javfree.sh/14978/heyzo-0597.html
301 Moved Permanently 0 B URL HTTP/1.1 javfree.sh/14978/heyzo-0597.html
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /14978/heyzo-0597.html HTTP/1.1
Host: javfree.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2023 18:45:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 05 Feb 2023 19:45:37 GMT
Location: https://javfree.sh/14978/heyzo-0597.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bl8j6fQ9xoxiSiVDT%2BJoiVSt7HfyIu%2FeFC3GL1bnD4DY%2FX5CT7aOFF9lErB4jnBGKXXw2flC1V0W6iLv2mDxmPcnUCyr1gw6RWegy%2Bao4h2jea2Fd0GeYZRG7%2FHv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794dcddd0f48b4fd-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2465
Expires: Sun, 05 Feb 2023 19:26:42 GMT
Date: Sun, 05 Feb 2023 18:45:37 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5962
Expires: Sun, 05 Feb 2023 20:24:59 GMT
Date: Sun, 05 Feb 2023 18:45:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 18:36:21 GMT
content-type: application/json
age: 556
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13554
Expires: Sun, 05 Feb 2023 22:31:31 GMT
Date: Sun, 05 Feb 2023 18:45:37 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fxWAnAhuo1BS3JCAcbPz6a+0bVLPoMOr3YyOStWGq9b38T9xbApZMS2gSV77qFjWSJdZZ1FIY7o=
x-amz-request-id: 8TKVA56KEECKQV41
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 18:24:35 GMT
age: 1262
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:37 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 18:07:20 GMT
age: 2298
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2985
Expires: Sun, 05 Feb 2023 19:35:23 GMT
Date: Sun, 05 Feb 2023 18:45:38 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jd+vS206KG3AH6mwQRkVYA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2QDXPSbgdgrarbgHXT4+38f28Wg=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16779
Expires: Sun, 05 Feb 2023 23:25:18 GMT
Date: Sun, 05 Feb 2023 18:45:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16779
Expires: Sun, 05 Feb 2023 23:25:18 GMT
Date: Sun, 05 Feb 2023 18:45:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16779
Expires: Sun, 05 Feb 2023 23:25:18 GMT
Date: Sun, 05 Feb 2023 18:45:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16779
Expires: Sun, 05 Feb 2023 23:25:18 GMT
Date: Sun, 05 Feb 2023 18:45:39 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:05:45 GMT
age: 74394
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 54160
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7a466d89c75ff3459b7328591db52cf
c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb
e73243be3d01d12a224c4e9826c4f52610cf7722eee69f62755278d7550705f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 5846c080-9f25-4590-863c-8af2126cdbe1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WXEEbnoAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f9-1bd490125feadc14366e7ca0;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8aQmkW-aqLFpb79RynlJG2vY1GTDbjLNY0Qukgg_WIjdI6cmbVKFw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:51:26 GMT
age: 75253
etag: "c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:24:01 GMT
age: 26498
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WVfpilnwhnRXBhJkHBWjxxoP09f7SqlRk8CdWRWOubIIwe0CX89bUA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:09:58 GMT
age: 74141
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5beaead015b2b4fb6d36009926ba0378
67e7c49ea7648fc6d1dffc22588862c993b785b7
6ae0cec9ade23fd53e9c1407b0324a8060892a65a6b675ccffa4a4c82b66f1ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 280f7003-2696-4a82-bd50-82b0a2b66faf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsSpoEA0oAMFSBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db3170-35dcb9513c891af201b973d1;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 03:43:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IxfTibTq6T_wq9a5YCIBZLBb70BI7AOLEAYMYYuMZPhvVKjDbFfrvA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:52:08 GMT
etag: "67e7c49ea7648fc6d1dffc22588862c993b785b7"
content-type: image/jpeg
age: 75211
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 6630148a03da2d4ccf19993f0fefd44c
2c747b9bc89b4240ad4340b31b993e3d947d1e5a
68c252a328d6f8dbea1935f3a4a950fb02969e70aabfff9853add357f76ecd4f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1353
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:40 GMT
Last-Modified: Sun, 05 Feb 2023 18:23:07 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
via.placeholder.com/640x360/7e7e7e/9d9d9d?text=No+Poster
200 OK 4.8 kB URL HTTP/2 via.placeholder.com/640x360/7e7e7e/9d9d9d?text=No+Poster
IP
File type PNG image data, 640 x 360, 8-bit/color RGB, non-interlaced\012- data
Hash ae7723af6aa5f657ec6f993e8b159084
c00406fe17db1f3f6d2aac547cde486da04fc379
1c5546695c6e3baaff0a06a1aa25fd036427ab4b1a213a6ea97a7bc8ebaab397
GET /640x360/7e7e7e/9d9d9d?text=No+Poster HTTP/1.1
Host: via.placeholder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 4795
date: Thu, 02 Feb 2023 00:58:28 GMT
server: Werkzeug/2.2.2 Python/3.9.16
cache-control: public, max-age=31557601
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
age: 323232
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _rrq9Di_5CaRltgtMX6eSs4V7esCcCXJYDUGSWSWxRgw8wFCy478DQ==
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js
200 OK 5.1 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js
IP
File type ASCII text, with very long lines (17660)
Hash abe1df98b6ab4644bd567e6669d0da03
27e3bf22ef08b7ca0090721ed31b4f921d278e7c
cd40ba7dbf63d67511c0fd56b7e5327dbedb43d15c439d79a8aacb6377059540
GET /ajax/libs/postscribe/2.0.8/postscribe.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 5117
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03faa-45f4"
last-modified: Mon, 04 May 2020 16:15:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4491892
expires: Fri, 26 Jan 2024 18:45:40 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iU3dLnLwCcnw9UpRBVpMv1wI8%2BSfs1l1PA%2FfzFZWok3hhWWEGFHY9rIr4OfbDWOjtPAcRyBwMRTdokmzj1Mx4%2B9cAQbP8W9TfsBW0eaPxFkBmcFKLxG44Q3yhkxkgHzJEwlY1v8v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 794dcdf06f6d0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash c8224c8ea6d9e56b71136bc8bafbd8bc
94b12e12ed50a6f4dec9802a6c705d0c1fafe3cc
5c2b6d67d094d1bb1e8491876aa3c497e7036710971072f2c54089e877c1cee3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2780
Cache-Control: max-age=166784
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:40 GMT
Etag: "63dfd6f8-118"
Expires: Tue, 07 Feb 2023 17:05:24 GMT
Last-Modified: Sun, 05 Feb 2023 16:19:04 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash 6630148a03da2d4ccf19993f0fefd44c
2c747b9bc89b4240ad4340b31b993e3d947d1e5a
68c252a328d6f8dbea1935f3a4a950fb02969e70aabfff9853add357f76ecd4f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1353
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:40 GMT
Last-Modified: Sun, 05 Feb 2023 18:23:07 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
via.placeholder.com/305x255/000000/ffffff?text=ADS+300x250
200 OK 3.1 kB URL HTTP/2 via.placeholder.com/305x255/000000/ffffff?text=ADS+300x250
IP
Hash f118d60539035ea3f4e8433c02bfd900
fa094c130d2e63d8073eebc44ce5ec7130a659d9
c35570ae8c18afdc36ef3b6a2e3a700c20991e9a8b23260827b0881e6487fbbc
GET /305x255/000000/ffffff?text=ADS+300x250 HTTP/1.1
Host: via.placeholder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 2558
date: Thu, 02 Feb 2023 03:28:26 GMT
server: Werkzeug/2.2.2 Python/3.9.16
cache-control: public, max-age=31557601
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
age: 314234
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: u5dzLS7eXsyQj5AIlTAEXoywr_T9apbBadtnhU_jbfQ_y8YHIGFD_g==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 4.6 kB IP
Hash 3cb6590bb5db9c8c3a1c070c6f8218d6
62a312b79c86fe19259a8130947aeed839ef8c8b
37478919c53b127fc11b7217d93f1b6776087d203330088478302dd02628b8f2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-K7K13XERLP
200 OK 78 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-K7K13XERLP
IP
File type ASCII text, with very long lines (21849)
Hash 672f36f322a58ab6a7b9c8574924d5f6
8df82b0ad6d09d06993d4295804185937d30fc4f
c5dd6de03c1c9d9435b37bc91ca959102801e41d49018107d3dc0bdf1e94fbbd
GET /gtag/js?id=G-K7K13XERLP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Feb 2023 18:45:40 GMT
expires: Sun, 05 Feb 2023 18:45:40 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77571
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 7.3 kB IP
Hash f8b254e489275d763087183d2a8b32fa
8f71d037355d7f69f7100695021f30d9f15e1b8f
f260599229f637fceef1c58ba45a6d901be29f1f960342354d23a3db1960dbf0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2780
Cache-Control: max-age=166784
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:40 GMT
Etag: "63dfd6f8-118"
Expires: Tue, 07 Feb 2023 17:05:24 GMT
Last-Modified: Sun, 05 Feb 2023 16:19:04 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 2.5 kB IP
ASN #20940 Akamai International B.V.
Hash b3da23c3f19e54a8b1d65fde439115cd
d88cda4595d359cd6bdcfc80025ae7be3774edda
97f3468819bf82ecca9ef133755a1de395b96e445a2c926bcff421613f85ae5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "53F8220F4DE650346AC23D3849BD053BF0E68CD80AEC09F2CF437F4908AF5D9F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5605
Expires: Sun, 05 Feb 2023 20:19:05 GMT
Date: Sun, 05 Feb 2023 18:45:40 GMT
Connection: keep-alive
creative.xlivrdr.com/widgets/Spot/lib.js
200 OK 80 kB URL HTTP/2 creative.xlivrdr.com/widgets/Spot/lib.js
IP
File type Unicode text, UTF-8 text, with very long lines (38727), with LF, NEL line terminators
Hash fd0a628fd24c20c9d8dc3bab07f73556
8fe1da544638af138ceb9472e5a334fc35c24192
c49406b76ee6b0716fe08e40588e80818c13133482760e6a60661a35be0797d3
GET /widgets/Spot/lib.js HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-443ea"
expires: Sun, 05 Feb 2023 18:45:35 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 6
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dcdf0aa1bb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans
200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans
IP
Hash 29262a10a62752622675337f350e52ef
86a3bbbff82ab0343593f3a79a706af18bddab6b
9073212753152805b520d52d022a897ac33121077174b30442ba51e0d934dac3
GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.javfree.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 18:45:40 GMT
date: Sun, 05 Feb 2023 18:45:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
iy.subserecajones.com/tfTDkOVegijAfBl1/55714
200 OK 25 B URL HTTP/1.1 iy.subserecajones.com/tfTDkOVegijAfBl1/55714
IP
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /tfTDkOVegijAfBl1/55714 HTTP/1.1
Host: iy.subserecajones.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 18:45:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://javfree.sh
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 06-Feb-2023 18:45:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Mon, 06-Feb-2023 18:45:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
video.ktkjmp.com/adsbygoogle.js
200 OK 5.3 kB URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP
Hash f1474cb3a447e98180be13be6ace4711
84151d8892420d42c17f64f7ec615fcc81bc3492
27906cbc143c2a2236760a8fcd38711cb7d37bedbc93247ec58cbb9c3bbfb961
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://javfree.sh/
Origin: https://javfree.sh
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:40 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: pkzcT9dC8ZpBN2CddqDpWGD1h9T7bzxMr8EqHzQ0bnohyyXe8mHCEBm0Kjkl4YG8bTdDpNFJ1q0=
x-amz-request-id: 9RFH8HEM2FDXTCC8
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://javfree.sh
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
expires: Sun, 05 Feb 2023 22:45:40 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cflb=04dToQvE4FPLng5Mz6amGAT9NT3YTLtsLbbiM9su3r; SameSite=None; Secure; path=/; expires=Mon, 06-Feb-23 17:45:40 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dcdf1d98a1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash a660cbfb6d7a30d52558411c751ec1a4
2c8e54c7982b67427d5f12f7be94c9a09afdb931
1e56c7f4f778e0496d8d6c25e9543f5038450217297aeb1e7ff9a98d2d69a8f9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3608
Cache-Control: max-age=118298
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:40 GMT
Etag: "63df1656-118"
Expires: Tue, 07 Feb 2023 03:37:18 GMT
Last-Modified: Sun, 05 Feb 2023 02:37:10 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/s/gts1p5/rljvdkVf1_0
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/rljvdkVf1_0
IP
Hash 61a55dd6953e0337275fbc6e7e00588b
cb56e120821f81a062ebe52b82a8016f99348014
3cec913030c372809eee66e245c4cbdc0234c0624ad2e20180023cd3b8e6f2c0
POST /s/gts1p5/rljvdkVf1_0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:40 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
creative.xxxvjmp.com/widgets/v4/Universal/lang/en.json
200 OK 197 B URL HTTP/2 creative.xxxvjmp.com/widgets/v4/Universal/lang/en.json
IP
File type JSON data\012- , ASCII text
Hash bb3359f36c668091d41436d2f6bc712b
56ca9f385c676056e7e2d713d13662552132259c
fead5e4d18cbe2e93c3016c5f2ad281aa27f29098203b42c85ea8faf0bc64ae2
GET /widgets/v4/Universal/lang/en.json HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/widgets/v4/Universal?tag=girls%2Fchinese&thumbsMargin=5&hideButton=1&hideTitle=1&userId=840d18c1b4b1b053aac0885c0f17e4305a4bc43c2d94ca9bb181121129281861&autoplay=all&autoplayForce=1&campaignI=iframe
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:40 GMT
content-type: application/json
last-modified: Tue, 31 Jan 2023 09:49:21 GMT
etag: W/"63d8e421-ac"
expires: Sun, 05 Feb 2023 18:45:46 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 3
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dcdf2dc7a0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 3.1 kB IP
Hash a053e8078f592198242f7aaf35f46079
b4bcc6a9a23d0c001b54fc102f805090b2f4ccc7
4a52654d013916ccd0cd993fc41d712c3c587dce197a52367c36081b1bf059ef
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6045
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:41 GMT
Last-Modified: Sun, 05 Feb 2023 17:04:56 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
img.strpst.com/thumbs/1675622641/94205872
200 OK 53 kB URL HTTP/2 img.strpst.com/thumbs/1675622641/94205872
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 2ee4bc0f71f2a7a96919d071a74c909b
be3f50f7c11acc3981d4cb41250dcf9ad213c88c
972200b3042b0a6d9822efc9dc611e41fbda6bcf5ce45a67d0bef18d84f3f8bd
GET /thumbs/1675622641/94205872 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:41 GMT
content-type: image/jpeg
content-length: 53018
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=54547, status=webp_bigger
etag: "635afa85f81ed0a16bb93bbaad4b6394"
last-modified: Sun, 05 Feb 2023 18:44:12 GMT
cf-cache-status: HIT
age: 43
expires: Sun, 05 Feb 2023 19:15:41 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dcdf42b860b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash e3f21481d43b15f19a910e1eb87b9b4e
a6e11e8489fa82fc92f42d3a18b2e964ddd8baed
906abc41a074c30d3c16f875f7a7391e51495583af21e7a3e7a8d5f675505a5c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6045
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:41 GMT
Last-Modified: Sun, 05 Feb 2023 17:04:56 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%252Fchinese%26thumbsMargin%3D5%26hideButton%3D1%26hideTitle%3D1%26userId%3D840d18c1b4b1b053aac0885c0f17e4305a4bc43c2d94ca9bb181121129281861%26autoplay%3Dall%26autoplayForce%3D1%26campaignI%3Diframe
200 OK 3.0 kB URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%252Fchinese%26thumbsMargin%3D5%26hideButton%3D1%26hideTitle%3D1%26userId%3D840d18c1b4b1b053aac0885c0f17e4305a4bc43c2d94ca9bb181121129281861%26autoplay%3Dall%26autoplayForce%3D1%26campaignI%3Diframe
IP
File type ASCII text, with very long lines (2766), with no line terminators
Hash 8e33fa31e5f1a7b8999fc141b4c0f81e
627f59c0ebdbbc36b790698d20b109066888495e
47d141cb2cadbe39de3a1a014a0040e3518bced8860609592dac0bfcf3e8fc45
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%252Fchinese%26thumbsMargin%3D5%26hideButton%3D1%26hideTitle%3D1%26userId%3D840d18c1b4b1b053aac0885c0f17e4305a4bc43c2d94ca9bb181121129281861%26autoplay%3Dall%26autoplayForce%3D1%26campaignI%3Diframe HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:41 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Sun, 05 Feb 2023 18:45:41 GMT
cf-cache-status: MISS
set-cookie: __cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLE3zKBeMTvUnnx; SameSite=None; Secure; path=/; expires=Mon, 06-Feb-23 17:45:41 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dcdf3380c0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/n.js
200 OK 10 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/n.js
IP
File type ASCII text, with very long lines (28408)
Hash e2519788516ae1b7003eaf19e0393762
244160cebfcc1c40aed8da7985609af9b03498c0
99b5dafc018608b7fdc24924d0ead19282622371d75c1c39a6e03d325dda5de2
GET /sdk/v1/n.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:41 GMT
content-type: application/javascript
content-length: 10435
last-modified: Fri, 16 Dec 2022 12:41:56 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"639c6794-6f41"
age: 4427536
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/n.js
304 Not Modified 0 B URL HTTP/2 cdn.tsyndicate.com/sdk/v1/n.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/n.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-6f41"
TE: trailers
HTTP/2 304 Not Modified
date: Sun, 05 Feb 2023 18:45:41 GMT
last-modified: Fri, 16 Dec 2022 12:41:56 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"639c6794-6f41"
age: 4427536
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/n.css
200 OK 19 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/n.css
IP
File type ASCII text, with very long lines (19411), with no line terminators
Hash f0c8bad08999a9d413b61c81c0e2a606
ebb86ba43d0f2386f2f3cdbb57f4746a1d8bcaf5
79ebc0f15cd767ec1f7e624730bedc0fdac746e41dbb8b2fbf1a1d1ec3b6877d
GET /sdk/v1/n.css HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:41 GMT
content-type: text/css
content-length: 19411
etag: "639c6765-4bd3"
last-modified: Fri, 16 Dec 2022 12:41:09 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 4427538
accept-ranges: bytes
X-Firefox-Spdy: h2
creative.xxxvjmp.com/widgets/v4/Universal/main.33831b792a3809ba493a.js
200 OK 156 kB URL HTTP/2 creative.xxxvjmp.com/widgets/v4/Universal/main.33831b792a3809ba493a.js
IP
File type Unicode text, UTF-8 text, with very long lines (35319), with LF, NEL line terminators
Size 156 kB (155936 bytes)
Hash 48ca7c4f2db703404a5f75f099515f9a
b898a1893872981f648d01da02942e935cd994ce
97d45859ed38dda933f0d188006b3812374d4ab11b320e5ce652fc5ab7b44064
GET /widgets/v4/Universal/main.33831b792a3809ba493a.js HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/widgets/v4/Universal?tag=girls%2Fchinese&thumbsMargin=5&hideButton=1&hideTitle=1&userId=840d18c1b4b1b053aac0885c0f17e4305a4bc43c2d94ca9bb181121129281861&autoplay=all&autoplayForce=1&campaignI=iframe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-42f63"
expires: Sun, 05 Feb 2023 18:45:40 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 3
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dcdf23b9b0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data
Hash e43b535855a4ae53bd5b07a6eeb3bf67
6507312d9491156036316484bf8dc41e8b52ddd9
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://javfree.sh
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 00:44:37 GMT
expires: Fri, 02 Feb 2024 00:44:37 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/woff2
age: 324064
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 0d32467b2072d17bc565348479da0b77
3fa64c7f279aaf94c7c80bf72ea00bbb3eef4a52
32bb7ace231ca091d2a97f40cd0fff99f922d16dbf16b5b1cff6fd4d33531aa6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 18:45:41 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 05:56:26 GMT
Expires: Fri, 10 Feb 2023 05:56:25 GMT
Etag: "3fa64c7f279aaf94c7c80bf72ea00bbb3eef4a52"
Cache-Control: max-age=385243,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794dcdf13fa10afe-OSL
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 82d4cd75b5f78fa430c52f966c17f5e6
87ff62d3fa3478bb14091f1451b5c914549bfd3e
2d81207474e9c7b4aecbb13fb3442ae08cf1524ed79f9caaae41668c941f48c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D81207474E9C7B4AECBB13FB3442AE08CF1524ED79F9CAAAE41668C941F48C2"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8025
Expires: Sun, 05 Feb 2023 20:59:27 GMT
Date: Sun, 05 Feb 2023 18:45:42 GMT
Connection: keep-alive
ocsp.buypass.com/
200 OK 1.7 kB IP
ASN #20940 Akamai International B.V.
