e64a99a43447ea5e8f1a
406de90076bc1a893b260d37536baf881b2f7a38
406c04b3183eb4752f027e16376c114793cc8fbd74070dc2939e6a6c88e32600
GET /v2/current/fluidplayer.min.css HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:44:16 GMT
Connection: Keep-Alive
ETag: "1584964688"
Cache-Control: max-age=57958
Content-Encoding: gzip
Content-Length: 4618
Content-Type: text/css
Last-Modified: Mon, 23 Mar 2020 11:58:08 GMT
Accept-Ranges: bytes
X-HW: 1670276656.dop220.sk1.t,1670276656.cds206.sk1.shn,1670276656.cds206.sk1.c
cdn.fluidplayer.com/v2/current/fluidplayer.min.js
205.185.216.10200 OK 28 kB URL HTTP/1.1 cdn.fluidplayer.com/v2/current/fluidplayer.min.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6ec3c5eb5d06691a892c1dfbbd100d84
245b05947cd2162c6028cc668f1731632008691b
6ae3e50c7640b051f6bcf6a02a35bdf93d3d0dbd12de5b7ea3e4c8fdb6467238
GET /v2/current/fluidplayer.min.js HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:44:16 GMT
Connection: Keep-Alive
ETag: "1584964688"
Cache-Control: max-age=47694
Content-Encoding: gzip
Content-Length: 28351
Content-Type: application/javascript
Last-Modified: Mon, 23 Mar 2020 11:58:08 GMT
Accept-Ranges: bytes
X-HW: 1670276656.dop201.sk1.t,1670276656.cds222.sk1.shn,1670276656.cds222.sk1.c
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 6382c430c778a4fcbbf59da5f4e62898
bb30b2e7a7c34e7549a4c76e3e387cc7b6d3f0c2
ad730ec7f2bbd56d5471c69d1900cf8acf0a8e7785eff8311ef8d6a596713f52
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:44:16 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "8E835951A1B253950A7CB45E808EF7B947E956D3"
Expires: Tue, 06 Dec 2022 08:00:00 GMT
Last-Modified: Mon, 05 Dec 2022 20:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2741
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774ff6513e660afa-OSL
www.googletagmanager.com/gtag/js?id=UA-207995008-1
142.250.74.40200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-207995008-1
IP 142.250.74.40:0
File type ASCII text, with very long lines (1921)
Hash 996f9a60e46da833685c14418ced970e
7baa27356673f51ee06dd2aa7110fbf98b718826
18c970d2b36fe5b0537a39fe3f71b57cf26e0fabc9d9f4cb610ba69f1d35b49a
GET /gtag/js?id=UA-207995008-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Dec 2022 21:44:16 GMT
expires: Mon, 05 Dec 2022 21:44:16 GMT
cache-control: private, max-age=900
last-modified: Mon, 05 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43632
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6122
Cache-Control: max-age=133478
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:16 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 10:48:54 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4145a9df64db40dc2f629563f3ad1a8c
cf3b3cc6cbdc173a2f2541a5b17804793eee7cd7
e88e2c4a17f4b5a865a81d070104624b88d0eb7aa643e19f3ee335bf8494fca2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E88E2C4A17F4B5A865A81D070104624B88D0EB7AA643E19F3EE335BF8494FCA2"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7776
Expires: Mon, 05 Dec 2022 23:53:52 GMT
Date: Mon, 05 Dec 2022 21:44:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 19be68815746828457472fb84e8a4520
67832a9d8a307cf57f166aae11ad98ea0a3120d5
5744ab6e9be699d3a0f7266a8688cd6ec091efa300241b27a7c9bd1913e7bb09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5744AB6E9BE699D3A0F7266A8688CD6EC091EFA300241B27A7C9BD1913E7BB09"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13566
Expires: Tue, 06 Dec 2022 01:30:22 GMT
Date: Mon, 05 Dec 2022 21:44:16 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn-avatars.redfans.org/redgifs/images/avatars/celinecinnamon.jpg
45.133.44.4200 OK 10 kB URL HTTP/2 cdn-avatars.redfans.org/redgifs/images/avatars/celinecinnamon.jpg
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash b903575fd64f104e7c5870f1c427449e
0225b5e60b303a8422bbbd22534e4af11856d338
1396b189a67775976938389056ae255031fc46f7cefe373d9e13f89cbee683e7
GET /redgifs/images/avatars/celinecinnamon.jpg HTTP/1.1
Host: cdn-avatars.redfans.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:16 GMT
content-type: application/octet-stream
content-length: 10087
server: nginx/1.22.0
etag: b903575fd64f104e7c5870f1c427449e
last-modified: Fri, 29 Apr 2022 06:22:15 GMT
x-timestamp: 1651213334.61666
x-trans-id: tx520fae8fc71a4dd89d0bc-0063822693
x-openstack-request-id: tx520fae8fc71a4dd89d0bc-0063822693
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 05 Dec 2023 21:44:16 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
strict-transport-security: max-age=10368000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn-previews.redfans.org/redgifs/images/preview-img/celine-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-porn_31524.jpg
45.133.44.4200 OK 31 kB URL HTTP/2 cdn-previews.redfans.org/redgifs/images/preview-img/celine-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-porn_31524.jpg
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 386x720, components 3\012- data
Hash 1a20be50620d00d08d419af51ac38ba3
61ac92994780b5493a36167e0c42fb6d7e977bd4
fc5862487465531d0eb0ffb4dc67430c78652ccfeeb842916230af5356d754bd
GET /redgifs/images/preview-img/celine-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-porn_31524.jpg HTTP/1.1
Host: cdn-previews.redfans.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:16 GMT
content-type: application/octet-stream
content-length: 31357
server: nginx/1.22.0
etag: 1a20be50620d00d08d419af51ac38ba3
last-modified: Fri, 29 Apr 2022 08:20:36 GMT
x-timestamp: 1651220435.72228
x-trans-id: tx7651d2907b94404aafe9b-006371854e
x-openstack-request-id: tx7651d2907b94404aafe9b-006371854e
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 05 Dec 2023 21:44:16 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
strict-transport-security: max-age=10368000
accept-ranges: bytes
X-Firefox-Spdy: h2
iifvcfwiqi.com/lv/esnk/1914829/code.js
62.122.171.6200 OK 44 kB URL HTTP/2 iifvcfwiqi.com/lv/esnk/1914829/code.js
IP 62.122.171.6:0
Hash 1f2ad0b2b8656a917cea0698ea14ee23
a00d2dcbc81326fc86de6a411a76b0270cd92ceb
940a983464f3681ab05d16dcebada75d95d0cc237892240acc27ee5dbf5c46aa
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1914829/code.js HTTP/1.1
Host: iifvcfwiqi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:16 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.39.57.61101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.57.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5XuAfL7h+P/YrRC2KJ5jKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cp2lDJmKYPt7193WTdOEDHqGkcw=
cdn-avatars.redfans.org/redgifs/images/avatars/celinecinnamon_small.jpg
45.133.44.4200 OK 1.2 kB URL HTTP/2 cdn-avatars.redfans.org/redgifs/images/avatars/celinecinnamon_small.jpg
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash 6546dae7647253586f8c24f3f3322c96
b04206349d982112eb447cca69b091af54b5c593
1e8c877e6ad24b85f394691356c495bc17fbcb8dde140e65e4bac9cb49cfe9b2
GET /redgifs/images/avatars/celinecinnamon_small.jpg HTTP/1.1
Host: cdn-avatars.redfans.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: application/octet-stream
