xfantazy.com/video/620852c85a615f1d0cdf5e9b
172.64.163.22302 Found 0 B URL HTTP/1.1 xfantazy.com/video/620852c85a615f1d0cdf5e9b
IP 172.64.163.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/620852c85a615f1d0cdf5e9b HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 01 Dec 2022 21:42:04 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yu8U1ZCC5fjJvFI80PxHdyACokPvviYirSM0617VvwOt44Zhr%2FKsQnhvJ5paa0uOGY6JynrCFt%2F%2BaoWv3RWrmweVRryKpMdMwzmpU5ynA%2B%2Bbk%2Bfgiwr0NxMgc7Aj3iw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 772efd958a1373fb-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11575
Expires: Fri, 02 Dec 2022 00:54:59 GMT
Date: Thu, 01 Dec 2022 21:42:04 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3664
Cache-Control: max-age=136212
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:04 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:32:16 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 21:18:09 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1435
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Thu, 01 Dec 2022 23:29:32 GMT
Date: Thu, 01 Dec 2022 21:42:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: i3k/+PyRM+dRLmXB2ZVP0AlfVaTRJnXcZW9teSl720J1s6bEyuTIbRoxROksSUDHx1nr0UWcftc=
x-amz-request-id: WAMKSH64CD5F49NM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 20:45:48 GMT
age: 3376
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 142.250.74.131:0
Hash 1c019ed7c3e83ba44b83c599d7cacb50
ba2df387477d36733df9f9b504db80a9a24aa39e
716702f5bd3eb7cbd12229ab6dd8e4aca76766fe03d9dd36667c0fdb10e98cc0
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 21:08:56 GMT
cache-control: public,max-age=3600
age: 1989
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3650
Cache-Control: max-age=131134
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:05 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:07:39 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 142.250.74.131:0
Hash 1c019ed7c3e83ba44b83c599d7cacb50
ba2df387477d36733df9f9b504db80a9a24aa39e
716702f5bd3eb7cbd12229ab6dd8e4aca76766fe03d9dd36667c0fdb10e98cc0
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:05 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/static/logo-tv-light.svg
172.64.162.22200 OK 1.8 kB URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.162.22:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1395)
Hash 81b7a439bc0987e8322a033278023306
b1756b7557a8f23a3c5b69bebba2560f3d87ac64
3f420512d76cee1ae4265f8763f02e62ae6e19b112e322703fd7c8b600cded03
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Sun, 18 Sep 2022 10:07:54 GMT
etag: W/"101b-18350119941"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00DSNbDZDB7%2B0M1pWULEx%2FEY9OLgLa8%2BU3%2BiwnNZK4ggS4Corn6DsfMoWXVHCx34Uk%2F9lUNgTWgSh%2B1ctRQd9AbtO6t1%2ByjppoU9PFIkxWqfJI1XwHmu4HyEpENgoDk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c983374f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.162.22200 OK 1.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (1568), with no line terminators
Hash ff5e4601bab834d29b116dafbdb97b1f
755e3da3a405a76e5fc6ce374dc82556e7fcb726
b1d4d3a5854ddb5c55d6ddc87f5e6239303984d60017b5fdc4c94b56dae689bb
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-183501656fb"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3161867
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=obJ3R1Z%2F%2FFICSFj8cRI2GDWhKGB1MCoNN06Yfom3pfFHx%2Fo6zdIeVc1oFmStzbUYQSUNefpVvWonU9Mt7rqM5arh2u1UC55Ti%2FqUEs%2F0gvfY5%2BrTmIlw6JOtFZiH%2Fhw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c7ffe74f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.168200 OK 54 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.168:0
File type ASCII text, with very long lines (15971)
Hash 5028a67210a4f81f38b341381680f213
aca769fb110236b2d5a2ed6bf4b2eb960ceda8cc
d5987c1ae884d465ae5964b171d330509e31882d8c4d06eb91b3bd6de9d76c79
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 21:42:05 GMT
expires: Thu, 01 Dec 2022 21:42:05 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54307
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 94091
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LOnCuSOkmfvprjWQ_w/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LOnCuSOkmfvprjWQ_w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 55b2f3e78f4f4715dcd8ef10b1d173f2
c2ccc2a9c02e64ed4b056095e5b7c864627c8a0c
70a077339f05985c266636b7a65bc6e7d6e6b3119b0397b613442ec7b7989187
GET /thumbnail/LOnCuSOkmfvprjWQ_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: image/jpeg
content-length: 11337
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I77Gu3Snza66_zyfqg/w320h240/0.jpeg
188.72.235.185200 OK 9.9 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I77Gu3Snza66_zyfqg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d007cecc2efb5e635d1a00a74f9a5381
6dad22c6ef739f5a07175311e19c36f453a67799
7808d8a08ae6b113a37caf77d5f88fa1702d73e59217339a57f081e43bf8d0ac
GET /thumbnail/I77Gu3Snza66_zyfqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: image/jpeg
content-length: 9882
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IOibuX-iwqa_qWjD-g/w320h240/0.jpeg
188.72.235.185200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IOibuX-iwqa_qWjD-g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash a7dda418c5bb9e3bc48005fd9fd6b4b3
b94ba89c87bdf1cf63627a1cd159acb123a8c40e
bfc951e9f53c92d8024d3035722685de826e132e931bb4733928626f725e4ee6
GET /thumbnail/IOibuX-iwqa_qWjD-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: image/jpeg
content-length: 12842
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:56 GMT
expires: Thu, 30 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 94089
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 94070
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JuiTtHX0w_3pqWjF-Q/w320h240/0.jpeg
188.72.235.185200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JuiTtHX0w_3pqWjF-Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 365c802e8786a8fbbcfb5f19746f6d50
c21c677a97d8c414909e274a4c6167c455859107
74eb033cb424d12671cf6194f28d228912a75973a38646f40e80011561bb4081
GET /thumbnail/JuiTtHX0w_3pqWjF-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: image/jpeg
content-length: 10401
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/M4935t4SEcOsE8Gz67yk_/pages/_app.js
172.64.162.22200 OK 38 kB URL HTTP/2 xfantazy.com/_next/static/M4935t4SEcOsE8Gz67yk_/pages/_app.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 73508410097dccd5adaeb7b1c328c19e
efe04f6ed2639c16122266e7117193680bb73aeb
b03a3201f478de3f2602bd0392e5df8fe704778020ac4bacb87ad3574980b43d
GET /_next/static/M4935t4SEcOsE8Gz67yk_/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-1835015f20e"
last-modified: Sun, 18 Sep 2022 10:12:39 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 6434593
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZT0KjnlqZ9AhX8YXqr3vnyalCZoODFAah5LzU%2Bi1uGtYAVMY4%2BCw8dfEH1oOJpSN3WkVlxcQAiT4D6tPe0JMqLmzu%2FbV%2Fb8MB1Kt3CZKR8bKjoS4Wh8S99YVGL3oNM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c7fec74f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c4d9bada5f275432ee52bc8e20400dc0
1ffe803d60e7cb74bc9a1e6722950d03a3c342cd
2481c6cb423e76b181e3695eb38787792e9ab9b05cdf83961a74f9adb24c04c4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 21:42:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 15:14:23 GMT
Expires: Tue, 06 Dec 2022 15:14:22 GMT
Etag: "1ffe803d60e7cb74bc9a1e6722950d03a3c342cd"
Cache-Control: max-age=408136,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772efd9d1ed1b515-OSL
xfantazy.com/_next/static/M4935t4SEcOsE8Gz67yk_/pages/video.js
172.64.162.22200 OK 81 kB URL HTTP/2 xfantazy.com/_next/static/M4935t4SEcOsE8Gz67yk_/pages/video.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (22910), with no line terminators
Hash 91a01a4dadc821d0890696defab38e4f
e681fed0e93d0e4c419e56eb577a3a8fc25345d7
36b1c8b2e813464a8d2fa4e8b77b339a48288b7f98f064ba36e547b02439bc67
GET /_next/static/M4935t4SEcOsE8Gz67yk_/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-1835015f44e"
last-modified: Sun, 18 Sep 2022 10:12:39 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 6434593
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2BTs3KA7smpskPWAQLr9j0cL3MkoQJ4WaVHVITjxHR8DFnsKCuz3Ihk3LrTwBHM0UX7PSYqexDAvjv%2BRYxPS8FRj0lnVSQkCpJHLJIdoyKOGShzu%2BN0tl%2BZ%2Fl6wUSXA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c6feb74f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.162.22200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 25eee0d26d6853978b33bf68a914e7bb
def0e9e48146403ef1ffb9499df9e7333621645e
d01f4c16db858b5c4d97647745712af565c9651300baf8d1e652c9357bb4366e
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-1835016572f"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2423582
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2FfmCfF5VIgQo7BvMQpRcAeX9l6HBj3V8D%2BciM3EsHhw8sMhRb2wWCArl0pQmxU4Q5F%2BrSKgdF839PwbMZty4REggDf7WC2sT%2FY2avt%2BQPZxpVHNNrq0unav%2BJS4Pfk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c983274f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.106200 OK 1.9 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.106:0
Hash e2c2aaefb20372dd596efa2dbf0c82ee
d2defde77d8101a947522bddf70e95ee2a1f3e2d
96860a7844c7bbf697b9e2a289bb9fa7d89c1df780a3885af420b3c6983e7ab8
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 21:42:05 GMT
date: Thu, 01 Dec 2022 21:42:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.1.229200 OK 85 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.1.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (586)
Hash 38bcc0f8505c69e2c6fe7f07747a688d
0f67a6ec36f89ac04a363efeec43ef2840508691
e499aad948729045fb029421fdc1dba4aa4cd0f4f1476d0aa74bdb8b8d48a06c
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.250.0
x-jsd-version-type: version
etag: W/"346dd-nsZLR4YN/Jfyl2nmrii/8cxDozY"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 21:42:05 GMT
age: 11856
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1637-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85055
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
151.101.66.133200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 151.101.66.133:0
Hash 41d52ebe4a591eb64c517cd6c57c9377
d9bc1cfde5380de6d6afd01227ed56fda1d4b34a
92522bcbde22cc935d7c443c1d5ef1e1df87ca6c154e7bb54ea810b630665686
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1462
Content-Type: application/ocsp-response
Etag: "16AE36117769D568E97C017001BE8F880461BE29"
Expires: Fri, 02 Dec 2022 09:00:00 UTC
Last-Modified: Thu, 01 Dec 2022 21:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
Accept-Ranges: bytes
Date: Thu, 01 Dec 2022 21:42:06 GMT
Via: 1.1 varnish
Age: 256
X-Served-By: cache-bma1644-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1669930926.015330,VS0,VE1
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 01 Dec 2022 20:41:08 GMT
expires: Thu, 01 Dec 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 3658
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9e6c0e1c03514e5575b8362d18d29c7d
bb88e1bba49fcdc8c6d3e711a924927c6ab5fd32
c5c6095ef5db4f926d464df61aab764afa75d4d6a15c6b0d5764d008d65c951d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5C6095EF5DB4F926D464DF61AAB764AFA75D4D6A15C6B0D5764D008D65C951D"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12456
Expires: Fri, 02 Dec 2022 01:09:42 GMT
Date: Thu, 01 Dec 2022 21:42:06 GMT
Connection: keep-alive
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
173.233.139.164200 OK 29 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 173.233.139.164:0
Hash c2a6bf3ccc2ce3070745bf9c4871bfc1
e246b5389d9a749122919f525166fe8e197a30e4
e89b1cc4f14ae087f4a54c1df229bd481690b9e8d388c23d021180d94724bef1
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69204d8ee27321ac21ea040a68e1917e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14063
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 21:42:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 328ce221bcf3442f88d09373193ff594
63bfa2ea925aa2c188c664a7bf7af7b0e5417e60
21d5b5ec267430dba91b17f89a557aca5cd2a21535da18eb02ec69ed0e1b7371
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13411
x-amzn-requestid: 71f8798f-93e9-4649-8822-7ad3fadeec34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz6vH05oAMF_qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd11-1849aa08463e5c1f3d9b15b9;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QVGFEOePBybOeNxG6eWBffm8Ha_fmBnT8vMIGcI8zv9C7yiBeSncDw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
etag: "63bfa2ea925aa2c188c664a7bf7af7b0e5417e60"
content-type: image/jpeg
age: 85806
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 85806
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 86076
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 18:58:06 GMT
age: 9840
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 05:45:16 GMT
age: 57410
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1e6b6ba4f82221b41c3d9129008c76d
2f9532d698b4c28df23e18bbb66399ec776d5b9f
218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: c08f55b2-7ac6-4dec-b53c-fd3f4533f9c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpBiGoHIAMFR2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bba3-69c2c2d05e55fd745caf1dce;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:09:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w_Mb-0pBwp-pUyU2bdJ8MhrGHkk6VQgJmcGV9MfHwj_yGUMIYZkyrg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 17:08:13 GMT
age: 16433
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6b049862424c5a2a0a27ed0b4541dfd8