Hash be1ca5772459cf87901179ba8219ca8e
3826423efb54757aeeab45fe210fdf2596b525e1
88672c498d2365452872ce1137de459d96c76fa6347fbe87b44264eace9d6ac1
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 5c863b8a-fc4c-4b03-927c-5222e839d920
Content-Length: 1701
Date: Sun, 05 Feb 2023 18:45:42 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 472 B IP
Hash 13bfcb9d7a1e5ff7c0d8844223135917
3cf66ccffc4c3abfbaeeea64a179aa85bbecf4c2
5d68b78683dfc4c09918ed99aea9493d2be77869d061e290df3912fb0ac1111f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 18:45:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 15:56:19 GMT
Expires: Sat, 11 Feb 2023 15:56:18 GMT
Etag: "3cf66ccffc4c3abfbaeeea64a179aa85bbecf4c2"
Cache-Control: max-age=507635,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794dcdfa99970afe-OSL
js.wpadmngr.com/npc/sdk/wp-banners.js
200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sun, 05 Feb 2023 18:50:42 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 13bfcb9d7a1e5ff7c0d8844223135917
3cf66ccffc4c3abfbaeeea64a179aa85bbecf4c2
5d68b78683dfc4c09918ed99aea9493d2be77869d061e290df3912fb0ac1111f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 18:45:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 15:56:19 GMT
Expires: Sat, 11 Feb 2023 15:56:18 GMT
Etag: "3cf66ccffc4c3abfbaeeea64a179aa85bbecf4c2"
Cache-Control: max-age=507635,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794dcdfaa8cfb500-OSL
lcdn.tsyndicate.com/images/3/f/95db98a9a8cec1773c28de62f6baf69a838f64/300x250.webp
200 OK 3.7 kB URL HTTP/2 lcdn.tsyndicate.com/images/3/f/95db98a9a8cec1773c28de62f6baf69a838f64/300x250.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x209, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1650b625b896af89674ed1b98447293b
2da79eb3937c7508662aab308b40e11402e5a661
b39dbdfd4d040172401c1f2f9096540ab4f401df243e82dbcf762725a93f1ba4
GET /images/3/f/95db98a9a8cec1773c28de62f6baf69a838f64/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: image/webp
content-length: 3719
last-modified: Wed, 30 Sep 2020 21:46:48 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"5f74fcc8-e70"
age: 23800913
accept-ranges: bytes
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/f/4/c5d3a2a15b82613817bb214d45e97d3ea81e8e/300x250.webp
200 OK 4.0 kB URL HTTP/2 lcdn.tsyndicate.com/images/f/4/c5d3a2a15b82613817bb214d45e97d3ea81e8e/300x250.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x220, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 223401f22daa9b54c46dc94624a54f05
e2af5bb2f13fd15fbed046bcf0cb0fd1e9009ca1
69be4ece4abecddd87022b955a1d03e1bb32998c0ec5f48c18c6efc466dd1942
GET /images/f/4/c5d3a2a15b82613817bb214d45e97d3ea81e8e/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: image/webp
content-length: 3999
last-modified: Thu, 01 Oct 2020 22:04:46 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"5f76527e-f88"
age: 22054783
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 13bfcb9d7a1e5ff7c0d8844223135917
3cf66ccffc4c3abfbaeeea64a179aa85bbecf4c2
5d68b78683dfc4c09918ed99aea9493d2be77869d061e290df3912fb0ac1111f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 18:45:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 15:56:19 GMT
Expires: Sat, 11 Feb 2023 15:56:18 GMT
Etag: "3cf66ccffc4c3abfbaeeea64a179aa85bbecf4c2"
Cache-Control: max-age=507635,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794dcdfaaf381c16-OSL
lcdn.tsyndicate.com/images/4/4/6d84ae18b33dd09efdb996e677b7dd4c8bfa4b/300x250.webp
200 OK 4.3 kB URL HTTP/2 lcdn.tsyndicate.com/images/4/4/6d84ae18b33dd09efdb996e677b7dd4c8bfa4b/300x250.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x219, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f911e27ce4fcbda2209d3193dc08138a
e49247e33a052b5e411a1da4b873d6a6e5dd98b7
d55eb2012e73672d3dac3be7ba55051fe7234a7ad11cc8d9e3f1c9ba9d17eb41
GET /images/4/4/6d84ae18b33dd09efdb996e677b7dd4c8bfa4b/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: image/webp
content-length: 4323
last-modified: Fri, 02 Oct 2020 00:09:58 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"5f766fd6-10cc"
age: 20784972
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 821e887f96b60cb091e8511fb75a7ed1
1dc205a16ba927b0a2fc5687d9756c1d715dfc9c
31a2e257f642d52e0792dd5b8d963b4efe8ff3d22984583b1f9365a594e0aced
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "31A2E257F642D52E0792DD5B8D963B4EFE8FF3D22984583B1F9365A594E0ACED"
Last-Modified: Sat, 04 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6084
Expires: Sun, 05 Feb 2023 20:27:06 GMT
Date: Sun, 05 Feb 2023 18:45:42 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 472 B IP
Hash 13bfcb9d7a1e5ff7c0d8844223135917
3cf66ccffc4c3abfbaeeea64a179aa85bbecf4c2
5d68b78683dfc4c09918ed99aea9493d2be77869d061e290df3912fb0ac1111f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 18:45:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 15:56:19 GMT
Expires: Sat, 11 Feb 2023 15:56:18 GMT
Etag: "3cf66ccffc4c3abfbaeeea64a179aa85bbecf4c2"
Cache-Control: max-age=507635,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794dcdfaa8d0b4f7-OSL
lcdn.tsyndicate.com/images/d/8/b776dd78725da97d69c6f13ccb1f791d640bf5/300x250.webp
200 OK 4.5 kB URL HTTP/2 lcdn.tsyndicate.com/images/d/8/b776dd78725da97d69c6f13ccb1f791d640bf5/300x250.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8ab96c45f00f63febc83ae46b3f950cc
34cf9013cf361cb028c88daa60ffd38c1f80110d
3f38d6feb835b1f19b9c2039cbf521323485c73612ac75e32f0241357bd4b7c4
GET /images/d/8/b776dd78725da97d69c6f13ccb1f791d640bf5/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: image/webp
content-length: 4501
last-modified: Fri, 02 Oct 2020 20:50:09 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"5f779281-117e"
age: 12549617
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 61aa2f723846bfa6c23e629ae727c6db
903a810bc0238fb21505e670d777d166faad4bc8
9d4279e70c45fa461c61fb3526ce45e52a01e1fc9013a8811a44920564a353f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D4279E70C45FA461C61FB3526CE45E52A01E1FC9013A8811A44920564A353F5"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2657
Expires: Sun, 05 Feb 2023 19:29:59 GMT
Date: Sun, 05 Feb 2023 18:45:42 GMT
Connection: keep-alive
ads.adxadserv.com/ad?spotid=6284ab9861d6e2143673d195&type=300x250&output=html&extra1=0&ref=https%3A//javfree.sh/&dt=1675622783515&screen=1280x1024&tags=
200 OK 1.7 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=6284ab9861d6e2143673d195&type=300x250&output=html&extra1=0&ref=https%3A//javfree.sh/&dt=1675622783515&screen=1280x1024&tags=
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (579)
Hash fec09307e2140ccdde1ea1ccb56c00ef
abef17a9e11af5b50571418201b79e9e8bb9364e
f521d660905433e114c7cb9d377c2b243d397e2d7671fa0a7112b2184eae6db8
GET /ad?spotid=6284ab9861d6e2143673d195&type=300x250&output=html&extra1=0&ref=https%3A//javfree.sh/&dt=1675622783515&screen=1280x1024&tags= HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: text/html; charset=utf-8
content-length: 1721
cache-control: no-cache
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.m.js
200 OK 36 kB URL HTTP/2 js.wpadmngr.com/static/adManager.m.js
IP
ASN #39572 DataWeb Global Group B.V.