content-length: 1247
server: nginx/1.22.0
etag: 6546dae7647253586f8c24f3f3322c96
last-modified: Fri, 29 Apr 2022 06:22:15 GMT
x-timestamp: 1651213334.98280
x-trans-id: txe7cb4b4864b144bf99597-006381f2e9
x-openstack-request-id: txe7cb4b4864b144bf99597-006381f2e9
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 05 Dec 2023 21:44:17 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
strict-transport-security: max-age=10368000
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-avatars.redfans.org/redgifs/images/avatars/morganhollyfit_small.jpg
45.133.44.4200 OK 1.3 kB URL HTTP/2 cdn-avatars.redfans.org/redgifs/images/avatars/morganhollyfit_small.jpg
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash 77a748f19a75f729cecd6f25ef3178b2
ce052ee69847341254f4efcf0e2484fa4473f36b
488b4413784f3c774e2af33d55ab0af6577e6629ab78f3785501dcc3fd159bc6
GET /redgifs/images/avatars/morganhollyfit_small.jpg HTTP/1.1
Host: cdn-avatars.redfans.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: application/octet-stream
content-length: 1312
server: nginx/1.16.1
last-modified: Fri, 29 Apr 2022 06:27:17 GMT
etag: 77a748f19a75f729cecd6f25ef3178b2
x-timestamp: 1651213636.77333
x-trans-id: txf1b09951e8df44519b146-00626ba0ae
x-openstack-request-id: txf1b09951e8df44519b146-00626ba0ae
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Tue, 05 Dec 2023 21:44:17 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
strict-transport-security: max-age=10368000
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-avatars.redfans.org/redgifs/images/avatars/lovingeli_small.jpg
45.133.44.4200 OK 1.4 kB URL HTTP/2 cdn-avatars.redfans.org/redgifs/images/avatars/lovingeli_small.jpg
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash 65b1e6af5d5b5d4462b6425ff3965589
1726d0a428253a783c277602557fa4f2ec1204a9
501de6a43e648aff21a0ce6a65a136972d7eaa9d3fa142dbf276b20cd9cd4f4b
GET /redgifs/images/avatars/lovingeli_small.jpg HTTP/1.1
Host: cdn-avatars.redfans.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: application/octet-stream
content-length: 1449
server: nginx/1.16.1
last-modified: Fri, 29 Apr 2022 06:22:41 GMT
etag: 65b1e6af5d5b5d4462b6425ff3965589
x-timestamp: 1651213360.24884
x-trans-id: tx843e36ff73124e6b97b93-00626b94af
x-openstack-request-id: tx843e36ff73124e6b97b93-00626b94af
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Tue, 05 Dec 2023 21:44:17 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
strict-transport-security: max-age=10368000
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-avatars.redfans.org/redgifs/images/avatars/naomi_soraya_small.jpg
45.133.44.4200 OK 1.3 kB URL HTTP/2 cdn-avatars.redfans.org/redgifs/images/avatars/naomi_soraya_small.jpg
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash ee52213ceed801ec4f7982eae47e0c08
dbce52f2f66c739f3fa25ac7bca112586ec834d2
106ff12ab16319b6e1941f76f3f4580d6ce6f2d897726f1be40cfee4e45160a3
GET /redgifs/images/avatars/naomi_soraya_small.jpg HTTP/1.1
Host: cdn-avatars.redfans.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: application/octet-stream
content-length: 1339
server: nginx/1.16.1
last-modified: Fri, 29 Apr 2022 06:23:18 GMT
etag: ee52213ceed801ec4f7982eae47e0c08
x-timestamp: 1651213397.49361
x-trans-id: tx030ce5e24e034385aa61a-00626ba0b1
x-openstack-request-id: tx030ce5e24e034385aa61a-00626ba0b1
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Tue, 05 Dec 2023 21:44:17 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
strict-transport-security: max-age=10368000
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-avatars.redfans.org/redgifs/images/avatars/mayamartinni_small.jpg
45.133.44.4200 OK 1.3 kB URL HTTP/2 cdn-avatars.redfans.org/redgifs/images/avatars/mayamartinni_small.jpg
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash 2f1c84637ab4020969cd5730724b614b
6f2e275a5a1754e4aa7e5f8e91a8a08d758519a5
f428aa2c3be2dabfbd5ddcdbd57d7d1c417c09ddf55cb26cff5bbcff0f5e2408
GET /redgifs/images/avatars/mayamartinni_small.jpg HTTP/1.1
Host: cdn-avatars.redfans.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: application/octet-stream
content-length: 1325
server: nginx/1.16.1
last-modified: Fri, 29 Apr 2022 06:28:32 GMT
etag: 2f1c84637ab4020969cd5730724b614b
x-timestamp: 1651213711.60091
x-trans-id: tx37897740c55f4d4eb4e55-00626be8cf
x-openstack-request-id: tx37897740c55f4d4eb4e55-00626be8cf
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Tue, 05 Dec 2023 21:44:17 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
strict-transport-security: max-age=10368000
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.fluidplayer.com/v2/current//scripts/vtt.js
205.185.216.10200 OK 29 kB URL HTTP/1.1 cdn.fluidplayer.com/v2/current//scripts/vtt.js
IP 205.185.216.10:0
Hash 6ea17aa47210b5aefeaae5136535dfe4
66756ff3396cca8302cac4eb0a4a8201862042e4
f933855105f9f6ea1a1aad2ee528e8f34a066ccc2b3d449c2590abf8d2eaa062
GET /v2/current//scripts/vtt.js HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:44:17 GMT
Connection: Keep-Alive
ETag: "1584964688"
Cache-Control: max-age=83525
Content-Encoding: gzip
Content-Length: 29316
Content-Type: application/javascript
Last-Modified: Mon, 23 Mar 2020 11:58:08 GMT
Accept-Ranges: bytes
X-HW: 1670276656.dop201.sk1.t,1670276657.cds222.sk1.shn,1670276657.cds222.sk1.c
cdn.fluidplayer.com/v2/current/images/fluid_icons.svg
205.185.216.10200 OK 18 kB URL HTTP/1.1 cdn.fluidplayer.com/v2/current/images/fluid_icons.svg
IP 205.185.216.10:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1910)
Hash a9fe9f04c4c5e6b843f9522a7add5683
ca0e6384a21d00d7db26c8bef2b81a4c4261cf42
0ecadcf2f6de5a604b6ec54d1b92022882edb4fa94d3f0622b1e5598bd941f81
GET /v2/current/images/fluid_icons.svg HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.fluidplayer.com/v2/current/fluidplayer.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:44:17 GMT
Connection: Keep-Alive
ETag: "1584964688"
Cache-Control: max-age=82908
Content-Length: 18488
Content-Type: image/svg+xml
Last-Modified: Mon, 23 Mar 2020 11:58:08 GMT
Accept-Ranges: bytes
X-HW: 1670276656.dop201.sk1.t,1670276657.cds222.sk1.shn,1670276657.cds222.sk1.c
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a77f31aa9214d478c70b4a3e4299b993
c4067fecf5023974c9d09d36a9d41cdee7285758
557c4ab1abf3ebedcee6753e8e46add46236c2b3103a79b7d610271e0aee64a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1305
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:17 GMT
Last-Modified: Mon, 05 Dec 2022 21:22:32 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a77f31aa9214d478c70b4a3e4299b993
c4067fecf5023974c9d09d36a9d41cdee7285758
557c4ab1abf3ebedcee6753e8e46add46236c2b3103a79b7d610271e0aee64a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1305
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:17 GMT
Last-Modified: Mon, 05 Dec 2022 21:22:32 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
cdn.pncloudfl.com/pn/087/982/9a0/0879829a09c40b64dbdc0f242a35b72ffac08aa6.png