60d749c48f6d4365eb7a75485cb2f1a8a26e13cf
46ddc70bf9cdbb81562a4110e595e1b0a0e054576c4c04bd5239902d13763c10
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46DDC70BF9CDBB81562A4110E595E1B0A0E054576C4C04BD5239902D13763C10"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=55
Expires: Thu, 01 Dec 2022 21:43:01 GMT
Date: Thu, 01 Dec 2022 21:42:06 GMT
Connection: keep-alive
ocsp.globalsign.com/gseccovsslca2018
151.101.66.133200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 151.101.66.133:0
Hash 43771a9c0ffeb00d9614935cfa1531d3
2959843e437d5c55b80c4ebdf4d5508e2885555b
98d52501d33e7a30a7018ca99f6ed54aecd205a2bfba338d87bc76cc9155f7a1
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 939
Server: nginx
Content-Type: application/ocsp-response
Expires: Mon, 05 Dec 2022 20:27:19 GMT
ETag: "2959843e437d5c55b80c4ebdf4d5508e2885555b"
Last-Modified: Thu, 01 Dec 2022 20:27:20 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 01 Dec 2022 21:42:06 GMT
Age: 3106
X-Served-By: cache-qpg1244-QPG, cache-bma1644-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 2, 5
X-Timer: S1669930927.972482,VS0,VE0
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1f1beac7928ab3d37cedfb7e9db6de8c
dbec1313a709861142ee3b08c1031e4c297435d0
25faaa716072ce2493633a4252fde0606c5da842936e6f4874eb461c180367de
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "25FAAA716072CE2493633A4252FDE0606C5DA842936E6F4874EB461C180367DE"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3559
Expires: Thu, 01 Dec 2022 22:41:26 GMT
Date: Thu, 01 Dec 2022 21:42:07 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930925%3Ac%3A1%3Arn%3A137857918%3Arqn%3A1%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C148%2C593%2C0%2C353%2C0%2C%2C179%2C6%2C%2C%2C%2C1435%3Aco%3A0%3Ans%3A1669930922738%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930925%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
93.158.134.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930925%3Ac%3A1%3Arn%3A137857918%3Arqn%3A1%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C148%2C593%2C0%2C353%2C0%2C%2C179%2C6%2C%2C%2C%2C1435%3Aco%3A0%3Ans%3A1669930922738%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930925%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash e826ee8069e54225e0f6cb890a283137
701f65f6555fe1d8326a7b0b9d2e3e812c12f9ff
e9c98cd40cb4368165a40b49504a66e1138fcf035a81b716fdbf40d32207acb2
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930925%3Ac%3A1%3Arn%3A137857918%3Arqn%3A1%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C148%2C593%2C0%2C353%2C0%2C%2C179%2C6%2C%2C%2C%2C1435%3Aco%3A0%3Ans%3A1669930922738%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930925%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Thu, 01 Dec 2022 21:42:07 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:07 GMT
last-modified: Thu, 01-Dec-2022 21:42:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash f60f02a95664f3be8fd0b4e614010c6a
bb83d56ac8ae98bff5e9954dffc7f2035b47f63f
eddc54420a811685bfd0c2c14dd13340c9380b529bf1bb8c0426baa0375a67f2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=146734
Date: Thu, 01 Dec 2022 21:42:07 GMT
Etag: "6388ac95-1d7"
Expires: Sat, 03 Dec 2022 14:27:41 GMT
Last-Modified: Thu, 01 Dec 2022 13:31:01 GMT
Server: ECS (nyb/1D19)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 015JxHFRKdEd7DqekT4emDIHuPQzCcEEqJ_5-mc0lHchuGu68Sq38w==
Age: 3400
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 976ec0477aa30cbf00f53b05c49663ff
0d333f4aab7f1286c2e68480ba986915f0188b8d
e6eb3a90890b38211a9cfad8c78fd23978e2f855829c4e0cde29feccf1d8950a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6EB3A90890B38211A9CFAD8C78FD23978E2F855829C4E0CDE29FECCF1D8950A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Fri, 02 Dec 2022 00:38:25 GMT
Date: Thu, 01 Dec 2022 21:42:07 GMT
Connection: keep-alive
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 0373a882404b61f10bfb46a9257d1867
2efdf39201b34ae3feffe95ace9245b88b355c3c
44bd8a13df051b01b6bca8baec67896353f3d89991bd8d29982123101666d00c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; expires=Sun, 28 Nov 2032 21:42:07 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1f1beac7928ab3d37cedfb7e9db6de8c
dbec1313a709861142ee3b08c1031e4c297435d0
25faaa716072ce2493633a4252fde0606c5da842936e6f4874eb461c180367de
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "25FAAA716072CE2493633A4252FDE0606C5DA842936E6F4874EB461C180367DE"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3559
Expires: Thu, 01 Dec 2022 22:41:26 GMT
Date: Thu, 01 Dec 2022 21:42:07 GMT
Connection: keep-alive
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37185), with no line terminators
Hash 1b25493774f0bc68385c87fdbb39a88c
80dbfe3a6f9f85df8f0a5f92dd9158d0e6c616e5
2e7bc2d1ea0bab5b0e652084494f56497bdf5058aed9768d3715408dbfa6ab2f
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 21:42:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 93d8bc3dd3506bc2119765908b113a39
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 0373a882404b61f10bfb46a9257d1867
2efdf39201b34ae3feffe95ace9245b88b355c3c
44bd8a13df051b01b6bca8baec67896353f3d89991bd8d29982123101666d00c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A44881068%3Arqn%3A2%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A44881068%3Arqn%3A2%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A44881068%3Arqn%3A2%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 01 Dec 2022 21:42:07 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:07 GMT
last-modified: Thu, 01-Dec-2022 21:42:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A134052843%3Arqn%3A4%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A134052843%3Arqn%3A4%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A134052843%3Arqn%3A4%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 01 Dec 2022 21:42:07 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:07 GMT
last-modified: Thu, 01-Dec-2022 21:42:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A372054890%3Arqn%3A3%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A372054890%3Arqn%3A3%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A372054890%3Arqn%3A3%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 01 Dec 2022 21:42:07 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:07 GMT
last-modified: Thu, 01-Dec-2022 21:42:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A933792736%3Arqn%3A5%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A933792736%3Arqn%3A5%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A933792736%3Arqn%3A5%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 01 Dec 2022 21:42:07 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:07 GMT
last-modified: Thu, 01-Dec-2022 21:42:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A784416091%3Arqn%3A6%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A784416091%3Arqn%3A6%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A784416091%3Arqn%3A6%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 01 Dec 2022 21:42:07 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:07 GMT
last-modified: Thu, 01-Dec-2022 21:42:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
tallysaturatesnare.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
192.243.61.225200 OK 29 kB URL HTTP/1.1 tallysaturatesnare.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash a7a3b384e5d19a29d36fcd57bc03fd56
3df1373e0a59d552a73a7875541fa93e32d18d9f
61b05dbbcaf2bcb4eeca0ca5b70d41335b5e7763160a901842e76c7a7250fd2c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 21:42:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a1a6c7f3647b018607a4f6f9864ba7f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A1009638901%3Arqn%3A7%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A1009638901%3Arqn%3A7%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930926%3Ac%3A1%3Arn%3A1009638901%3Arqn%3A7%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669930922738%3Arqnl%3A1%3Ast%3A1669930926&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 01 Dec 2022 21:42:07 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:07 GMT
last-modified: Thu, 01-Dec-2022 21:42:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5a239878ef5bbcc237e7b45f282075f4
6eeb910e4ece59e97dfe32071ea94a6e3530c81b
92305af0d4663e9c8bc67a8021e4a983ab13c5a3a613a71e6e2fad826886ee18
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92305AF0D4663E9C8BC67A8021E4A983AB13C5A3A613A71E6E2FAD826886EE18"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13420
Expires: Fri, 02 Dec 2022 01:25:47 GMT
Date: Thu, 01 Dec 2022 21:42:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bbcfe605cd3d16d5dbd6da5f3b862331
51a61051695ccfe6ce1963dac4ff95d0fba3fd55
2530a0e79f2e0362b113c9623fe89ddcdd2365d61ed4a2269d35f60a9b91233b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2530A0E79F2E0362B113C9623FE89DDCDD2365D61ED4A2269D35F60A9B91233B"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11334
Expires: Fri, 02 Dec 2022 00:51:01 GMT
Date: Thu, 01 Dec 2022 21:42:07 GMT
Connection: keep-alive
whiskerssituationdisturb.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.139.164200 OK 29 kB URL HTTP/1.1 whiskerssituationdisturb.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.139.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash a03492ef49f8df76a26871968380ac18
6395b0cfe5b453bd696d0373160a8a95f37d9223
e6121b6faa6b4be952bd038d5e00ab6791d7dfdb5646f4999000c218eac847d3
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eebda49c2ad85d35b56588820333a119
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tallysaturatesnare.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
192.243.61.225200 OK 4.5 kB URL HTTP/1.1 tallysaturatesnare.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6156), with no line terminators
Hash 252585aadf2ad750069dd8885bfdb673
1f9dee66ca59623340f1b8112f07e0b987ff9002
99b00fcc200b22b51dc2e080baa207511ca0126bc972b9253aeb83e3b8cb360c
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 21:42:07 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Fri, 02 Dec 2022 21:42:07 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 02 Dec 2022 21:42:07 GMT; secure; SameSite=None
uncs=1; expires=Fri, 02 Dec 2022 21:42:07 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 02 Dec 2022 21:42:07 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 02 Dec 2022 21:42:07 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8defed8615d378fee358949e76e0e028
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9abc24f39564dc848d6bcdefbcdafc7b
b8c7e8e03ebea34dc55cb1edc5821875ef3b8ced
746046171e16c754f1385bee917d0d771988a6cc69bfef15b30af8d773cad83f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "746046171E16C754F1385BEE917D0D771988A6CC69BFEF15B30AF8D773CAD83F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8391
Expires: Fri, 02 Dec 2022 00:01:59 GMT
Date: Thu, 01 Dec 2022 21:42:08 GMT
Connection: keep-alive
soldierreproduceadmiration.com/pixel/purst?dl=0&th=0&sc=0&rs=3211&rd=3211&fd=583&bv=22.10.v.10&tmpl=136
192.243.61.225200 OK 0 B URL HTTP/1.1 soldierreproduceadmiration.com/pixel/purst?dl=0&th=0&sc=0&rs=3211&rd=3211&fd=583&bv=22.10.v.10&tmpl=136
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3211&rd=3211&fd=583&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 21:42:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuu3s0HHy7CKnvxoDvsRQWZdM%2BPJLOLBOOaJRiTuLuSc3V19UyZmqqmqmt6Mh4MuyARRCc3Dx46zyQb1GV1b16EZbIXCQjbHiSHDfo3CLkJMpOB6AtV71P1vAXP87712a47IT4cPV77QPeElHS6XvZLb6wLFenMllbulgK%2F7N8orQs1U7tR6o4207ke%2BPWy%2F2bpFmcberriB74f%2BEFpURge6%2B70mIVIHjaCcsMv1yrloF5D1%2Fz3bJ0HSz1EnRPyMkRU%2FK%2F1y2MINoRq%2F3iT241UJ2%2B913aSptqgEx18pDaUzhTa5zA2HmJ1MKmGtgUhX1%2BAVgcTB9CdvZEDhKIg3u8BQnUwkYmws3%2BmNJTgCmF0CVlnCC6HEHQIpu9DRM8IwCKsrEK1H6xok9HNM5aO2IJMnf4FkRVk6vkVqPajBSm6pTtaulRoZdGNc4juEKI5ROIOkfY8iOwQLL0HEf1Kpk%2BXodp7q1ZqiCgfuxdiCBEPIXkf1HpwoyU8uNiDSzy0o%2BMSrTdi35%2BNw7hanasxxqpVxupzM1E9qtbmYh%2BOjeT1kSZ9MNkHM1tIzBY2xE5ByL09GPcEtpXDRh5sWhDvwy10ohwZJ8gsQUYJMkGQpQRZJ9%2BPpK3Y%2FEEkrQuDSa5McjUf6LS5S%2Fd12uSK7CYn5KVRc7wXP30dG%2Fy4VAliXm3U%2FbgWVLhfmWHVahyEM4zzmaDKQworcgh7Yey3JwryWv0SElGQ%2F88%2FQUgPYeUhmLgM6l4FzQazFR%2B0NajN%2BeipnxRNnaGyxalMW1Y7w3iZSRci0jmSdArpprcrT8gr44Fdf%2FsyODuaf9r789ajK5%2BAmRyJyfGxeErQlNuD2zoje7d1Zsnj1SQVbdGjo2HeSWnKL373Pt%2FMtImWbtr%2Bt%2B%2BwETGCD%2B9ymy5TFQnVtOT7BRFF3Cxqwzj5ecmu83DN2daCM8oly2vvLi61E8OtFVoNQcUz%2BwWYKMgL21%2BOv%2BnVawbCDGFcjrY7IpOA0EOwZAs2OVdvNYGR5zVh4iFz%2BcBUwvNLKQpS%2Beo5JD%2Ba3%2FnmD3f69zXQMIfl%2F3p4jnftNprGA03vQ7VzdEyOjsxBZR%2FWXRykiTma%2F606DoTSG4TSeHuhNHLnrL1WHJd4PfZj7ld4GDfCeJb6USOuNULaCPhsWKcBUluwz6%2F%2B8A8AAAD%2F%2FwEAAP%2F%2F%2BvN%2B14IEAAA%3D
192.243.61.225200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuu3s0HHy7CKnvxoDvsRQWZdM%2BPJLOLBOOaJRiTuLuSc3V19UyZmqqmqmt6Mh4MuyARRCc3Dx46zyQb1GV1b16EZbIXCQjbHiSHDfo3CLkJMpOB6AtV71P1vAXP87712a47IT4cPV77QPeElHS6XvZLb6wLFenMllbulgK%2F7N8orQs1U7tR6o4207ke%2BPWy%2F2bpFmcberriB74f%2BEFpURge6%2B70mIVIHjaCcsMv1yrloF5D1%2Fz3bJ0HSz1EnRPyMkRU%2FK%2F1y2MINoRq%2F3iT241UJ2%2B913aSptqgEx18pDaUzhTa5zA2HmJ1MKmGtgUhX1%2BAVgcTB9CdvZEDhKIg3u8BQnUwkYmws3%2BmNJTgCmF0CVlnCC6HEHQIpu9DRM8IwCKsrEK1H6xok9HNM5aO2IJMnf4FkRVk6vkVqPajBSm6pTtaulRoZdGNc4juEKI5ROIOkfY8iOwQLL0HEf1Kpk%2BXodp7q1ZqiCgfuxdiCBEPIXkf1HpwoyU8uNiDSzy0o%2BMSrTdi35%2BNw7hanasxxqpVxupzM1E9qtbmYh%2BOjeT1kSZ9MNkHM1tIzBY2xE5ByL09GPcEtpXDRh5sWhDvwy10ohwZJ8gsQUYJMkGQpQRZJ9%2BPpK3Y%2FEEkrQuDSa5McjUf6LS5S%2Fd12uSK7CYn5KVRc7wXP30dG%2Fy4VAliXm3U%2FbgWVLhfmWHVahyEM4zzmaDKQworcgh7Yey3JwryWv0SElGQ%2F88%2FQUgPYeUhmLgM6l4FzQazFR%2B0NajN%2BeipnxRNnaGyxalMW1Y7w3iZSRci0jmSdArpprcrT8gr44Fdf%2FsyODuaf9r789ajK5%2BAmRyJyfGxeErQlNuD2zoje7d1Zsnj1SQVbdGjo2HeSWnKL373Pt%2FMtImWbtr%2Bt%2B%2BwETGCD%2B9ymy5TFQnVtOT7BRFF3Cxqwzj5ecmu83DN2daCM8oly2vvLi61E8OtFVoNQcUz%2BwWYKMgL21%2BOv%2BnVawbCDGFcjrY7IpOA0EOwZAs2OVdvNYGR5zVh4iFz%2BcBUwvNLKQpS%2Beo5JD%2Ba3%2FnmD3f69zXQMIfl%2F3p4jnftNprGA03vQ7VzdEyOjsxBZR%2FWXRykiTma%2F606DoTSG4TSeHuhNHLnrL1WHJd4PfZj7ld4GDfCeJb6USOuNULaCPhsWKcBUluwz6%2F%2B8A8AAAD%2F%2FwEAAP%2F%2F%2BvN%2B14IEAAA%3D