Hash 182290c6e2cf196dc354143555d87778
44aedd6630a42da038f33cb6e0d81d0c86843691
b942ab86ff22416c3852ca22c254b5a5c6fe5a70ee84cd56c87698da8872e92a
GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 02 Feb 2023 09:20:02 GMT
etag: W/"63db8042-18c39"
content-encoding: gzip
expires: Sun, 05 Feb 2023 18:50:42 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
certify-js.alexametrics.com/atrk.js
200 OK 4.3 kB URL HTTP/1.1 certify-js.alexametrics.com/atrk.js
IP
File type ASCII text, with very long lines (4255), with no line terminators
Hash d89453438fbf10dcf4c13265c40d5160
02d5f4e46c94bf34e12b2d773f63f643ea2b3518
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
GET /atrk.js HTTP/1.1
Host: certify-js.alexametrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4255
Connection: keep-alive
Date: Sat, 13 Aug 2022 04:02:04 GMT
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
ETag: "d89453438fbf10dcf4c13265c40d5160"
Cache-Control: max-age=26920000
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qtN_dX6awtjh2c-OKPfKGAzJeELMmUBW7sIZGxOvZ1OLM5XGk00ZEg==
Age: 15259419
ocsp.digicert.com/
200 OK 280 B IP
Hash 2245da2138183db8e05f670bda3499a6
cc178932df91e05e4634266386a9cb2405094c40
41ed2e8b531355b0a01ea0b09e6905f73dbd8b05566b2e7be896a4f0ba44308b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4143
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:42 GMT
Last-Modified: Sun, 05 Feb 2023 17:36:40 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
cdn.bncloudfl.com/bn/8bb/9f7/8bf/8bb9f78bf7d01a053ac73b34735468c1c488b3cc.jpg
200 OK 25 kB URL HTTP/2 cdn.bncloudfl.com/bn/8bb/9f7/8bf/8bb9f78bf7d01a053ac73b34735468c1c488b3cc.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 300x250, components 3\012- data
Hash 86cb270cc41259bae3cb57b58853a364
105f5dab91e4fe599cf57d788d480ff3adb5f944
e76b1868cedc8517a332b92f76b022550dce5d9f6da597d94d52fa441735c88c
GET /bn/8bb/9f7/8bf/8bb9f78bf7d01a053ac73b34735468c1c488b3cc.jpg HTTP/1.1
Host: cdn.bncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: image/jpeg
content-length: 24956
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=25602, status=webp_bigger
etag: 8111d6709b49f39d21f280836ae2b038
expires: Mon, 06 Feb 2023 13:55:01 GMT
last-modified: Fri, 30 Dec 2022 09:28:13 GMT
x-openstack-request-id: txb4f123edf91e42e286674-0063aeaf77
x-proxy-cache: HIT
x-timestamp: 1672392492.78160
x-trans-id: txb4f123edf91e42e286674-0063aeaf77
cf-cache-status: HIT
age: 103841
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 794dcdfced6ab4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 73904ce8b9f54f1a139d128f80e73cc2
51bdabba475b242d329a2526f7cde71a33b27ae2
e97a9086bd4690d8bae30211edd3bb4784fc570be218287cd1172fb2468fc79c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 18:45:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 05:29:14 GMT
Expires: Sat, 11 Feb 2023 05:29:13 GMT
Etag: "51bdabba475b242d329a2526f7cde71a33b27ae2"
Cache-Control: max-age=470010,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794dcdfcebe20afe-OSL
ocsp.digicert.com/
200 OK 280 B IP
Hash 2245da2138183db8e05f670bda3499a6
cc178932df91e05e4634266386a9cb2405094c40
41ed2e8b531355b0a01ea0b09e6905f73dbd8b05566b2e7be896a4f0ba44308b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4143
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:45:42 GMT
Last-Modified: Sun, 05 Feb 2023 17:36:40 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
region1.google-analytics.com/g/collect?v=2&tid=G-K7K13XERLP>m=45je3210&_p=529015479&cid=1889173988.1675622783&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675622783&sct=1&seg=0&dl=https%3A%2F%2Fjavfree.sh%2F14978%2Fheyzo-0597.html&dt=Watch%20JAV%20HEYZO-0597%20Jav%20Leak%20Uncensored%20japanese%20porn%20A%20School%20girls%20exploitations%20%E2%80%93%20Tomoyo%20Isumi%20HD%20Free%20Online%20on%20JAVFree.SH&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-K7K13XERLP>m=45je3210&_p=529015479&cid=1889173988.1675622783&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675622783&sct=1&seg=0&dl=https%3A%2F%2Fjavfree.sh%2F14978%2Fheyzo-0597.html&dt=Watch%20JAV%20HEYZO-0597%20Jav%20Leak%20Uncensored%20japanese%20porn%20A%20School%20girls%20exploitations%20%E2%80%93%20Tomoyo%20Isumi%20HD%20Free%20Online%20on%20JAVFree.SH&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-K7K13XERLP>m=45je3210&_p=529015479&cid=1889173988.1675622783&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675622783&sct=1&seg=0&dl=https%3A%2F%2Fjavfree.sh%2F14978%2Fheyzo-0597.html&dt=Watch%20JAV%20HEYZO-0597%20Jav%20Leak%20Uncensored%20japanese%20porn%20A%20School%20girls%20exploitations%20%E2%80%93%20Tomoyo%20Isumi%20HD%20Free%20Online%20on%20JAVFree.SH&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://javfree.sh
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://javfree.sh
date: Sun, 05 Feb 2023 18:45:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
200 OK 2.1 kB URL HTTP/2 static.adxadserv.com/css/wm.css
IP
ASN #60068 Datacamp Limited
Hash a369469eb6d3ba5b96e31cf7ac38b03f
5cd5af3fd6329271d075eadb1a41d02e19055117
55514710a559762e0265486e5f2b078ae5b4df26da1145e6424f42b9503ed08e
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1676019710
server: CDN77-Turbo
x-77-nzt: AblMCRQmbZH/WMMJAA
x-77-nzt-ray: af58563036ad82bc56f9df6372a3d91f
x-cache: HIT
x-age: 639832
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 00:48:39 GMT
expires: Tue, 30 Jan 2024 00:48:39 GMT
cache-control: public, max-age=31536000
age: 583023
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
go6shde9nj2itle.com/chicken.gif?z=1909584&pb=89102a82f1cdbb97631a1b2d630d36a51675629942&psp=oeDD6ypvJiidU1eNsLcRNkHqvA29T3JoEJy4dWE_3pPXhPZjRrhWazpWhRZl9rn6K6fQn2GiAvbOIzZEUo7q1hipzjeK2X7siXZn13QEKqc1VBx83kO4KBdAQ3NvmiPQzU8eJGiUQkUDy4N3F6XQE6H3RR7Hkzz0YQOthmuz596eKXyA3Zzrl1KWyXcaJtCip6Nq1UiDax-vx9kNdl23vcEF0hKT5yeXyDahaBQErxoZ38RO7xW0pqOZ3lt58nwOaiYxF1R1qHfNOxkuP20piy90RQKqWPGk-1KyYQV582zrf4MuSsJ-7FekowldNYsz1h9ZiS4TiSD1aVmMOtJmaU8lWaLjWdMK-wvOdCJB9517jf_779onQ_xT8tN_rNoo0J3G48Drd1UcW5F15F_Dow7_F9yyLo_q_CQkYiJxbMmQNnRWPKyMSRn6q1rCRMOCkJRQ6H5bFxE_GXUCLTX3pc8YqAfe-wAFbhkWLwV4knSfWu4KSjCPExA5jTdD5UlOJXXK_803pjJDSn1eJ38HORKQgoRev-kQU5un5ANU3vphPQmll_H5kmtXUMVEgfO_v1znIz2Vx0e_KNyD8xR4PIPRJlncBBLXF3WFamkfC8IFGPzBJNZvlfx0c4If9hVhsmXZIinaHlhG9FR3fvkeGmkDXmYZZDAoZJejhfxjoVgUsG6jrRNO1VGUqZmqWgbVHxeHKemu8kqKFf2H8y4ZvJ1yTGtq7ZFujLpny724FwJJY5aGc4_VL24ZKytwYyQXcYyuvlqHUfh5ErueZ7fL5KJ8HAecI5Nu8TA5QowJq32Xqtkx_QykPfM9AyNDr6LLLPXyBD_4qieLFMFQKpAf_54-8VOuHcMaI9u5Z3cJnWlpigvPlyN9hwnEI0ghsRZT4-EVwIiuAfsuZ-BBeR8O59gFwYb5c4fkzHCv_97R3I6YwsrFf_3btoHocg95EBUS6Fokhimxt_Ldt7a88J9G&abvar=4&os=0
200 OK 43 B URL HTTP/2 go6shde9nj2itle.com/chicken.gif?z=1909584&pb=89102a82f1cdbb97631a1b2d630d36a51675629942&psp=oeDD6ypvJiidU1eNsLcRNkHqvA29T3JoEJy4dWE_3pPXhPZjRrhWazpWhRZl9rn6K6fQn2GiAvbOIzZEUo7q1hipzjeK2X7siXZn13QEKqc1VBx83kO4KBdAQ3NvmiPQzU8eJGiUQkUDy4N3F6XQE6H3RR7Hkzz0YQOthmuz596eKXyA3Zzrl1KWyXcaJtCip6Nq1UiDax-vx9kNdl23vcEF0hKT5yeXyDahaBQErxoZ38RO7xW0pqOZ3lt58nwOaiYxF1R1qHfNOxkuP20piy90RQKqWPGk-1KyYQV582zrf4MuSsJ-7FekowldNYsz1h9ZiS4TiSD1aVmMOtJmaU8lWaLjWdMK-wvOdCJB9517jf_779onQ_xT8tN_rNoo0J3G48Drd1UcW5F15F_Dow7_F9yyLo_q_CQkYiJxbMmQNnRWPKyMSRn6q1rCRMOCkJRQ6H5bFxE_GXUCLTX3pc8YqAfe-wAFbhkWLwV4knSfWu4KSjCPExA5jTdD5UlOJXXK_803pjJDSn1eJ38HORKQgoRev-kQU5un5ANU3vphPQmll_H5kmtXUMVEgfO_v1znIz2Vx0e_KNyD8xR4PIPRJlncBBLXF3WFamkfC8IFGPzBJNZvlfx0c4If9hVhsmXZIinaHlhG9FR3fvkeGmkDXmYZZDAoZJejhfxjoVgUsG6jrRNO1VGUqZmqWgbVHxeHKemu8kqKFf2H8y4ZvJ1yTGtq7ZFujLpny724FwJJY5aGc4_VL24ZKytwYyQXcYyuvlqHUfh5ErueZ7fL5KJ8HAecI5Nu8TA5QowJq32Xqtkx_QykPfM9AyNDr6LLLPXyBD_4qieLFMFQKpAf_54-8VOuHcMaI9u5Z3cJnWlpigvPlyN9hwnEI0ghsRZT4-EVwIiuAfsuZ-BBeR8O59gFwYb5c4fkzHCv_97R3I6YwsrFf_3btoHocg95EBUS6Fokhimxt_Ldt7a88J9G&abvar=4&os=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1909584&pb=89102a82f1cdbb97631a1b2d630d36a51675629942&psp=oeDD6ypvJiidU1eNsLcRNkHqvA29T3JoEJy4dWE_3pPXhPZjRrhWazpWhRZl9rn6K6fQn2GiAvbOIzZEUo7q1hipzjeK2X7siXZn13QEKqc1VBx83kO4KBdAQ3NvmiPQzU8eJGiUQkUDy4N3F6XQE6H3RR7Hkzz0YQOthmuz596eKXyA3Zzrl1KWyXcaJtCip6Nq1UiDax-vx9kNdl23vcEF0hKT5yeXyDahaBQErxoZ38RO7xW0pqOZ3lt58nwOaiYxF1R1qHfNOxkuP20piy90RQKqWPGk-1KyYQV582zrf4MuSsJ-7FekowldNYsz1h9ZiS4TiSD1aVmMOtJmaU8lWaLjWdMK-wvOdCJB9517jf_779onQ_xT8tN_rNoo0J3G48Drd1UcW5F15F_Dow7_F9yyLo_q_CQkYiJxbMmQNnRWPKyMSRn6q1rCRMOCkJRQ6H5bFxE_GXUCLTX3pc8YqAfe-wAFbhkWLwV4knSfWu4KSjCPExA5jTdD5UlOJXXK_803pjJDSn1eJ38HORKQgoRev-kQU5un5ANU3vphPQmll_H5kmtXUMVEgfO_v1znIz2Vx0e_KNyD8xR4PIPRJlncBBLXF3WFamkfC8IFGPzBJNZvlfx0c4If9hVhsmXZIinaHlhG9FR3fvkeGmkDXmYZZDAoZJejhfxjoVgUsG6jrRNO1VGUqZmqWgbVHxeHKemu8kqKFf2H8y4ZvJ1yTGtq7ZFujLpny724FwJJY5aGc4_VL24ZKytwYyQXcYyuvlqHUfh5ErueZ7fL5KJ8HAecI5Nu8TA5QowJq32Xqtkx_QykPfM9AyNDr6LLLPXyBD_4qieLFMFQKpAf_54-8VOuHcMaI9u5Z3cJnWlpigvPlyN9hwnEI0ghsRZT4-EVwIiuAfsuZ-BBeR8O59gFwYb5c4fkzHCv_97R3I6YwsrFf_3btoHocg95EBUS6Fokhimxt_Ldt7a88J9G&abvar=4&os=0 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=230205134578e5fc997f6d4ee384af528d77
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACPunQAAAAAAAAAB; Path=/; Expires=Tue, 07 Mar 2023 18:45:42 GMT; Secure; SameSite=None
OACIBLOCK=ACPunQAAAABj3%2B6g; Path=/; Expires=Tue, 07 Mar 2023 18:45:42 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Mon, 06 Feb 2023 18:45:42 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5278263294f3a35234a4b394367fc556
153c2d0132902770750e4855125d36d632092ea0
20586ec0851b17cb48bac8af53b6630e5723cccb8091bca907f5b529f058a8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "20586EC0851B17CB48BAC8AF53B6630E5723CCCB8091BCA907F5B529F058A8F9"
Last-Modified: Sun, 05 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6909
Expires: Sun, 05 Feb 2023 20:40:51 GMT
Date: Sun, 05 Feb 2023 18:45:42 GMT
Connection: keep-alive
na.nawpush.com/tags/27212?version_name=b
200 OK 5.9 kB URL HTTP/2 na.nawpush.com/tags/27212?version_name=b
IP
ASN #39572 DataWeb Global Group B.V.
Hash 08af8a876b00591ce7fc7edbbfa3ad2e
65a0c0f4a988a913daca1a6cae06c3265d6e8bef
6454c44248cd8f93f41cc75a7eba3e9b31f8408d75d055fc61e96c0acd8fe7b1
GET /tags/27212?version_name=b HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tsyndicate.com
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=27212
204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=27212
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=27212 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://tsyndicate.com/
Origin: https://tsyndicate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 05 Feb 2023 18:45:42 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://tsyndicate.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
1ec994c645.369c83119d.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMjE5NzcwNzA4Mjk3MTczMDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjIyLjAiLCJ0YWdfaWQiOjI3MjEyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMywiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiIn0=
200 OK 0 B URL HTTP/2 1ec994c645.369c83119d.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMjE5NzcwNzA4Mjk3MTczMDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjIyLjAiLCJ0YWdfaWQiOjI3MjEyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMywiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiIn0=
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMjE5NzcwNzA4Mjk3MTczMDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjIyLjAiLCJ0YWdfaWQiOjI3MjEyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMywiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiIn0= HTTP/1.1
Host: 1ec994c645.369c83119d.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tsyndicate.com
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
go6shde9nj2itle.com/get/1909584?zoneid=1909584&jp=_cle9e20k0krdz5rx1ov07z&nojs=0&ix=0&abvar=4&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4613413242102869
200 OK 75 kB URL HTTP/2 go6shde9nj2itle.com/get/1909584?zoneid=1909584&jp=_cle9e20k0krdz5rx1ov07z&nojs=0&ix=0&abvar=4&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4613413242102869
IP
Hash c31d652d6cf9f86af49ea2d183c1f4e8
43ffe11ee9470202ab845dd48cc454315877d4f2
1ff78ba5eaca785f47055f4537b50ff4798f74478a4b8644a6b4a2174b1dd940
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1909584?zoneid=1909584&jp=_cle9e20k0krdz5rx1ov07z&nojs=0&ix=0&abvar=4&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4613413242102869 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=230205134578e5fc997f6d4ee384af528d77; Path=/; Expires=Mon, 05 Feb 2024 18:45:42 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
whos.amung.us/swidget/javfreesh
307 Temporary Redirect 323 B URL HTTP/2 whos.amung.us/swidget/javfreesh
IP
File type PNG image data, 80 x 15, 8-bit colormap, non-interlaced\012- data
Hash 4d4e1a5b79e9072f46fe043688fa5532
289bfc421fb988ee5481576ee8d48311d4698c5e
844da8ca833f929ef767176aa51b671329bb3685d8c4e3bcd1b574d1729e31ea
GET /swidget/javfreesh HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: text/html; charset=UTF-8
location: https://widgets.amung.us/small/02/281.png
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 794dcdfd6e942dfa-ARN
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 808d381d896384a804c4f7d0d07c6275
a797c676a6861008c33dce4b5518dd403d645533
b775c90ab09e4cd8ca76ba3e75da77a78bbf4c27dd00cdd1a2eaa5cf7f5a8991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B775C90AB09E4CD8CA76BA3E75DA77A78BBF4C27DD00CDD1A2EAA5CF7F5A8991"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19334
Expires: Mon, 06 Feb 2023 00:07:56 GMT
Date: Sun, 05 Feb 2023 18:45:42 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=27212
200 OK 27 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=27212
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash 893fd00d21cb2eafe2596e686ceaa7fd
5264446ff184115148de18a8885471fc116dd20f
b00f2b2b4f9190facc972e354768684fdc04f94d78bd9fac3050911bca41183f
POST /fp?tag_id=27212 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22288
Origin: https://tsyndicate.com
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 05 Feb 2023 18:45:42 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://tsyndicate.com
Set-Cookie: id=2810537936862805931; Expires=Mon, 05 Feb 2024 18:45:42 GMT; Secure; SameSite=None
Vary: Origin
adxadserv.com/ascripts/pxl.js
200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP
ASN #39572 DataWeb Global Group B.V.