104.22.59.221200 OK 48 kB URL HTTP/2 cdn.pncloudfl.com/pn/087/982/9a0/0879829a09c40b64dbdc0f242a35b72ffac08aa6.png
IP 104.22.59.221:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash d4f5e956d4cbb01896c32e9be09275fa
c088d58a016a4558ef07355b6024af5396daec58
96baed66631078682d9d8c9821deeb772543af6c420501773c6a5947a04c1095
GET /pn/087/982/9a0/0879829a09c40b64dbdc0f242a35b72ffac08aa6.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: image/webp
content-length: 47682
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=78045
content-disposition: inline; filename="0879829a09c40b64dbdc0f242a35b72ffac08aa6.webp"
etag: 0713b5bb31c6e4567cfad608b49c7b62
expires: Wed, 07 Dec 2022 18:20:19 GMT
last-modified: Sat, 25 Jun 2022 11:34:30 GMT
vary: Accept
x-openstack-request-id: tx91ee5175127347938240f-0062b6fb07
x-proxy-cache: HIT
x-timestamp: 1656156869.15703
x-trans-id: tx91ee5175127347938240f-0062b6fb07
cf-cache-status: HIT
age: 12238
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 774ff6556a2afab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/630/a45/83a/630a4583aa798597b20ac88a68b90f1bc6f139cc.jpg
104.22.59.221200 OK 36 kB URL HTTP/2 cdn.pncloudfl.com/pn/630/a45/83a/630a4583aa798597b20ac88a68b90f1bc6f139cc.jpg
IP 104.22.59.221:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash be2b89a0488bf68873a1a2ad3bc5a567
3882fc720492964824bd89dffd02133b48e756be
1257256d4c3974690b13aa43da8939b7e2cfefec64b5c6a45d5f1ebeab521e2c
GET /pn/630/a45/83a/630a4583aa798597b20ac88a68b90f1bc6f139cc.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: image/webp
content-length: 35984
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=64109
content-disposition: inline; filename="630a4583aa798597b20ac88a68b90f1bc6f139cc.webp"
etag: b44e2253eea5a74a96a1be61a63db8d7
expires: Tue, 06 Dec 2022 02:22:20 GMT
last-modified: Mon, 20 Jun 2022 06:31:37 GMT
vary: Accept
x-openstack-request-id: txea726f3ad5414f628395b-0062b0164d
x-proxy-cache: HIT
x-timestamp: 1655706696.40821
x-trans-id: txea726f3ad5414f628395b-0062b0164d
cf-cache-status: HIT
age: 156117
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 774ff6556a3afab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a77f31aa9214d478c70b4a3e4299b993
c4067fecf5023974c9d09d36a9d41cdee7285758
557c4ab1abf3ebedcee6753e8e46add46236c2b3103a79b7d610271e0aee64a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1305
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:17 GMT
Last-Modified: Mon, 05 Dec 2022 21:22:32 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b0465f555cf0aaeeba5dc17482f41077
19d7329faae2853cec48f2899c1bd0c8a065c2bf
d14123ae18e9be65a10fa368131e9d684b20179cd4236c20bdacdd3bd1320255
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D14123AE18E9BE65A10FA368131E9D684B20179CD4236C20BDACDD3BD1320255"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4885
Expires: Mon, 05 Dec 2022 23:05:42 GMT
Date: Mon, 05 Dec 2022 21:44:17 GMT
Connection: keep-alive
iifvcfwiqi.com/chicken.gif?z=1914827&pb=337b246a175a6d291d968f92a5d1372d1670283857&psp=rBm_nXvF0YEzG48LPnEONav3PdEsfdcs0_AQi5_dxdTxsGzieehQi-EsoLyavKJova9ouCGUYiMYJN8227KEVWpkiRtS8lJhjnZCRGPsKOMkXCrdV9_OesPy-fGGzuZqc5O9W63w6TsROqUAUKbVc0lFA7Zh70j6LIrc2UiYJ0tsPCMsicTUx_zrRWzUqWrhCrn01i34AWVnuSxFdRcybK51bJ3ifVjZ1eD8r_AZSCxvM7pCTQgVt6Zqd23PFjW-EwEBtOO47KUHzLCrJSHjI3Ra3husjSm4oQ9V6nm3k75K0mWzlcbYj65e1lsM7SuWpvMWFxoLgZg8z6JYNFh-_IR0C7c2OljOSbRQgdFNDg3tnjEP4lsw3S0CQ9fTbE4IXkCzqV2Six0OfeSbZhJqCzoBluGD2AhUrwl2wvT697YxCqgD_4EwfgGXczl4GIq5OIDDgVOL_5Sv6BGYHaq5OUL2F922dL6jAMbSXLqtjeH0QdWRysxkLBDeuyJbafeirhTUpQmeRScKcyArIXVfCqzQLLHGq3qi8LiyeP84L5naFi7tLvio5aP0jIKdvUrOI1Sl7jV0GLev0NQgVGCCELCS3gIuB0S269Msaa2h0zu114-emgrLadBv0AhZFx0_z1lsKWUN1XsqowPa7aeutHI71wofCsqFAQ_Y5bKMBHGpyn3PLlj2xB-vVoFNmeue5A7Ssd3tUg5ZIsnWH-9x6647NEQ=&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 iifvcfwiqi.com/chicken.gif?z=1914827&pb=337b246a175a6d291d968f92a5d1372d1670283857&psp=rBm_nXvF0YEzG48LPnEONav3PdEsfdcs0_AQi5_dxdTxsGzieehQi-EsoLyavKJova9ouCGUYiMYJN8227KEVWpkiRtS8lJhjnZCRGPsKOMkXCrdV9_OesPy-fGGzuZqc5O9W63w6TsROqUAUKbVc0lFA7Zh70j6LIrc2UiYJ0tsPCMsicTUx_zrRWzUqWrhCrn01i34AWVnuSxFdRcybK51bJ3ifVjZ1eD8r_AZSCxvM7pCTQgVt6Zqd23PFjW-EwEBtOO47KUHzLCrJSHjI3Ra3husjSm4oQ9V6nm3k75K0mWzlcbYj65e1lsM7SuWpvMWFxoLgZg8z6JYNFh-_IR0C7c2OljOSbRQgdFNDg3tnjEP4lsw3S0CQ9fTbE4IXkCzqV2Six0OfeSbZhJqCzoBluGD2AhUrwl2wvT697YxCqgD_4EwfgGXczl4GIq5OIDDgVOL_5Sv6BGYHaq5OUL2F922dL6jAMbSXLqtjeH0QdWRysxkLBDeuyJbafeirhTUpQmeRScKcyArIXVfCqzQLLHGq3qi8LiyeP84L5naFi7tLvio5aP0jIKdvUrOI1Sl7jV0GLev0NQgVGCCELCS3gIuB0S269Msaa2h0zu114-emgrLadBv0AhZFx0_z1lsKWUN1XsqowPa7aeutHI71wofCsqFAQ_Y5bKMBHGpyn3PLlj2xB-vVoFNmeue5A7Ssd3tUg5ZIsnWH-9x6647NEQ=&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1914827&pb=337b246a175a6d291d968f92a5d1372d1670283857&psp=rBm_nXvF0YEzG48LPnEONav3PdEsfdcs0_AQi5_dxdTxsGzieehQi-EsoLyavKJova9ouCGUYiMYJN8227KEVWpkiRtS8lJhjnZCRGPsKOMkXCrdV9_OesPy-fGGzuZqc5O9W63w6TsROqUAUKbVc0lFA7Zh70j6LIrc2UiYJ0tsPCMsicTUx_zrRWzUqWrhCrn01i34AWVnuSxFdRcybK51bJ3ifVjZ1eD8r_AZSCxvM7pCTQgVt6Zqd23PFjW-EwEBtOO47KUHzLCrJSHjI3Ra3husjSm4oQ9V6nm3k75K0mWzlcbYj65e1lsM7SuWpvMWFxoLgZg8z6JYNFh-_IR0C7c2OljOSbRQgdFNDg3tnjEP4lsw3S0CQ9fTbE4IXkCzqV2Six0OfeSbZhJqCzoBluGD2AhUrwl2wvT697YxCqgD_4EwfgGXczl4GIq5OIDDgVOL_5Sv6BGYHaq5OUL2F922dL6jAMbSXLqtjeH0QdWRysxkLBDeuyJbafeirhTUpQmeRScKcyArIXVfCqzQLLHGq3qi8LiyeP84L5naFi7tLvio5aP0jIKdvUrOI1Sl7jV0GLev0NQgVGCCELCS3gIuB0S269Msaa2h0zu114-emgrLadBv0AhZFx0_z1lsKWUN1XsqowPa7aeutHI71wofCsqFAQ_Y5bKMBHGpyn3PLlj2xB-vVoFNmeue5A7Ssd3tUg5ZIsnWH-9x6647NEQ=&abvar=0&os=0 HTTP/1.1
Host: iifvcfwiqi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22120516440b4ca9b5dbc84820ada96bcf9e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACKEfAAAAAAAAAAB; Path=/; Expires=Wed, 04 Jan 2023 21:44:17 GMT; Secure; SameSite=None
OACIBLOCK=ACKEfAAAAABjjXrQ; Path=/; Expires=Wed, 04 Jan 2023 21:44:17 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Tue, 06 Dec 2022 21:44:17 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
iifvcfwiqi.com/chicken.gif?z=1914829&pb=337b246a175a6d291d968f92a5d1372d1670283857&psp=mibGT_fUSNIDEXeRrLM387fmEsL4XIldz4QXLfqZHz3MatzB38id1D3qgx37l-CBRpsbvYk6ocVL89XSMtqipSYDv8LGskZj9KffZk_H3CVskWoZwtHwKNp-Qsy7VHetHv-mSpAR2D1v9VFoQkztkA_gQudDfaaxHCNKoJDRW_oqQCNMbVTa4btK3itmd8KJfmj-irF2dMUKFysRAxdkDz-3Hsl5-52jKGUjsQK2kEUGdpcE6w8u-Kiqxn53DpJFMDblzi98gxFK4atbgHwg9kphimfHoBX52QAf7oHs3e_u-zdCxBmdlwAYDBz4Bjq8wD9nWX6H3ceeev2lqqi3c6nruBu33-6Z3d2EJOZjJUMPKI1DMGDmh2BFkJhZnQtlrt5p_ZnhP9FZvZsDkp_9OkVuVEMOJ-zVNaLvbjvLbIATVh_Mb_sOaQ5HmPKZzlKFwbxaJFaMLqlUb8Vy_rfX2_B10bKuaEQb8vaHvXxUBkBo63jmst5MunHsX-ZqKIQ5UBxHLPnVYPZdJlGhKkEjkBzn4FtllgpuGDtN5vd0Isbqt5CMQIikKcoX88UpfTAWkIMU8KffCPRCkAN_iVpCEAdxX4EzTaaHJZh2Z4NxMA9KHFZMkwgkINbXp_HHt5Efb8n6vFyRYRBpWCgLgNQ9AmwbAaootZUPy4Pxvpjdff91dZbuk_BfP37IhezlI6w4rAhKkSbxwzk4ag55POhohY0R0FeFnu98U73WcU9fI-FT6sLu--ipPMSHbcT-v9TBFA==&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 