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuu3s0HHy7CKnvxoDvsRQWZdM%2BPJLOLBOOaJRiTuLuSc3V19UyZmqqmqmt6Mh4MuyARRCc3Dx46zyQb1GV1b16EZbIXCQjbHiSHDfo3CLkJMpOB6AtV71P1vAXP87712a47IT4cPV77QPeElHS6XvZLb6wLFenMllbulgK%2F7N8orQs1U7tR6o4207ke%2BPWy%2F2bpFmcberriB74f%2BEFpURge6%2B70mIVIHjaCcsMv1yrloF5D1%2Fz3bJ0HSz1EnRPyMkRU%2FK%2F1y2MINoRq%2F3iT241UJ2%2B913aSptqgEx18pDaUzhTa5zA2HmJ1MKmGtgUhX1%2BAVgcTB9CdvZEDhKIg3u8BQnUwkYmws3%2BmNJTgCmF0CVlnCC6HEHQIpu9DRM8IwCKsrEK1H6xok9HNM5aO2IJMnf4FkRVk6vkVqPajBSm6pTtaulRoZdGNc4juEKI5ROIOkfY8iOwQLL0HEf1Kpk%2BXodp7q1ZqiCgfuxdiCBEPIXkf1HpwoyU8uNiDSzy0o%2BMSrTdi35%2BNw7hanasxxqpVxupzM1E9qtbmYh%2BOjeT1kSZ9MNkHM1tIzBY2xE5ByL09GPcEtpXDRh5sWhDvwy10ohwZJ8gsQUYJMkGQpQRZJ9%2BPpK3Y%2FEEkrQuDSa5McjUf6LS5S%2Fd12uSK7CYn5KVRc7wXP30dG%2Fy4VAliXm3U%2FbgWVLhfmWHVahyEM4zzmaDKQworcgh7Yey3JwryWv0SElGQ%2F88%2FQUgPYeUhmLgM6l4FzQazFR%2B0NajN%2BeipnxRNnaGyxalMW1Y7w3iZSRci0jmSdArpprcrT8gr44Fdf%2FsyODuaf9r789ajK5%2BAmRyJyfGxeErQlNuD2zoje7d1Zsnj1SQVbdGjo2HeSWnKL373Pt%2FMtImWbtr%2Bt%2B%2BwETGCD%2B9ymy5TFQnVtOT7BRFF3Cxqwzj5ecmu83DN2daCM8oly2vvLi61E8OtFVoNQcUz%2BwWYKMgL21%2BOv%2BnVawbCDGFcjrY7IpOA0EOwZAs2OVdvNYGR5zVh4iFz%2BcBUwvNLKQpS%2Beo5JD%2Ba3%2FnmD3f69zXQMIfl%2F3p4jnftNprGA03vQ7VzdEyOjsxBZR%2FWXRykiTma%2F606DoTSG4TSeHuhNHLnrL1WHJd4PfZj7ld4GDfCeJb6USOuNULaCPhsWKcBUluwz6%2F%2B8A8AAAD%2F%2FwEAAP%2F%2F%2BvN%2B14IEAAA%3D HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1bc13b5bbf04cce01fab34e20a5e4f27
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
45.133.44.3200 OK 1.0 kB URL HTTP/2 cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash b376d02387de3fd59c28f2cbda996023
1fb64c5969d9433aac338c13d875ba24b9b1a0f3
2a6cd6a7e2f955ec8e212e58d7e1be89617e06a5a7952a8db4688e7fae0b02f3
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:08 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 01 Dec 2022 22:42:08 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
whiskerssituationdisturb.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d%3A2%3A1
173.233.139.164200 OK 3.4 kB URL HTTP/1.1 whiskerssituationdisturb.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d%3A2%3A1
IP 173.233.139.164:0
File type JSON data\012- , ASCII text, with very long lines (5949), with no line terminators
Hash 5bc6a94b6e7da9cebf5eb2fa4ab1fa57
55537cb46722c3d49a4d0855050ffa204feda122
4549fe973e17d6695a1fd08fde47a90de7a7253607576a9e74cd7904e77ac53c
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d%3A2%3A1 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Fri, 02 Dec 2022 21:42:07 GMT; secure; SameSite=None
uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; expires=Thu, 08 Dec 2022 21:42:07 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 02 Dec 2022 21:42:08 GMT; secure; SameSite=None
uncs=1; expires=Fri, 02 Dec 2022 21:42:08 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 02 Dec 2022 21:42:08 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 02 Dec 2022 21:42:08 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3830292]; expires=Thu, 01 Dec 2022 21:42:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ab5418f43c9bd969021b882a078a20f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 01 Dec 2022 21:42:08 GMT
access-control-allow-origin: *
etag: "6388ac0c-2b"
expires: Thu, 01 Dec 2022 22:42:08 GMT
accept-ranges: bytes
last-modified: Thu, 01 Dec 2022 16:28:44 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
integrityprinciplesthorough.com/pixel/purst?dl=0&th=0&sc=0&rs=3520&rd=3520&fd=487&bv=22.10.v.10&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 integrityprinciplesthorough.com/pixel/purst?dl=0&th=0&sc=0&rs=3520&rd=3520&fd=487&bv=22.10.v.10&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3520&rd=3520&fd=487&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
friendshipmale.com/sfp.js
172.64.203.23200 OK 27 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 95bcd426e1565231f337780fa3ece6cd
e4208bfdb20f3a826d87db20650409027ecc42cd
cda428281b8fc34a29b260a8eed1cad27550935629c998dcd2de5ee87cef71d4
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:07 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 3538ffc6a7115b8e4df80247df325e6c
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 01 Dec 2022 21:42:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9fMT%2FUpTlrl3UTF5SFSEgonMeIogjYZPKKxKd5LPVfETB%2F%2BV2qmBIKpsw6VIXh3JJ0uo5GmP1QYOJ1kNwSv4C5GDY2pnYWVUT3MHl%2BlgbW1OukWyS4BPAUgAeSu9Yu%2Ff9cdugVk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efda639010091-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=112
173.233.139.164200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=112
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=112 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9186
Expires: Fri, 02 Dec 2022 00:15:14 GMT
Date: Thu, 01 Dec 2022 21:42:08 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9186
Expires: Fri, 02 Dec 2022 00:15:14 GMT
Date: Thu, 01 Dec 2022 21:42:08 GMT
Connection: keep-alive
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
172.64.162.22200 OK 400 kB URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 400 kB (400231 bytes)
Hash a40bb8de526136cb870f79c17888ed79
3d3f93089579daacb891ef5b8a19e2a409c91752
98ed5370cab64240e6d3b0ce166fc83e4492f40cb1f5393a0ce440d16ea937e2
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-1826d2b9f14"
last-modified: Fri, 05 Aug 2022 08:42:31 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 10241879
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6iCA5WYGbt2RiwClJkMjh1i5FjznFmdaW3W5%2FvhPDlMVoCJqKPk9qAdCwZIfg8Oi2m9CbxOtz2qE%2B19kecn99jlYf4SnIuH1u0xeu2%2B3%2FkDyE72%2FOG%2B6E5FMEbEHl9E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c7fef74f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0f3fa70c4b85f9af8be81db15f2473b6
e5dadf573bde48707d00993b7a0301f7303f1a73
ede2da5cda82417700a040d95008b37aa7a30c1eeb053993b82c74fabbff65ea
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EDE2DA5CDA82417700A040D95008B37AA7A30C1EEB053993B82C74FABBFF65EA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9186
Expires: Fri, 02 Dec 2022 00:15:14 GMT
Date: Thu, 01 Dec 2022 21:42:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3c0282fb1989711e4a48dce935bf7813
30bed8a42fc820e4feb64bd22ddfefe120889014
81e304f070d6b7aa4dc67c727523578cd18a665a5cfe674a3b1391f3f39fc11a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "81E304F070D6B7AA4DC67C727523578CD18A665A5CFE674A3B1391F3F39FC11A"
Last-Modified: Thu, 01 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9924
Expires: Fri, 02 Dec 2022 00:27:32 GMT
Date: Thu, 01 Dec 2022 21:42:08 GMT
Connection: keep-alive
d3t87ooo0697p8.cloudfront.net/?oootd=971975
143.204.42.2200 OK 112 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP 143.204.42.2:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Size 112 kB (112494 bytes)
Hash 94be1a9180b5f7ab1f7582567d5a64cd
378686206d6ed0e9bf53b8aed6d3ab5986951edb
1d232594845114b32fd73595272bbc90bd8636f5bfeacf2c76a01269c2810803
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 112494
date: Thu, 01 Dec 2022 21:42:08 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NaK_mZsy5qwN_pbbA5JDValvMPuzemtjPmYZhIRaeaUGpJv8OFxzrQ==
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/ae/aa/f6/aeaaf64c11bf62877f097a925a641d6b/1669388807.png
45.133.44.9200 OK 91 kB URL HTTP/2 cdn.cloudimagesb.com/si/ae/aa/f6/aeaaf64c11bf62877f097a925a641d6b/1669388807.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c1718772ca810c6c121fa1d02672bb44
22c20701dcd78b1bd41ada8b04576f73d3e42253
91561b48a3e4957afb6aaefbfa5c6463534db30a9bdc2a0f0aabbeef28486a33
GET /si/ae/aa/f6/aeaaf64c11bf62877f097a925a641d6b/1669388807.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:08 GMT
content-type: image/png
content-length: 91434
server: nginx/1.17.6
last-modified: Fri, 25 Nov 2022 15:06:56 GMT
etag: "6380da10-1652a"
expires: Sat, 03 Dec 2022 21:42:08 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/28/d6/a4/28d6a403173def438ad97dc6687ec5eb/1669910284.png
45.133.44.9200 OK 78 kB URL HTTP/2 cdn.cloudimagesb.com/si/28/d6/a4/28d6a403173def438ad97dc6687ec5eb/1669910284.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash f073aaf0ef05830f8ac9db84fc0dd661
ef3d1adef699a050c829ae76084cf1ce9ae54cd0
8afdd964d1a19e9177174a08456e129ceda215587326ead6bc10b0557859c541
GET /si/28/d6/a4/28d6a403173def438ad97dc6687ec5eb/1669910284.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:08 GMT
content-type: image/png
content-length: 77811
server: nginx/1.17.6
last-modified: Thu, 01 Dec 2022 15:58:13 GMT
etag: "6388cf15-12ff3"
expires: Sat, 03 Dec 2022 21:42:08 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=144
173.233.139.164200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=144
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=144 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=150
173.233.139.164200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=150
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=150 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214207%3Aet%3A1669930927%3Ac%3A1%3Arn%3A202722101%3Arqn%3A9%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1669930922738%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669930927&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214207%3Aet%3A1669930927%3Ac%3A1%3Arn%3A202722101%3Arqn%3A9%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1669930922738%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669930927&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214207%3Aet%3A1669930927%3Ac%3A1%3Arn%3A202722101%3Arqn%3A9%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1669930922738%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669930927&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 01 Dec 2022 21:42:08 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:08 GMT
last-modified: Thu, 01-Dec-2022 21:42:08 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214207%3Aet%3A1669930927%3Ac%3A1%3Arn%3A823438010%3Arqn%3A8%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1669930922738%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930927%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29ti%282%29
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214207%3Aet%3A1669930927%3Ac%3A1%3Arn%3A823438010%3Arqn%3A8%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1669930922738%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930927%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214207%3Aet%3A1669930927%3Ac%3A1%3Arn%3A823438010%3Arqn%3A8%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1669930922738%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930927%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 01 Dec 2022 21:42:08 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:08 GMT
last-modified: Thu, 01-Dec-2022 21:42:08 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 67 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 17b33238d4affcf93d221246010f85a8
909075ad5c6536742a447978a872661358c65dd2
2f13fc84ca4ef19a1ae2908009e371f4233f0807fe2a096e63d9fae2423c156e
GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:08 GMT
content-length: 0
set-cookie: nauid=f6SsVIvFEVvNychdQTUA; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:08 GMT
content-length: 0
set-cookie: nauid=gdoAbk2FQygvEmiGqcv7; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:08 GMT
content-length: 0
set-cookie: nauid=GBCPiSg9OFAm0bTStVHz; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:08 GMT
content-length: 0
set-cookie: nauid=TX1qQZiXbYqyS9eGBYc4; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
gedspecificano.com/WEZWMnk5JDVfRjl7NBQMKiprF0seY2R0HWsybgUWNylmBEBvNm4cGjQpI1YfKik4Rlc2IyIXSx4lG3c/Eh88eC0ULzV3PQ0XOX4vYAoUATsvEAdRLhM8OXwhHQRudzggLDBbLDATHkYrEigXAi4wH2d/DgEWF3UaNAdnSiE+AW56IR4Iblc8ChIAcTdoED5gPBUVD3g9aBMgfig8EwFhQSsEPmA/EQ4HYiENKTl4KG0SEGo0CBAuRTgCDiJhPjMlOXgOAiIESDMrExd4HBYRLmM4PwAuaEgRHhdFNysTF3gxEwUyZzswEC9xSTsHF3YVfXQQZBE7AhcAVCAXF1kwayQQdAMZHhAKLRkPDGgxLBUAZCwxDzECIRkhMgUsPwsXUSEwFRdKLyIjB2AbCS8HRD0NKQBRDmESF1UvLiMDYDEcHhcUEyspOEJEASgHfB0wdB9THmEQPg
108.157.214.49200 OK 1.2 kB URL HTTP/2 gedspecificano.com/WEZWMnk5JDVfRjl7NBQMKiprF0seY2R0HWsybgUWNylmBEBvNm4cGjQpI1YfKik4Rlc2IyIXSx4lG3c/Eh88eC0ULzV3PQ0XOX4vYAoUATsvEAdRLhM8OXwhHQRudzggLDBbLDATHkYrEigXAi4wH2d/DgEWF3UaNAdnSiE+AW56IR4Iblc8ChIAcTdoED5gPBUVD3g9aBMgfig8EwFhQSsEPmA/EQ4HYiENKTl4KG0SEGo0CBAuRTgCDiJhPjMlOXgOAiIESDMrExd4HBYRLmM4PwAuaEgRHhdFNysTF3gxEwUyZzswEC9xSTsHF3YVfXQQZBE7AhcAVCAXF1kwayQQdAMZHhAKLRkPDGgxLBUAZCwxDzECIRkhMgUsPwsXUSEwFRdKLyIjB2AbCS8HRD0NKQBRDmESF1UvLiMDYDEcHhcUEyspOEJEASgHfB0wdB9THmEQPg
IP 108.157.214.49:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3043), with no line terminators
Hash 04487da8705b6a6a1325a0638b36b7bb
03d00ea6c36fde989e2d40b37485b9c7b22eb6c4
a17a88b18f6b8aab83c61d9ba9e38ba3a5cb9ca4da71b0f1e0f94f00833a0181
GET /WEZWMnk5JDVfRjl7NBQMKiprF0seY2R0HWsybgUWNylmBEBvNm4cGjQpI1YfKik4Rlc2IyIXSx4lG3c/Eh88eC0ULzV3PQ0XOX4vYAoUATsvEAdRLhM8OXwhHQRudzggLDBbLDATHkYrEigXAi4wH2d/DgEWF3UaNAdnSiE+AW56IR4Iblc8ChIAcTdoED5gPBUVD3g9aBMgfig8EwFhQSsEPmA/EQ4HYiENKTl4KG0SEGo0CBAuRTgCDiJhPjMlOXgOAiIESDMrExd4HBYRLmM4PwAuaEgRHhdFNysTF3gxEwUyZzswEC9xSTsHF3YVfXQQZBE7AhcAVCAXF1kwayQQdAMZHhAKLRkPDGgxLBUAZCwxDzECIRkhMgUsPwsXUSEwFRdKLyIjB2AbCS8HRD0NKQBRDmESF1UvLiMDYDEcHhcUEyspOEJEASgHfB0wdB9THmEQPg HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1191