Hash 0186b96c6a854d5a4970c5a644724e5e
234360fb09d4d8c39d782dec6205ec0378660a70
1cb558dcab1418d96f9dd9486dfd895722f18175d04268e9d146f2055caf9646
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 05 Feb 2023 18:45:42 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: "5f6dbe8d-12fee"
Expires: Fri, 03 Feb 2023 14:15:49 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgqMDnr/Pj8AAA
X-77-NZT-Ray: 2109d1101c3e2c2056f9df6398b4d92d
X-Cache: HIT
X-Age: 16190
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8abf52b71ac6f5a09cfb82660d9d7d57
d445072fd87422f54263d3077f12c3ea153e9bfb
b7e800d7d36be8104edee3566cbdfb6d3f0f4efa208238963e473adf80182726
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7E800D7D36BE8104EDEE3566CBDFB6D3F0F4EFA208238963E473ADF80182726"
Last-Modified: Sat, 04 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4779
Expires: Sun, 05 Feb 2023 20:05:21 GMT
Date: Sun, 05 Feb 2023 18:45:42 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8abf52b71ac6f5a09cfb82660d9d7d57
d445072fd87422f54263d3077f12c3ea153e9bfb
b7e800d7d36be8104edee3566cbdfb6d3f0f4efa208238963e473adf80182726
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7E800D7D36BE8104EDEE3566CBDFB6D3F0F4EFA208238963E473ADF80182726"
Last-Modified: Sat, 04 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4779
Expires: Sun, 05 Feb 2023 20:05:21 GMT
Date: Sun, 05 Feb 2023 18:45:42 GMT
Connection: keep-alive
r.trwl1.com/s1/a8ec3868-5be4-44f0-9183-b8d5fb50a83f?externalId=4aecd2e2-a585-11ed-8703-e25a5bb9767f&cv1=4aecd2e2-a585-11ed-8703-e25a5bb9767f&cv9=6284ab9861d6e2143673d195
200 OK 767 B URL HTTP/1.1 r.trwl1.com/s1/a8ec3868-5be4-44f0-9183-b8d5fb50a83f?externalId=4aecd2e2-a585-11ed-8703-e25a5bb9767f&cv1=4aecd2e2-a585-11ed-8703-e25a5bb9767f&cv9=6284ab9861d6e2143673d195
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (571)
Hash 05ddf25a241fc18677c4a42b7c987979
8d00bf7685268888f60efb56ce1c2f812ecb43d7
4d39da75eb22ee6d09ba54d0c26ac8a7971d3522529a899dd84439616f426815
GET /s1/a8ec3868-5be4-44f0-9183-b8d5fb50a83f?externalId=4aecd2e2-a585-11ed-8703-e25a5bb9767f&cv1=4aecd2e2-a585-11ed-8703-e25a5bb9767f&cv9=6284ab9861d6e2143673d195 HTTP/1.1
Host: r.trwl1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 05 Feb 2023 18:45:42 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 767
Connection: close
Set-Cookie: uid=GJ-utqbtpt; Path=/; Domain=trwl1.com; Expires=Mon, 06 Feb 2023 18:45:42 GMT; HttpOnly
X-Request-Id: df90fae0-9a99-457b-9122-5c57a1364ec9
js.canstrm.com/in-stream-ad-admanager/build.js
200 OK 20 kB URL HTTP/2 js.canstrm.com/in-stream-ad-admanager/build.js
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (39905)
Hash 6ae8f608e6c9713c02552d7b22a6879d
126fe7ccfab9c1f7cb654c21b60ef53e33d93777
cb94de1179bd99ef02651117cb895ecba1104c4fe4bf7b67267da02e39444484
GET /in-stream-ad-admanager/build.js HTTP/1.1
Host: js.canstrm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 31 Jan 2023 07:46:40 GMT
etag: W/"63d8c760-5156"
content-encoding: gzip
expires: Sun, 05 Feb 2023 18:50:42 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D6284ab9861d6e2143673d195%2526type%253D300x250%2526output%253Dhtml%2526extra1%253D0%2526ref%253Dhttps%25253A%252F%252Fjavfree.sh%252F%2526dt%253D1675622783515%2526screen%253D1280x1024%2526tags%253D&ref=https%253A%252F%252Ftsyndicate.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675622783956&t_i=1675622784032&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=29d143d9-e95a-45a1-bbfb-cb3fca8f3678&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=4aecd2e2-a585-11ed-8703-e25a5bb9767f&spid=6284ab9861d6e2143673d195&fpid_sa=1675622784032&fpid=&feid_sa=1675622784032&sid_sa=1675622784032&feid=e6b788d8e7eb994092417f4b186bd8a4&sid=7d3d70499b37afe8c9f095b6d213a9cd&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=tsyndicate.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.372
200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D6284ab9861d6e2143673d195%2526type%253D300x250%2526output%253Dhtml%2526extra1%253D0%2526ref%253Dhttps%25253A%252F%252Fjavfree.sh%252F%2526dt%253D1675622783515%2526screen%253D1280x1024%2526tags%253D&ref=https%253A%252F%252Ftsyndicate.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675622783956&t_i=1675622784032&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=29d143d9-e95a-45a1-bbfb-cb3fca8f3678&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=4aecd2e2-a585-11ed-8703-e25a5bb9767f&spid=6284ab9861d6e2143673d195&fpid_sa=1675622784032&fpid=&feid_sa=1675622784032&sid_sa=1675622784032&feid=e6b788d8e7eb994092417f4b186bd8a4&sid=7d3d70499b37afe8c9f095b6d213a9cd&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=tsyndicate.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.372
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D6284ab9861d6e2143673d195%2526type%253D300x250%2526output%253Dhtml%2526extra1%253D0%2526ref%253Dhttps%25253A%252F%252Fjavfree.sh%252F%2526dt%253D1675622783515%2526screen%253D1280x1024%2526tags%253D&ref=https%253A%252F%252Ftsyndicate.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675622783956&t_i=1675622784032&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=29d143d9-e95a-45a1-bbfb-cb3fca8f3678&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=4aecd2e2-a585-11ed-8703-e25a5bb9767f&spid=6284ab9861d6e2143673d195&fpid_sa=1675622784032&fpid=&feid_sa=1675622784032&sid_sa=1675622784032&feid=e6b788d8e7eb994092417f4b186bd8a4&sid=7d3d70499b37afe8c9f095b6d213a9cd&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=tsyndicate.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.372 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 05 Feb 2023 18:45:42 GMT
Content-Length: 0
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 2d4342d4b16463f7c2f4a91506d339da
b45cbc6e2f232d0d0d7df85895c73c67b88a9c3f
3a58be53c55ee79e069ee1b28d9b4f812a02816f72f97baf12f9094643ba9678
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 18:45:43 GMT
Last-Modified: Sun, 05 Feb 2023 17:50:49 GMT
Server: ECS (nyb/1D2E)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xeeoBZmwIkzn_rhA82ja5Ymb_Wt7y0MRed9EMbpQyo9NAG1DvLDONg==
Age: 3294
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 432ad98dbf8c7946f52c81cabae207a5
7151595ad3eb2537f87c50cc90af16912a8caf6f
092c9e60e842cde263990268eae55f697b243da43e93c8ec5a4bc4b9bd5d3451
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "092C9E60E842CDE263990268EAE55F697B243DA43E93C8EC5A4BC4B9BD5D3451"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12117
Expires: Sun, 05 Feb 2023 22:07:40 GMT
Date: Sun, 05 Feb 2023 18:45:43 GMT
Connection: keep-alive
mc.yandex.ru/metrika/advert.gif
200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 05 Feb 2023 18:45:43 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Sun, 05 Feb 2023 19:45:43 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/88694096/1?wmode=7&page-url=https%3A%2F%2Fjavfree.sh%2F14978%2Fheyzo-0597.html&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0gggw3usgug1h33hqlj%3Afp%3A3269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1321072305164%3Ahid%3A607431500%3Az%3A0%3Ai%3A20230205184624%3Aet%3A1675622784%3Ac%3A1%3Arn%3A692599865%3Arqn%3A1%3Au%3A1675622784307682566%3Aw%3A1268x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C2674%2C1%2C260%2C0%2C%2C1377%2C88%2C%2C%2C%2C4361%3Aco%3A0%3Ans%3A1675622778836%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675622784%3At%3AWatch%20JAV%20HEYZO-0597%20Jav%20Leak%20Uncensored%20japanese%20porn%20A%20School%20girls%20exploitations%20%E2%80%93%20Tomoyo%20Isumi%20HD%20Free%20Online%20on%20JAVFree.SH&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
200 OK 407 B URL HTTP/2 mc.yandex.ru/watch/88694096/1?wmode=7&page-url=https%3A%2F%2Fjavfree.sh%2F14978%2Fheyzo-0597.html&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0gggw3usgug1h33hqlj%3Afp%3A3269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1321072305164%3Ahid%3A607431500%3Az%3A0%3Ai%3A20230205184624%3Aet%3A1675622784%3Ac%3A1%3Arn%3A692599865%3Arqn%3A1%3Au%3A1675622784307682566%3Aw%3A1268x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C2674%2C1%2C260%2C0%2C%2C1377%2C88%2C%2C%2C%2C4361%3Aco%3A0%3Ans%3A1675622778836%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675622784%3At%3AWatch%20JAV%20HEYZO-0597%20Jav%20Leak%20Uncensored%20japanese%20porn%20A%20School%20girls%20exploitations%20%E2%80%93%20Tomoyo%20Isumi%20HD%20Free%20Online%20on%20JAVFree.SH&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash 41b98b1f37ae394dde1f5fb4ac05550b
2c58c93f946121f536b612f7b273198cc347c017
9f242d16792927c7147e8c63fc037c0e2d94a0049d672f611bbccc593d141bf1
GET /watch/88694096/1?wmode=7&page-url=https%3A%2F%2Fjavfree.sh%2F14978%2Fheyzo-0597.html&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0gggw3usgug1h33hqlj%3Afp%3A3269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1321072305164%3Ahid%3A607431500%3Az%3A0%3Ai%3A20230205184624%3Aet%3A1675622784%3Ac%3A1%3Arn%3A692599865%3Arqn%3A1%3Au%3A1675622784307682566%3Aw%3A1268x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C2674%2C1%2C260%2C0%2C%2C1377%2C88%2C%2C%2C%2C4361%3Aco%3A0%3Ans%3A1675622778836%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675622784%3At%3AWatch%20JAV%20HEYZO-0597%20Jav%20Leak%20Uncensored%20japanese%20porn%20A%20School%20girls%20exploitations%20%E2%80%93%20Tomoyo%20Isumi%20HD%20Free%20Online%20on%20JAVFree.SH&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://javfree.sh
Referer: https://javfree.sh/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 407
date: Sun, 05 Feb 2023 18:45:43 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://javfree.sh
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 05-Feb-2023 18:45:43 GMT
last-modified: Sun, 05-Feb-2023 18:45:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
static.javhd.com/h5/files/overlay/1142-overlay-preview.png
200 OK 731 B URL HTTP/2 static.javhd.com/h5/files/overlay/1142-overlay-preview.png
IP
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash cf636f543f2dde28b2343dcaf6d8e658
de9f6ab0500c3503be5df3404b7a144c033da904
204ebde2ec395135f92bf5c7dac63ef66bacab9eecb38c406d26027f450b5c8f
GET /h5/files/overlay/1142-overlay-preview.png HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26cv9%3D6284ab9861d6e2143673d195%26externalId%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: image/png
content-length: 731
last-modified: Tue, 07 May 2019 11:52:14 GMT
etag: "5cd1716e-2db"
expires: Tue, 23 May 2023 11:06:57 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684840017
server: CDN77-Turbo
x-77-nzt: AblMCRSAYT7/ho5UAQ
x-77-nzt-ray: af58563045ba7cc957f9df63d5a69609
x-cache: HIT
x-age: 22318726
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.javhd.com/h5/files/overlay/1142-overlay.png
200 OK 2.3 kB URL HTTP/2 static.javhd.com/h5/files/overlay/1142-overlay.png
IP
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash c94604cd6e0f48b99f838935401390da
e31e1114a05ab87d88402038f4423354c66356ca
182fcef8cb4c0c0aaf6253a6fff930613b850c4867043169e98087cd6c3388d9
GET /h5/files/overlay/1142-overlay.png HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26cv9%3D6284ab9861d6e2143673d195%26externalId%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: image/png
content-length: 2331
last-modified: Tue, 07 May 2019 11:52:13 GMT
etag: "5cd1716d-91b"
expires: Tue, 23 May 2023 11:06:57 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684840018
server: CDN77-Turbo
x-77-nzt: AblMCRTjRHb/hY5UAQ
x-77-nzt-ray: af58563045ba7cc957f9df63b8f49909
x-cache: HIT
x-age: 22318725
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e02a8bcfd5b7b7881940fa6fa8470128
24e34ab4ad8ebb1f1f3a34a75d2ac23acb55efec
36b30e98ac07590e7c0ae57bdf0d83734f7093c20962d47798c821665f822a1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B30E98AC07590E7C0AE57BDF0D83734F7093C20962D47798C821665F822A1F"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6066
Expires: Sun, 05 Feb 2023 20:26:49 GMT
Date: Sun, 05 Feb 2023 18:45:43 GMT
Connection: keep-alive
static.javhd.com/h5/files/button/29-button.png
200 OK 733 B URL HTTP/2 static.javhd.com/h5/files/button/29-button.png
IP
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 82a66a2d222379716ca9a03ff50d8f42
ae43d917ff791f9172edc527baa6266416182aaa
cc5da7b40e498d30bf5eaae43e59cae32202737076422676489dd8d3030803de
GET /h5/files/button/29-button.png HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26cv9%3D6284ab9861d6e2143673d195%26externalId%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: image/png
content-length: 733
last-modified: Tue, 22 Dec 2015 18:41:22 GMT
etag: "56799952-2dd"
expires: Tue, 23 May 2023 11:04:49 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839889
server: CDN77-Turbo
x-77-nzt: AblMCRS5rmf/Bo9UAQ
x-77-nzt-ray: af58563045ba7cc957f9df633b049d09
x-cache: HIT
x-age: 22318854
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b99bdf44f7105810de8d7e83da015e3b
5c91079cc1299a15ffbc103c13157acdb11c80a3
37c215e567429665010536f6a8c8f18805dbc4b8d4541ea7255aa8f07873a869
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "37C215E567429665010536F6A8C8F18805DBC4B8D4541EA7255AA8F07873A869"
Last-Modified: Sat, 04 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5570
Expires: Sun, 05 Feb 2023 20:18:33 GMT
Date: Sun, 05 Feb 2023 18:45:43 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 622168d76171d761c859a7d8d9f031d3
56752905bbe87ac7cb5437aba9d78ef3f0428add
3cd984bb579a3af43e97cbea5a02e9e7b9f4ef802c6718198f506e65cf91fbb4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3CD984BB579A3AF43E97CBEA5A02E9E7B9F4EF802C6718198F506E65CF91FBB4"
Last-Modified: Sat, 04 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3490
Expires: Sun, 05 Feb 2023 19:43:53 GMT
Date: Sun, 05 Feb 2023 18:45:43 GMT
Connection: keep-alive
js.wpushsdk.com/npc/sdk/wpu/csub.m.js
200 OK 27 kB URL HTTP/2 js.wpushsdk.com/npc/sdk/wpu/csub.m.js
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (65464)
Hash 730171785bd26fd0c9113e86275bb699
21df4766d309fa86bb55687836329cb21a883218
f71606a8939e53f9565d54cf4b5675e2f5fb3ca440624d8d68fe37be442c8780
GET /npc/sdk/wpu/csub.m.js HTTP/1.1