iifvcfwiqi.com/chicken.gif?z=1914829&pb=337b246a175a6d291d968f92a5d1372d1670283857&psp=mibGT_fUSNIDEXeRrLM387fmEsL4XIldz4QXLfqZHz3MatzB38id1D3qgx37l-CBRpsbvYk6ocVL89XSMtqipSYDv8LGskZj9KffZk_H3CVskWoZwtHwKNp-Qsy7VHetHv-mSpAR2D1v9VFoQkztkA_gQudDfaaxHCNKoJDRW_oqQCNMbVTa4btK3itmd8KJfmj-irF2dMUKFysRAxdkDz-3Hsl5-52jKGUjsQK2kEUGdpcE6w8u-Kiqxn53DpJFMDblzi98gxFK4atbgHwg9kphimfHoBX52QAf7oHs3e_u-zdCxBmdlwAYDBz4Bjq8wD9nWX6H3ceeev2lqqi3c6nruBu33-6Z3d2EJOZjJUMPKI1DMGDmh2BFkJhZnQtlrt5p_ZnhP9FZvZsDkp_9OkVuVEMOJ-zVNaLvbjvLbIATVh_Mb_sOaQ5HmPKZzlKFwbxaJFaMLqlUb8Vy_rfX2_B10bKuaEQb8vaHvXxUBkBo63jmst5MunHsX-ZqKIQ5UBxHLPnVYPZdJlGhKkEjkBzn4FtllgpuGDtN5vd0Isbqt5CMQIikKcoX88UpfTAWkIMU8KffCPRCkAN_iVpCEAdxX4EzTaaHJZh2Z4NxMA9KHFZMkwgkINbXp_HHt5Efb8n6vFyRYRBpWCgLgNQ9AmwbAaootZUPy4Pxvpjdff91dZbuk_BfP37IhezlI6w4rAhKkSbxwzk4ag55POhohY0R0FeFnu98U73WcU9fI-FT6sLu--ipPMSHbcT-v9TBFA==&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1914829&pb=337b246a175a6d291d968f92a5d1372d1670283857&psp=mibGT_fUSNIDEXeRrLM387fmEsL4XIldz4QXLfqZHz3MatzB38id1D3qgx37l-CBRpsbvYk6ocVL89XSMtqipSYDv8LGskZj9KffZk_H3CVskWoZwtHwKNp-Qsy7VHetHv-mSpAR2D1v9VFoQkztkA_gQudDfaaxHCNKoJDRW_oqQCNMbVTa4btK3itmd8KJfmj-irF2dMUKFysRAxdkDz-3Hsl5-52jKGUjsQK2kEUGdpcE6w8u-Kiqxn53DpJFMDblzi98gxFK4atbgHwg9kphimfHoBX52QAf7oHs3e_u-zdCxBmdlwAYDBz4Bjq8wD9nWX6H3ceeev2lqqi3c6nruBu33-6Z3d2EJOZjJUMPKI1DMGDmh2BFkJhZnQtlrt5p_ZnhP9FZvZsDkp_9OkVuVEMOJ-zVNaLvbjvLbIATVh_Mb_sOaQ5HmPKZzlKFwbxaJFaMLqlUb8Vy_rfX2_B10bKuaEQb8vaHvXxUBkBo63jmst5MunHsX-ZqKIQ5UBxHLPnVYPZdJlGhKkEjkBzn4FtllgpuGDtN5vd0Isbqt5CMQIikKcoX88UpfTAWkIMU8KffCPRCkAN_iVpCEAdxX4EzTaaHJZh2Z4NxMA9KHFZMkwgkINbXp_HHt5Efb8n6vFyRYRBpWCgLgNQ9AmwbAaootZUPy4Pxvpjdff91dZbuk_BfP37IhezlI6w4rAhKkSbxwzk4ag55POhohY0R0FeFnu98U73WcU9fI-FT6sLu--ipPMSHbcT-v9TBFA==&abvar=0&os=0 HTTP/1.1
Host: iifvcfwiqi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22120516440b4ca9b5dbc84820ada96bcf9e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACM9%2BAAAAAAAAAAB; Path=/; Expires=Wed, 04 Jan 2023 21:44:17 GMT; Secure; SameSite=None
OACIBLOCK=ACM9%2BAAAAABjjXrQ; Path=/; Expires=Wed, 04 Jan 2023 21:44:17 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Tue, 06 Dec 2022 21:44:17 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a179b3b6ab78e29169af8cc2363d6280
501cd2871c5b70c56852c6cd0c87f383504ca933
ceecf34d673dd0d910e3622aa0fa8d84fea748592acc796286c4ec5e76fbc170
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5868
Cache-Control: max-age=151948
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:44:17 GMT
Etag: "638dfdd1-1d7"
Expires: Wed, 07 Dec 2022 15:56:45 GMT
Last-Modified: Mon, 05 Dec 2022 14:18:57 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 05 Dec 2022 20:41:08 GMT
expires: Mon, 05 Dec 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 3789
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash e4aa65d43a81b0379a6d0ef26cd348f9
b1cd61f901d73984e7617e90305f9c75c38bc99e
73e34189e0a518314b7e278d606396ac870c32a8eef65d1d41ed42c46c26dfe1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:44:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 17:56:20 GMT
Expires: Mon, 12 Dec 2022 17:56:19 GMT
Etag: "b1cd61f901d73984e7617e90305f9c75c38bc99e"
Cache-Control: max-age=590521,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774ff656abe70b61-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash e4aa65d43a81b0379a6d0ef26cd348f9
b1cd61f901d73984e7617e90305f9c75c38bc99e
73e34189e0a518314b7e278d606396ac870c32a8eef65d1d41ed42c46c26dfe1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:44:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 17:56:20 GMT
Expires: Mon, 12 Dec 2022 17:56:19 GMT
Etag: "b1cd61f901d73984e7617e90305f9c75c38bc99e"
Cache-Control: max-age=590521,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774ff656acbc1c16-OSL
bcdn.clickaine.com/845/d3c50f8f-1d41-11ec-ba28-5f54dd64648d.jpg
92.223.97.97200 OK 34 kB URL HTTP/2 bcdn.clickaine.com/845/d3c50f8f-1d41-11ec-ba28-5f54dd64648d.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 23b47772c7e9ec8bb0404f9e94e9b898
ad7a14ee6bea8f27fccecd54554b3a62e3e2c8d7
1c1825f83def772c1af607cb0bdfb33eec3682746d5f88216f4bcc22a435b8e9
GET /845/d3c50f8f-1d41-11ec-ba28-5f54dd64648d.jpg HTTP/1.1
Host: bcdn.clickaine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: image/jpeg
content-length: 34337
last-modified: Fri, 24 Sep 2021 14:15:10 GMT
etag: "614ddd6e-8621"
cache: HIT
x-cached-since: 2022-12-02T02:20:51+00:00
x-id: sto5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
bcdn.clickaine.com/845/3b2353ca-f2b3-11ea-94ea-6c46ac15be61.jpg
92.223.97.97200 OK 45 kB URL HTTP/2 bcdn.clickaine.com/845/3b2353ca-f2b3-11ea-94ea-6c46ac15be61.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 5bfe2dce02570dbb81c7a7acb2ff1628
adf3afb548f7716d4334ccb0fd25f0fd69eb159d
eea911c3c7091b5c6f165e0eafecf42b77647f15f550756516e5f4edfe1641bc
GET /845/3b2353ca-f2b3-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: bcdn.clickaine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: image/jpeg
content-length: 45040
last-modified: Wed, 09 Sep 2020 15:43:39 GMT
etag: "5f58f82b-aff0"
cache: HIT
x-cached-since: 2022-12-02T02:22:14+00:00
x-id: sto5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
iifvcfwiqi.com/lv/esnk/1914827/code.js
62.122.171.6200 OK 44 kB URL HTTP/2 iifvcfwiqi.com/lv/esnk/1914827/code.js
IP 62.122.171.6:0
Hash 50bc6efc475ee07063ee76c0351ad586
729ab2aa30d9d007c4ba27a0a51e63843939dffa
e7a8ff81c840d50edec9b90e38314649ac2b03187ef0e626b2173092ac05a123
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1914827/code.js HTTP/1.1
Host: iifvcfwiqi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:16 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
29384.agatarainpro.com/v2/a/na/image?d=BQ5qQHPeX5RWqTmJlRIQ5dXYEjR7tmM9FysGOm1Smv1Jp_JFPNJRwpTwPbS5wjUjNdehRGd7L1AaAbGjusvpY_M_cgVJay3JdA9ejo14QUnOHdwaUYhI4njEJZn6Cl18Vg2A8z_G3cMISaDll35pHSSS1yUWVXB_Hc3vxzHjKuTo6BvxavovGxQpv2kYv9C1mLKEgx4CLXEtM5LDJyYMogju3FvOjY-xTCYhzhKPa_AlltgBVzmpgb2v7Y1b4WliihbohHAK9sHvyooeFTwH4H5tHgDMRYF34ssoXp2f10Rzm8JYjSNKA_V6ZrHelNKj_gKvWjXEy1StvWy6ObXSxXq1mVw4sYqumxpQQltzWYE4x-935HGo9rscmhA660Getd-OGcGEdVkhjd0GiQ-HK02_tcmlqximMGbIuQrLIbZCpqWH56Hi2KjwCmbV-zm29rk-B8CCDEfeM_cIKphWOcuserBEPh7hXtOcgj6UAR9K_PwtGfTxZP5JFaLsPAY5itCT36_tDCtfXsFHKrtGaL29kQRoUvU1zkLdkwCwkHwRSKJwoS8nVcD2R5nzpOYgXBR6wJAwxse4Ekd3ya6XR2NlvoqO1AZO8DuDRrR56yH1u6k1HvzZDjyuN-moNbkMvZl67LSHf4lpQgb0rsMwEiOXGR_wkMxWcjV4bbXJnm2Sk5v29xqP8Blm5GL-Ws1u83uR5CJEPj38zD2xrqI-3pcms6xAa6aSofyM9zY8MS9hgIz46s2ZrEhtXazIcnCGs22eClfCKsEtn7OnJyMgkSrPBzH6T1sVpzmF4H2J2OCmDxZMDUx_IS79Zcn2qJ9CBGdS1-LYj91SUK2K01fuA4NptUM-l36msVARsanM-i1LC0A3BZLr5LTHlyYb5bmAjYnIx8X2TyDzXn8oYxa9JoabL1r9poomu1oICnDjqzVMVakWqkohkAP7sON7U5qNhNawbbV8jg8OY4jMcmQ7ffJSqJVWx9GdT7yO9lEMHOe-IJwpGm0QjKwjd4dcJt13SfCnzYYFZivZLE0P2iJGs09CndGFXsoNHJjyixVANKijTZJSzJR4cTv8bqce7xZrTIvlMfjiT3urbUVn2_KwXM0If7zqWVf1w-Jy-R512crQ_isMCSTv0hU9sXkgGi9UwVihggier4GJTFl7bn2gpjCZF_1y_0rw020qZ20cG6w6sh8eDn1HafbOuhr4rrsJZjTm440EX05GH6S99SejHijWUF955Ut35IV_WKquZ7-QQBUug_xBrkD2iQ