date: Thu, 01 Dec 2022 21:42:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: GpPcl66w-Te61ILOehUFbKJ0jqZjJNVm66pkq4ztriT7Jec_RD0E3w==
X-Firefox-Spdy: h2
gedspecificano.com/dkFlUkMXIwY/fBd8B3Q2BC1Yd3EwZFcUJ0U1XWUsGS5VZHpBMV18IBouEDYlBC4LJm0YJBF3cTA1BBcnOiMhAw89AjAZAA42EB5yMw89PBVBGTQQDDoVAhYUHilTFhAwcCAWIBwZJB8mNSxVCxcROVM3cwYYJgEoBRQ3Gw09Eg0AASN1CB40Qgs9FQZTcyMaBQUFADh3FBMkITM5EBEcAgwTERUVIBcuOxIhGTQDMT0qDhUPGAsJCgEwIAFgDhQZNAspPAMRGhcuF1ITKDQPAQo3EgMgCHAULVxgFy4XUhVyRgYGCno8AxwiKhMXHR8bGA8QCnAsDwEKbgUkNDlyRgIJYgYuFgllESQHBDY6AQszJQ4ZIwlnOiEvAWQbNxM/NnAGCyc+JB4IDWcRMigCKBAnGBA2LQIbIj4rHhEJFwVQKxY9LQZ8Ix8CDjENYnQADA
108.157.214.49200 OK 1.2 kB URL HTTP/2 gedspecificano.com/dkFlUkMXIwY/fBd8B3Q2BC1Yd3EwZFcUJ0U1XWUsGS5VZHpBMV18IBouEDYlBC4LJm0YJBF3cTA1BBcnOiMhAw89AjAZAA42EB5yMw89PBVBGTQQDDoVAhYUHilTFhAwcCAWIBwZJB8mNSxVCxcROVM3cwYYJgEoBRQ3Gw09Eg0AASN1CB40Qgs9FQZTcyMaBQUFADh3FBMkITM5EBEcAgwTERUVIBcuOxIhGTQDMT0qDhUPGAsJCgEwIAFgDhQZNAspPAMRGhcuF1ITKDQPAQo3EgMgCHAULVxgFy4XUhVyRgYGCno8AxwiKhMXHR8bGA8QCnAsDwEKbgUkNDlyRgIJYgYuFgllESQHBDY6AQszJQ4ZIwlnOiEvAWQbNxM/NnAGCyc+JB4IDWcRMigCKBAnGBA2LQIbIj4rHhEJFwVQKxY9LQZ8Ix8CDjENYnQADA
IP 108.157.214.49:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash 0df724b741622e9f416e7d9ddd876987
4079a113a83a74dd28005cbb73ba11a92890766e
b65ab69988f991a13c251fd4281af4e5b4a03956176d56a40dc44b930854b97d
GET /dkFlUkMXIwY/fBd8B3Q2BC1Yd3EwZFcUJ0U1XWUsGS5VZHpBMV18IBouEDYlBC4LJm0YJBF3cTA1BBcnOiMhAw89AjAZAA42EB5yMw89PBVBGTQQDDoVAhYUHilTFhAwcCAWIBwZJB8mNSxVCxcROVM3cwYYJgEoBRQ3Gw09Eg0AASN1CB40Qgs9FQZTcyMaBQUFADh3FBMkITM5EBEcAgwTERUVIBcuOxIhGTQDMT0qDhUPGAsJCgEwIAFgDhQZNAspPAMRGhcuF1ITKDQPAQo3EgMgCHAULVxgFy4XUhVyRgYGCno8AxwiKhMXHR8bGA8QCnAsDwEKbgUkNDlyRgIJYgYuFgllESQHBDY6AQszJQ4ZIwlnOiEvAWQbNxM/NnAGCyc+JB4IDWcRMigCKBAnGBA2LQIbIj4rHhEJFwVQKxY9LQZ8Ix8CDjENYnQADA HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Thu, 01 Dec 2022 21:42:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: JfJ6FxY4r2F4WX8yzQsiC2W3nQm5Slus0EYUQtcDasWeo-oYZGx9Kw==
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/style.css
172.64.108.13200 OK 2.7 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/style.css
IP 172.64.108.13:0
Hash e77f06aa439dfb598e5c240b65a794ab
b345c050d9c0f272bdf2cf58e4a4f843c963591c
10ed2ab1b4ed901941b600d2b700142172e59710117613d51b0388530e8e97fb
GET /sb/ssp/utility/social-media/facebook/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:08 GMT
content-type: text/css
last-modified: Fri, 27 Aug 2021 12:19:14 GMT
etag: W/"6128d842-18be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1410634
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PyFqGqBQX5vtyN1f8LFJx4lype6Y7Z0NhSMieihH%2FV8qlB3sMDKVWs64yBF4KXG4YKF%2FcP92Ko7NJCR%2FtY5rWCnqM22J5eMVtgYqVrhqnccOLdHcvlaulz1p9jS3p%2Fi5EUYKQ%2BC8DeSQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efdaefa6a004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
172.64.108.13200 OK 5.3 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
IP 172.64.108.13:0
Hash 011d0d0557e208c1d0a1db2b429f8976
37f6aed189e345ee5e74f7b4aa0370575e74cef1
39413c71346e68665c5ed8fd98212900e851496ad9e5f4e04e18e036340c4e49
GET /sb/ssp/utility/social-media/facebook/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:08 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1410634
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e2mvG6xKwzypaZDXFSsPBT%2Bu10hQ3c1GObKnn77cbfo5g74Lm73S7BZrbp%2FCtzr12JSF4JB8LylOqsvXSGXv5mCw7PtX0li%2FiPxuEv0sPD8xBpQDsyVlLDAeTNdktOAjTOD8Q8BdWhwC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efdaefa70004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=158
173.233.139.164200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=158
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=158 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ummerciseha.com/THpJS2NjRSo4XgMsIQEwfDcHKlAkQi0sFzkfegUZDT0PblEOHAECRTgTLXZaekh5elFqCiAvXn1CbzgXLQ48OF59XCAlBSNHbz1efVR5ZVFiSG8+Xn1cPTsCK0d4bRM4DiV2UnpMcHJQfEN7fFJ6SA
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/THpJS2NjRSo4XgMsIQEwfDcHKlAkQi0sFzkfegUZDT0PblEOHAECRTgTLXZaekh5elFqCiAvXn1CbzgXLQ48OF59XCAlBSNHbz1efVR5ZVFiSG8+Xn1cPTsCK0d4bRM4DiV2UnpMcHJQfEN7fFJ6SA
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /THpJS2NjRSo4XgMsIQEwfDcHKlAkQi0sFzkfegUZDT0PblEOHAECRTgTLXZaekh5elFqCiAvXn1CbzgXLQ48OF59XCAlBSNHbz1efVR5ZVFiSG8+Xn1cPTsCK0d4bRM4DiV2UnpMcHJQfEN7fFJ6SA HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:42:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3izpSfD4Xo9aseHPmM2MtxS6y4uCtYMn4lyoWfoYiqZjKtO9%2FYBi%2BJrH75UQR%2BfI%2FIQBHsGqzUECItCN1WdqdXt%2FPQNCLQ5smoB5ezfuQuf6%2BfRDAdmdM%2F7t6m0ArY6mQng%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efdb15cd70b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ummerciseha.com/STBPTU1mDyw+cC1KBTosHkALDwgPVRp9dQtjGQ8sG2ENCxgfBGk5JC0Ndnt/eQF7az0gVHJ8azpELjk4Og1+ayQnViBwaz8NfmN+fR58fGN4FjpwfG9EPywqdAFpPTk9XHJ8e38Jdn59cAJ4f31/
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/STBPTU1mDyw+cC1KBTosHkALDwgPVRp9dQtjGQ8sG2ENCxgfBGk5JC0Ndnt/eQF7az0gVHJ8azpELjk4Og1+ayQnViBwaz8NfmN+fR58fGN4FjpwfG9EPywqdAFpPTk9XHJ8e38Jdn59cAJ4f31/
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /STBPTU1mDyw+cC1KBTosHkALDwgPVRp9dQtjGQ8sG2ENCxgfBGk5JC0Ndnt/eQF7az0gVHJ8azpELjk4Og1+ayQnViBwaz8NfmN+fR58fGN4FjpwfG9EPywqdAFpPTk9XHJ8e38Jdn59cAJ4f31/ HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:42:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ggQsigtLcEXsv6JyvYZk8BXf0GVR2B55Kjgy9A3nXgEV56hpbYLQMRmRJd%2FoTQ2klF4sAVHcKSS7xdx%2B7rJosEH79nJ4Zkh74mLIqe7J5SKRO8Mo2MJSbtkCyBaYW1H5AFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efdb15cdd0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tallysaturatesnare.com/pixel/sbs?c=1
192.243.61.225200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbs?c=1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTvLBh0GIkosHzZCLCjLbP2Z2ZxJkMcaEYExiEsm5uqp6ptyarqaqa3oyHlwSkBVEZ28ePPQ%2Bs5tFDdHcvAhhNhdZENIeZA9Z9G8Q9ibIzA6svlD1PlXPW%2FA871ufbbh94sPRvRsf6KFUii40637tjTsy5bqwtWu3a4Ff98%2FX7sh0sXG%2BNphupn8u8Jt1%2F83aZcFW9ELoB74f%2BEHtkjQi0YOFGQuZPWwH9bZfb4T1oNnAwPz3bJ0HSz3w%2Fj55GZJX%2F%2Bv%2B8hiSTZD2frwo7Equs7fe6zlFc23Q59sfpSupLlL0jmBiPCTp9rwa2laEfH0MOt2eO4Dub04dIJYV8X4PEKfbc5mI%2B1uHSmMFkSLmJ1H0JxBqAkknYPo%2BJH9GAMZx7TrS3oNr2hT07iFLp2xFThz8BVlU5MTz00h7jy4oOajd0srlUqcWg6SEHEwgOxNkbgf50IMsdsDye5D8V7JwcBVpb%2FO6VRqSlzP3Uk4gkwmUGIFaD266pAeXeHCZhx7fq9FmO%2FH9pSROoqjVYIxFEWPN1iJv8qjRSnw4NpU3Qp6NwNQIzKwiM6tYkesVIfc2YdwT2G4Jyz3YvCLeh6vo8xKFICgsQUEJCklQ5ARFv9ziyoa2fMCVdXEwz%2BE8R%2BVY550NuqXzjkjJRrZPXpo2x3vx09exIvZqYZCIqN30k0YQCj9cZFGUBPEiE2IxiERMYWUJaY%2FN%2FA5lRV5rnkQmK%2FL%2F5SeI6Q6s2gGTp0Ddq6DFeCn0QbvjRsvHMP0ppbkzVHUFVXnXameYqDPlYnBdIstPIL%2Frbah98spsYOfePgXBdpefDv%2B8%2FOj0J2CmRGZKfCyfEnTU2vimLsjmTV1Y8vh6lsueHNLpMG%2FlNBfHv3tf3C204Vcu2tG377ApMYUPbwubX6Upl2nHku8vSM6FuaQNE%2BTnK%2FaOiG84273gTOqyqzfevXSllxlhrdTpBFQ%2Bs1%2BAyYq8sPbl7JueOWsgzQTGlei5XTIPSD0By1ZhsyP1VhMYdVQTZx4KV45NGB9dKlmR8KvnUGJ3ef2bP9zB32dB4xJW%2FOvhEd6wa%2BgYDzS%2Fj7RXom9K9FUJqkaw7vg4z8zu8m%2FRLBArbxwr423Gyqj1w%2FZauVdrBg3RiltLjPNYMB4shVEr8v2Q88ZSWwRt5LZin5%2F54R8AAAD%2F%2FwEAAP%2F%2F7vvwMYIEAAA%3D
192.243.61.225200 OK 190 B URL HTTP/1.1 tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTvLBh0GIkosHzZCLCjLbP2Z2ZxJkMcaEYExiEsm5uqp6ptyarqaqa3oyHlwSkBVEZ28ePPQ%2Bs5tFDdHcvAhhNhdZENIeZA9Z9G8Q9ibIzA6svlD1PlXPW%2FA871ufbbh94sPRvRsf6KFUii40637tjTsy5bqwtWu3a4Ff98%2FX7sh0sXG%2BNphupn8u8Jt1%2F83aZcFW9ELoB74f%2BEHtkjQi0YOFGQuZPWwH9bZfb4T1oNnAwPz3bJ0HSz3w%2Fj55GZJX%2F%2Bv%2B8hiSTZD2frwo7Equs7fe6zlFc23Q59sfpSupLlL0jmBiPCTp9rwa2laEfH0MOt2eO4Dub04dIJYV8X4PEKfbc5mI%2B1uHSmMFkSLmJ1H0JxBqAkknYPo%2BJH9GAMZx7TrS3oNr2hT07iFLp2xFThz8BVlU5MTz00h7jy4oOajd0srlUqcWg6SEHEwgOxNkbgf50IMsdsDye5D8V7JwcBVpb%2FO6VRqSlzP3Uk4gkwmUGIFaD266pAeXeHCZhx7fq9FmO%2FH9pSROoqjVYIxFEWPN1iJv8qjRSnw4NpU3Qp6NwNQIzKwiM6tYkesVIfc2YdwT2G4Jyz3YvCLeh6vo8xKFICgsQUEJCklQ5ARFv9ziyoa2fMCVdXEwz%2BE8R%2BVY550NuqXzjkjJRrZPXpo2x3vx09exIvZqYZCIqN30k0YQCj9cZFGUBPEiE2IxiERMYWUJaY%2FN%2FA5lRV5rnkQmK%2FL%2F5SeI6Q6s2gGTp0Ddq6DFeCn0QbvjRsvHMP0ppbkzVHUFVXnXameYqDPlYnBdIstPIL%2Frbah98spsYOfePgXBdpefDv%2B8%2FOj0J2CmRGZKfCyfEnTU2vimLsjmTV1Y8vh6lsueHNLpMG%2FlNBfHv3tf3C204Vcu2tG377ApMYUPbwubX6Upl2nHku8vSM6FuaQNE%2BTnK%2FaOiG84273gTOqyqzfevXSllxlhrdTpBFQ%2Bs1%2BAyYq8sPbl7JueOWsgzQTGlei5XTIPSD0By1ZhsyP1VhMYdVQTZx4KV45NGB9dKlmR8KvnUGJ3ef2bP9zB32dB4xJW%2FOvhEd6wa%2BgYDzS%2Fj7RXom9K9FUJqkaw7vg4z8zu8m%2FRLBArbxwr423Gyqj1w%2FZauVdrBg3RiltLjPNYMB4shVEr8v2Q88ZSWwRt5LZin5%2F54R8AAAD%2F%2FwEAAP%2F%2F7vvwMYIEAAA%3D
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash fb5cc649a2e92a32ba701e45d31c4bf1
3a24dc531f6ff5ac1f09481b0254a593522d273e
2d592fd3ad5b0d0d6a5ca389394b56594198c93e51003ae3cd2da8e889db3dd6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTvLBh0GIkosHzZCLCjLbP2Z2ZxJkMcaEYExiEsm5uqp6ptyarqaqa3oyHlwSkBVEZ28ePPQ%2Bs5tFDdHcvAhhNhdZENIeZA9Z9G8Q9ibIzA6svlD1PlXPW%2FA871ufbbh94sPRvRsf6KFUii40637tjTsy5bqwtWu3a4Ff98%2FX7sh0sXG%2BNphupn8u8Jt1%2F83aZcFW9ELoB74f%2BEHtkjQi0YOFGQuZPWwH9bZfb4T1oNnAwPz3bJ0HSz3w%2Fj55GZJX%2F%2Bv%2B8hiSTZD2frwo7Equs7fe6zlFc23Q59sfpSupLlL0jmBiPCTp9rwa2laEfH0MOt2eO4Dub04dIJYV8X4PEKfbc5mI%2B1uHSmMFkSLmJ1H0JxBqAkknYPo%2BJH9GAMZx7TrS3oNr2hT07iFLp2xFThz8BVlU5MTz00h7jy4oOajd0srlUqcWg6SEHEwgOxNkbgf50IMsdsDye5D8V7JwcBVpb%2FO6VRqSlzP3Uk4gkwmUGIFaD266pAeXeHCZhx7fq9FmO%2FH9pSROoqjVYIxFEWPN1iJv8qjRSnw4NpU3Qp6NwNQIzKwiM6tYkesVIfc2YdwT2G4Jyz3YvCLeh6vo8xKFICgsQUEJCklQ5ARFv9ziyoa2fMCVdXEwz%2BE8R%2BVY550NuqXzjkjJRrZPXpo2x3vx09exIvZqYZCIqN30k0YQCj9cZFGUBPEiE2IxiERMYWUJaY%2FN%2FA5lRV5rnkQmK%2FL%2F5SeI6Q6s2gGTp0Ddq6DFeCn0QbvjRsvHMP0ppbkzVHUFVXnXameYqDPlYnBdIstPIL%2Frbah98spsYOfePgXBdpefDv%2B8%2FOj0J2CmRGZKfCyfEnTU2vimLsjmTV1Y8vh6lsueHNLpMG%2FlNBfHv3tf3C204Vcu2tG377ApMYUPbwubX6Upl2nHku8vSM6FuaQNE%2BTnK%2FaOiG84273gTOqyqzfevXSllxlhrdTpBFQ%2Bs1%2BAyYq8sPbl7JueOWsgzQTGlei5XTIPSD0By1ZhsyP1VhMYdVQTZx4KV45NGB9dKlmR8KvnUGJ3ef2bP9zB32dB4xJW%2FOvhEd6wa%2BgYDzS%2Fj7RXom9K9FUJqkaw7vg4z8zu8m%2FRLBArbxwr423Gyqj1w%2FZauVdrBg3RiltLjPNYMB4shVEr8v2Q88ZSWwRt5LZin5%2F54R8AAAD%2F%2FwEAAP%2F%2F7vvwMYIEAAA%3D HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e01319c0ac8fcbd935e08fc08c8ae014
Strict-Transport-Security: max-age=0; includeSubdomains
whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=40
173.233.139.164200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=40
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=40 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=45
173.233.139.164200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=45
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=45 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ummerciseha.com/TnJmR0RhTQU0eQBBDi0dJRUuFgI+JgUWEgInMBV8DEIKFBN9N0AzLSpPX3B1d0VTYTQnFlt0dmgBEiYwOwFbdXR+RUAuKigdW3ZiOE9WaXxgQ1VpdGgHW3ZiOgIHIHl/VBYzMCJPV3Fyd0tVd318RVdydA
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/TnJmR0RhTQU0eQBBDi0dJRUuFgI+JgUWEgInMBV8DEIKFBN9N0AzLSpPX3B1d0VTYTQnFlt0dmgBEiYwOwFbdXR+RUAuKigdW3ZiOE9WaXxgQ1VpdGgHW3ZiOgIHIHl/VBYzMCJPV3Fyd0tVd318RVdydA
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TnJmR0RhTQU0eQBBDi0dJRUuFgI+JgUWEgInMBV8DEIKFBN9N0AzLSpPX3B1d0VTYTQnFlt0dmgBEiYwOwFbdXR+RUAuKigdW3ZiOE9WaXxgQ1VpdGgHW3ZiOgIHIHl/VBYzMCJPV3Fyd0tVd318RVdydA HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:42:09 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0HPS3mPtsn4UzcRMJEoumNevv8TTncnPY2XgdnlkEyjbdpl1%2FRKVMoi%2BDoF%2B8k38Wf8S0fvztl2MSozbdyv2SbO1d%2B2xYNZ%2FtouB6vFryQ%2BtsCW%2BXrsWvqzDWM7MeDHrX7Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efdb1dd4e0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ummerciseha.com/QmNvaE9tXAwbciY3LTEWKRspKwgENws9LAYCAzp7EDIpGBhxNkkcJiZeVl9+e1RaTj8rB1JbfWQQGwk7NxBSWWkrDQkHcmQVUlhhek1eW2FyRRpVfmQXHwkof1JJGDs2D1JZeXRaVlt/e1FYWXt6
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/QmNvaE9tXAwbciY3LTEWKRspKwgENws9LAYCAzp7EDIpGBhxNkkcJiZeVl9+e1RaTj8rB1JbfWQQGwk7NxBSWWkrDQkHcmQVUlhhek1eW2FyRRpVfmQXHwkof1JJGDs2D1JZeXRaVlt/e1FYWXt6
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QmNvaE9tXAwbciY3LTEWKRspKwgENws9LAYCAzp7EDIpGBhxNkkcJiZeVl9+e1RaTj8rB1JbfWQQGwk7NxBSWWkrDQkHcmQVUlhhek1eW2FyRRpVfmQXHwkof1JJGDs2D1JZeXRaVlt/e1FYWXt6 HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:42:09 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2emZiVPSeStaI4wf4oG8aAw%2B1SHLFb9Zlc%2BCMBHnhR4dXBzdogxqlSD%2F7D6d5ruobXJrxHpYmOIzanIxL9XzNMJpLzcnoWOX9eJ42QMQ0iPMMEzCcV5brlGG9Lc1qEFoMo4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efdb1ed550b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/cMEFJYjJTLicEDUQoLV8LB3BwVQcWKzoNXEB8EAxjfiUhUHtRJnA0WhY1MwYPAGclA1xXfG8HXFN8eERTVCN0VhREMSYJD0UvLQdUWS8sBhRFIHQPXUooJQ5TFXMPVxwAZHtSGkcoJwZdRzJsUAJeNWxQAgFxZ1IXAwNsUAJHKCdUBhVyC0cAADl/VhcDA2-xQAkI3bFFzAXF8TAIZZHtSVVUiIg0XAgd7UgMAcXhSAxVzeQRbQiQvDUoVcw9TAgVveURHDXA
143.204.42.2200 OK 326 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/cMEFJYjJTLicEDUQoLV8LB3BwVQcWKzoNXEB8EAxjfiUhUHtRJnA0WhY1MwYPAGclA1xXfG8HXFN8eERTVCN0VhREMSYJD0UvLQdUWS8sBhRFIHQPXUooJQ5TFXMPVxwAZHtSGkcoJwZdRzJsUAJeNWxQAgFxZ1IXAwNsUAJHKCdUBhVyC0cAADl/VhcDA2-xQAkI3bFFzAXF8TAIZZHtSVVUiIg0XAgd7UgMAcXhSAxVzeQRbQiQvDUoVcw9TAgVveURHDXA
IP 143.204.42.2:0
File type ASCII text, with very long lines (417), with no line terminators
Hash 564d8fe187f4169f092a85f0d3c685c1
93b4cfa0b3262d38d5160ef86d6282d02cd11191
2deb803a14ad1457212cca43b3823d3a6b1a904ac997d5b04b34763021f2ae8c