Host: js.wpushsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 08:28:22 GMT
etag: W/"63904ea6-16019"
content-encoding: gzip
expires: Sun, 05 Feb 2023 18:50:43 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
204 No Content 0 B URL HTTP/2 redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /x.png HTTP/1.1
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 05 Feb 2023 18:45:43 GMT
server: Server
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=5483f889-ffff-404b-831a-80cd8ef01232&subid=46817327&sid=1218194459&spot_id=18775&created_at=2023-02-05&timezone=0&ver=8.24.1&is_native=1
200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=5483f889-ffff-404b-831a-80cd8ef01232&subid=46817327&sid=1218194459&spot_id=18775&created_at=2023-02-05&timezone=0&ver=8.24.1&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=5483f889-ffff-404b-831a-80cd8ef01232&subid=46817327&sid=1218194459&spot_id=18775&created_at=2023-02-05&timezone=0&ver=8.24.1&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tsyndicate.com
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 Feb 2023 18:45:43 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a6da1d8d0518aab6740a312aa16ab715
7a6b5074639035f9c3ac307eb5ccd87390d26587
23fb2e2719f0c07e56bcd1c29405cc79f75e940a48288778697cae5425281f87
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "23FB2E2719F0C07E56BCD1C29405CC79F75E940A48288778697CAE5425281F87"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6074
Expires: Sun, 05 Feb 2023 20:26:57 GMT
Date: Sun, 05 Feb 2023 18:45:43 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f0c48a8351d4f7033aea436ee102dc70
d7855afaf4073c04bbba14d9c00d110962e10877
d16b09f41a41761c120b2ae412818b4ca9f7f4eaac85453cdbac718856b8b5fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16B09F41A41761C120B2AE412818B4CA9F7F4EAAC85453CDBAC718856B8B5FC"
Last-Modified: Sat, 04 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2530
Expires: Sun, 05 Feb 2023 19:27:53 GMT
Date: Sun, 05 Feb 2023 18:45:43 GMT
Connection: keep-alive
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zCyHmEINDBo0ZY1rUCDNDTAsaZMKEaUHSjJkWMSKakWEDR44xZmaQEfFwjpg0ZBTq2CJCBowaNmTIiIHjBgwRXR6GqTMmY5kYN3IYvTGjRRkcYlbSsOG0BdgYMlrkIFMjxowaM8biGLNTKhk7C9vCYPoQTh0xFGXkuCEVDpyFNGQg7Qlnoo7EH3PAkPFwTJvDj3PUQJrDrpmFNmY8FOPGzcKGH5tWbOMGo44YOWLYgNGXtesYNGLwFVFHDpvTNI7CePuwjoyMaOjQgTNHx4sXZtK4ITMmTJs5LtiksVPmxY8yeOggdBOGzZcx2ses-QK0R4wvN5jMiHPmjJAsWWRwl2PHSpIcREyhBQ1YJDGGG1gsYYQYedThxhE2kCFDGHQUUcQUaNRQBxJsvKHEHHU0sdIYOJxhWBUwnJEDHXfYYEMTNMhxxRRYTNEGDEdUUYYYZRBRhRJJkEGEFGG8QcQaJDERQxVsMIEFHGXUQQQeQ1gBhxtX0PDFGVUkMWQVaXBRBwyT2WDQHHC8QQd7ZPQA2QySySAmmTRVd1kYaZzhBptuasYZTyKQ8UYbGdExRx7TpVGdeC6MMSigiy60RUNRiSDGZzrA4IJoIvCHGWzF1ZFGRmHlVkYNY8QgEgxlpEWDGDKQoRacMLQAw0xhiIHTZjeYkQOgaWAmQmwuSOZCYi7EUAMNgMrBnrDEGoussswWF0ZGTbyhRxpssBHGCzW4AAMIKFwhnaB3zAGCE1SAEIOmMOwAgrlu2ECDvHjYKy9_rx0lbgogHFGGem-8YNS7e-0FghFpyFGGGW_g8cK74T5VWVU6iODEE4C-4ewYGGvM8UNshFyEE4AeZMcXDv_2Wg033IDDDDWR-ZAcei6kWFMPqfyFGHIshAMOPZexchtv7KSDDDjYUBEZcrxx2kNvCEVDX1HjkQdiNz-MnHLMOfeCoYiSoSiFZTQ66AtpmCGHdWXMIcPEwZXBFasyuLTsRyltlpQYZJBhgxlkoPVRDC4k1wYbPwA6B38ZRU0HhR634GAadLTQkAvUoZVyyAd90flxD9FB6GtkIaXUDR-V3sZxqN-gugysx4WbXSzHDccXFFKUelK0ty6C0byzgZChksZVaa6OBfrwVGxM1FfJC9EmwhiuwdCHAgEB&r=1&s=e25cfe0d743dcbde31f9a7a8d9e462200dbf2d1ba831d460ac5c47a4af5b6dfc1675622743&w=t
200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zCyHmEINDBo0ZY1rUCDNDTAsaZMKEaUHSjJkWMSKakWEDR44xZmaQEfFwjpg0ZBTq2CJCBowaNmTIiIHjBgwRXR6GqTMmY5kYN3IYvTGjRRkcYlbSsOG0BdgYMlrkIFMjxowaM8biGLNTKhk7C9vCYPoQTh0xFGXkuCEVDpyFNGQg7Qlnoo7EH3PAkPFwTJvDj3PUQJrDrpmFNmY8FOPGzcKGH5tWbOMGo44YOWLYgNGXtesYNGLwFVFHDpvTNI7CePuwjoyMaOjQgTNHx4sXZtK4ITMmTJs5LtiksVPmxY8yeOggdBOGzZcx2ses-QK0R4wvN5jMiHPmjJAsWWRwl2PHSpIcREyhBQ1YJDGGG1gsYYQYedThxhE2kCFDGHQUUcQUaNRQBxJsvKHEHHU0sdIYOJxhWBUwnJEDHXfYYEMTNMhxxRRYTNEGDEdUUYYYZRBRhRJJkEGEFGG8QcQaJDERQxVsMIEFHGXUQQQeQ1gBhxtX0PDFGVUkMWQVaXBRBwyT2WDQHHC8QQd7ZPQA2QySySAmmTRVd1kYaZzhBptuasYZTyKQ8UYbGdExRx7TpVGdeC6MMSigiy60RUNRiSDGZzrA4IJoIvCHGWzF1ZFGRmHlVkYNY8QgEgxlpEWDGDKQoRacMLQAw0xhiIHTZjeYkQOgaWAmQmwuSOZCYi7EUAMNgMrBnrDEGoussswWF0ZGTbyhRxpssBHGCzW4AAMIKFwhnaB3zAGCE1SAEIOmMOwAgrlu2ECDvHjYKy9_rx0lbgogHFGGem-8YNS7e-0FghFpyFGGGW_g8cK74T5VWVU6iODEE4C-4ewYGGvM8UNshFyEE4AeZMcXDv_2Wg033IDDDDWR-ZAcei6kWFMPqfyFGHIshAMOPZexchtv7KSDDDjYUBEZcrxx2kNvCEVDX1HjkQdiNz-MnHLMOfeCoYiSoSiFZTQ66AtpmCGHdWXMIcPEwZXBFasyuLTsRyltlpQYZJBhgxlkoPVRDC4k1wYbPwA6B38ZRU0HhR634GAadLTQkAvUoZVyyAd90flxD9FB6GtkIaXUDR-V3sZxqN-gugysx4WbXSzHDccXFFKUelK0ty6C0byzgZChksZVaa6OBfrwVGxM1FfJC9EmwhiuwdCHAgEB&r=1&s=e25cfe0d743dcbde31f9a7a8d9e462200dbf2d1ba831d460ac5c47a4af5b6dfc1675622743&w=t
IP
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zCyHmEINDBo0ZY1rUCDNDTAsaZMKEaUHSjJkWMSKakWEDR44xZmaQEfFwjpg0ZBTq2CJCBowaNmTIiIHjBgwRXR6GqTMmY5kYN3IYvTGjRRkcYlbSsOG0BdgYMlrkIFMjxowaM8biGLNTKhk7C9vCYPoQTh0xFGXkuCEVDpyFNGQg7Qlnoo7EH3PAkPFwTJvDj3PUQJrDrpmFNmY8FOPGzcKGH5tWbOMGo44YOWLYgNGXtesYNGLwFVFHDpvTNI7CePuwjoyMaOjQgTNHx4sXZtK4ITMmTJs5LtiksVPmxY8yeOggdBOGzZcx2ses-QK0R4wvN5jMiHPmjJAsWWRwl2PHSpIcREyhBQ1YJDGGG1gsYYQYedThxhE2kCFDGHQUUcQUaNRQBxJsvKHEHHU0sdIYOJxhWBUwnJEDHXfYYEMTNMhxxRRYTNEGDEdUUYYYZRBRhRJJkEGEFGG8QcQaJDERQxVsMIEFHGXUQQQeQ1gBhxtX0PDFGVUkMWQVaXBRBwyT2WDQHHC8QQd7ZPQA2QySySAmmTRVd1kYaZzhBptuasYZTyKQ8UYbGdExRx7TpVGdeC6MMSigiy60RUNRiSDGZzrA4IJoIvCHGWzF1ZFGRmHlVkYNY8QgEgxlpEWDGDKQoRacMLQAw0xhiIHTZjeYkQOgaWAmQmwuSOZCYi7EUAMNgMrBnrDEGoussswWF0ZGTbyhRxpssBHGCzW4AAMIKFwhnaB3zAGCE1SAEIOmMOwAgrlu2ECDvHjYKy9_rx0lbgogHFGGem-8YNS7e-0FghFpyFGGGW_g8cK74T5VWVU6iODEE4C-4ewYGGvM8UNshFyEE4AeZMcXDv_2Wg033IDDDDWR-ZAcei6kWFMPqfyFGHIshAMOPZexchtv7KSDDDjYUBEZcrxx2kNvCEVDX1HjkQdiNz-MnHLMOfeCoYiSoSiFZTQ66AtpmCGHdWXMIcPEwZXBFasyuLTsRyltlpQYZJBhgxlkoPVRDC4k1wYbPwA6B38ZRU0HhR634GAadLTQkAvUoZVyyAd90flxD9FB6GtkIaXUDR-V3sZxqN-gugysx4WbXSzHDccXFFKUelK0ty6C0byzgZChksZVaa6OBfrwVGxM1FfJC9EmwhiuwdCHAgEB&r=1&s=e25cfe0d743dcbde31f9a7a8d9e462200dbf2d1ba831d460ac5c47a4af5b6dfc1675622743&w=t HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
kts.cvastico.com/in/kevents/?e_type=start&sid=46887&stype=slider&iab=IAB25&feed_id=0&uid=61a113beeb5c1307f0131429d929c04f&auction_id=15585651107539432845&score=19.853449&response=json&user_id=12887&rchange=0
200 OK 0 B URL HTTP/2 kts.cvastico.com/in/kevents/?e_type=start&sid=46887&stype=slider&iab=IAB25&feed_id=0&uid=61a113beeb5c1307f0131429d929c04f&auction_id=15585651107539432845&score=19.853449&response=json&user_id=12887&rchange=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/kevents/?e_type=start&sid=46887&stype=slider&iab=IAB25&feed_id=0&uid=61a113beeb5c1307f0131429d929c04f&auction_id=15585651107539432845&score=19.853449&response=json&user_id=12887&rchange=0 HTTP/1.1
Host: kts.cvastico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: text/xml
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
set-cookie: 1226.0=1; expires=Mon, 06 Feb 2023 18:45:43 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
js.canstrm.com/vast-vpaid-player/main.js
200 OK 54 kB URL HTTP/2 js.canstrm.com/vast-vpaid-player/main.js
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (63089)
Hash 1d3100daf4a025b1d4f9ca0caf776bd5
bfd45ea8f9321e4ba9f1ea0b799a5d9270b62a20
3530e6c2d168c9cbfe8dde312c30dad4b558112d5377b5de245c472cfd81bd8c
GET /vast-vpaid-player/main.js HTTP/1.1
Host: js.canstrm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 03 Feb 2023 07:14:32 GMT
etag: W/"63dcb458-2a475"
content-encoding: gzip
expires: Sun, 05 Feb 2023 18:50:43 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9024816d26900aedd21c416b9ca0a532
2d4b1826d7315ef74ef5533edf1d2e621ed90692
5deb561a4a9c5da82da0d8974b2577332d21e03b67722112cb1c2522ab3780c4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DEB561A4A9C5DA82DA0D8974B2577332D21E03B67722112CB1C2522AB3780C4"
Last-Modified: Sat, 04 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4071
Expires: Sun, 05 Feb 2023 19:53:34 GMT
Date: Sun, 05 Feb 2023 18:45:43 GMT
Connection: keep-alive
0f6e7d3222.ba33938e50.com/in/multy
204 No Content 0 B URL HTTP/2 0f6e7d3222.ba33938e50.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 0f6e7d3222.ba33938e50.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://tsyndicate.com/
Origin: https://tsyndicate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sun, 05 Feb 2023 18:45:43 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1a6be80975976fb330ff930d5c15ca8b
813e7cd6a5ab7f5f9bd3db940aebf6b9c28ee105
ede8dc96587825438b7aebf0e41ca71fe43b2221fcf9e20e49e8bc9e93c22230
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EDE8DC96587825438B7AEBF0E41CA71FE43B2221FCF9E20E49E8BC9E93C22230"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12116
Expires: Sun, 05 Feb 2023 22:07:40 GMT
Date: Sun, 05 Feb 2023 18:45:44 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash f7da5f2db48a19416737438d2400ddad
82bb3b461c67fda4b284c83af9732d304a4a15b3
476428cfe6b7a9d34cf08c0d58e07da262e675c5019a4a5311c365b9db081efd
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 18:45:44 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 17:34:32 GMT
Expires: Fri, 10 Feb 2023 17:34:31 GMT
Etag: "82bb3b461c67fda4b284c83af9732d304a4a15b3"
Cache-Control: max-age=427126,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794dce0418bcb500-OSL
564cc73ffe.ed9b93b5ee.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImIiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI2NTIzNjg1NzkiLCJyZWZyZXNoIjoxLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjo0Njg4OCwibXVsdGlwbGUiOmZhbHNlLCJpc19pZnJhbWUiOnRydWUsInJlZmRvbWFpbiI6ImphdmZyZWUuc2giLCJwbCI6MjY5LCJzdHJhdGFnZW0iOiJubGFiZWwtYSIsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1OCwiYnR5cGUiOjAsInYyIjowLCJyY2hhbmdlIjpmYWxzZX0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjQ2ODg4IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2phdmZyZWUuc2gvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NzU2MjI3ODUxMTh9fQ==
200 OK 984 B URL HTTP/2 564cc73ffe.ed9b93b5ee.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImIiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI2NTIzNjg1NzkiLCJyZWZyZXNoIjoxLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjo0Njg4OCwibXVsdGlwbGUiOmZhbHNlLCJpc19pZnJhbWUiOnRydWUsInJlZmRvbWFpbiI6ImphdmZyZWUuc2giLCJwbCI6MjY5LCJzdHJhdGFnZW0iOiJubGFiZWwtYSIsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1OCwiYnR5cGUiOjAsInYyIjowLCJyY2hhbmdlIjpmYWxzZX0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjQ2ODg4IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2phdmZyZWUuc2gvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NzU2MjI3ODUxMTh9fQ==
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1339)
Hash 413c1ad1f50caa01f85397cdc4b0c367
5feba9f0f4eb4f48ea7137e0a8bc48ccf087b42a
f7520db4dbab41aa9c2af5a5038041aeff4c048a0b5f266c0150a044d9eb070e
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImIiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI2NTIzNjg1NzkiLCJyZWZyZXNoIjoxLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjo0Njg4OCwibXVsdGlwbGUiOmZhbHNlLCJpc19pZnJhbWUiOnRydWUsInJlZmRvbWFpbiI6ImphdmZyZWUuc2giLCJwbCI6MjY5LCJzdHJhdGFnZW0iOiJubGFiZWwtYSIsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1OCwiYnR5cGUiOjAsInYyIjowLCJyY2hhbmdlIjpmYWxzZX0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjQ2ODg4IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL2phdmZyZWUuc2gvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NzU2MjI3ODUxMTh9fQ== HTTP/1.1
Host: 564cc73ffe.ed9b93b5ee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sun, 05 Feb 2023 18:45:44 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 269deacb0c8fc168d6089a8acf2550fd
45b40fbd74d504a24643ef5521d03dd1d532063f
8c5ef23b2b7d9c27c1c8dc1739254c94919495db4afadda21f88a0e36807f7e3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C5EF23B2B7D9C27C1C8DC1739254C94919495DB4AFADDA21F88A0E36807F7E3"
Last-Modified: Fri, 03 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9337
Expires: Sun, 05 Feb 2023 21:21:21 GMT
Date: Sun, 05 Feb 2023 18:45:44 GMT
Connection: keep-alive
vlcdn.tsyndicate.com/videos/3/d/aa89f4421161528cab9d351c8495ea0fd3c783/640x360.mp4
206 Partial Content 82 kB URL HTTP/2 vlcdn.tsyndicate.com/videos/3/d/aa89f4421161528cab9d351c8495ea0fd3c783/640x360.mp4
IP
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 984aa23652f0c4b20c72a384841bbe7b
f15077790ecaef9dc6e011ec38057a79b0e08b35
b538dff2ed490f437a2b54bb834d9e926d75547ed9a5d2b92c8f56c09979dc6d
GET /videos/3/d/aa89f4421161528cab9d351c8495ea0fd3c783/640x360.mp4 HTTP/1.1
Host: vlcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 206 Partial Content
date: Sun, 05 Feb 2023 18:45:44 GMT
content-type: video/mp4
content-length: 776866
etag: "6059f1cd-bdaa2"
last-modified: Tue, 23 Mar 2021 13:49:01 GMT
server: nginx
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-methods: HEAD,GET,OPTIONS
access-control-expose-headers: Server,Range,Content-Length,Content-Range
access-control-allow-headers: *
access-control-max-age: 31536000
access-control-allow-credentials: true
age: 7103941
content-range: bytes 0-776865/776866
X-Firefox-Spdy: h2
btds.zog.link/in/va?spot_id=46888&view=1&tag_ab=b
200 OK 2 B URL HTTP/2 btds.zog.link/in/va?spot_id=46888&view=1&tag_ab=b
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /in/va?spot_id=46888&view=1&tag_ab=b HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tsyndicate.com
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 05 Feb 2023 18:45:44 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: 1840.0=1; expires=Mon, 06 Feb 2023 18:45:44 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=652368579&categories=,
200 OK 6.5 kB URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=652368579&categories=,
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4653)
Hash 455d413021b7a2411562ce1375147709
db3a16f13a5fc2d3721ac3689d348fc4510a439a
a6503aaf665cee4d569b170045de56ad0315ab8d38ae4c997c44ec07d4e5d382
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=652368579&categories=, HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://564cc73ffe.ed9b93b5ee.com/
Connection: keep-alive
Cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:44 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/images/f/e/dde9ebe8976ed821840bcec39453a32d3a4ed2.gif>; rel=preload; as=image
x-request-id: 22c7c6934dfcf95d
set-cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9; expires=Sat, 05 Aug 2023 18:45:44 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMmjYiBEDRxcWIsYU3BLjoYgyE2PYuFHjBowcMWjQ6NJH; expires=Mon, 06 Feb 2023 18:45:44 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/f/e/dde9ebe8976ed821840bcec39453a32d3a4ed2.gif
200 OK 17 kB URL HTTP/2 lcdn.tsyndicate.com/images/f/e/dde9ebe8976ed821840bcec39453a32d3a4ed2.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Hash 85998a5afb5ba803134dc3f5b7c3e697
e034c7e0345ed9fe671c2c58bfbdd5401dc738e6
19d798fe018663368be7cc2541b04cfc23ea3c41a45fc323e392d293ffb223c3
GET /images/f/e/dde9ebe8976ed821840bcec39453a32d3a4ed2.gif HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9; bfq=APeIECNCx5YZMmjYiBEDRxcWIsYU3BLjoYgyE2PYuFHjBowcMWjQ6NJH
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:44 GMT
content-type: image/gif
content-length: 17294
etag: "63da1c24-438e"
last-modified: Wed, 01 Feb 2023 08:00:36 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 384144
accept-ranges: bytes
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0WUoXFjzJgaOGS0mGFmRo0WNMbIoNECR40bIsPcyIHDDAwZNm3UyCHi4Rwxacgo1LFFhE4ZM2y4nCmiy8MwdcZkFGOyTA4bM3C0EFOjRhiUMMqUaXmjxpgWY8TkiOESxg0bcM30hEjGDkUbNGTAeAinjhiKMnLceAoHDsUYOXLM8AlnIsO3MWbAfDimjWEdNWLQ2LyYrlwdFcW4cbNwxkobMdg-bOMGI0MYNG3wZe1ac2ocD-vIYVO6BgwamveKqCMjIxo6dODM0fHihRw4ZMTIWYPHxZg3bV5UaVPmDRQ3Sd4csSIjzJ02TqroYdIEihEseGiYKYJDDhU8S8bQICIjyZk4dhSRRhxxwBEDHXf08EIabhyERwwuwIEGHD-4UQYePcTARR0w3GRDHXS08QV3ZKRRRxs9ZLYZDTO4YBoNqLG1YYcy2ECHHGGYYUYaY3wxxxu6jVFGD3KQceMaM3oIooh0lDEHHUFliBcON8CQZI1LfmGQdG-sgVAPVOCoI49T0BFGQl_IcOWHIWpJhhlvyNFGGHT0MEOHeMjg25pZ_hjkkKklNsOaerxhoZ2QSaYmhx6OwQaPa0RZhBxEXFFHDnFEMccSa7RQxBd2vBUHQjicIcUcOwmRxxBrtHHHEVS0QcQTbJCBxhMhwoFDFpEKcYYaaAyhhhhrzIfFGWK0oIQWUsDYhhox1MUEDWvQgIUebMQgxA12SDEDHWRI0RKIaQwxQxl5tMHEGnLoZAcMb5BRBA1zPBHGF2dUkQQRUlSRxlxkYJdRDXh5dANJZpThQhlk5KDWDFyJZZ3AlNG50BYNOSUCHHJIhdlYMMgmghifweBChzVQBoeIHHtscoc0wJCyCHLYcRliD5UxxsoLvSxzbnX8q8PIYQBXhlkxtOBbGSLRIIYMZLSgWA4wtACDGeWJMYYZXd1gBk8PpXGZCGu5QLULebkQQw00zCXHF2JnVPbZaa_ddm5hZNTEG3qkwQYbYbxQw8kgoHAFgwHfMQcITlABQgwv7wDC4W7gJTkeloNQM2gyn5wCCEfovMYbL-gFOQyQxwCCEWnIUQaceLwA-eAwzOVRRk48MVecX9w-dO5zseGxCEU4AXAZdnzhOm-gvXQDDknh0OFDcpxBmg56UvnQQclLtxAOuInA_YjxLiQDDqhtL8cbpT30xlA08LU-HnksFD_NrxuHnHLMCV7wGAfTkcIY5jDFRExh18nOXOZQs4ysz0x0iFML6uCGNNChBTa4gQvIMIYYFGd7wzvIFzjowbmE6C5lsYEMZHCDzTwkRMUBTQYJtsIWwohgTyGD8pwEBy05JgYzVCELXQgRMThGfK-DChsmwhfh9YwyroFBHxQQEA%3D%3D&s=99fe9de96bc7488bebbbfe83817e72e697af75d9ca8bd8808abb8b01ec67014f1675622744&w=t&r=1&d=3&priv=false
200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0WUoXFjzJgaOGS0mGFmRo0WNMbIoNECR40bIsPcyIHDDAwZNm3UyCHi4Rwxacgo1LFFhE4ZM2y4nCmiy8MwdcZkFGOyTA4bM3C0EFOjRhiUMMqUaXmjxpgWY8TkiOESxg0bcM30hEjGDkUbNGTAeAinjhiKMnLceAoHDsUYOXLM8AlnIsO3MWbAfDimjWEdNWLQ2LyYrlwdFcW4cbNwxkobMdg-bOMGI0MYNG3wZe1ac2ocD-vIYVO6BgwamveKqCMjIxo6dODM0fHihRw4ZMTIWYPHxZg3bV5UaVPmDRQ3Sd4csSIjzJ02TqroYdIEihEseGiYKYJDDhU8S8bQICIjyZk4dhSRRhxxwBEDHXf08EIabhyERwwuwIEGHD-4UQYePcTARR0w3GRDHXS08QV3ZKRRRxs9ZLYZDTO4YBoNqLG1YYcy2ECHHGGYYUYaY3wxxxu6jVFGD3KQceMaM3oIooh0lDEHHUFliBcON8CQZI1LfmGQdG-sgVAPVOCoI49T0BFGQl_IcOWHIWpJhhlvyNFGGHT0MEOHeMjg25pZ_hjkkKklNsOaerxhoZ2QSaYmhx6OwQaPa0RZhBxEXFFHDnFEMccSa7RQxBd2vBUHQjicIcUcOwmRxxBrtHHHEVS0QcQTbJCBxhMhwoFDFpEKcYYaaAyhhhhrzIfFGWK0oIQWUsDYhhox1MUEDWvQgIUebMQgxA12SDEDHWRI0RKIaQwxQxl5tMHEGnLoZAcMb5BRBA1zPBHGF2dUkQQRUlSRxlxkYJdRDXh5dANJZpThQhlk5KDWDFyJZZ3AlNG50BYNOSUCHHJIhdlYMMgmghifweBChzVQBoeIHHtscoc0wJCyCHLYcRliD5UxxsoLvSxzbnX8q8PIYQBXhlkxtOBbGSLRIIYMZLSgWA4wtACDGeWJMYYZXd1gBk8PpXGZCGu5QLULebkQQw00zCXHF2JnVPbZaa_ddm5hZNTEG3qkwQYbYbxQw8kgoHAFgwHfMQcITlABQgwv7wDC4W7gJTkeloNQM2gyn5wCCEfovMYbL-gFOQyQxwCCEWnIUQaceLwA-eAwzOVRRk48MVecX9w-dO5zseGxCEU4AXAZdnzhOm-gvXQDDknh0OFDcpxBmg56UvnQQclLtxAOuInA_YjxLiQDDqhtL8cbpT30xlA08LU-HnksFD_NrxuHnHLMCV7wGAfTkcIY5jDFRExh18nOXOZQs4ysz0x0iFML6uCGNNChBTa4gQvIMIYYFGd7wzvIFzjowbmE6C5lsYEMZHCDzTwkRMUBTQYJtsIWwohgTyGD8pwEBy05JgYzVCELXQgRMThGfK-DChsmwhfh9YwyroFBHxQQEA%3D%3D&s=99fe9de96bc7488bebbbfe83817e72e697af75d9ca8bd8808abb8b01ec67014f1675622744&w=t&r=1&d=3&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0WUoXFjzJgaOGS0mGFmRo0WNMbIoNECR40bIsPcyIHDDAwZNm3UyCHi4Rwxacgo1LFFhE4ZM2y4nCmiy8MwdcZkFGOyTA4bM3C0EFOjRhiUMMqUaXmjxpgWY8TkiOESxg0bcM30hEjGDkUbNGTAeAinjhiKMnLceAoHDsUYOXLM8AlnIsO3MWbAfDimjWEdNWLQ2LyYrlwdFcW4cbNwxkobMdg-bOMGI0MYNG3wZe1ac2ocD-vIYVO6BgwamveKqCMjIxo6dODM0fHihRw4ZMTIWYPHxZg3bV5UaVPmDRQ3Sd4csSIjzJ02TqroYdIEihEseGiYKYJDDhU8S8bQICIjyZk4dhSRRhxxwBEDHXf08EIabhyERwwuwIEGHD-4UQYePcTARR0w3GRDHXS08QV3ZKRRRxs9ZLYZDTO4YBoNqLG1YYcy2ECHHGGYYUYaY3wxxxu6jVFGD3KQceMaM3oIooh0lDEHHUFliBcON8CQZI1LfmGQdG-sgVAPVOCoI49T0BFGQl_IcOWHIWpJhhlvyNFGGHT0MEOHeMjg25pZ_hjkkKklNsOaerxhoZ2QSaYmhx6OwQaPa0RZhBxEXFFHDnFEMccSa7RQxBd2vBUHQjicIcUcOwmRxxBrtHHHEVS0QcQTbJCBxhMhwoFDFpEKcYYaaAyhhhhrzIfFGWK0oIQWUsDYhhox1MUEDWvQgIUebMQgxA12SDEDHWRI0RKIaQwxQxl5tMHEGnLoZAcMb5BRBA1zPBHGF2dUkQQRUlSRxlxkYJdRDXh5dANJZpThQhlk5KDWDFyJZZ3AlNG50BYNOSUCHHJIhdlYMMgmghifweBChzVQBoeIHHtscoc0wJCyCHLYcRliD5UxxsoLvSxzbnX8q8PIYQBXhlkxtOBbGSLRIIYMZLSgWA4wtACDGeWJMYYZXd1gBk8PpXGZCGu5QLULebkQQw00zCXHF2JnVPbZaa_ddm5hZNTEG3qkwQYbYbxQw8kgoHAFgwHfMQcITlABQgwv7wDC4W7gJTkeloNQM2gyn5wCCEfovMYbL-gFOQyQxwCCEWnIUQaceLwA-eAwzOVRRk48MVecX9w-dO5zseGxCEU4AXAZdnzhOm-gvXQDDknh0OFDcpxBmg56UvnQQclLtxAOuInA_YjxLiQDDqhtL8cbpT30xlA08LU-HnksFD_NrxuHnHLMCV7wGAfTkcIY5jDFRExh18nOXOZQs4ysz0x0iFML6uCGNNChBTa4gQvIMIYYFGd7wzvIFzjowbmE6C5lsYEMZHCDzTwkRMUBTQYJtsIWwohgTyGD8pwEBy05JgYzVCELXQgRMThGfK-DChsmwhfh9YwyroFBHxQQEA%3D%3D&s=99fe9de96bc7488bebbbfe83817e72e697af75d9ca8bd8808abb8b01ec67014f1675622744&w=t&r=1&d=3&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9; bfq=APeIECNCx5YZMmjYiBEDRxcWIsYU3BLjoYgyE2PYuFHjBowcMWjQ6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:44 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
0f6e7d3222.ba33938e50.com/in/multy
200 OK 17 kB URL HTTP/2 0f6e7d3222.ba33938e50.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (17266), with no line terminators
Hash 9c642e2e271232d071286ef04bc1b26e
b9f00d3f81555652f272e904de660bbe06e39210
27c4ad455e90aeb50819b067ed44c45c877a676c7390b239b5a0c61c63bd581f
POST /in/multy HTTP/1.1
Host: 0f6e7d3222.ba33938e50.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1211
Origin: https://tsyndicate.com
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 05 Feb 2023 18:45:44 GMT
content-type: application/json
content-length: 17276
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
0f6e7d3222.ba33938e50.com/in/show/?mid=1144354114247143611&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=46817327&sid=1218194459&cid=13433&price=0.0031&is_cpm=0&cpm=0&ecpm=0.0014443857214934408&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=8.24.1&ver_c=&refdom=tsyndicate.com&hostname=auc-inpage-hz-4-c&site_id=3118775&spot_id=18775&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-05&is_native=2&auction_queue=0&burl=RC_iu-v4oPwingoer-1TA_y5GIKEebO4QzHxl5pDGjN0AFIj7z0bJA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5318775&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.00011062949394550959&placement_type_id=&skin_test=0&verify_hash=a7b094bc67dc6bb95ac4bec9e5e0ee20&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D46817327%26spot_id%3D18775%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftsyndicate.com%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0031&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=AnoQcVsqf27Iv66UH0jiaFbYpt1KigaUC1eORTlwP1qSYk-_9UDB8o4bsBB6hgtqzfwYrIyvYyXe1DUbuIU5PqYtUtR84pZRdOZX_aTah1p-nwlWJGfEQ4XG6QYt8j9sCxwnB89I6nS2g6E8DRhzsJVoQkDnqoueHTRe4vOZmKMNGizU2g&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&skin_id=8&vertical_id=0&real_bid=0.0027264499999999996&pr=javfree.sh&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=&label_ids=4,83,89,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=00a46d7c-66e8-4a33-a496-ec6e7b9f1a93&mlc=1&format=androidWhatsAppCompact-slide-t_r-embed
200 OK 0 B URL HTTP/2 0f6e7d3222.ba33938e50.com/in/show/?mid=1144354114247143611&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=46817327&sid=1218194459&cid=13433&price=0.0031&is_cpm=0&cpm=0&ecpm=0.0014443857214934408&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=8.24.1&ver_c=&refdom=tsyndicate.com&hostname=auc-inpage-hz-4-c&site_id=3118775&spot_id=18775&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-05&is_native=2&auction_queue=0&burl=RC_iu-v4oPwingoer-1TA_y5GIKEebO4QzHxl5pDGjN0AFIj7z0bJA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5318775&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.00011062949394550959&placement_type_id=&skin_test=0&verify_hash=a7b094bc67dc6bb95ac4bec9e5e0ee20&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D46817327%26spot_id%3D18775%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftsyndicate.com%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0031&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=AnoQcVsqf27Iv66UH0jiaFbYpt1KigaUC1eORTlwP1qSYk-_9UDB8o4bsBB6hgtqzfwYrIyvYyXe1DUbuIU5PqYtUtR84pZRdOZX_aTah1p-nwlWJGfEQ4XG6QYt8j9sCxwnB89I6nS2g6E8DRhzsJVoQkDnqoueHTRe4vOZmKMNGizU2g&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&skin_id=8&vertical_id=0&real_bid=0.0027264499999999996&pr=javfree.sh&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=&label_ids=4,83,89,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=00a46d7c-66e8-4a33-a496-ec6e7b9f1a93&mlc=1&format=androidWhatsAppCompact-slide-t_r-embed
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=1144354114247143611&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=46817327&sid=1218194459&cid=13433&price=0.0031&is_cpm=0&cpm=0&ecpm=0.0014443857214934408&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=8.24.1&ver_c=&refdom=tsyndicate.com&hostname=auc-inpage-hz-4-c&site_id=3118775&spot_id=18775&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-05&is_native=2&auction_queue=0&burl=RC_iu-v4oPwingoer-1TA_y5GIKEebO4QzHxl5pDGjN0AFIj7z0bJA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5318775&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.00011062949394550959&placement_type_id=&skin_test=0&verify_hash=a7b094bc67dc6bb95ac4bec9e5e0ee20&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D46817327%26spot_id%3D18775%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftsyndicate.com%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0031&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=AnoQcVsqf27Iv66UH0jiaFbYpt1KigaUC1eORTlwP1qSYk-_9UDB8o4bsBB6hgtqzfwYrIyvYyXe1DUbuIU5PqYtUtR84pZRdOZX_aTah1p-nwlWJGfEQ4XG6QYt8j9sCxwnB89I6nS2g6E8DRhzsJVoQkDnqoueHTRe4vOZmKMNGizU2g&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&skin_id=8&vertical_id=0&real_bid=0.0027264499999999996&pr=javfree.sh&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=&label_ids=4,83,89,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=00a46d7c-66e8-4a33-a496-ec6e7b9f1a93&mlc=1&format=androidWhatsAppCompact-slide-t_r-embed HTTP/1.1
Host: 0f6e7d3222.ba33938e50.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 05 Feb 2023 18:45:44 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
0f6e7d3222.ba33938e50.com/in/show/?mid=1144354114247143611&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=46817327&sid=1218194459&cid=12613&price=0.0008&is_cpm=0&cpm=0&ecpm=4.537567897705122e-05&crid=&crtid=f94a96bc24a73c11d911954ddbd56be1&tcid=0&out_id=0&ver=8.24.1&ver_c=&refdom=tsyndicate.com&hostname=auc-inpage-hz-4-c&site_id=3118775&spot_id=18775&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675881943&created_at=2023-02-05&is_native=1&auction_queue=0&burl=mTiE4Jv9H_53VwBIKKSY_7B-RoOrJYdLD0yqMtsTHpllbY8ley_xYg&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3118775&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=0b064d66fc60c77193efc78cec37cf6ff2d8b7d9f437515cdfda47f871a66c9c&exp=1440&resp_type=&iabcat=IAB25-3&min_cpm=2.1709212256672818e-05&placement_type_id=&skin_test=0&verify_hash=000520efb2499a365982b3173a6f25c8&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D46817327%26spot_id%3D18775%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftsyndicate.com%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0008&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=jQMmPgUgAl0d9ry_mmvArFRE25b0czs6EvVFaZloqlsHS0-YBG2HXDvudDcvYrO9y1Ae588xuD-gURTRAim4jQpIGuNn3MMQr8fq3Ofulh7wEs7VxsnKYiTqlBJRkO9rd7X1gsVixYN8K4IXWS-ljyiramYhOQzvkJxJplBKC7jm3Y-AEMP7Lph9HJzM7OFAvbOcsxORzvXD5-ryTN6L4kfzeUEIUUlhF8Ic6vgIS1xHlEBUC_RO2bE9cm2_n5rHFp2J33zGVsayN7n8sQ9K1ICzyZTuCO-V4DbcSgjCir03RwHLOr0BRKnwvbN_Fcv5Tic&image_url=&skin_id=8&vertical_id=5&real_bid=0.00043648&pr=javfree.sh&user_keywords=&auc_type=1&aid=172&ext_cid=8224&device_theme=light&keywords=&label_ids=101,106,4,5,83&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=5d55ead0-8f48-41ff-b7a2-4a592c00a50a&format=androidWhatsAppCompact-slide-t_r-embed
200 OK 0 B URL HTTP/2 0f6e7d3222.ba33938e50.com/in/show/?mid=1144354114247143611&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=46817327&sid=1218194459&cid=12613&price=0.0008&is_cpm=0&cpm=0&ecpm=4.537567897705122e-05&crid=&crtid=f94a96bc24a73c11d911954ddbd56be1&tcid=0&out_id=0&ver=8.24.1&ver_c=&refdom=tsyndicate.com&hostname=auc-inpage-hz-4-c&site_id=3118775&spot_id=18775&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675881943&created_at=2023-02-05&is_native=1&auction_queue=0&burl=mTiE4Jv9H_53VwBIKKSY_7B-RoOrJYdLD0yqMtsTHpllbY8ley_xYg&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3118775&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=0b064d66fc60c77193efc78cec37cf6ff2d8b7d9f437515cdfda47f871a66c9c&exp=1440&resp_type=&iabcat=IAB25-3&min_cpm=2.1709212256672818e-05&placement_type_id=&skin_test=0&verify_hash=000520efb2499a365982b3173a6f25c8&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D46817327%26spot_id%3D18775%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftsyndicate.com%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0008&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=jQMmPgUgAl0d9ry_mmvArFRE25b0czs6EvVFaZloqlsHS0-YBG2HXDvudDcvYrO9y1Ae588xuD-gURTRAim4jQpIGuNn3MMQr8fq3Ofulh7wEs7VxsnKYiTqlBJRkO9rd7X1gsVixYN8K4IXWS-ljyiramYhOQzvkJxJplBKC7jm3Y-AEMP7Lph9HJzM7OFAvbOcsxORzvXD5-ryTN6L4kfzeUEIUUlhF8Ic6vgIS1xHlEBUC_RO2bE9cm2_n5rHFp2J33zGVsayN7n8sQ9K1ICzyZTuCO-V4DbcSgjCir03RwHLOr0BRKnwvbN_Fcv5Tic&image_url=&skin_id=8&vertical_id=5&real_bid=0.00043648&pr=javfree.sh&user_keywords=&auc_type=1&aid=172&ext_cid=8224&device_theme=light&keywords=&label_ids=101,106,4,5,83&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=5d55ead0-8f48-41ff-b7a2-4a592c00a50a&format=androidWhatsAppCompact-slide-t_r-embed