88.208.59.103200 OK 68 B URL HTTP/2 29384.agatarainpro.com/v2/a/na/image?d=BQ5qQHPeX5RWqTmJlRIQ5dXYEjR7tmM9FysGOm1Smv1Jp_JFPNJRwpTwPbS5wjUjNdehRGd7L1AaAbGjusvpY_M_cgVJay3JdA9ejo14QUnOHdwaUYhI4njEJZn6Cl18Vg2A8z_G3cMISaDll35pHSSS1yUWVXB_Hc3vxzHjKuTo6BvxavovGxQpv2kYv9C1mLKEgx4CLXEtM5LDJyYMogju3FvOjY-xTCYhzhKPa_AlltgBVzmpgb2v7Y1b4WliihbohHAK9sHvyooeFTwH4H5tHgDMRYF34ssoXp2f10Rzm8JYjSNKA_V6ZrHelNKj_gKvWjXEy1StvWy6ObXSxXq1mVw4sYqumxpQQltzWYE4x-935HGo9rscmhA660Getd-OGcGEdVkhjd0GiQ-HK02_tcmlqximMGbIuQrLIbZCpqWH56Hi2KjwCmbV-zm29rk-B8CCDEfeM_cIKphWOcuserBEPh7hXtOcgj6UAR9K_PwtGfTxZP5JFaLsPAY5itCT36_tDCtfXsFHKrtGaL29kQRoUvU1zkLdkwCwkHwRSKJwoS8nVcD2R5nzpOYgXBR6wJAwxse4Ekd3ya6XR2NlvoqO1AZO8DuDRrR56yH1u6k1HvzZDjyuN-moNbkMvZl67LSHf4lpQgb0rsMwEiOXGR_wkMxWcjV4bbXJnm2Sk5v29xqP8Blm5GL-Ws1u83uR5CJEPj38zD2xrqI-3pcms6xAa6aSofyM9zY8MS9hgIz46s2ZrEhtXazIcnCGs22eClfCKsEtn7OnJyMgkSrPBzH6T1sVpzmF4H2J2OCmDxZMDUx_IS79Zcn2qJ9CBGdS1-LYj91SUK2K01fuA4NptUM-l36msVARsanM-i1LC0A3BZLr5LTHlyYb5bmAjYnIx8X2TyDzXn8oYxa9JoabL1r9poomu1oICnDjqzVMVakWqkohkAP7sON7U5qNhNawbbV8jg8OY4jMcmQ7ffJSqJVWx9GdT7yO9lEMHOe-IJwpGm0QjKwjd4dcJt13SfCnzYYFZivZLE0P2iJGs09CndGFXsoNHJjyixVANKijTZJSzJR4cTv8bqce7xZrTIvlMfjiT3urbUVn2_KwXM0If7zqWVf1w-Jy-R512crQ_isMCSTv0hU9sXkgGi9UwVihggier4GJTFl7bn2gpjCZF_1y_0rw020qZ20cG6w6sh8eDn1HafbOuhr4rrsJZjTm440EX05GH6S99SejHijWUF955Ut35IV_WKquZ7-QQBUug_xBrkD2iQ
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeX5RWqTmJlRIQ5dXYEjR7tmM9FysGOm1Smv1Jp_JFPNJRwpTwPbS5wjUjNdehRGd7L1AaAbGjusvpY_M_cgVJay3JdA9ejo14QUnOHdwaUYhI4njEJZn6Cl18Vg2A8z_G3cMISaDll35pHSSS1yUWVXB_Hc3vxzHjKuTo6BvxavovGxQpv2kYv9C1mLKEgx4CLXEtM5LDJyYMogju3FvOjY-xTCYhzhKPa_AlltgBVzmpgb2v7Y1b4WliihbohHAK9sHvyooeFTwH4H5tHgDMRYF34ssoXp2f10Rzm8JYjSNKA_V6ZrHelNKj_gKvWjXEy1StvWy6ObXSxXq1mVw4sYqumxpQQltzWYE4x-935HGo9rscmhA660Getd-OGcGEdVkhjd0GiQ-HK02_tcmlqximMGbIuQrLIbZCpqWH56Hi2KjwCmbV-zm29rk-B8CCDEfeM_cIKphWOcuserBEPh7hXtOcgj6UAR9K_PwtGfTxZP5JFaLsPAY5itCT36_tDCtfXsFHKrtGaL29kQRoUvU1zkLdkwCwkHwRSKJwoS8nVcD2R5nzpOYgXBR6wJAwxse4Ekd3ya6XR2NlvoqO1AZO8DuDRrR56yH1u6k1HvzZDjyuN-moNbkMvZl67LSHf4lpQgb0rsMwEiOXGR_wkMxWcjV4bbXJnm2Sk5v29xqP8Blm5GL-Ws1u83uR5CJEPj38zD2xrqI-3pcms6xAa6aSofyM9zY8MS9hgIz46s2ZrEhtXazIcnCGs22eClfCKsEtn7OnJyMgkSrPBzH6T1sVpzmF4H2J2OCmDxZMDUx_IS79Zcn2qJ9CBGdS1-LYj91SUK2K01fuA4NptUM-l36msVARsanM-i1LC0A3BZLr5LTHlyYb5bmAjYnIx8X2TyDzXn8oYxa9JoabL1r9poomu1oICnDjqzVMVakWqkohkAP7sON7U5qNhNawbbV8jg8OY4jMcmQ7ffJSqJVWx9GdT7yO9lEMHOe-IJwpGm0QjKwjd4dcJt13SfCnzYYFZivZLE0P2iJGs09CndGFXsoNHJjyixVANKijTZJSzJR4cTv8bqce7xZrTIvlMfjiT3urbUVn2_KwXM0If7zqWVf1w-Jy-R512crQ_isMCSTv0hU9sXkgGi9UwVihggier4GJTFl7bn2gpjCZF_1y_0rw020qZ20cG6w6sh8eDn1HafbOuhr4rrsJZjTm440EX05GH6S99SejHijWUF955Ut35IV_WKquZ7-QQBUug_xBrkD2iQ HTTP/1.1
Host: 29384.agatarainpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
29384.agatarainpro.com/v2/a/na/image?d=BQ5qQHPeX5ReqTmp1RIQ5dXYEjR7tmM9FysGOm1Smv1Jp_JFPNJRwpTwPbS5wjUjNdehRGd7L1AaAbGjusvpY_M_cgVJay3JdA9ejo14QUnOHdwaUYhI4njEJZn6Cl18Vg2A8z_G3cMISaDll35pHSSS1yUWVXB_Hc3vxzHjKuTo6BvxavovGxQpv2kYv9C1mLKEgx4CLXEtM5LDJyYMogju3FvOjY-xTCYhzhKPa_AlltgBVzmpgb3PJjwzcuwM_7o9Wq8SfKL-cV_K89MTET2orxbXDEPhY9wri_CmZcbSJdK8QoFHCQehiwW2gS21kJQ88hkWPEj5h3pr_cgqLQca6TtOizrZpRcdyV_DkMQCmecO_4B7ExnhqegqbcOQuGwuCcgEjuoz7ZnjVYw57y5JQbHHqTrMBl4H3pJ75-YKUi8qvh4R0KjwCmYuvMEv3tLZz2WOF4IVtAZIluxgsj9CNvWFglQsQIWomLlWHkVCegeG-pDwrW6zvJnphknlE6Oz2W_k-bB3v1VJbfH4ZUP7DaMnzuQL-SF9vcejk7mQR8-Sni8TWMgF75sgmJlqf-qSK0UD-QXiBvg4N-IjC71OSAf4UJ1VCbbWiXLl-ydg6klWxmtxdvo2xAr5wzO77nSLoFF8jCAfook_twt1kuzpk0rtqtGuuQNBSpbXXDdAdEEx_0xU6Gfkh6aHgyPB3XtB332Xgzec4cfLz9pYbCe9HBQ2rQ_qyw7ot6ZT6ZLT7zKzak_0UkMZyRPVoNfiaZCIJUwT_mYI_FVkhxnRZ1hTsxmFHJF-c9z3nQ55UZWLEP4BYek2jjLMmEKS-VQ3SHCkDVvAZ6frjtV9PJSwFoiEShg0TU3Ooog9H7UKppyb-2acjBRf44ptaZTplpYHQmlysYf1VnYVZ8H36Ukla3KYQqLgh91iMKjI_f7yiOG_maGvaVQ4ez8fzXR6QXF8rgFT_bWziLEZyRR1BDvO1hXwgpkJq_Hf7awLqSnP4twgUdAEIXv7hUPjXXY0FMsEyKOS2ZO6ZK-xe9XexfKWEak8l-s4WanXRiHVBMESPTptmrZ9Uk6bVQgSm1ug1Ww6wHeQmfACVwE4qHgim1bFEeHFhTaWS6b2PzRlnU5LjG2g9dUFcncqmQjiv0TJeV-Rl3bJTqSLe2q45Ks26qjneAdpayo-0CVd4dI0kF8Md2P1ytmKknCEgYnp7eHvs1jiXbFo9Zieo74av4__qnWf6vOeRjcXjnCGQ7dygDL1FkeIE10uMXWxI8_KP7U
88.208.59.103200 OK 68 B URL HTTP/2 29384.agatarainpro.com/v2/a/na/image?d=BQ5qQHPeX5ReqTmp1RIQ5dXYEjR7tmM9FysGOm1Smv1Jp_JFPNJRwpTwPbS5wjUjNdehRGd7L1AaAbGjusvpY_M_cgVJay3JdA9ejo14QUnOHdwaUYhI4njEJZn6Cl18Vg2A8z_G3cMISaDll35pHSSS1yUWVXB_Hc3vxzHjKuTo6BvxavovGxQpv2kYv9C1mLKEgx4CLXEtM5LDJyYMogju3FvOjY-xTCYhzhKPa_AlltgBVzmpgb3PJjwzcuwM_7o9Wq8SfKL-cV_K89MTET2orxbXDEPhY9wri_CmZcbSJdK8QoFHCQehiwW2gS21kJQ88hkWPEj5h3pr_cgqLQca6TtOizrZpRcdyV_DkMQCmecO_4B7ExnhqegqbcOQuGwuCcgEjuoz7ZnjVYw57y5JQbHHqTrMBl4H3pJ75-YKUi8qvh4R0KjwCmYuvMEv3tLZz2WOF4IVtAZIluxgsj9CNvWFglQsQIWomLlWHkVCegeG-pDwrW6zvJnphknlE6Oz2W_k-bB3v1VJbfH4ZUP7DaMnzuQL-SF9vcejk7mQR8-Sni8TWMgF75sgmJlqf-qSK0UD-QXiBvg4N-IjC71OSAf4UJ1VCbbWiXLl-ydg6klWxmtxdvo2xAr5wzO77nSLoFF8jCAfook_twt1kuzpk0rtqtGuuQNBSpbXXDdAdEEx_0xU6Gfkh6aHgyPB3XtB332Xgzec4cfLz9pYbCe9HBQ2rQ_qyw7ot6ZT6ZLT7zKzak_0UkMZyRPVoNfiaZCIJUwT_mYI_FVkhxnRZ1hTsxmFHJF-c9z3nQ55UZWLEP4BYek2jjLMmEKS-VQ3SHCkDVvAZ6frjtV9PJSwFoiEShg0TU3Ooog9H7UKppyb-2acjBRf44ptaZTplpYHQmlysYf1VnYVZ8H36Ukla3KYQqLgh91iMKjI_f7yiOG_maGvaVQ4ez8fzXR6QXF8rgFT_bWziLEZyRR1BDvO1hXwgpkJq_Hf7awLqSnP4twgUdAEIXv7hUPjXXY0FMsEyKOS2ZO6ZK-xe9XexfKWEak8l-s4WanXRiHVBMESPTptmrZ9Uk6bVQgSm1ug1Ww6wHeQmfACVwE4qHgim1bFEeHFhTaWS6b2PzRlnU5LjG2g9dUFcncqmQjiv0TJeV-Rl3bJTqSLe2q45Ks26qjneAdpayo-0CVd4dI0kF8Md2P1ytmKknCEgYnp7eHvs1jiXbFo9Zieo74av4__qnWf6vOeRjcXjnCGQ7dygDL1FkeIE10uMXWxI8_KP7U
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeX5ReqTmp1RIQ5dXYEjR7tmM9FysGOm1Smv1Jp_JFPNJRwpTwPbS5wjUjNdehRGd7L1AaAbGjusvpY_M_cgVJay3JdA9ejo14QUnOHdwaUYhI4njEJZn6Cl18Vg2A8z_G3cMISaDll35pHSSS1yUWVXB_Hc3vxzHjKuTo6BvxavovGxQpv2kYv9C1mLKEgx4CLXEtM5LDJyYMogju3FvOjY-xTCYhzhKPa_AlltgBVzmpgb3PJjwzcuwM_7o9Wq8SfKL-cV_K89MTET2orxbXDEPhY9wri_CmZcbSJdK8QoFHCQehiwW2gS21kJQ88hkWPEj5h3pr_cgqLQca6TtOizrZpRcdyV_DkMQCmecO_4B7ExnhqegqbcOQuGwuCcgEjuoz7ZnjVYw57y5JQbHHqTrMBl4H3pJ75-YKUi8qvh4R0KjwCmYuvMEv3tLZz2WOF4IVtAZIluxgsj9CNvWFglQsQIWomLlWHkVCegeG-pDwrW6zvJnphknlE6Oz2W_k-bB3v1VJbfH4ZUP7DaMnzuQL-SF9vcejk7mQR8-Sni8TWMgF75sgmJlqf-qSK0UD-QXiBvg4N-IjC71OSAf4UJ1VCbbWiXLl-ydg6klWxmtxdvo2xAr5wzO77nSLoFF8jCAfook_twt1kuzpk0rtqtGuuQNBSpbXXDdAdEEx_0xU6Gfkh6aHgyPB3XtB332Xgzec4cfLz9pYbCe9HBQ2rQ_qyw7ot6ZT6ZLT7zKzak_0UkMZyRPVoNfiaZCIJUwT_mYI_FVkhxnRZ1hTsxmFHJF-c9z3nQ55UZWLEP4BYek2jjLMmEKS-VQ3SHCkDVvAZ6frjtV9PJSwFoiEShg0TU3Ooog9H7UKppyb-2acjBRf44ptaZTplpYHQmlysYf1VnYVZ8H36Ukla3KYQqLgh91iMKjI_f7yiOG_maGvaVQ4ez8fzXR6QXF8rgFT_bWziLEZyRR1BDvO1hXwgpkJq_Hf7awLqSnP4twgUdAEIXv7hUPjXXY0FMsEyKOS2ZO6ZK-xe9XexfKWEak8l-s4WanXRiHVBMESPTptmrZ9Uk6bVQgSm1ug1Ww6wHeQmfACVwE4qHgim1bFEeHFhTaWS6b2PzRlnU5LjG2g9dUFcncqmQjiv0TJeV-Rl3bJTqSLe2q45Ks26qjneAdpayo-0CVd4dI0kF8Md2P1ytmKknCEgYnp7eHvs1jiXbFo9Zieo74av4__qnWf6vOeRjcXjnCGQ7dygDL1FkeIE10uMXWxI8_KP7U HTTP/1.1
Host: 29384.agatarainpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b0465f555cf0aaeeba5dc17482f41077
19d7329faae2853cec48f2899c1bd0c8a065c2bf
d14123ae18e9be65a10fa368131e9d684b20179cd4236c20bdacdd3bd1320255
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D14123AE18E9BE65A10FA368131E9D684B20179CD4236C20BDACDD3BD1320255"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4885
Expires: Mon, 05 Dec 2022 23:05:42 GMT