GET /cMEFJYjJTLicEDUQoLV8LB3BwVQcWKzoNXEB8EAxjfiUhUHtRJnA0WhY1MwYPAGclA1xXfG8HXFN8eERTVCN0VhREMSYJD0UvLQdUWS8sBhRFIHQPXUooJQ5TFXMPVxwAZHtSGkcoJwZdRzJsUAJeNWxQAgFxZ1IXAwNsUAJHKCdUBhVyC0cAADl/VhcDA2-xQAkI3bFFzAXF8TAIZZHtSVVUiIg0XAgd7UgMAcXhSAxVzeQRbQiQvDUoVcw9TAgVveURHDXA HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gedspecificano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 326
date: Thu, 01 Dec 2022 21:42:09 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3CTRS-JuQ8RZqwYKHBEuonX1CyDSv4TvBdj8dFkBB6XZBZqi11RA7w==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/qakhGQksJJygkdB4hIn9yXHp2c3lMIjUtJRp1DjQnHHo1CiMFPSUmbR4yIn97TCQnLCxXbiMsKFd5YCMvCHVyZD4LdSstMQMkKiNuWA5zbHtPenZqPAMmIi08GW10ciUebXRyelpmdmd4KG10cjwDJnB2blkKY3B7En5yZ3gobXRyORxtdQN6Wn1ocmJPen-YlLgkjKWd5LHp2c3taeXZzblh4ICs5Dy4pOm5YDndyfkR4YDd2Ww
143.204.42.2200 OK 185 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/qakhGQksJJygkdB4hIn9yXHp2c3lMIjUtJRp1DjQnHHo1CiMFPSUmbR4yIn97TCQnLCxXbiMsKFd5YCMvCHVyZD4LdSstMQMkKiNuWA5zbHtPenZqPAMmIi08GW10ciUebXRyelpmdmd4KG10cjwDJnB2blkKY3B7En5yZ3gobXRyORxtdQN6Wn1ocmJPen-YlLgkjKWd5LHp2c3taeXZzblh4ICs5Dy4pOm5YDndyfkR4YDd2Ww
IP 143.204.42.2:0
File type ASCII text, with no line terminators
Hash 750fbe97a142048b58ddc30715a65681
75829bb07b847bc198c11ed005d8e52c213b3997
e26c6a1bc3f29dda504cb7cb0faa014ad0edc6fd84c862b5e6f226b99ed20df5
GET /qakhGQksJJygkdB4hIn9yXHp2c3lMIjUtJRp1DjQnHHo1CiMFPSUmbR4yIn97TCQnLCxXbiMsKFd5YCMvCHVyZD4LdSstMQMkKiNuWA5zbHtPenZqPAMmIi08GW10ciUebXRyelpmdmd4KG10cjwDJnB2blkKY3B7En5yZ3gobXRyORxtdQN6Wn1ocmJPen-YlLgkjKWd5LHp2c3taeXZzblh4ICs5Dy4pOm5YDndyfkR4YDd2Ww HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gedspecificano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 185
date: Thu, 01 Dec 2022 21:42:09 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ymEgZmvjnrLBCexyFqadobalwpo-mhFZDpTNfu5pNFueFOyuoqnw8Q==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/taEdLbDQLKCUKCxwuL1ENXnV7XQBOLTgDWhh6DSF1EDcjXAMeCm0YTgx6e0pYCSksURINKShRBU4mLw4JXGE/HFsDej4bRAspOQtNAzRtGVVVKiQWXQQrKkkGLnJlXBFad2MbXQYjJBtHTXV7AkBNdXtdBEZ3bl92TXV7G10GcX9JBypieVxMXnNuX3ZNdX-seQk10Cl0EXWl7RRFadywJVwMobl5yWnd6XARZd3pJBlghIh5RDigzSQYudntZGlhhPlEF
143.204.42.2200 OK 573 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/taEdLbDQLKCUKCxwuL1ENXnV7XQBOLTgDWhh6DSF1EDcjXAMeCm0YTgx6e0pYCSksURINKShRBU4mLw4JXGE/HFsDej4bRAspOQtNAzRtGVVVKiQWXQQrKkkGLnJlXBFad2MbXQYjJBtHTXV7AkBNdXtdBEZ3bl92TXV7G10GcX9JBypieVxMXnNuX3ZNdX-seQk10Cl0EXWl7RRFadywJVwMobl5yWnd6XARZd3pJBlghIh5RDigzSQYudntZGlhhPlEF
IP 143.204.42.2:0
File type ASCII text, with very long lines (818), with no line terminators
Hash cf765a425991aa40cb913530dcaa8226
79ac28721204046bbe363a330b7423569853bece
fc95b8111bffa1b79eeafa69384848c30e71fbdb2787485b6b2af6b09714031b
GET /taEdLbDQLKCUKCxwuL1ENXnV7XQBOLTgDWhh6DSF1EDcjXAMeCm0YTgx6e0pYCSksURINKShRBU4mLw4JXGE/HFsDej4bRAspOQtNAzRtGVVVKiQWXQQrKkkGLnJlXBFad2MbXQYjJBtHTXV7AkBNdXtdBEZ3bl92TXV7G10GcX9JBypieVxMXnNuX3ZNdX-seQk10Cl0EXWl7RRFadywJVwMobl5yWnd6XARZd3pJBlghIh5RDigzSQYudntZGlhhPlEF HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gedspecificano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 573
date: Thu, 01 Dec 2022 21:42:09 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Oflg8_35hIPWayOQJ0SXcOhnepppcPDXUKkrYeOHWRsHMAEWBysGjA==
X-Firefox-Spdy: h2
whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=37
173.233.139.164200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=37
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=37 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4432410517c3bfe647c21ff3759d9edf
48412b84d329f63a66928a41dc80a712f3ce435f
4fbe6cc6b92672eec639058715e590f819c225fdc5e8e0f1a49ab482bf1f2cb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4432410517c3bfe647c21ff3759d9edf
48412b84d329f63a66928a41dc80a712f3ce435f
4fbe6cc6b92672eec639058715e590f819c225fdc5e8e0f1a49ab482bf1f2cb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8a48642d82eee3c432a3f38879f9541b
f53e46a8406bbad51319826db59b6c265622241f
33a0510300258746dda57d56cf6fec74147cd138f7bae2c609d0976841fc3adc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2997
Cache-Control: max-age=96657
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:09 GMT
Etag: "6387ea8d-1d7"
Expires: Sat, 03 Dec 2022 00:33:06 GMT
Last-Modified: Wed, 30 Nov 2022 23:43:09 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14782
Expires: Fri, 02 Dec 2022 01:48:31 GMT
Date: Thu, 01 Dec 2022 21:42:09 GMT
Connection: keep-alive
gedspecificano.com/utx?cb=GxILy0smuHsn&top=xfantazy.com&tid=971975
108.157.214.49204 No Content 0 B URL HTTP/2 gedspecificano.com/utx?cb=GxILy0smuHsn&top=xfantazy.com&tid=971975
IP 108.157.214.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=GxILy0smuHsn&top=xfantazy.com&tid=971975 HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:42:09 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 01 Dec 2022 21:43:09 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 1IzRG1w6X62k2vOrnG6AOo71uk8cha_eCT5qBcnf32Df8iqF1VHfIQ==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash fa1b4a2d05801fbf0857ff81c2ce0c72
49a863638c2d42aeeec37ee239150aeee5250e8f
0a9bb5b9c8a6ec3f0ac6bc4803df9212024fd67af0b2cc1810b4590e8c7ac078
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 21:42:09 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1443745951%3A1669930929272010&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvaYuBLB1Wa0qLFsrD450HE2arRYfZtjVR7LP69yPTmMzOu8VsQDawobMWhI9gIWSkeE5UDHw
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-oaXn0Vw07ZEpFTVXZFY3VA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:lI0X4UcLvEVP-wuv0WSt7z3tPdGmEg:fMNkJUckJalIk_IG;Path=/;Expires=Sat, 30-Nov-2024 21:42:09 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gedspecificano.com/utx?cb=Zq1q1tuf8MRE&top=xfantazy.com&tid=962014
108.157.214.49204 No Content 0 B URL HTTP/2 gedspecificano.com/utx?cb=Zq1q1tuf8MRE&top=xfantazy.com&tid=962014
IP 108.157.214.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Zq1q1tuf8MRE&top=xfantazy.com&tid=962014 HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 21:42:09 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 01 Dec 2022 21:43:09 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: SafB3nCm-HW3rFPC2UH6DfloNVHUkkMknLslwg-YahtFoltBjQo43A==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 28428035f866478c1fc1bf675f701dea
0a8eef2ec615c20018328334b2d2771917d6052e
c4cad8fcb2f50a8fe492b2df209e245326bce8cf0bf4d6b03038874470651ccd
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 21:42:09 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-704191492%3A1669930929284696&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuO-tJf-8368l-1KyIbQGAcoYzMDJgFkZHzZD6jDObKQ_wucY9KibfaS5HzftqYu_Yb5POnQQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-YjtRcy0epYhFxNtXl15UOw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:aOwp_i6wwLOHE2I-agZOdLWa8aGJpA:woviaWL2u52Sj6NZ;Path=/;Expires=Sat, 30-Nov-2024 21:42:09 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8a48642d82eee3c432a3f38879f9541b
f53e46a8406bbad51319826db59b6c265622241f
33a0510300258746dda57d56cf6fec74147cd138f7bae2c609d0976841fc3adc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2997
Cache-Control: max-age=96657
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:09 GMT
Etag: "6387ea8d-1d7"
Expires: Sat, 03 Dec 2022 00:33:06 GMT
Last-Modified: Wed, 30 Nov 2022 23:43:09 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14782
Expires: Fri, 02 Dec 2022 01:48:31 GMT
Date: Thu, 01 Dec 2022 21:42:09 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
172.64.173.27200 OK 113 kB IP 172.64.173.27:0
Size 113 kB (113037 bytes)
Hash e70ebcd35b4dace9773adf66c3f8b63b
eb47021bdb6acaf7a480d2d256f1c08c89e6e694
d53424cbf302362613796a6a942120d9c2d11ad02ed9a44252b89c5c0103a9e4
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5605
last-modified: Thu, 01 Dec 2022 20:08:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0DQDVa%2FgIjMKH0FWlhk3zIjVmG0d24NfGWkdfEY7rLJN7Wf%2BoJd%2FTEFuMWHmX5%2BWiWck4DOZeS6pjjJordX7qecp%2BFcJGddyOLhsS%2Bi3tzB8w%2BaNgIzBisNOAw0ikGm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efdb4385076c3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d37691429e1a25a71f8cdf06dd749bfa
7c4213e475b377bae45346f124ca7e0089eb0a9d
a1c24d98c40cff7c6c407c911e90f72dbdbccac850d43b00a78bb835b710d8ae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4910
Cache-Control: max-age=128813
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:09 GMT
Etag: "638860b1-117"
Expires: Sat, 03 Dec 2022 09:29:02 GMT
Last-Modified: Thu, 01 Dec 2022 08:07:13 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.240.35200 OK 19 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.240.35:0
Hash 69af70f491220faeeb873704c116f328
c54d2c245b215e1a7915166205ed999c0f124965
5211168355b4d3ea3c5a1c013f9c3193f5deb53d09a6dde55c0acf38d212edd0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Tos8P0dmOjynIhat1V+oI6dZrsB/MAgyVZXsFgNTpHqCmGgSSDAUrh+QqDb1v/7C/6sr3Oao7QMKcDh1bzMSsg==
date: Thu, 01 Dec 2022 21:42:09 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d76TuiT3mK7p_W-Sqw/w320h240/0.jpeg
188.72.235.185200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d76TuiT3mK7p_W-Sqw/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 593d576dcc38fd3653d25bd36dcdf741
3c12801d11647c9cec3c6d6295d83c9c174eb9d3
cefe44f9b139145e674484644295bab1b41c4d83f77a4eeefdf2ef77a68889ca
GET /thumbnail/d76TuiT3mK7p_W-Sqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: image/jpeg
content-length: 13862
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d37691429e1a25a71f8cdf06dd749bfa
7c4213e475b377bae45346f124ca7e0089eb0a9d
a1c24d98c40cff7c6c407c911e90f72dbdbccac850d43b00a78bb835b710d8ae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4910
Cache-Control: max-age=128813
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:09 GMT
Etag: "638860b1-117"
Expires: Sat, 03 Dec 2022 09:29:02 GMT
Last-Modified: Thu, 01 Dec 2022 08:07:13 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
static-cache.k2s.cc/thumbnail/I7mX6Hf1mau9qT2V_Q/w320h240/0.jpeg
188.72.235.185200 OK 8.7 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I7mX6Hf1mau9qT2V_Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 5b6a3d01aba392beba92aaa4a13bf7bc
ee461ea4fb8da63263c423b4cdf17393736ece86
aeb0a2d27076e66ad1a8793eb4f67d496977019c9d8f1fa6e92dcfd16e98a065
GET /thumbnail/I7mX6Hf1mau9qT2V_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: image/jpeg
content-length: 8734
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cOiWtHbyw67v-z-T_g/w320h240/0.jpeg
188.72.235.185200 OK 18 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cOiWtHbyw67v-z-T_g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 0ccab613cd730892b6365756f4dc37b0
7de9c4d83c1f35a166f7f766ee3dc20852020406
88c3793d5227e82e83030ee429d59b9304c0e2011417a38d3ceaa744c13080fb
GET /thumbnail/cOiWtHbyw67v-z-T_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: image/jpeg
content-length: 17937
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/du6Xu3WunK-6-W6Q-A/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/du6Xu3WunK-6-W6Q-A/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 1c53f4c69e6999dcf1f3bb2f8de6af8d
59e30d4f44857ddc7e5015179b3c4678c25dc0d7
92bcf9f9608baf8ac28850ed7b6d47f3db0c4b154a7db099ab8f5fd7dca3374a
GET /thumbnail/du6Xu3WunK-6-W6Q-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: image/jpeg
content-length: 11708
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 14 kB IP 172.64.173.27:0
File type ASCII text, with no line terminators
Hash c3a3b31767f09a0fba911ce02e1847f4
f04eda59fa44715c07e3a7291e8fa6b2497cb2d1
b7a8f12ccbb38d509f690a1bda53dc7667c99f4e56d4144d79183f79e922a13c
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: text/plain
set-cookie: csu=2013303483345753@1@1669930929; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=61m%2BqucoM%2BjhoP%2FxT94sCs2EDm8yAmRWMI4iaUfAByaoBuaPrdN3A0Des8wRSqxY19YbeC3goqh%2Fr5WXuuNdIBOSCc5piwRa9kowggTpsULfujrYBsKk5d0pTUdX5lkX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efdb4385576c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IuSUuiLym66_-z2Tqw/w320h240/0.jpeg
188.72.235.185200 OK 9.7 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IuSUuiLym66_-z2Tqw/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 672f9903eb37bcba77eb4c5d090d11f8
90e91d5a3153d71257f43869240decbfccda3305
11a2c811b07734b36d9691b054d904ab6fd558a92fb38705dce726c1e7d57784
GET /thumbnail/IuSUuiLym66_-z2Tqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: image/jpeg
content-length: 9656
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/de-avnSlmafsqzvC_Q/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/de-avnSlmafsqzvC_Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 058345ed5313c9afbabe7a139fdeb8a6
92cc59789989167a806433a8dfc00c3022c85ac9
6b4795d3a1f3ec358b43862e8ee81f1e500a79ac3a0e151b9ab4d51bf69276c7
GET /thumbnail/de-avnSlmafsqzvC_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: image/jpeg
content-length: 11046
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d37691429e1a25a71f8cdf06dd749bfa
7c4213e475b377bae45346f124ca7e0089eb0a9d
a1c24d98c40cff7c6c407c911e90f72dbdbccac850d43b00a78bb835b710d8ae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4910
Cache-Control: max-age=128813
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:09 GMT
Etag: "638860b1-117"
Expires: Sat, 03 Dec 2022 09:29:02 GMT
Last-Modified: Thu, 01 Dec 2022 08:07:13 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