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=1144354114247143611&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=46817327&sid=1218194459&cid=12613&price=0.0008&is_cpm=0&cpm=0&ecpm=4.537567897705122e-05&crid=&crtid=f94a96bc24a73c11d911954ddbd56be1&tcid=0&out_id=0&ver=8.24.1&ver_c=&refdom=tsyndicate.com&hostname=auc-inpage-hz-4-c&site_id=3118775&spot_id=18775&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675881943&created_at=2023-02-05&is_native=1&auction_queue=0&burl=mTiE4Jv9H_53VwBIKKSY_7B-RoOrJYdLD0yqMtsTHpllbY8ley_xYg&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3118775&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=0b064d66fc60c77193efc78cec37cf6ff2d8b7d9f437515cdfda47f871a66c9c&exp=1440&resp_type=&iabcat=IAB25-3&min_cpm=2.1709212256672818e-05&placement_type_id=&skin_test=0&verify_hash=000520efb2499a365982b3173a6f25c8&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D46817327%26spot_id%3D18775%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ftsyndicate.com%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0008&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=jQMmPgUgAl0d9ry_mmvArFRE25b0czs6EvVFaZloqlsHS0-YBG2HXDvudDcvYrO9y1Ae588xuD-gURTRAim4jQpIGuNn3MMQr8fq3Ofulh7wEs7VxsnKYiTqlBJRkO9rd7X1gsVixYN8K4IXWS-ljyiramYhOQzvkJxJplBKC7jm3Y-AEMP7Lph9HJzM7OFAvbOcsxORzvXD5-ryTN6L4kfzeUEIUUlhF8Ic6vgIS1xHlEBUC_RO2bE9cm2_n5rHFp2J33zGVsayN7n8sQ9K1ICzyZTuCO-V4DbcSgjCir03RwHLOr0BRKnwvbN_Fcv5Tic&image_url=&skin_id=8&vertical_id=5&real_bid=0.00043648&pr=javfree.sh&user_keywords=&auc_type=1&aid=172&ext_cid=8224&device_theme=light&keywords=&label_ids=101,106,4,5,83&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=5d55ead0-8f48-41ff-b7a2-4a592c00a50a&format=androidWhatsAppCompact-slide-t_r-embed HTTP/1.1
Host: 0f6e7d3222.ba33938e50.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 05 Feb 2023 18:45:44 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
js.wpushsdk.com/npc/sdk/wpu/npush.m.js
200 OK 84 kB URL HTTP/2 js.wpushsdk.com/npc/sdk/wpu/npush.m.js
IP
ASN #39572 DataWeb Global Group B.V.
Hash 135e0c3538ae01cb54e5972e6c52289f
f60ef0c7d3e7146755924cc1a9be51978c18eb83
b7b630f2230d84bdcea830d6874c41dbe7003a5a96df125df6be8cf657a03446
GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.wpushsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 03 Feb 2023 12:56:56 GMT
etag: W/"63dd0498-4fa40"
content-encoding: gzip
expires: Sun, 05 Feb 2023 18:50:43 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
200 OK 790 B URL HTTP/2 static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
IP
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65156a660e465299370ebd90d84aa461
12ff60b17f579a77e42a8be7b6b1892fc71be33d
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 Feb 2023 18:45:45 GMT
content-type: image/webp
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 938022c4439cee86847f5654ba00358c
b13bd82c7ba2a1291198016d13c1d730aa4cbaf8
ca52491d418d04f72c2150f5fca8a519f899117befe3382d1541274d57e10b5f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA52491D418D04F72C2150F5FCA8A519F899117BEFE3382D1541274D57E10B5F"
Last-Modified: Fri, 03 Feb 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19402
Expires: Mon, 06 Feb 2023 00:09:07 GMT
Date: Sun, 05 Feb 2023 18:45:45 GMT
Connection: keep-alive
img.cdn.house/i/1/8bJWbY76y_sUR9XxTodbbfB3w5gLZOiQNEM3tE7XGZ1qwNNWhAZraEnQbjq64GSUE6_jxAKrcADUwlyzuwNERW99Mv0IqN8AB2zFoqI7rMx3mr0xWY4CRTZg6z_8xiPFkLL54UypO741ZrU1iGG-vaty57qu2hdzwwzOeTSrHwUjhPI=?cpa=cb40e450-d9d5-44fe-90a9-b8af1407bb4d&format=androidWhatsAppCompact-slide-t_r-embed
200 OK 3.1 kB URL HTTP/2 img.cdn.house/i/1/8bJWbY76y_sUR9XxTodbbfB3w5gLZOiQNEM3tE7XGZ1qwNNWhAZraEnQbjq64GSUE6_jxAKrcADUwlyzuwNERW99Mv0IqN8AB2zFoqI7rMx3mr0xWY4CRTZg6z_8xiPFkLL54UypO741ZrU1iGG-vaty57qu2hdzwwzOeTSrHwUjhPI=?cpa=cb40e450-d9d5-44fe-90a9-b8af1407bb4d&format=androidWhatsAppCompact-slide-t_r-embed
IP
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6c4e96dfd8513607c6deeb3b743592f8
81361195e398cdb09619f05e4552782442623fbf
8887be4aa7cb3a603553c425688c989eadc63fa14a2edd6f43a24c58d59bfb6d
GET /i/1/8bJWbY76y_sUR9XxTodbbfB3w5gLZOiQNEM3tE7XGZ1qwNNWhAZraEnQbjq64GSUE6_jxAKrcADUwlyzuwNERW99Mv0IqN8AB2zFoqI7rMx3mr0xWY4CRTZg6z_8xiPFkLL54UypO741ZrU1iGG-vaty57qu2hdzwwzOeTSrHwUjhPI=?cpa=cb40e450-d9d5-44fe-90a9-b8af1407bb4d&format=androidWhatsAppCompact-slide-t_r-embed HTTP/1.1
Host: img.cdn.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:45 GMT
content-type: image/webp
content-length: 3118
last-modified: Sun, 04 Dec 2022 00:41:03 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
accept-ranges: bytes
X-Firefox-Spdy: h2
564cc73ffe.ed9b93b5ee.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImIiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTY5NSwic3BhY2VpZCI6MTY5NSwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxNTgxNDU1NTM3IiwicmVmcmVzaCI6MSwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6NDg1MzAsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjp0cnVlLCJyZWZkb21haW4iOiJqYXZmcmVlLnNoIiwicGwiOjAsInN0cmF0YWdlbSI6Im5sYWJlbC1iIiwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozOTcyLCJidHlwZSI6MCwidjIiOjAsInJjaGFuZ2UiOmZhbHNlfSwiYmFubmVyIjp7InciOjEsImgiOjF9fV0sInNpdGUiOnsiaWQiOiI0ODUzMCIsImNhdCI6WyJJQUIyNSJdLCJwYWdlIjoiaHR0cHM6Ly9qYXZmcmVlLnNoLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiIsImZwIjpudWxsfSwiZXh0Ijp7ImR0IjoxNjc1NjIyNzg3NzMyfX0=
302 Found 0 B URL HTTP/2 564cc73ffe.ed9b93b5ee.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImIiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTY5NSwic3BhY2VpZCI6MTY5NSwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxNTgxNDU1NTM3IiwicmVmcmVzaCI6MSwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6NDg1MzAsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjp0cnVlLCJyZWZkb21haW4iOiJqYXZmcmVlLnNoIiwicGwiOjAsInN0cmF0YWdlbSI6Im5sYWJlbC1iIiwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozOTcyLCJidHlwZSI6MCwidjIiOjAsInJjaGFuZ2UiOmZhbHNlfSwiYmFubmVyIjp7InciOjEsImgiOjF9fV0sInNpdGUiOnsiaWQiOiI0ODUzMCIsImNhdCI6WyJJQUIyNSJdLCJwYWdlIjoiaHR0cHM6Ly9qYXZmcmVlLnNoLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiIsImZwIjpudWxsfSwiZXh0Ijp7ImR0IjoxNjc1NjIyNzg3NzMyfX0=
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImIiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTY5NSwic3BhY2VpZCI6MTY5NSwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxNTgxNDU1NTM3IiwicmVmcmVzaCI6MSwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6NDg1MzAsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjp0cnVlLCJyZWZkb21haW4iOiJqYXZmcmVlLnNoIiwicGwiOjAsInN0cmF0YWdlbSI6Im5sYWJlbC1iIiwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozOTcyLCJidHlwZSI6MCwidjIiOjAsInJjaGFuZ2UiOmZhbHNlfSwiYmFubmVyIjp7InciOjEsImgiOjF9fV0sInNpdGUiOnsiaWQiOiI0ODUzMCIsImNhdCI6WyJJQUIyNSJdLCJwYWdlIjoiaHR0cHM6Ly9qYXZmcmVlLnNoLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiIsImZwIjpudWxsfSwiZXh0Ijp7ImR0IjoxNjc1NjIyNzg3NzMyfX0= HTTP/1.1
Host: 564cc73ffe.ed9b93b5ee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sun, 05 Feb 2023 18:45:46 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://rtbrennab.com/banner/in/show/?mid=6948400262173872593&pid=0&site=48530&sc=NO&usage_type=DCH&subid=1581455537&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=javfree.sh&hostname=auc-banner-hz-5&site_id=0&spot_id=48530&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=22.29509799542147&ml=&tag_ab=b&v2=0&ttl=&space_id=1695&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D48530%26source%3D1581455537%26idzone%3D0%26w%3D1%26h%3D1%26mo%3D%26ve%3D%26site_id%3D48530%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D48530%26p%3Dhttps%253A%252F%252Fjavfree.sh%252F%26katds_labels%3D%26btype%3D0%26score%3D22.29509799542147%26bf%3D0.0001&pr=javfree.sh&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-b&ssp=3972&refresh=1
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=6948400262173872593&pid=0&site=48530&sc=NO&usage_type=DCH&subid=1581455537&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=javfree.sh&hostname=auc-banner-hz-5&site_id=0&spot_id=48530&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=22.29509799542147&ml=&tag_ab=b&v2=0&ttl=&space_id=1695&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D48530%26source%3D1581455537%26idzone%3D0%26w%3D1%26h%3D1%26mo%3D%26ve%3D%26site_id%3D48530%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D48530%26p%3Dhttps%253A%252F%252Fjavfree.sh%252F%26katds_labels%3D%26btype%3D0%26score%3D22.29509799542147%26bf%3D0.0001&pr=javfree.sh&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-b&ssp=3972&refresh=1
302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=6948400262173872593&pid=0&site=48530&sc=NO&usage_type=DCH&subid=1581455537&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=javfree.sh&hostname=auc-banner-hz-5&site_id=0&spot_id=48530&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=22.29509799542147&ml=&tag_ab=b&v2=0&ttl=&space_id=1695&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D48530%26source%3D1581455537%26idzone%3D0%26w%3D1%26h%3D1%26mo%3D%26ve%3D%26site_id%3D48530%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D48530%26p%3Dhttps%253A%252F%252Fjavfree.sh%252F%26katds_labels%3D%26btype%3D0%26score%3D22.29509799542147%26bf%3D0.0001&pr=javfree.sh&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-b&ssp=3972&refresh=1
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=6948400262173872593&pid=0&site=48530&sc=NO&usage_type=DCH&subid=1581455537&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=javfree.sh&hostname=auc-banner-hz-5&site_id=0&spot_id=48530&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=22.29509799542147&ml=&tag_ab=b&v2=0&ttl=&space_id=1695&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D48530%26source%3D1581455537%26idzone%3D0%26w%3D1%26h%3D1%26mo%3D%26ve%3D%26site_id%3D48530%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D48530%26p%3Dhttps%253A%252F%252Fjavfree.sh%252F%26katds_labels%3D%26btype%3D0%26score%3D22.29509799542147%26bf%3D0.0001&pr=javfree.sh&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-b&ssp=3972&refresh=1 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sun, 05 Feb 2023 18:45:46 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=48530&source=1581455537&idzone=0&w=1&h=1&mo=&ve=&site_id=48530&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=48530&p=https%3A%2F%2Fjavfree.sh%2F&katds_labels=&btype=0&score=22.29509799542147&bf=0.0001
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=48530&source=1581455537&idzone=0&w=1&h=1&mo=&ve=&site_id=48530&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=48530&p=https%3A%2F%2Fjavfree.sh%2F&katds_labels=&btype=0&score=22.29509799542147&bf=0.0001
302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=48530&source=1581455537&idzone=0&w=1&h=1&mo=&ve=&site_id=48530&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=48530&p=https%3A%2F%2Fjavfree.sh%2F&katds_labels=&btype=0&score=22.29509799542147&bf=0.0001
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=48530&source=1581455537&idzone=0&w=1&h=1&mo=&ve=&site_id=48530&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=48530&p=https%3A%2F%2Fjavfree.sh%2F&katds_labels=&btype=0&score=22.29509799542147&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tsyndicate.com/
Connection: keep-alive
Cookie: 912.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Sun, 05 Feb 2023 18:45:46 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://cdn.1vag.com/1x1.png
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Mon, 06 Feb 2023 18:45:46 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5714dae27d6972774d3a73c8419365d9
3588cd04f19dfc75fdb4e91aa22ad5639e11fcfa
0312964ee2442aa66c2a8aaeaa0f3277ca9c30edf32dc7d0a2cf036938afb628
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0312964EE2442AA66C2A8AAEAA0F3277CA9C30EDF32DC7D0A2CF036938AFB628"
Last-Modified: Fri, 03 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18245
Expires: Sun, 05 Feb 2023 23:49:51 GMT
Date: Sun, 05 Feb 2023 18:45:46 GMT
Connection: keep-alive
cdn.1vag.com/1x1.png
200 OK 68 B IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /1x1.png HTTP/1.1
Host: cdn.1vag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:46 GMT
content-type: image/png
content-length: 68
server: nginx/1.20.1
last-modified: Wed, 15 Apr 2020 13:30:15 GMT
etag: "5e970c67-44"
cache-control: max-age=3600
x-request-id: e0cea73041c202c45e6ab3a8b14597f5
expires: Sun, 05 Feb 2023 19:45:46 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WvRGhO3COwBBWde7STgSc_pkZV6TyGNl0rg9239b84w9WYzVgOIzgA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:23:54 GMT
age: 73312
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tsyndicate.com/do2/99a9c0e4c51b49a6ab1ca34c242c5057/dynamic?format=jsonp&count=4&w=1280&h=1024&keywords=Watch,JAV,Free,HEYZO,Jav,Leak,Uncensored,japanese,porn,School,girls,exploitations,%E2%80%93,Tomoyo,Isumi,with,young,actresses,Tomoyo,Isumi,update,daily,JAVFree,Watch,JAV,HEYZO,Jav,Leak,Uncensored,japanese,porn,School,girls,exploitations,%E2%80%93,Tomoyo,Isumi,Free,Online,JAVFree,heyzo&adtype=label-under&tz=0&callback=callback_bfP5r
200 OK 0 B URL HTTP/2 tsyndicate.com/do2/99a9c0e4c51b49a6ab1ca34c242c5057/dynamic?format=jsonp&count=4&w=1280&h=1024&keywords=Watch,JAV,Free,HEYZO,Jav,Leak,Uncensored,japanese,porn,School,girls,exploitations,%E2%80%93,Tomoyo,Isumi,with,young,actresses,Tomoyo,Isumi,update,daily,JAVFree,Watch,JAV,HEYZO,Jav,Leak,Uncensored,japanese,porn,School,girls,exploitations,%E2%80%93,Tomoyo,Isumi,Free,Online,JAVFree,heyzo&adtype=label-under&tz=0&callback=callback_bfP5r