Date: Mon, 05 Dec 2022 21:44:17 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash e4aa65d43a81b0379a6d0ef26cd348f9
b1cd61f901d73984e7617e90305f9c75c38bc99e
73e34189e0a518314b7e278d606396ac870c32a8eef65d1d41ed42c46c26dfe1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:44:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 17:56:20 GMT
Expires: Mon, 12 Dec 2022 17:56:19 GMT
Etag: "b1cd61f901d73984e7617e90305f9c75c38bc99e"
Cache-Control: max-age=590521,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774ff656abe60b61-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash e4aa65d43a81b0379a6d0ef26cd348f9
b1cd61f901d73984e7617e90305f9c75c38bc99e
73e34189e0a518314b7e278d606396ac870c32a8eef65d1d41ed42c46c26dfe1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:44:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 17:56:20 GMT
Expires: Mon, 12 Dec 2022 17:56:19 GMT
Etag: "b1cd61f901d73984e7617e90305f9c75c38bc99e"
Cache-Control: max-age=590521,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774ff656b88db50b-OSL
media.redxgifs.com/femininewelllittsetsefly
104.21.235.201200 OK 4.5 MB URL HTTP/2 media.redxgifs.com/femininewelllittsetsefly
IP 104.21.235.201:0
Size 4.5 MB (4492403 bytes)
Hash 774d4f2b0f57a921d1c828db560c2b2a
95cd7139d7b3e45dcf01e102cb0ff01af37025e5
9b236ac16889fd95659aed57d63a0a72753c7acc9351344ddfca25e75f9948dd
GET /femininewelllittsetsefly HTTP/1.1
Host: media.redxgifs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-
Referer: https://redfans.org/
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: video/mp4
content-length: 4492256
accept-ranges: bytes
content-range: bytes 0-4492255/4492256
etag: "430020decc6f8b0404d3e8b23680d491"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dk7kDG8PhwjwtPogHOhnV%2FqcEZOD6gIvXspO%2BhxRnyblWvV2vlWv4P4viHW8KQ53tlIT%2BbQ6D1r4X3j5R20syAvnwMRqZy5M4TP4CnmBUlE5S3h4jdrk%2F6sEmEg5BqklzqaS%2Ff4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774ff655c9e476cb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bcdn.clickaine.com/845/fabaf23d-f2b0-11ea-94ea-6c46ac15be61.jpg
92.223.97.97200 OK 36 kB URL HTTP/2 bcdn.clickaine.com/845/fabaf23d-f2b0-11ea-94ea-6c46ac15be61.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 282c5320642a33db7306164a506b77a3
973a5f396e144dbc066fd4868ffe769e04a207b8
21c5457b823e0a6a02c71dc7f55ace99c95d8f3b3f1c43963ecddf6367a342e6
GET /845/fabaf23d-f2b0-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: bcdn.clickaine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:18 GMT
content-type: image/jpeg
content-length: 36429
last-modified: Wed, 09 Sep 2020 15:27:32 GMT
etag: "5f58f464-8e4d"
cache: HIT
x-cached-since: 2022-12-02T02:23:40+00:00
x-id: sto5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
bcdn.clickaine.com/845/c4cee646-f2b2-11ea-94ea-6c46ac15be61.jpg
92.223.97.97200 OK 51 kB URL HTTP/2 bcdn.clickaine.com/845/c4cee646-f2b2-11ea-94ea-6c46ac15be61.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash cf688d39a1418b90b52abe0298f4b143
a2a0b43eb3f224bd7a07d6ef37b21b253df6a8cd
a61d5df3a5cec95099b797fff73b9e58fbda92ddc67403a65dd2e4d46a9f1e4f
GET /845/c4cee646-f2b2-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: bcdn.clickaine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:18 GMT
content-type: image/jpeg
content-length: 50898
last-modified: Wed, 09 Sep 2020 15:40:20 GMT
etag: "5f58f764-c6d2"
cache: HIT
x-cached-since: 2022-12-02T02:24:15+00:00
x-id: sto5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
29384.agatarainpro.com/v2/a/na/image?d=BQ5qQHPeX5RWqTmJlRIQ5dXYEjR7tmM9FysGOi0bvGUIwZOHMMjWs7XdwXUKj6TJL4L1FXJ8L1AaEbGjusvpY_M_cgVZ6xFf8zUy_gW1GgPIHRwaUYhI4njGJZn6rnc2N244XcUbCIQ5_cADbLT6t74D0yfZcmq1vzSplo6-gFVyeBICsR17R9XbyHbRNyquFw_rvfxtJNLH2RghlqdpNiDpVZYIXIttFttqiSOTZ9AlltgBV_mpgb2v4c5b4WliihZooDxoreuZ5oC5xvq4GJJrrz5aTraUlEJpGHViZWFgFrVqRzH3XPig1gaae1WVkvL5TmqTws3NWDDvCkdxnm8uzXcu1d6PV29EWW2vOFmJHzgTvf_NeqmhRW3P1EyzaXex9iXPK4MxQIWtrUPFJwH9cIJG7Wg0tijZTG9eKGBFzlXupgykn-n4SHZX8_xNm7TGJrFXi2KfkQkQ1opL_28MtZE73Bs0yEA3aict-zshjM_NvBjctIdp4um6OuaJSOVtFNEYCShiv1U3kLeBMJ3Y8caJ4jdyiFb9kai_kG3RqB9wgSFIjfA2Wkkys9fPSQQa-PyraN9z_baqhBRdltI_2gwvWiwnhw45WO4slmgKqNmTyoJnnEbXC4koSM-T_8stL7EVQgbinU4tsTix-yg0OF2U8z1AX_JjFy5lTd1GEROKmKg9E3BqeZ5weMWuYStR5nK0ZJu9xKb-OAahaNZUmiEHFzCKiEn7yzZdw7FFvnSOoaqOxXh9dDAfy76L8oF2jHuIx0Nxm5O_pmd4DjwR5zKF7WOLOXxB6nilZPYNQKAt8KdXTJvXeYkteIO44LAcI65QTfXSy-QgGzGNlCTVQB0giyd2deeC76xkoAU2g19sBNt3Jk1bzxSqd8wHR_yvC4B1n0a2R4SymWD6QfusMhoHRkqw4kgAoVo0jzFMVS13okrtQFF5QmUpjikSSj_SXL5Q_aOCkA2Ww6nSbIlQDtpGx9GdT7yO9lEMHOe-IJwpGm0QjKwjd4dcJt13SfCnzYYFZivZLE0P2iJGs09CndGFXsoNHJjyixVANKijTZJSzJR4cTv8bqce7xZrTIvlMfjiT3urbUVn2_KwXM0If7zqWVf1w-Jy-R512crQ_isMCSTv0hU9sXkgGi9UwVihggier4GJTFl7bn2gpjCZF_1y_0rw020qZ20cG6w6sh8eDn1HafbOuhr4rrsJZjTm440EX05GH6S99SejHijWUF955UvrpzrgDj2JABJfHyaoL28sThOB8A
88.208.59.103200 OK 68 B URL HTTP/2 29384.agatarainpro.com/v2/a/na/image?d=BQ5qQHPeX5RWqTmJlRIQ5dXYEjR7tmM9FysGOi0bvGUIwZOHMMjWs7XdwXUKj6TJL4L1FXJ8L1AaEbGjusvpY_M_cgVZ6xFf8zUy_gW1GgPIHRwaUYhI4njGJZn6rnc2N244XcUbCIQ5_cADbLT6t74D0yfZcmq1vzSplo6-gFVyeBICsR17R9XbyHbRNyquFw_rvfxtJNLH2RghlqdpNiDpVZYIXIttFttqiSOTZ9AlltgBV_mpgb2v4c5b4WliihZooDxoreuZ5oC5xvq4GJJrrz5aTraUlEJpGHViZWFgFrVqRzH3XPig1gaae1WVkvL5TmqTws3NWDDvCkdxnm8uzXcu1d6PV29EWW2vOFmJHzgTvf_NeqmhRW3P1EyzaXex9iXPK4MxQIWtrUPFJwH9cIJG7Wg0tijZTG9eKGBFzlXupgykn-n4SHZX8_xNm7TGJrFXi2KfkQkQ1opL_28MtZE73Bs0yEA3aict-zshjM_NvBjctIdp4um6OuaJSOVtFNEYCShiv1U3kLeBMJ3Y8caJ4jdyiFb9kai_kG3RqB9wgSFIjfA2Wkkys9fPSQQa-PyraN9z_baqhBRdltI_2gwvWiwnhw45WO4slmgKqNmTyoJnnEbXC4koSM-T_8stL7EVQgbinU4tsTix-yg0OF2U8z1AX_JjFy5lTd1GEROKmKg9E3BqeZ5weMWuYStR5nK0ZJu9xKb-OAahaNZUmiEHFzCKiEn7yzZdw7FFvnSOoaqOxXh9dDAfy76L8oF2jHuIx0Nxm5O_pmd4DjwR5zKF7WOLOXxB6nilZPYNQKAt8KdXTJvXeYkteIO44LAcI65QTfXSy-QgGzGNlCTVQB0giyd2deeC76xkoAU2g19sBNt3Jk1bzxSqd8wHR_yvC4B1n0a2R4SymWD6QfusMhoHRkqw4kgAoVo0jzFMVS13okrtQFF5QmUpjikSSj_SXL5Q_aOCkA2Ww6nSbIlQDtpGx9GdT7yO9lEMHOe-IJwpGm0QjKwjd4dcJt13SfCnzYYFZivZLE0P2iJGs09CndGFXsoNHJjyixVANKijTZJSzJR4cTv8bqce7xZrTIvlMfjiT3urbUVn2_KwXM0If7zqWVf1w-Jy-R512crQ_isMCSTv0hU9sXkgGi9UwVihggier4GJTFl7bn2gpjCZF_1y_0rw020qZ20cG6w6sh8eDn1HafbOuhr4rrsJZjTm440EX05GH6S99SejHijWUF955UvrpzrgDj2JABJfHyaoL28sThOB8A
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeX5RWqTmJlRIQ5dXYEjR7tmM9FysGOi0bvGUIwZOHMMjWs7XdwXUKj6TJL4L1FXJ8L1AaEbGjusvpY_M_cgVZ6xFf8zUy_gW1GgPIHRwaUYhI4njGJZn6rnc2N244XcUbCIQ5_cADbLT6t74D0yfZcmq1vzSplo6-gFVyeBICsR17R9XbyHbRNyquFw_rvfxtJNLH2RghlqdpNiDpVZYIXIttFttqiSOTZ9AlltgBV_mpgb2v4c5b4WliihZooDxoreuZ5oC5xvq4GJJrrz5aTraUlEJpGHViZWFgFrVqRzH3XPig1gaae1WVkvL5TmqTws3NWDDvCkdxnm8uzXcu1d6PV29EWW2vOFmJHzgTvf_NeqmhRW3P1EyzaXex9iXPK4MxQIWtrUPFJwH9cIJG7Wg0tijZTG9eKGBFzlXupgykn-n4SHZX8_xNm7TGJrFXi2KfkQkQ1opL_28MtZE73Bs0yEA3aict-zshjM_NvBjctIdp4um6OuaJSOVtFNEYCShiv1U3kLeBMJ3Y8caJ4jdyiFb9kai_kG3RqB9wgSFIjfA2Wkkys9fPSQQa-PyraN9z_baqhBRdltI_2gwvWiwnhw45WO4slmgKqNmTyoJnnEbXC4koSM-T_8stL7EVQgbinU4tsTix-yg0OF2U8z1AX_JjFy5lTd1GEROKmKg9E3BqeZ5weMWuYStR5nK0ZJu9xKb-OAahaNZUmiEHFzCKiEn7yzZdw7FFvnSOoaqOxXh9dDAfy76L8oF2jHuIx0Nxm5O_pmd4DjwR5zKF7WOLOXxB6nilZPYNQKAt8KdXTJvXeYkteIO44LAcI65QTfXSy-QgGzGNlCTVQB0giyd2deeC76xkoAU2g19sBNt3Jk1bzxSqd8wHR_yvC4B1n0a2R4SymWD6QfusMhoHRkqw4kgAoVo0jzFMVS13okrtQFF5QmUpjikSSj_SXL5Q_aOCkA2Ww6nSbIlQDtpGx9GdT7yO9lEMHOe-IJwpGm0QjKwjd4dcJt13SfCnzYYFZivZLE0P2iJGs09CndGFXsoNHJjyixVANKijTZJSzJR4cTv8bqce7xZrTIvlMfjiT3urbUVn2_KwXM0If7zqWVf1w-Jy-R512crQ_isMCSTv0hU9sXkgGi9UwVihggier4GJTFl7bn2gpjCZF_1y_0rw020qZ20cG6w6sh8eDn1HafbOuhr4rrsJZjTm440EX05GH6S99SejHijWUF955UvrpzrgDj2JABJfHyaoL28sThOB8A HTTP/1.1