whiskerssituationdisturb.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSujpuLSlDJISKSQTwouLPdPb%2BTw2JMIsGYxCSag6fqqurZcqu7mqru6dkBISQg0YuziBDQQ%2B83myzqIslVEGTWiwwojgcZIav4B%2BQS2ZsoMzu4%2BA71XtX3Dt%2BP%2BmAj2yUuMjq59KbuSaXoUq3sll66JmOuc1u6cLXkuWX3ZOmajOvVk6Xu9DCdE55bK7svl14XbFUv%2Ba7nup7rlc5KI0LdXZqhkMl2yyu33HLVL3u1Krrm%2F3ebObDUAe%2Fskmcg%2Bfjwyg%2F3IdkQcXTvtLCrqU5eORNliqbaoMO33o5XY53HiA7G0DgI4635NrQdE3L7EHS8NVcA3dmcKkAgx8T51UMQb81pIujc2WcaKIgYAX8CeWcIoYaQdAimb0LynwnAOC5cRBzdvaBNTtf2UTpFx2Rh7xFkPiYLD44ijr4%2BpWS3dEWrLJU6tuiGBWR3CNkeIsl2kPYcyHwHLL0ByX8kS3vnEUebF63SkHzyYq3aqDf8Sn2Rha63WA2b4WJQawSLtWZQ9wX3Wa3OZxZJOYQMh1CiD2oPIbMOMukgCx1kiYOIT0q01gpdtxEGYaXSrDLGKhXGas06r%2FFKtRm6yNhUQx9p0gdTfTBzHYm5jlW5PibkxiZM9h3sSgHLHdiUoMML5IIgtwQ5JcglQZ4S5J3iDlfWt8VdrmwWePPuz3ulGOi0vUHv6LQtYrKR7JKnZ%2B49fPIbrIpJifphq%2BWGnltt1N26xxpei3vMo7RCfcG4DysLSHsI1DroyTE5%2BtyfSKaRvv8PAroDq3bA5FOg2fOg%2BaDhu6Arg2rTRS%2Fe7oY0Tmlvrcx0BK4LJOkC0jVnQ%2B2SZ2c8TpijEGy0%2FNu7x65%2B9NlPYKZAYgq8J78naKtbg8s6J5uXdW7J%2FYtJKiPZo9OEr6Q0FYe%2FfEOs5drwc6dt%2F4tX2RSYjttXhU3P05jLuG3JV6ck58Kc1YYJ8u05e00ElzK7ciozcZacv%2FTa2XNRYoS1UsdDUDkmZP13MDkmj39anv3e42duQ5ohTFYgykZkXpB6Byy5DpuMliePHh4Rf70FqwmMOtgJEgd5VgyMHxw8Kjkm%2FscPoMRoef3zP7K9v18ADQpYMVoeLh55Z%2BHYJwjEf6Zs2FtoGwc0vYk4KtAxBTqqAFV92OyxQZqY0fIvlVkhUM4gUMbZDJRR6%2FsGWzkp1byqaAbNBuM8EIx7Db%2FSrLiuz3m10RJeC6kdsw%2BP3%2FsXAAD%2F%2FwEAAP%2F%2FKv6BxJkEAAA%3D
173.233.139.164200 OK 7 B URL HTTP/1.1 whiskerssituationdisturb.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSujpuLSlDJISKSQTwouLPdPb%2BTw2JMIsGYxCSag6fqqurZcqu7mqru6dkBISQg0YuziBDQQ%2B83myzqIslVEGTWiwwojgcZIav4B%2BQS2ZsoMzu4%2BA71XtX3Dt%2BP%2BmAj2yUuMjq59KbuSaXoUq3sll66JmOuc1u6cLXkuWX3ZOmajOvVk6Xu9DCdE55bK7svl14XbFUv%2Ba7nup7rlc5KI0LdXZqhkMl2yyu33HLVL3u1Krrm%2F3ebObDUAe%2Fskmcg%2Bfjwyg%2F3IdkQcXTvtLCrqU5eORNliqbaoMO33o5XY53HiA7G0DgI4635NrQdE3L7EHS8NVcA3dmcKkAgx8T51UMQb81pIujc2WcaKIgYAX8CeWcIoYaQdAimb0LynwnAOC5cRBzdvaBNTtf2UTpFx2Rh7xFkPiYLD44ijr4%2BpWS3dEWrLJU6tuiGBWR3CNkeIsl2kPYcyHwHLL0ByX8kS3vnEUebF63SkHzyYq3aqDf8Sn2Rha63WA2b4WJQawSLtWZQ9wX3Wa3OZxZJOYQMh1CiD2oPIbMOMukgCx1kiYOIT0q01gpdtxEGYaXSrDLGKhXGas06r%2FFKtRm6yNhUQx9p0gdTfTBzHYm5jlW5PibkxiZM9h3sSgHLHdiUoMML5IIgtwQ5JcglQZ4S5J3iDlfWt8VdrmwWePPuz3ulGOi0vUHv6LQtYrKR7JKnZ%2B49fPIbrIpJifphq%2BWGnltt1N26xxpei3vMo7RCfcG4DysLSHsI1DroyTE5%2BtyfSKaRvv8PAroDq3bA5FOg2fOg%2BaDhu6Arg2rTRS%2Fe7oY0Tmlvrcx0BK4LJOkC0jVnQ%2B2SZ2c8TpijEGy0%2FNu7x65%2B9NlPYKZAYgq8J78naKtbg8s6J5uXdW7J%2FYtJKiPZo9OEr6Q0FYe%2FfEOs5drwc6dt%2F4tX2RSYjttXhU3P05jLuG3JV6ck58Kc1YYJ8u05e00ElzK7ciozcZacv%2FTa2XNRYoS1UsdDUDkmZP13MDkmj39anv3e42duQ5ohTFYgykZkXpB6Byy5DpuMliePHh4Rf70FqwmMOtgJEgd5VgyMHxw8Kjkm%2FscPoMRoef3zP7K9v18ADQpYMVoeLh55Z%2BHYJwjEf6Zs2FtoGwc0vYk4KtAxBTqqAFV92OyxQZqY0fIvlVkhUM4gUMbZDJRR6%2FsGWzkp1byqaAbNBuM8EIx7Db%2FSrLiuz3m10RJeC6kdsw%2BP3%2FsXAAD%2F%2FwEAAP%2F%2FKv6BxJkEAAA%3D
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSujpuLSlDJISKSQTwouLPdPb%2BTw2JMIsGYxCSag6fqqurZcqu7mqru6dkBISQg0YuziBDQQ%2B83myzqIslVEGTWiwwojgcZIav4B%2BQS2ZsoMzu4%2BA71XtX3Dt%2BP%2BmAj2yUuMjq59KbuSaXoUq3sll66JmOuc1u6cLXkuWX3ZOmajOvVk6Xu9DCdE55bK7svl14XbFUv%2Ba7nup7rlc5KI0LdXZqhkMl2yyu33HLVL3u1Krrm%2F3ebObDUAe%2Fskmcg%2Bfjwyg%2F3IdkQcXTvtLCrqU5eORNliqbaoMO33o5XY53HiA7G0DgI4635NrQdE3L7EHS8NVcA3dmcKkAgx8T51UMQb81pIujc2WcaKIgYAX8CeWcIoYaQdAimb0LynwnAOC5cRBzdvaBNTtf2UTpFx2Rh7xFkPiYLD44ijr4%2BpWS3dEWrLJU6tuiGBWR3CNkeIsl2kPYcyHwHLL0ByX8kS3vnEUebF63SkHzyYq3aqDf8Sn2Rha63WA2b4WJQawSLtWZQ9wX3Wa3OZxZJOYQMh1CiD2oPIbMOMukgCx1kiYOIT0q01gpdtxEGYaXSrDLGKhXGas06r%2FFKtRm6yNhUQx9p0gdTfTBzHYm5jlW5PibkxiZM9h3sSgHLHdiUoMML5IIgtwQ5JcglQZ4S5J3iDlfWt8VdrmwWePPuz3ulGOi0vUHv6LQtYrKR7JKnZ%2B49fPIbrIpJifphq%2BWGnltt1N26xxpei3vMo7RCfcG4DysLSHsI1DroyTE5%2BtyfSKaRvv8PAroDq3bA5FOg2fOg%2BaDhu6Arg2rTRS%2Fe7oY0Tmlvrcx0BK4LJOkC0jVnQ%2B2SZ2c8TpijEGy0%2FNu7x65%2B9NlPYKZAYgq8J78naKtbg8s6J5uXdW7J%2FYtJKiPZo9OEr6Q0FYe%2FfEOs5drwc6dt%2F4tX2RSYjttXhU3P05jLuG3JV6ck58Kc1YYJ8u05e00ElzK7ciozcZacv%2FTa2XNRYoS1UsdDUDkmZP13MDkmj39anv3e42duQ5ohTFYgykZkXpB6Byy5DpuMliePHh4Rf70FqwmMOtgJEgd5VgyMHxw8Kjkm%2FscPoMRoef3zP7K9v18ADQpYMVoeLh55Z%2BHYJwjEf6Zs2FtoGwc0vYk4KtAxBTqqAFV92OyxQZqY0fIvlVkhUM4gUMbZDJRR6%2FsGWzkp1byqaAbNBuM8EIx7Db%2FSrLiuz3m10RJeC6kdsw%2BP3%2FsXAAD%2F%2FwEAAP%2F%2FKv6BxJkEAAA%3D HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 91e927c7c3c3977e6070e483521306d8
Strict-Transport-Security: max-age=0; includeSubdomains
whiskerssituationdisturb.com/pixel/sbs?c=1
173.233.139.164200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/sbs?c=1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=54767236-cf01-4f8f-b57b-58b62ed2c56d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3830292]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 01 Dec 2022 21:42:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e52305ec271e1b99162b8697454008f4
35e1fd6386c879edd620629f3e1f3b91e774130d
ef70497178d061da3e57b725d9e9e469e5ca02944090b63a6c1db5e9c0384bed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF70497178D061DA3E57B725D9E9E469E5CA02944090B63A6C1DB5E9C0384BED"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6969
Expires: Thu, 01 Dec 2022 23:38:18 GMT
Date: Thu, 01 Dec 2022 21:42:09 GMT
Connection: keep-alive
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.3 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (1138)
Hash e7cdbe3db6fd7394f4083aa9a9fd3879
5220267818cad215b17adb6f4c46d75fa348c03c
c038691d05cc93ae8846d2a0ca06b8dbb35cbec8194305bc64c05633676c934e
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=TX1qQZiXbYqyS9eGBYc4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1443745951%3A1669930929272010&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvaYuBLB1Wa0qLFsrD450HE2arRYfZtjVR7LP69yPTmMzOu8VsQDawobMWhI9gIWSkeE5UDHw
142.250.74.109403 Forbidden 2.6 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1443745951%3A1669930929272010&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvaYuBLB1Wa0qLFsrD450HE2arRYfZtjVR7LP69yPTmMzOu8VsQDawobMWhI9gIWSkeE5UDHw
IP 142.250.74.109:0
Hash fc5af5181e2bc2c0233246e24d1f2d3a
f6f1213c69200a926b5a6e04b782909964619ad1
590d16221a5260ff92a49a0c37110101f936efa84345c08616ceba7315ca050b
GET /v3/signin/identifier?dsh=S1443745951%3A1669930929272010&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvaYuBLB1Wa0qLFsrD450HE2arRYfZtjVR7LP69yPTmMzOu8VsQDawobMWhI9gIWSkeE5UDHw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 21:42:09 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-mHHcYZuRk0zfCsWxmXmLPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 5.0 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 8659e8611277b347387441878805c042
4de7666f59b9e99c2426d152c33378d8ac263770
823d436bae34cea89a60f207079664a382bbec3e989dda99209b76ad4c128051
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=TX1qQZiXbYqyS9eGBYc4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 861 B URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1130), with no line terminators
Hash e0ffafc271cf8c9462eb82230fa7dc1b
5f7fea093c93936dfc5e211a24b0f53cb82d6020
c1759a8d9c05b37c317ff8a470c0a56331a48c2dcbcc6fe4752248030bbaf2c0
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; expires=Sat, 30-Nov-2024 21:42:10 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.realsrv.com/ad-provider.js
185.76.9.14200 OK 22 kB URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (51260)
Hash cb2351895a78fd692a3532cbc9b2d6b8
1b0204a8cf403a4585b081bb153a047661682eb7
bc3e6d53ccc9d1141e2e144a56f78ab14ceb4f9faf18f722b20bdde4daf627a7
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: application/javascript
etag: W/"f26c91d131ffc1bbddb296d644e"
expires: Tue, 29 Nov 2022 13:18:12 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669933154
server: CDN77-Turbo
x-77-nzt: AblMCQ1kyOD/fyEAAA
x-77-nzt-ray: c0a4cc2867d386c2b11f8963bd36a730
x-cache: HIT
x-age: 8575
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOS2pDMQy8Si/wjCRLsp11s20hJQew34csQgr5QApz+PolJbtqNiNpmBkhkYFlIH5j36hsmFA4FAoqgU3x8bmDMk71ejvX42Gux+vh8n07j3MYj7cGY7asMHctjpKIokNTdieCUYZFUhJHcpG8SpUQQR1iUXVlgYhTNmTCdr/D/uu934pHA0MQie5i1PnaBdztO6f7ajH5HDmxltlbG0uq3nxKqVZtS+dxFaKGf9vTE4HcnmF/B0TWKCoY+LUo+hAe73r5OY3AS/6EPQx6qOpaF/NYufGU1OrMOZaJF2rCi1mq0yjxF8JR7fd9AQAA
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOS2pDMQy8Si/wjCRLsp11s20hJQew34csQgr5QApz+PolJbtqNiNpmBkhkYFlIH5j36hsmFA4FAoqgU3x8bmDMk71ejvX42Gux+vh8n07j3MYj7cGY7asMHctjpKIokNTdieCUYZFUhJHcpG8SpUQQR1iUXVlgYhTNmTCdr/D/uu934pHA0MQie5i1PnaBdztO6f7ajH5HDmxltlbG0uq3nxKqVZtS+dxFaKGf9vTE4HcnmF/B0TWKCoY+LUo+hAe73r5OY3AS/6EPQx6qOpaF/NYufGU1OrMOZaJF2rCi1mq0yjxF8JR7fd9AQAA
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VOS2pDMQy8Si/wjCRLsp11s20hJQew34csQgr5QApz+PolJbtqNiNpmBkhkYFlIH5j36hsmFA4FAoqgU3x8bmDMk71ejvX42Gux+vh8n07j3MYj7cGY7asMHctjpKIokNTdieCUYZFUhJHcpG8SpUQQR1iUXVlgYhTNmTCdr/D/uu934pHA0MQie5i1PnaBdztO6f7ajH5HDmxltlbG0uq3nxKqVZtS+dxFaKGf9vTE4HcnmF/B0TWKCoY+LUo+hAe73r5OY3AS/6EPQx6qOpaF/NYufGU1OrMOZaJF2rCi1mq0yjxF8JR7fd9AQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb1f1acc8.353769943381008235%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDQQz7lf5AFltje2Zybq8tpOQDdjcTcggp5AEp6OM7m5bcal1kW9gSBFgpVqIvGmvDWoVVhyqDYVA3vn9saMrTeL2dx+Ohjcfr4fJ1O89tmI+3iUlzJNAjrAZrFklByyW8ty6FZh6185wBFAdNmCgd8GS2sEEErlJZhG/bDbefr31YIzmVYBW5w6XzxQwhtM7lvtyo0x5tH3mSqSFawZwwTbVo8tTEd4uQ4/CvfWEU9JiKih6jW9FSH1/lD0ktwcCVPhtjL+FjPV6+TzP5lP/CHwdANVt80129YW8SU2mxC7HmKee2G5vtUeQH/0wb34cBAAA=
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDQQz7lf5AFltje2Zybq8tpOQDdjcTcggp5AEp6OM7m5bcal1kW9gSBFgpVqIvGmvDWoVVhyqDYVA3vn9saMrTeL2dx+Ohjcfr4fJ1O89tmI+3iUlzJNAjrAZrFklByyW8ty6FZh6185wBFAdNmCgd8GS2sEEErlJZhG/bDbefr31YIzmVYBW5w6XzxQwhtM7lvtyo0x5tH3mSqSFawZwwTbVo8tTEd4uQ4/CvfWEU9JiKih6jW9FSH1/lD0ktwcCVPhtjL+FjPV6+TzP5lP/CHwdANVt80129YW8SU2mxC7HmKee2G5vtUeQH/0wb34cBAAA=
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDQQz7lf5AFltje2Zybq8tpOQDdjcTcggp5AEp6OM7m5bcal1kW9gSBFgpVqIvGmvDWoVVhyqDYVA3vn9saMrTeL2dx+Ohjcfr4fJ1O89tmI+3iUlzJNAjrAZrFklByyW8ty6FZh6185wBFAdNmCgd8GS2sEEErlJZhG/bDbefr31YIzmVYBW5w6XzxQwhtM7lvtyo0x5tH3mSqSFawZwwTbVo8tTEd4uQ4/CvfWEU9JiKih6jW9FSH1/lD0ktwcCVPhtjL+FjPV6+TzP5lP/CHwdANVt80129YW8SU2mxC7HmKee2G5vtUeQH/0wb34cBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb20286d0.266230652315443565%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb20286d0.266230652315443565%22%3B%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb20286d0.266230652315443565%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VQQWrDQAz8Sj/gRdJKWm/OzbWFlDxg13bIwaSQxJDCPL5rp+RWzWUkDaNBQiIdS0f8xr5T2TEhc8gUVAKb4uPzAGVcyn25lvk8lfl+vn0v12EKw7xUGLP1CnPX7MiJKDo09e5EMOphkZTEkVykX6VKiKAGsai6skDESdET9scDjl/vbZQ9GhiCSPQQo8bXKODm3jg9VofRp8iJNU9e65BT8epjSqVoPTUeVyFK+Dc8PRHITbZjfwNE1igq6PjVKFoRtnW5/VwG4CV/wjaDdlR1jYv2i1Mqtac6xirt0aOVqeYyVjMqPvwCKkhztXwBAAA=
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VQQWrDQAz8Sj/gRdJKWm/OzbWFlDxg13bIwaSQxJDCPL5rp+RWzWUkDaNBQiIdS0f8xr5T2TEhc8gUVAKb4uPzAGVcyn25lvk8lfl+vn0v12EKw7xUGLP1CnPX7MiJKDo09e5EMOphkZTEkVykX6VKiKAGsai6skDESdET9scDjl/vbZQ9GhiCSPQQo8bXKODm3jg9VofRp8iJNU9e65BT8epjSqVoPTUeVyFK+Dc8PRHITbZjfwNE1igq6PjVKFoRtnW5/VwG4CV/wjaDdlR1jYv2i1Mqtac6xirt0aOVqeYyVjMqPvwCKkhztXwBAAA=
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VQQWrDQAz8Sj/gRdJKWm/OzbWFlDxg13bIwaSQxJDCPL5rp+RWzWUkDaNBQiIdS0f8xr5T2TEhc8gUVAKb4uPzAGVcyn25lvk8lfl+vn0v12EKw7xUGLP1CnPX7MiJKDo09e5EMOphkZTEkVykX6VKiKAGsai6skDESdET9scDjl/vbZQ9GhiCSPQQo8bXKODm3jg9VofRp8iJNU9e65BT8epjSqVoPTUeVyFK+Dc8PRHITbZjfwNE1igq6PjVKFoRtnW5/VwG4CV/wjaDdlR1jYv2i1Mqtac6xirt0aOVqeYyVjMqPvwCKkhztXwBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1ed39f4.481230543308515864%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1ed39f4.481230543308515864%22%3B%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb1ed39f4.481230543308515864%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash cf621a2c658ca82c452d69f85bdadf90
a8311a6ede1c0c84749340078fb899e40ad68030
c91a617756a469d7c8db9646d809699d0967043547213e8aca0059adcf5434e5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 17:56:30 GMT
Expires: Mon, 05 Dec 2022 17:56:29 GMT
Etag: "a8311a6ede1c0c84749340078fb899e40ad68030"
Cache-Control: max-age=331458,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772efdb8aadcb4eb-OSL
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOy2rDQBD7lf5AjOa1u865ubaQkg/Y2GtyCCnkASno42snJbeOLpoZIUmhuhJdQd4krV3XAvbS9ehcOwnnx+eWLjzV6+1cj4dWj9fD5ft2Hlo3HG97hkgUZ6TkfWKfAUv0XFICGCgMg0MTc1Iti9RBI2ZomPvCOkByCRZws9ty9/U+3/pkQaHSgLsGZr50ocz2M8d9sQgZ21BabhJhWasPtTTYkDXXaQpbhKzdv+3xRIfI+RH2d6CJm7pyJa/FOQ/4eNfLz2kgX/In4mEwh7ovdTnKlK1hnGDoe1evzcaaLO+xz7XiF9XrpoR9AQAA
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOy2rDQBD7lf5AjOa1u865ubaQkg/Y2GtyCCnkASno42snJbeOLpoZIUmhuhJdQd4krV3XAvbS9ehcOwnnx+eWLjzV6+1cj4dWj9fD5ft2Hlo3HG97hkgUZ6TkfWKfAUv0XFICGCgMg0MTc1Iti9RBI2ZomPvCOkByCRZws9ty9/U+3/pkQaHSgLsGZr50ocz2M8d9sQgZ21BabhJhWasPtTTYkDXXaQpbhKzdv+3xRIfI+RH2d6CJm7pyJa/FOQ/4eNfLz2kgX/In4mEwh7ovdTnKlK1hnGDoe1evzcaaLO+xz7XiF9XrpoR9AQAA
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VOy2rDQBD7lf5AjOa1u865ubaQkg/Y2GtyCCnkASno42snJbeOLpoZIUmhuhJdQd4krV3XAvbS9ehcOwnnx+eWLjzV6+1cj4dWj9fD5ft2Hlo3HG97hkgUZ6TkfWKfAUv0XFICGCgMg0MTc1Iti9RBI2ZomPvCOkByCRZws9ty9/U+3/pkQaHSgLsGZr50ocz2M8d9sQgZ21BabhJhWasPtTTYkDXXaQpbhKzdv+3xRIfI+RH2d6CJm7pyJa/FOQ/4eNfLz2kgX/In4mEwh7ovdTnKlK1hnGDoe1evzcaaLO+xz7XiF9XrpoR9AQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb20286d0.266230652315443565%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb20286d0.266230652315443565%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.tsyndicate.com/sdk/v1/master.spot.js
8.254.252.211200 OK 13 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/master.spot.js
IP 8.254.252.211:0
File type ASCII text, with very long lines (28267)
Hash 2302d49bf491a9778085df04b4da3cf0
5ef4ce33d0fd46d9c5d399ed7f15f0d9031a92ad
0591e83eaf13b272e80594297303e0435272faed43520f07773da71e989c4135
GET /sdk/v1/master.spot.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: application/javascript