IP
ASN #24940 Hetzner Online GmbH
GET /do2/99a9c0e4c51b49a6ab1ca34c242c5057/dynamic?format=jsonp&count=4&w=1280&h=1024&keywords=Watch,JAV,Free,HEYZO,Jav,Leak,Uncensored,japanese,porn,School,girls,exploitations,%E2%80%93,Tomoyo,Isumi,with,young,actresses,Tomoyo,Isumi,update,daily,JAVFree,Watch,JAV,HEYZO,Jav,Leak,Uncensored,japanese,porn,School,girls,exploitations,%E2%80%93,Tomoyo,Isumi,Free,Online,JAVFree,heyzo&adtype=label-under&tz=0&callback=callback_bfP5r HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:41 GMT
content-type: application/javascript; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: f89c6955aab82778
set-cookie: ts_uid=ba41e5c1-50e2-4b2d-9390-0f2abcf557f9; expires=Sat, 05 Aug 2023 18:45:41 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
static.adxadserv.com/js/adb.js
200 OK 0 B URL HTTP/2 static.adxadserv.com/js/adb.js
IP
ASN #60068 Datacamp Limited
GET /js/adb.js HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: application/javascript
last-modified: Tue, 24 Mar 2020 11:15:59 GMT
etag: W/"5e79ebef-532"
x-accel-expires: @1676019704
server: CDN77-Turbo
x-77-nzt: AblMCRTGwiT/XsMJAA
x-77-nzt-ray: af58563036ad82bc56f9df639e972403
x-cache: HIT
x-age: 639838
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/88694096?wmode=7&page-url=https%3A%2F%2Fjavfree.sh%2F14978%2Fheyzo-0597.html&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0gggw3usgug1h33hqlj%3Afp%3A3269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1321072305164%3Ahid%3A607431500%3Az%3A0%3Ai%3A20230205184624%3Aet%3A1675622784%3Ac%3A1%3Arn%3A692599865%3Arqn%3A1%3Au%3A1675622784307682566%3Aw%3A1268x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C2674%2C1%2C260%2C0%2C%2C1377%2C88%2C%2C%2C%2C4361%3Aco%3A0%3Ans%3A1675622778836%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675622784%3At%3AWatch%20JAV%20HEYZO-0597%20Jav%20Leak%20Uncensored%20japanese%20porn%20A%20School%20girls%20exploitations%20%E2%80%93%20Tomoyo%20Isumi%20HD%20Free%20Online%20on%20JAVFree.SH&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/88694096?wmode=7&page-url=https%3A%2F%2Fjavfree.sh%2F14978%2Fheyzo-0597.html&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0gggw3usgug1h33hqlj%3Afp%3A3269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1321072305164%3Ahid%3A607431500%3Az%3A0%3Ai%3A20230205184624%3Aet%3A1675622784%3Ac%3A1%3Arn%3A692599865%3Arqn%3A1%3Au%3A1675622784307682566%3Aw%3A1268x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C2674%2C1%2C260%2C0%2C%2C1377%2C88%2C%2C%2C%2C4361%3Aco%3A0%3Ans%3A1675622778836%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675622784%3At%3AWatch%20JAV%20HEYZO-0597%20Jav%20Leak%20Uncensored%20japanese%20porn%20A%20School%20girls%20exploitations%20%E2%80%93%20Tomoyo%20Isumi%20HD%20Free%20Online%20on%20JAVFree.SH&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP
GET /watch/88694096?wmode=7&page-url=https%3A%2F%2Fjavfree.sh%2F14978%2Fheyzo-0597.html&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0gggw3usgug1h33hqlj%3Afp%3A3269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1321072305164%3Ahid%3A607431500%3Az%3A0%3Ai%3A20230205184624%3Aet%3A1675622784%3Ac%3A1%3Arn%3A692599865%3Arqn%3A1%3Au%3A1675622784307682566%3Aw%3A1268x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C2674%2C1%2C260%2C0%2C%2C1377%2C88%2C%2C%2C%2C4361%3Aco%3A0%3Ans%3A1675622778836%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675622784%3At%3AWatch%20JAV%20HEYZO-0597%20Jav%20Leak%20Uncensored%20japanese%20porn%20A%20School%20girls%20exploitations%20%E2%80%93%20Tomoyo%20Isumi%20HD%20Free%20Online%20on%20JAVFree.SH&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://javfree.sh
Connection: keep-alive
Referer: https://javfree.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/88694096/1?wmode=7&page-url=https%3A%2F%2Fjavfree.sh%2F14978%2Fheyzo-0597.html&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0gggw3usgug1h33hqlj%3Afp%3A3269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1321072305164%3Ahid%3A607431500%3Az%3A0%3Ai%3A20230205184624%3Aet%3A1675622784%3Ac%3A1%3Arn%3A692599865%3Arqn%3A1%3Au%3A1675622784307682566%3Aw%3A1268x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C2674%2C1%2C260%2C0%2C%2C1377%2C88%2C%2C%2C%2C4361%3Aco%3A0%3Ans%3A1675622778836%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675622784%3At%3AWatch%20JAV%20HEYZO-0597%20Jav%20Leak%20Uncensored%20japanese%20porn%20A%20School%20girls%20exploitations%20%E2%80%93%20Tomoyo%20Isumi%20HD%20Free%20Online%20on%20JAVFree.SH&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sun, 05 Feb 2023 18:45:42 GMT
access-control-allow-origin: https://javfree.sh
set-cookie: yabs-sid=1408868721675622742; Path=/; SameSite=None; Secure
i=BJvTuwRld4UTSPmCYjZWecwXf1AloB579EAQASjW2mvEsxsD5w9BoWbMYOm90iW1zS3J/KqWk+NwUPSpmyvwgUBIA4U=; Expires=Wed, 02-Feb-2033 18:45:41 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=9937451031675622742; Expires=Mon, 05-Feb-2024 18:45:42 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=9937451031675622742; Expires=Mon, 05-Feb-2024 18:45:42 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1707158742.yc.1675622742#1707158742.yrts.1675622742#1707158742.yrtsi.1675622742; Expires=Mon, 05-Feb-2024 18:45:42 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 05-Feb-2023 18:45:42 GMT
last-modified: Sun, 05-Feb-2023 18:45:42 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
js.natsdk.com/npc/sdk/native.m.js
200 OK 0 B URL HTTP/2 js.natsdk.com/npc/sdk/native.m.js
IP
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/native.m.js HTTP/1.1
Host: js.natsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 20 Dec 2022 14:01:44 GMT
etag: W/"63a1c048-b232"
content-encoding: gzip
expires: Sun, 05 Feb 2023 18:50:43 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26cv9%3D6284ab9861d6e2143673d195%26externalId%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
200 OK 0 B URL HTTP/2 static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26cv9%3D6284ab9861d6e2143673d195%26externalId%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
IP
ASN #60068 Datacamp Limited
GET /h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26cv9%3D6284ab9861d6e2143673d195%26externalId%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://r.trwl1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: text/html
last-modified: Tue, 07 May 2019 11:54:04 GMT
etag: W/"5cd171dc-11e4"
expires: Tue, 07 Mar 2023 18:45:43 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-accel-expires: @1678214743
server: CDN77-Turbo
x-77-nzt: AblMCRQIHaeh
x-77-nzt-ray: af58563045ba7cc957f9df63a4e0a002
x-cache: MISS
x-77-pop: stockholmSE
x-77-cache: MISS
content-encoding: gzip
X-Firefox-Spdy: h2
js.cabnnr.com/banner-admanager/build.m.js
200 OK 0 B URL HTTP/2 js.cabnnr.com/banner-admanager/build.m.js
IP
ASN #39572 DataWeb Global Group B.V.
GET /banner-admanager/build.m.js HTTP/1.1
Host: js.cabnnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 27 Jan 2023 07:04:13 GMT
etag: W/"63d3776d-d174"
content-encoding: gzip
expires: Sun, 05 Feb 2023 18:50:43 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-f96f"
content-encoding: gzip
expires: Sun, 05 Feb 2023 18:50:43 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
creative.xxxvjmp.com/widgets/v4/Universal/main.33831b792a3809ba493a.css
200 OK 0 B URL HTTP/2 creative.xxxvjmp.com/widgets/v4/Universal/main.33831b792a3809ba493a.css
IP
GET /widgets/v4/Universal/main.33831b792a3809ba493a.css HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/widgets/v4/Universal?tag=girls%2Fchinese&thumbsMargin=5&hideButton=1&hideTitle=1&userId=840d18c1b4b1b053aac0885c0f17e4305a4bc43c2d94ca9bb181121129281861&autoplay=all&autoplayForce=1&campaignI=iframe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:40 GMT
content-type: text/css
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-3403"
expires: Sun, 05 Feb 2023 18:45:41 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 3
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dcdf23b990b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/bb53cf84deb54d6084ae136b5ff91ccd.html?
200 OK 0 B URL HTTP/2 tsyndicate.com/iframes2/bb53cf84deb54d6084ae136b5ff91ccd.html?
IP
ASN #24940 Hetzner Online GmbH
GET /iframes2/bb53cf84deb54d6084ae136b5ff91ccd.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:41 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: 8717dde33203d990
set-cookie: ts_uid=660f08ab-109a-466b-a5ef-622e4d2852e6; expires=Sat, 05 Aug 2023 18:45:41 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/953b9003de9148548d0815f308f03565.html?
200 OK 0 B URL HTTP/2 tsyndicate.com/iframes2/953b9003de9148548d0815f308f03565.html?
IP
ASN #24940 Hetzner Online GmbH
GET /iframes2/953b9003de9148548d0815f308f03565.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:41 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: b27bab071b8a50ea
set-cookie: ts_uid=8a771c2a-533c-4471-9393-d9b4caf0710e; expires=Sat, 05 Aug 2023 18:45:41 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
static.javhd.com/h5/files/js/mobile_video_player.min.js
200 OK 0 B URL HTTP/2 static.javhd.com/h5/files/js/mobile_video_player.min.js
IP
ASN #60068 Datacamp Limited
GET /h5/files/js/mobile_video_player.min.js HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26cv9%3D6284ab9861d6e2143673d195%26externalId%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: application/x-javascript
last-modified: Tue, 12 Jan 2016 11:55:17 GMT
etag: W/"5694e9a5-7636"
expires: Tue, 23 May 2023 11:05:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839915
server: CDN77-Turbo
x-77-nzt: AblMCRR1VPH/7I5UAQ
x-77-nzt-ray: af58563045ba7cc957f9df6362fb5a09
x-cache: HIT
x-age: 22318828
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
static.javhd.com/h5/files/js/video.js
200 OK 0 B URL HTTP/2 static.javhd.com/h5/files/js/video.js
IP
ASN #60068 Datacamp Limited
GET /h5/files/js/video.js HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26cv9%3D6284ab9861d6e2143673d195%26externalId%3D4aecd2e2-a585-11ed-8703-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:43 GMT
content-type: application/x-javascript
last-modified: Tue, 10 Nov 2015 10:24:20 GMT
etag: W/"5641c5d4-1cf02"
expires: Tue, 23 May 2023 11:05:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839915
server: CDN77-Turbo
x-77-nzt: AblMCRTVGTr/7I5UAQ
x-77-nzt-ray: af58563045ba7cc957f9df63a6a96909
x-cache: HIT
x-age: 22318828
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
go6shde9nj2itle.com/lv/esnk/1909584/code.js
200 OK 0 B URL HTTP/2 go6shde9nj2itle.com/lv/esnk/1909584/code.js
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1909584/code.js HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: application/javascript
last-modified: Tue, 31 Jan 2023 12:41:59 GMT
vary: Accept-Encoding
etag: W/"63d90c97-1a459"
x-js-ab1: var4
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
javfree.sh/14978/heyzo-0597.html
200 OK 0 B URL HTTP/2 javfree.sh/14978/heyzo-0597.html
IP
GET /14978/heyzo-0597.html HTTP/1.1
Host: javfree.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=432000
cf-cache-status: MISS
last-modified: Sun, 05 Feb 2023 18:45:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jUOgftTGEaOA7MCjyxb2D3P1Hpu5WrAhNkOfFL0nqgfTS7DX9ReBdrWUmUq5Ds5fmd7LeF8rRD%2FS2ASByFWdoL9Av1xbFdOslwNbHI%2F4ZE8UiGsrcdcCUMw8QsVW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dcdde8ae71bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xxxvjmp.com/widgets/v4/Universal?tag=girls%2Fchinese&thumbsMargin=5&hideButton=1&hideTitle=1&userId=840d18c1b4b1b053aac0885c0f17e4305a4bc43c2d94ca9bb181121129281861&autoplay=all&autoplayForce=1&campaignI=iframe
200 OK 0 B URL HTTP/2 creative.xxxvjmp.com/widgets/v4/Universal?tag=girls%2Fchinese&thumbsMargin=5&hideButton=1&hideTitle=1&userId=840d18c1b4b1b053aac0885c0f17e4305a4bc43c2d94ca9bb181121129281861&autoplay=all&autoplayForce=1&campaignI=iframe
IP
GET /widgets/v4/Universal?tag=girls%2Fchinese&thumbsMargin=5&hideButton=1&hideTitle=1&userId=840d18c1b4b1b053aac0885c0f17e4305a4bc43c2d94ca9bb181121129281861&autoplay=all&autoplayForce=1&campaignI=iframe HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:40 GMT
content-type: text/html
last-modified: Tue, 31 Jan 2023 09:49:21 GMT
expires: Sun, 05 Feb 2023 18:45:43 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 3
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dcdf1db410b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/140e730e2ff5443da5562bdd6fd12431.html?
200 OK 0 B URL HTTP/2 tsyndicate.com/iframes2/140e730e2ff5443da5562bdd6fd12431.html?
IP
ASN #24940 Hetzner Online GmbH
GET /iframes2/140e730e2ff5443da5562bdd6fd12431.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://javfree.sh/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:45:41 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: fd94257caa2d024e
set-cookie: ts_uid=ceab6a92-5d11-4dd5-bc90-18894d6f5c90; expires=Sat, 05 Aug 2023 18:45:41 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.js
200 OK 0 B URL HTTP/2 js.wpadmngr.com/static/adManager.js
IP
ASN #39572 DataWeb Global Group B.V.
GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Dec 2022 13:37:26 GMT
etag: W/"638df416-4dd"
content-encoding: gzip
expires: Sun, 05 Feb 2023 18:50:42 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
vast.yomeno.xyz/vast
200 OK 0 B IP
POST /vast HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 575
Origin: https://tsyndicate.com
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 05 Feb 2023 18:45:42 GMT
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
access-control-allow-credentials: true
access-control-allow-origin: https://tsyndicate.com
access-control-expose-headers: Content-Length,Content-Range
content-encoding: gzip
X-Firefox-Spdy: h2
172.67.197.79
109.206.191.198
95.101.11.115
136.243.80.153
104.18.62.235
95.216.15.54
87.250.251.119
185.76.9.21
93.184.220.29