Host: 29384.agatarainpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:18 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
29384.agatarainpro.com/v2/a/na/image?d=BQ5qQHPeX5RuqTmp1RIQ5dXYEjR7tmM9FysGOm1Smv1Jp_JFPNJRwpTwPbS5wjUjNdehRGd7L1AaAbGjusvpY_M_cgVJay3JdA9ejo14QUnOHdwaUYhI4njEJZn6Cl18Vg2A8z_G3cMISaDll35pHSSS1yUWVXB_Hc3vxzHjKuTo6BvxavovGxQpv2kYv9C1mLKEgx4CLXEtM5LDJyYMogju3FvOjY-xTCYhzhKPa_AlltgBVzmpgb2v7Y1b4WliihbohHAK9sHvyooeFTwH4H5tHgDMRYF34ssoXp2f10Rzm8JYjSNKA_V6ZrHelNKj_gKvWjXEy1StvWy6ObXSxXq1mVw4sYqumxpQQltzWYE4x-935HGo9rscmhA660Getd-OGcGEdVkhjd0GiQ-HK02_tcmlqximMGbIuQrLIbZCpqWH56Hi2KjwCmbV-zm29rk-B8CCDEfeM_cIKphWOcuserBEPh7hXtOcgj6UAR9K_PwtGfTxZP5JFaLsPAY5itCT36_tDCtfXsFHKrtGaL29kQRoUvU1zkLdkwCwkHwRSKJwoS8nVcD2R5nzpOYgXBR6wJAwxse4Ekd3ya6XR2NlvoqO1AZO8DuDRrR56yH1u6k1HvzZDjyuN-moNbkMvZl67LSHf4lpQgb0rsMwEiOXGR_wkMxWcjV4bbXJnm2Sk5v29xqP8Blm5GL-Ws1u83uR5CJEPj38zD2xrqI-3pfKaJ-3dGfT7a2TGMow3QnHbHn4xnbJoasYaRO_7nNg-9DHi4K8xrzTfClaXaEHED4nBE5Yd92LI-2L5VE1zktp-BXU6_I3mAThJRImPKRWstMFOtu6xb_V0j76c2Zc5SYo8MJD_Nwwbd8XRPxl_i4jCMP2vF6qPr9Ezt_Q5yNbYMEdlNS8WLUztkeMmGwYSebMpz-xorEeXNHdgRLyiOG_maGvaVQ4ez8fzXR6QXF8rgFT_bWziLEZyRR1BDvO1hXwgpkIq_HfzWy0NynP4twgUdAE4Xn7hUPjXXY08KRxOyCT2YO6pNzUetXqxfKW3Qm-zBL1MttdpTUkSYtAJ-rQ2qTfsloptR6sw7uD9HMCmZmdUp6DqA0k2Ju49V7wvPRUt9lM8vZdrPwVKdGCzD5DKHWDfly5AHMhursutGZUue5pc1LqePX59pIlgjesVxtMFsXB2cll9QIe0nsA8WNXdCsen94_CtHZQQ3lTVIy47rwylb0knnXtOri52PjxWDANDES3hWtoYG6_cT0qq0NhPLIUyw3bHs7
88.208.59.103200 OK 68 B URL HTTP/2 29384.agatarainpro.com/v2/a/na/image?d=BQ5qQHPeX5RuqTmp1RIQ5dXYEjR7tmM9FysGOm1Smv1Jp_JFPNJRwpTwPbS5wjUjNdehRGd7L1AaAbGjusvpY_M_cgVJay3JdA9ejo14QUnOHdwaUYhI4njEJZn6Cl18Vg2A8z_G3cMISaDll35pHSSS1yUWVXB_Hc3vxzHjKuTo6BvxavovGxQpv2kYv9C1mLKEgx4CLXEtM5LDJyYMogju3FvOjY-xTCYhzhKPa_AlltgBVzmpgb2v7Y1b4WliihbohHAK9sHvyooeFTwH4H5tHgDMRYF34ssoXp2f10Rzm8JYjSNKA_V6ZrHelNKj_gKvWjXEy1StvWy6ObXSxXq1mVw4sYqumxpQQltzWYE4x-935HGo9rscmhA660Getd-OGcGEdVkhjd0GiQ-HK02_tcmlqximMGbIuQrLIbZCpqWH56Hi2KjwCmbV-zm29rk-B8CCDEfeM_cIKphWOcuserBEPh7hXtOcgj6UAR9K_PwtGfTxZP5JFaLsPAY5itCT36_tDCtfXsFHKrtGaL29kQRoUvU1zkLdkwCwkHwRSKJwoS8nVcD2R5nzpOYgXBR6wJAwxse4Ekd3ya6XR2NlvoqO1AZO8DuDRrR56yH1u6k1HvzZDjyuN-moNbkMvZl67LSHf4lpQgb0rsMwEiOXGR_wkMxWcjV4bbXJnm2Sk5v29xqP8Blm5GL-Ws1u83uR5CJEPj38zD2xrqI-3pfKaJ-3dGfT7a2TGMow3QnHbHn4xnbJoasYaRO_7nNg-9DHi4K8xrzTfClaXaEHED4nBE5Yd92LI-2L5VE1zktp-BXU6_I3mAThJRImPKRWstMFOtu6xb_V0j76c2Zc5SYo8MJD_Nwwbd8XRPxl_i4jCMP2vF6qPr9Ezt_Q5yNbYMEdlNS8WLUztkeMmGwYSebMpz-xorEeXNHdgRLyiOG_maGvaVQ4ez8fzXR6QXF8rgFT_bWziLEZyRR1BDvO1hXwgpkIq_HfzWy0NynP4twgUdAE4Xn7hUPjXXY08KRxOyCT2YO6pNzUetXqxfKW3Qm-zBL1MttdpTUkSYtAJ-rQ2qTfsloptR6sw7uD9HMCmZmdUp6DqA0k2Ju49V7wvPRUt9lM8vZdrPwVKdGCzD5DKHWDfly5AHMhursutGZUue5pc1LqePX59pIlgjesVxtMFsXB2cll9QIe0nsA8WNXdCsen94_CtHZQQ3lTVIy47rwylb0knnXtOri52PjxWDANDES3hWtoYG6_cT0qq0NhPLIUyw3bHs7
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeX5RuqTmp1RIQ5dXYEjR7tmM9FysGOm1Smv1Jp_JFPNJRwpTwPbS5wjUjNdehRGd7L1AaAbGjusvpY_M_cgVJay3JdA9ejo14QUnOHdwaUYhI4njEJZn6Cl18Vg2A8z_G3cMISaDll35pHSSS1yUWVXB_Hc3vxzHjKuTo6BvxavovGxQpv2kYv9C1mLKEgx4CLXEtM5LDJyYMogju3FvOjY-xTCYhzhKPa_AlltgBVzmpgb2v7Y1b4WliihbohHAK9sHvyooeFTwH4H5tHgDMRYF34ssoXp2f10Rzm8JYjSNKA_V6ZrHelNKj_gKvWjXEy1StvWy6ObXSxXq1mVw4sYqumxpQQltzWYE4x-935HGo9rscmhA660Getd-OGcGEdVkhjd0GiQ-HK02_tcmlqximMGbIuQrLIbZCpqWH56Hi2KjwCmbV-zm29rk-B8CCDEfeM_cIKphWOcuserBEPh7hXtOcgj6UAR9K_PwtGfTxZP5JFaLsPAY5itCT36_tDCtfXsFHKrtGaL29kQRoUvU1zkLdkwCwkHwRSKJwoS8nVcD2R5nzpOYgXBR6wJAwxse4Ekd3ya6XR2NlvoqO1AZO8DuDRrR56yH1u6k1HvzZDjyuN-moNbkMvZl67LSHf4lpQgb0rsMwEiOXGR_wkMxWcjV4bbXJnm2Sk5v29xqP8Blm5GL-Ws1u83uR5CJEPj38zD2xrqI-3pfKaJ-3dGfT7a2TGMow3QnHbHn4xnbJoasYaRO_7nNg-9DHi4K8xrzTfClaXaEHED4nBE5Yd92LI-2L5VE1zktp-BXU6_I3mAThJRImPKRWstMFOtu6xb_V0j76c2Zc5SYo8MJD_Nwwbd8XRPxl_i4jCMP2vF6qPr9Ezt_Q5yNbYMEdlNS8WLUztkeMmGwYSebMpz-xorEeXNHdgRLyiOG_maGvaVQ4ez8fzXR6QXF8rgFT_bWziLEZyRR1BDvO1hXwgpkIq_HfzWy0NynP4twgUdAE4Xn7hUPjXXY08KRxOyCT2YO6pNzUetXqxfKW3Qm-zBL1MttdpTUkSYtAJ-rQ2qTfsloptR6sw7uD9HMCmZmdUp6DqA0k2Ju49V7wvPRUt9lM8vZdrPwVKdGCzD5DKHWDfly5AHMhursutGZUue5pc1LqePX59pIlgjesVxtMFsXB2cll9QIe0nsA8WNXdCsen94_CtHZQQ3lTVIy47rwylb0knnXtOri52PjxWDANDES3hWtoYG6_cT0qq0NhPLIUyw3bHs7 HTTP/1.1
Host: 29384.agatarainpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:18 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5695
Expires: Mon, 05 Dec 2022 23:19:13 GMT
Date: Mon, 05 Dec 2022 21:44:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5695
Expires: Mon, 05 Dec 2022 23:19:13 GMT
Date: Mon, 05 Dec 2022 21:44:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5695
Expires: Mon, 05 Dec 2022 23:19:13 GMT
Date: Mon, 05 Dec 2022 21:44:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5695
Expires: Mon, 05 Dec 2022 23:19:13 GMT
Date: Mon, 05 Dec 2022 21:44:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg
IP 34.120.237.76:0
Hash 0ef18c574c9bbb40393851934a6110b2
7f82eb94e7fd8c0055019a0e6721e887b14fae89
f35836c34d909dca6cddfe64b61e5dab20c2af725d15e263ede82e6249c4bd1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6886
x-amzn-requestid: d721caf6-2252-4ede-9533-3d3fcd6cce0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpsw-FfRoAMFtOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d5b39-7644a195142f6c420ec7eac6;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 02:45:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RwhNdxS-EBTraqzS_TnCNXj3JXgz5NkO8oLyQaHOhHdtnvBbg4vsRQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 02:45:13 GMT
etag: "f8866d4f3185bcf7871581d75339998b34d6cf6d"
content-type: image/jpeg
age: 68345
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:01 GMT
age: 85277
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f60a6490f38a772dcd50a1132e98e1b
ff254a1df087d2c157d88a6ef04e395dc49efe5e
653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Og6pnDOmEW5oc9EtvKD8BtBojepI-ZSde8xxYGThfF6QNl-ZTQWqQQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:45:46 GMT
age: 86312
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:41 GMT
age: 85897
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP 34.120.237.76:0
Hash ccbf0834eec54ce7004776b26b8a3ca0
f42bb68bd1be73817a92eda84c7758c39e995d51
1b51ee3b86962ff8cde6f709901c5c2cb805defb5d86ad806faa50bae872e802
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:44:01 GMT
age: 17
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8ugcixaNsXG-AIHYCfoyOWa5zowv2lb4qwWc8o5_7SQc_0w5HW4mBw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:48 GMT
age: 85890
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