content-length: 12771
last-modified: Wed, 23 Nov 2022 12:53:01 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"637e17ad-890f"
age: 722262
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 93a61e013cdf5f59584d5e191e0523bb
d0f5467066b204530d024cd2ce59c377e5392bad
af0c7dab579ae2f90afb51927aa9524fb768fa82506e5ceacc3c86a4506a5eae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3447
Cache-Control: max-age=156856
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Etag: "6388d3f3-117"
Expires: Sat, 03 Dec 2022 17:16:26 GMT
Last-Modified: Thu, 01 Dec 2022 16:18:59 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oCQRD8lfyAQ79nxnO8JmDwA2bXFQ9iQF0wUB+fWQ3e0kVDdXdR3S0ksmJZEb9xrE3WTKicKiWTxG74+NzCGOd2my/tdJza6Xa8fs+XcUrjaR7gzF4MHmE1UDORBiyX8Frg1FPJSAI5RMoiNYKCOsTVbGGJuAg7m6MQNrstdl/vvV1DHQyBEt3FqfPlHHDf0DndF5c47Cnn7C1UqTateaTJTPbhUQ96WIRo6d8H6IlE2eKx7K8BZVMxwYpfhaEH4TFu15/zCLzkT/jDQMFmy7lQo/5cTD6UTEMNt9F0YM5DrbFX+wUTOhgdgAEAAA==
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oCQRD8lfyAQ79nxnO8JmDwA2bXFQ9iQF0wUB+fWQ3e0kVDdXdR3S0ksmJZEb9xrE3WTKicKiWTxG74+NzCGOd2my/tdJza6Xa8fs+XcUrjaR7gzF4MHmE1UDORBiyX8Frg1FPJSAI5RMoiNYKCOsTVbGGJuAg7m6MQNrstdl/vvV1DHQyBEt3FqfPlHHDf0DndF5c47Cnn7C1UqTateaTJTPbhUQ96WIRo6d8H6IlE2eKx7K8BZVMxwYpfhaEH4TFu15/zCLzkT/jDQMFmy7lQo/5cTD6UTEMNt9F0YM5DrbFX+wUTOhgdgAEAAA==
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oCQRD8lfyAQ79nxnO8JmDwA2bXFQ9iQF0wUB+fWQ3e0kVDdXdR3S0ksmJZEb9xrE3WTKicKiWTxG74+NzCGOd2my/tdJza6Xa8fs+XcUrjaR7gzF4MHmE1UDORBiyX8Frg1FPJSAI5RMoiNYKCOsTVbGGJuAg7m6MQNrstdl/vvV1DHQyBEt3FqfPlHHDf0DndF5c47Cnn7C1UqTateaTJTPbhUQ96WIRo6d8H6IlE2eKx7K8BZVMxwYpfhaEH4TFu15/zCLzkT/jDQMFmy7lQo/5cTD6UTEMNt9F0YM5DrbFX+wUTOhgdgAEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb20286d0.266230652315443565%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb20286d0.266230652315443565%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 93a61e013cdf5f59584d5e191e0523bb
d0f5467066b204530d024cd2ce59c377e5392bad
af0c7dab579ae2f90afb51927aa9524fb768fa82506e5ceacc3c86a4506a5eae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3447
Cache-Control: max-age=156856
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Etag: "6388d3f3-117"
Expires: Sat, 03 Dec 2022 17:16:26 GMT
Last-Modified: Thu, 01 Dec 2022 16:18:59 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrqutdZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6vjaWyyyrOuiiW7Oi6zWXemmfauqu7ijh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrqutdZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6vjaWyyyrOuiiW7Oi6zWXemmfauqu7ijh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrqutdZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6vjaWyyyrOuiiW7Oi6zWXemmfauqu7ijh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 01 Dec 2022 21:42:10 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01&campaignType=smartpop&creativeId=815c47240cff8060eae9bb5cd17e69b7688771ea0e08433273a5362e3492de1a&iterationId=375137&kbLimit=1000&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOpstrqutdZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6vjaWyyyrOuiiW7Oi6zWXemmfauqu7ijh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&ruleId=17&smartpopId=432&sourceId=5304026&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29906
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=732574.29906; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7mzfprtNCTLviG; SameSite=None; Secure; path=/; expires=Fri, 02-Dec-22 20:42:10 GMT; HttpOnly
server: cloudflare
cf-ray: 772efdba3fecb4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 01 Dec 2022 21:42:10 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01&campaignType=smartpop&creativeId=815c47240cff8060eae9bb5cd17e69b7688771ea0e08433273a5362e3492de1a&iterationId=375137&kbLimit=1000&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&ruleId=17&smartpopId=432&sourceId=5304026&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29906
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=732574.29906; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLDc18bfE9WCz6Q; SameSite=None; Secure; path=/; expires=Fri, 02-Dec-22 20:42:10 GMT; HttpOnly
server: cloudflare
cf-ray: 772efdba3fe8b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.227200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 12:29:21 GMT
expires: Fri, 01 Dec 2023 12:29:21 GMT
cache-control: public, max-age=31536000
age: 33169
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6qbbfW3ezeaqqiyfOnXO3eWjWyezPjiqh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6qbbfW3ezeaqqiyfOnXO3eWjWyezPjiqh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6qbbfW3ezeaqqiyfOnXO3eWjWyezPjiqh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 01 Dec 2022 21:42:10 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01&campaignType=smartpop&creativeId=815c47240cff8060eae9bb5cd17e69b7688771ea0e08433273a5362e3492de1a&iterationId=375137&kbLimit=1000&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6qbbfW3ezeaqqiyfOnXO3eWjWyezPjiqh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&ruleId=17&smartpopId=432&sourceId=5304026&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29906
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=732574.29906; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr2St4i2aEH3UZ9YhwcCPqBNrDcp; SameSite=None; Secure; path=/; expires=Fri, 02-Dec-22 20:42:10 GMT; HttpOnly
server: cloudflare
cf-ray: 772efdba4ff3b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 1.6 kB IP 93.184.220.29:0
Hash 2a4a73e749d9057e7e1e7e0039bd7e31
ba015638af7655835c0e4375fa0eaa8b88f8bd36
4a0dd0e45e446eb2489fff51155e806f04a2e2c4e72e0f760f53496f55cda64d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3447
Cache-Control: max-age=156856
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Etag: "6388d3f3-117"
Expires: Sat, 03 Dec 2022 17:16:26 GMT
Last-Modified: Thu, 01 Dec 2022 16:18:59 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10346
Expires: Fri, 02 Dec 2022 00:34:36 GMT
Date: Thu, 01 Dec 2022 21:42:10 GMT
Connection: keep-alive
go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 01 Dec 2022 21:42:10 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01&campaignType=smartpop&creativeId=11a22b935576d0bdbfd46a4b3d1889f5c873ac3bfbdb27b3563d2b3ce1276705&iterationId=375137&kbLimit=1000&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbS6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&ruleId=17&smartpopId=432&sourceId=5304026&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29907
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=732574.29907; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLDc18bfE9WCz6Q; SameSite=None; Secure; path=/; expires=Fri, 02-Dec-22 20:42:10 GMT; HttpOnly
server: cloudflare
cf-ray: 772efdba9840b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/317632/d27278d4027cb598ea03d712c1b1b6590b164c5e.mp4
185.76.9.24206 Partial Content 41 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/317632/d27278d4027cb598ea03d712c1b1b6590b164c5e.mp4
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 67eab74324a9da30bced051c3f5d8fbe
d27278d4027cb598ea03d712c1b1b6590b164c5e
a39ab6b70f4a331a078f270b4732935192b235c1b9279110e4ca2864946f76ee
GET /library/317632/d27278d4027cb598ea03d712c1b1b6590b164c5e.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: video/mp4
content-length: 40959
last-modified: Thu, 28 Apr 2022 14:04:30 GMT
etag: "626a9eee-9fff"
expires: Sat, 25 Nov 2023 08:41:16 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1700901778
server: CDN77-Turbo
x-77-nzt: AblMCRRXoT3/oJ8IAA
x-77-nzt-ray: af585630a99e1bd5b21f8963378abf16
x-cache: HIT
x-age: 565152
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-40958/40959
X-Firefox-Spdy: h2
gedspecificano.com/floater?cs=MmVFVTACXXxkCQBWd2MEAlR0bAk&abt=0&red=1&sm=83&k=xfantazy%20adult%20thefartbabes%20xmas%20teddy%20video%20shit%20solo%20female&v=0.8.13.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=405983789247665&agec=1669930929&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=159.7444089456869&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_3mNM=1669930928299&crc=1
108.157.214.49200 OK 2.7 kB URL HTTP/2 gedspecificano.com/floater?cs=MmVFVTACXXxkCQBWd2MEAlR0bAk&abt=0&red=1&sm=83&k=xfantazy%20adult%20thefartbabes%20xmas%20teddy%20video%20shit%20solo%20female&v=0.8.13.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=405983789247665&agec=1669930929&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=159.7444089456869&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_3mNM=1669930928299&crc=1
IP 108.157.214.49:0
File type ASCII text, with very long lines (5982), with no line terminators
Hash 3d75d7660cb170bdc8f9a5f0463ee247
f7e4322d6bde791a09133a54ded9c2373133884e
e2cad8de41b571b469253f4ccbec34b311c586c36f203b4a39e8a04ebb73505b
GET /floater?cs=MmVFVTACXXxkCQBWd2MEAlR0bAk&abt=0&red=1&sm=83&k=xfantazy%20adult%20thefartbabes%20xmas%20teddy%20video%20shit%20solo%20female&v=0.8.13.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=405983789247665&agec=1669930929&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=159.7444089456869&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_3mNM=1669930928299&crc=1 HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2698
date: Thu, 01 Dec 2022 21:42:10 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=bb2d23e4-6aed-41f4-8a25-a23757603ef8
csu=405983789247665
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: FeyXnlKkhlX93bbMGS9e3QZqggDHwfOGQ7dIEDTmVIF6YN1MoNHhJw==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash cf567a71d7fe0ab2e4acadaae85b7cbc
9ab71ae8b65baa9d15286cf7302a00749e393c77
165c39f27d4d4600a45ffbd857d2753dee24038a98413980f180604d3cfb6c6e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 323
Cache-Control: max-age=112336
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Etag: "6388323f-116"
Expires: Sat, 03 Dec 2022 04:54:26 GMT
Last-Modified: Thu, 01 Dec 2022 04:49:03 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278
syndication.realsrv.com/splash.php?idzone=4853636&cookieconsent=true
95.211.229.246200 OK 2.7 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4853636&cookieconsent=true
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1570)
Hash e58d15e68f55980130ae346d470d891d
a16f830ba0cdfa08b39612b445ba76a426524aa8
fe3b25590e897ad8a2318c8bcf41ca885157f5cb9158a525ca8d71687c6edcac
GET /splash.php?idzone=4853636&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb20286d0.266230652315443565%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4853636%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63891fb1f1acc8.353769943381008235%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 02 Dec 2022 21:42:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash cf567a71d7fe0ab2e4acadaae85b7cbc
9ab71ae8b65baa9d15286cf7302a00749e393c77
165c39f27d4d4600a45ffbd857d2753dee24038a98413980f180604d3cfb6c6e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 323
Cache-Control: max-age=112336
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Etag: "6388323f-116"
Expires: Sat, 03 Dec 2022 04:54:26 GMT
Last-Modified: Thu, 01 Dec 2022 04:49:03 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash e14645a5d64641f43408392e7bca55a4
84a9309034a7c09084d2a9730e01910c7d3c30ed
d07749fc5c9a5efd92dc1e4abeae29655a57dc120f8700a430176d3acfe22882
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 08:27:05 GMT
Expires: Tue, 06 Dec 2022 08:27:04 GMT
Etag: "84a9309034a7c09084d2a9730e01910c7d3c30ed"
Cache-Control: max-age=383693,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772efdbbbf87b515-OSL
cams.gratis/banner/leer.gif
172.64.107.26200 OK 290 B URL HTTP/2 cams.gratis/banner/leer.gif
IP 172.64.107.26:0
File type GIF image data, version 89a, 192 x 192\012- data
Hash 72e33229faa7e5ba8930deac92a1aae0
496e880a0024b268b4e3987c0863cdbf8a64d696
a556ed9ee99be72f01ac6bf6232e3357ad104cf28d05afd91efbaf5953df1a6a
GET /banner/leer.gif HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/banner/300x250.php?site=xfanta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: image/gif
content-length: 290
last-modified: Sun, 13 Jan 2019 11:23:18 GMT
cache-control: max-age=2592000
expires: Thu, 22 Dec 2022 08:27:51 GMT
cf-cache-status: HIT
age: 825259
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mzv2HLE3vzyDYU4LGxbwoA2apjFGZ%2F5Ddc6aRF3ucmOei5ZipDMmx7skDC6I4M4atGvCRwgA6oha8nZSm3KdJSAB6iwJhpBMe0W8C3DtMmDFOYQ8Uw%2Ff3EAobprUww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efdbbec30e68c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 72d1139e9f2e6ebe3f51c9193edb4439
cd356eb9eaab433ac792406ba36d4304b6450571
74553d0effe74cd6a4f1424940f7fd133c5457ff1d5c53030e651ec6612bec88
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: W/"5f6dbe8d-12fee"
Expires: Thu, 01 Dec 2022 08:33:11 GMT
Cache-Control: max-age=86400, public
X-77-NZT: Abk73hFHf57/6rgAAA
X-77-NZT-Ray: f4787b27e6116090b21f89631fe7e11f
X-Cache: HIT
X-Age: 47338
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
poweredby.jads.co/js/jads.js
185.94.236.247301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.236.247:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 2.5 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5501), with no line terminators
Hash fa0cecd57cd485f6ae4bf19acf83c363
c6aa2a967e2aa39aedcc1d01fed1f3fde6ae38b9
6d92484ea6e3fbc0c3377ad0241f79eb247ef9d9626a88778acecc8bc0830563
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 284
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb20286d0.266230652315443565%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash ad5b91e42a045c8df71a9a9d4a1571f3