29384.agatarainpro.com/hyVFDo0xPgfmZtdxoEWUMWYX08lW-96BffBYfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTDpLiCbQEQLr8lJH5hv89MrntzdrAjo3fslysLB8v6j2c?kws=celine%2Ccelinecinnamon%2Conlyfans%2Chijab%2Cporn%2Cvideo&abl=0&fsb=0&pageUri=https%3A%2F%2Fredfans.org%2Fceline-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Mon%20Dec%2005%202022%2021%3A44%3A14%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
88.208.59.103307 Temporary Redirect 0 B URL HTTP/2 29384.agatarainpro.com/hyVFDo0xPgfmZtdxoEWUMWYX08lW-96BffBYfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTDpLiCbQEQLr8lJH5hv89MrntzdrAjo3fslysLB8v6j2c?kws=celine%2Ccelinecinnamon%2Conlyfans%2Chijab%2Cporn%2Cvideo&abl=0&fsb=0&pageUri=https%3A%2F%2Fredfans.org%2Fceline-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Mon%20Dec%2005%202022%2021%3A44%3A14%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hyVFDo0xPgfmZtdxoEWUMWYX08lW-96BffBYfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTDpLiCbQEQLr8lJH5hv89MrntzdrAjo3fslysLB8v6j2c?kws=celine%2Ccelinecinnamon%2Conlyfans%2Chijab%2Cporn%2Cvideo&abl=0&fsb=0&pageUri=https%3A%2F%2Fredfans.org%2Fceline-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Mon%20Dec%2005%202022%2021%3A44%3A14%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 HTTP/1.1
Host: 29384.agatarainpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://redfans.org
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 05 Dec 2022 21:44:20 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-origin: https://redfans.org
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
location: /hyVFDo0xPgfmZtdxoEWUMWYX08lW-96BffBYfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTDpLiCbQEQLr8lJH5hv89MrntzdrAjo3fslysLB8v6j2c?kws=celine%2Ccelinecinnamon%2Conlyfans%2Chijab%2Cporn%2Cvideo&abl=0&fsb=0&pageUri=https%3A%2F%2Fredfans.org%2Fceline-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Mon%20Dec%2005%202022%2021%3A44%3A14%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fredfans.org%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Mon, 05 Dec 2022 21:44:20 UTC
expires: Mon, 05 Dec 2022 21:44:20 UTC
X-Firefox-Spdy: h2
29384.agatarainpro.com/hyVFDo0xPgfmZtdxoEWUMWYX08lW-96BffBYfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTDpLiCbQEQLr8lJH5hv89MrntzdrAjo3fslysLB8v6j2c?kws=celine%2Ccelinecinnamon%2Conlyfans%2Chijab%2Cporn%2Cvideo&abl=0&fsb=0&pageUri=https%3A%2F%2Fredfans.org%2Fceline-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Mon%20Dec%2005%202022%2021%3A44%3A14%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fredfans.org%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A
88.208.59.103200 OK 0 B URL HTTP/2 29384.agatarainpro.com/hyVFDo0xPgfmZtdxoEWUMWYX08lW-96BffBYfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTDpLiCbQEQLr8lJH5hv89MrntzdrAjo3fslysLB8v6j2c?kws=celine%2Ccelinecinnamon%2Conlyfans%2Chijab%2Cporn%2Cvideo&abl=0&fsb=0&pageUri=https%3A%2F%2Fredfans.org%2Fceline-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Mon%20Dec%2005%202022%2021%3A44%3A14%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fredfans.org%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
GET /hyVFDo0xPgfmZtdxoEWUMWYX08lW-96BffBYfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTDpLiCbQEQLr8lJH5hv89MrntzdrAjo3fslysLB8v6j2c?kws=celine%2Ccelinecinnamon%2Conlyfans%2Chijab%2Cporn%2Cvideo&abl=0&fsb=0&pageUri=https%3A%2F%2Fredfans.org%2Fceline-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Mon%20Dec%2005%202022%2021%3A44%3A14%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fredfans.org%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A HTTP/1.1
Host: 29384.agatarainpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://redfans.org
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:20 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://redfans.org
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Mon, 05 Dec 2022 21:44:20 UTC
expires: Mon, 05 Dec 2022 21:44:20 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext
IP 142.250.74.106:0
GET /css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.fluidplayer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Dec 2022 21:44:16 GMT
date: Mon, 05 Dec 2022 21:44:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
iifvcfwiqi.com/get/1914827?zoneid=1914827&jp=_clq70d6kvgok0i8g6j4qf7&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4613062878224931
62.122.171.6200 OK 0 B URL HTTP/2 iifvcfwiqi.com/get/1914827?zoneid=1914827&jp=_clq70d6kvgok0i8g6j4qf7&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4613062878224931
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1914827?zoneid=1914827&jp=_clq70d6kvgok0i8g6j4qf7&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4613062878224931 HTTP/1.1
Host: iifvcfwiqi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22120516440b4ca9b5dbc84820ada96bcf9e; Path=/; Expires=Tue, 05 Dec 2023 21:44:17 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
29384.agatarainpro.com/v2/a/na/206470?subId=&pageUri=https%3A%2F%2Fredfans.org%2Fceline-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524&referer=&av=1&abl=0&kws=celine%2Ccelinecinnamon%2Conlyfans%2Chijab%2Cporn%2Cvideo&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Mon%20Dec%2005%202022%2021%3A44%3A14%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
88.208.59.103200 OK 0 B URL HTTP/2 29384.agatarainpro.com/v2/a/na/206470?subId=&pageUri=https%3A%2F%2Fredfans.org%2Fceline-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524&referer=&av=1&abl=0&kws=celine%2Ccelinecinnamon%2Conlyfans%2Chijab%2Cporn%2Cvideo&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Mon%20Dec%2005%202022%2021%3A44%3A14%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
GET /v2/a/na/206470?subId=&pageUri=https%3A%2F%2Fredfans.org%2Fceline-onlyfans-celinecinnamon-leaks-bouncingtits-hijab-muslim-porn_31524&referer=&av=1&abl=0&kws=celine%2Ccelinecinnamon%2Conlyfans%2Chijab%2Cporn%2Cvideo&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Mon%20Dec%2005%202022%2021%3A44%3A14%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 29384.agatarainpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://redfans.org
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:17 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://redfans.org
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Mon, 05 Dec 2022 21:44:17 UTC
expires: Mon, 05 Dec 2022 21:44:17 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: EVGm9CVQbiLG+qJVnobJk4X25r+KmbFV5uIh91AG6355Df98daGyGc81vBFAxQ5yfKW78yJ+SW5HmmCDvSzPZA==
date: Mon, 05 Dec 2022 21:44:17 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
29384.agatarainpro.com/v3/a/pop/js/206469
88.208.59.103200 OK 0 B URL HTTP/2 29384.agatarainpro.com/v3/a/pop/js/206469
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
GET /v3/a/pop/js/206469 HTTP/1.1
Host: 29384.agatarainpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redfans.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:44:16 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2