3eebc02e2c29a8c5ceaa1c5f32a51b9abdf78117
92cc1c4550d536acb74b3cf2c628de27bb5aab5527e791c12f907e1f45dd6364
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3409
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Last-Modified: Thu, 01 Dec 2022 20:45:21 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 312
unseenreport.com/pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1bb80c3247d4cba1d9bfc041b062ef6a
Strict-Transport-Security: max-age=0; includeSubdomains
adxadserv.com/ascripts/gcr.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/gcr.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (48738)
Hash 4bcc622fafa6d39f3d41ee9e46b585f5
f4870a326a8c0f449cbcd79673406ac1d5e6f6c8
c7ef60433000d6807163ee4643bd7774e783e4d0711513d134ae008f04f4a8e9
GET /ascripts/gcr.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 16 Dec 2021 16:04:11 GMT
ETag: W/"61bb637b-1434f"
Expires: Wed, 30 Nov 2022 08:33:12 GMT
Cache-Control: max-age=86400, public
X-77-NZT: Abk73hGr4Ov/6LgAAA
X-77-NZT-Ray: f4787b27bfff8a90b21f8963295da620
X-Cache: HIT
X-Age: 47336
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9402a224546d2eb1eeeccf6920847871
2d7bc30dc642fe7496dd5c9e786c68e183ac2fdf
4cc6178e7279adea99e140fa7184e2c6a6925862c6e58dd98f24b8c3022a3d86
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2860
Cache-Control: max-age=86445
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Etag: "6387c333-116"
Expires: Fri, 02 Dec 2022 21:42:55 GMT
Last-Modified: Wed, 30 Nov 2022 20:55:15 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278
unseenreport.com/pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a186a92652732fd2b63bc582fa08588c
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6d2b91e2c2bc649e41ed5283e85e9e28
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 0c59c8515345e003cb4c09366776de66
c95e7e46058c2891936e51dfc0841bbf6f0469b0
8e9c4cd4f500bcadf92ba23c00e383c435f1c323234b3f58f94e5d56f214db1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3198
Cache-Control: max-age=107299
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Etag: "63881357-118"
Expires: Sat, 03 Dec 2022 03:30:29 GMT
Last-Modified: Thu, 01 Dec 2022 02:37:11 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 2.0 kB IP 93.184.220.29:0
Hash 3c339609881523eec3880e400732aa9c
51900c4a27ff072543ea45a70f7623801f44b84a
d1659c009dfaff354d3f74dba553d485a88156d6c7c2b9c7cb8ff1c74b6a4d4e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3240
Cache-Control: max-age=107341
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Etag: "63881357-118"
Expires: Sat, 03 Dec 2022 03:31:11 GMT
Last-Modified: Thu, 01 Dec 2022 02:37:11 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
video.ktkjmp.com/adsbygoogle.js
104.18.59.150200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.59.150:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: umnGOMVCjminO+qe5UBV06OrSizh/U59KvaEibge5v1gMRbq/UnThpljPBepeh+5w7wEpQIcu/4=
x-amz-request-id: 3YW9SERF7DC7262X
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 5476
expires: Fri, 02 Dec 2022 01:42:10 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efdbc9983b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=54767236-cf01-4f8f-b57b-58b62ed2c56d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 70078967e4e9a97702d4dc890e2bfcce
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 0c59c8515345e003cb4c09366776de66
c95e7e46058c2891936e51dfc0841bbf6f0469b0
8e9c4cd4f500bcadf92ba23c00e383c435f1c323234b3f58f94e5d56f214db1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3198
Cache-Control: max-age=107299
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Etag: "63881357-118"
Expires: Sat, 03 Dec 2022 03:30:29 GMT
Last-Modified: Thu, 01 Dec 2022 02:37:11 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 01 Dec 2022 21:42:10 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeSF4mw3pyDiW7pxMeCrTNF43VME; SameSite=None; Secure; path=/; expires=Fri, 02-Dec-22 20:42:10 GMT; HttpOnly
server: cloudflare
cf-ray: 772efdbc7d9db51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9402a224546d2eb1eeeccf6920847871
2d7bc30dc642fe7496dd5c9e786c68e183ac2fdf
4cc6178e7279adea99e140fa7184e2c6a6925862c6e58dd98f24b8c3022a3d86
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2860
Cache-Control: max-age=86445
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Etag: "6387c333-116"
Expires: Fri, 02 Dec 2022 21:42:55 GMT
Last-Modified: Wed, 30 Nov 2022 20:55:15 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278
s3t3d2y8.afcdn.net/library/676799/60f4adb1968b8111d2fc461886cfd9820c7dba6f.jpg
185.76.9.24200 OK 23 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/60f4adb1968b8111d2fc461886cfd9820c7dba6f.jpg
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash a84c6a25873a8ddb405b6adff075bff0
60f4adb1968b8111d2fc461886cfd9820c7dba6f
e733ca4ba0d4664b6be9ad7f0619ff6b4af406a0e2456858c611793e6d09eb96
GET /library/676799/60f4adb1968b8111d2fc461886cfd9820c7dba6f.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: image/jpeg
content-length: 22930
last-modified: Fri, 27 Aug 2021 14:16:32 GMT
etag: "6128f3c0-5992"
expires: Fri, 30 Jun 2023 11:18:47 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195252
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRTDr5j/foLKAA
x-77-nzt-ray: af585630a99e1bd5b21f8963e3e5292a
x-cache: HIT
x-age: 13271678
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1P20pEMQz8FX/glNyapvvss4LiB/TccBHXh11BYT7e9gjbYcKEhklGSGRimYgf2E8mJyZUTpWSSeJseHp+gTHOH9/v2+XWzumy3eDFS60ohUkY1SpVh0WWYEem6JTiEShco1NgBAV1SFazoRIRW4R2F7y9Ph7kDiH0OtYOaV3TD8E1Ku8z79yWJZJmLV6rqQYThWhGmfe9mbNtc3DQ0ri4uO9OtpVtj2GEz209t9SuX3zkIGRxJXQPH1clljI2ynHqgLKpmGDie2Poj3B8t+vvZQHu4//RkA8HAVvPzcDC6jbHvJZ1I1/U9rlGzRZt5Zy1/gELh/cLhgEAAA==
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1P20pEMQz8FX/glNyapvvss4LiB/TccBHXh11BYT7e9gjbYcKEhklGSGRimYgf2E8mJyZUTpWSSeJseHp+gTHOH9/v2+XWzumy3eDFS60ohUkY1SpVh0WWYEem6JTiEShco1NgBAV1SFazoRIRW4R2F7y9Ph7kDiH0OtYOaV3TD8E1Ku8z79yWJZJmLV6rqQYThWhGmfe9mbNtc3DQ0ri4uO9OtpVtj2GEz209t9SuX3zkIGRxJXQPH1clljI2ynHqgLKpmGDie2Poj3B8t+vvZQHu4//RkA8HAVvPzcDC6jbHvJZ1I1/U9rlGzRZt5Zy1/gELh/cLhgEAAA==
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1P20pEMQz8FX/glNyapvvss4LiB/TccBHXh11BYT7e9gjbYcKEhklGSGRimYgf2E8mJyZUTpWSSeJseHp+gTHOH9/v2+XWzumy3eDFS60ohUkY1SpVh0WWYEem6JTiEShco1NgBAV1SFazoRIRW4R2F7y9Ph7kDiH0OtYOaV3TD8E1Ku8z79yWJZJmLV6rqQYThWhGmfe9mbNtc3DQ0ri4uO9OtpVtj2GEz209t9SuX3zkIGRxJXQPH1clljI2ynHqgLKpmGDie2Poj3B8t+vvZQHu4//RkA8HAVvPzcDC6jbHvJZ1I1/U9rlGzRZt5Zy1/gELh/cLhgEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb20286d0.266230652315443565%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4853636%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63891fb1f1acc8.353769943381008235%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb20286d0.266230652315443565%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0490099501%22%7D; expires=Sat, 30 Nov 2024 21:42:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash ad5b91e42a045c8df71a9a9d4a1571f3
3eebc02e2c29a8c5ceaa1c5f32a51b9abdf78117
92cc1c4550d536acb74b3cf2c628de27bb5aab5527e791c12f907e1f45dd6364
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3409
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:10 GMT
Last-Modified: Thu, 01 Dec 2022 20:45:21 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 312
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669930928457&t_i=1669930928731&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=ec83faa2-810f-4f43-af23-c8c15a1dd6d9&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=022ae72e-71c1-11ed-a3c4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1669930928731&fpid=&feid_sa=1669930928731&sid_sa=1669930928731&feid=b6a8679885383e813f35fce69c3e26d5&sid=b57e58cd6b25718455286e2ebebe4eb9&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.479
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669930928457&t_i=1669930928731&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=ec83faa2-810f-4f43-af23-c8c15a1dd6d9&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=022ae72e-71c1-11ed-a3c4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1669930928731&fpid=&feid_sa=1669930928731&sid_sa=1669930928731&feid=b6a8679885383e813f35fce69c3e26d5&sid=b57e58cd6b25718455286e2ebebe4eb9&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.479
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669930928457&t_i=1669930928731&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=ec83faa2-810f-4f43-af23-c8c15a1dd6d9&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=022ae72e-71c1-11ed-a3c4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1669930928731&fpid=&feid_sa=1669930928731&sid_sa=1669930928731&feid=b6a8679885383e813f35fce69c3e26d5&sid=b57e58cd6b25718455286e2ebebe4eb9&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.479 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Length: 0
Connection: keep-alive
poweredby.jads.co/js/jads2.js
185.94.236.247200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.236.247:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:10 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash a73ddb6f413f7263baed5ab3f2476e29
44ae9e333e7d9eb83374fe020412a1cb429886e1
88aab5ab343673a5c0deae54df8b54b505878559af7d4eb916901d13e29f796e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 21:42:11 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 03:56:20 GMT
Expires: Wed, 07 Dec 2022 03:56:19 GMT
Etag: "44ae9e333e7d9eb83374fe020412a1cb429886e1"
Cache-Control: max-age=453847,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772efdbe39610b4d-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.249200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.249:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=2b56e0fe-41cc-435a-9d73-eb6c799e96a1; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYuAFD4Y0ZM2B06aMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:11 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 23196668
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b107f714ba105577ca480d2ced57e674
d55d44b2f2c7c7d323bc76a66f2636ecbf22c554
f47f0de727eb9315dfcbf6179c302213e9b7a3ef645c43dbefcef812a1480733
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3434
Cache-Control: max-age=119788
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:11 GMT
Etag: "63884335-118"
Expires: Sat, 03 Dec 2022 06:58:39 GMT
Last-Modified: Thu, 01 Dec 2022 06:01:25 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
img.strpst.com/thumbs/1669930081/90342407
104.18.63.132200 OK 32 kB URL HTTP/2 img.strpst.com/thumbs/1669930081/90342407
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 113e1ffe99ca8c0f44e4f8f540253c2c
bb59529596d074639cc946958f11f67734602c39
c370082b00e3b3cd47ec3306c1df7c30243e5c6eb4e70340afa0b06b42a17255
GET /thumbs/1669930081/90342407 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:11 GMT
content-type: image/jpeg
content-length: 31525
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: PUT, POST, GET, DELETE, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=33191, status=webp_bigger
etag: "b40d4452a5abf97797e881b2e0638972"
last-modified: Thu, 01 Dec 2022 21:27:33 GMT
cf-cache-status: HIT
age: 719
expires: Thu, 01 Dec 2022 21:43:11 GMT
cache-control: public, max-age=60
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efdbf8898b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b107f714ba105577ca480d2ced57e674
d55d44b2f2c7c7d323bc76a66f2636ecbf22c554
f47f0de727eb9315dfcbf6179c302213e9b7a3ef645c43dbefcef812a1480733
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3434
Cache-Control: max-age=119788
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:11 GMT
Etag: "63884335-118"
Expires: Sat, 03 Dec 2022 06:58:39 GMT
Last-Modified: Thu, 01 Dec 2022 06:01:25 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 183393cb0fc9e02f9e08b1f69d2c48d8
ab6b36b04bab8f20962d858f6c008d91737092b8
a7935aea418755ea1b1238449d8d633438fd95d2ece3b923b19516fe707e3389
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3262
Cache-Control: max-age=88995
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:11 GMT
Etag: "6387cb98-138"
Expires: Fri, 02 Dec 2022 22:25:26 GMT
Last-Modified: Wed, 30 Nov 2022 21:31:04 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 183393cb0fc9e02f9e08b1f69d2c48d8
ab6b36b04bab8f20962d858f6c008d91737092b8
a7935aea418755ea1b1238449d8d633438fd95d2ece3b923b19516fe707e3389
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3352
Cache-Control: max-age=89085
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:11 GMT
Etag: "6387cb98-138"
Expires: Fri, 02 Dec 2022 22:26:56 GMT
Last-Modified: Wed, 30 Nov 2022 21:31:04 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 183393cb0fc9e02f9e08b1f69d2c48d8
ab6b36b04bab8f20962d858f6c008d91737092b8
a7935aea418755ea1b1238449d8d633438fd95d2ece3b923b19516fe707e3389
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3262
Cache-Control: max-age=88995
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:11 GMT
Etag: "6387cb98-138"
Expires: Fri, 02 Dec 2022 22:25:26 GMT
Last-Modified: Wed, 30 Nov 2022 21:31:04 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 312
cams.gratis/banner/300x250.php?site=xfanta
172.64.107.26200 OK 12 kB URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.107.26:0
Hash 635b280457478cfb1a0404a56e884b32
6cd02f2dec701bf9f2f8749724960679c7084c6d
4271dbd8d392cf77b858adfe1e922e981c544884cf333d9dad856119f3113f59
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gcnvfy5QCrS1d%2FluFsMrIlYleVLBLs0MjlorHR9JEPoROgL%2BPQnGWa4LXfvzssRsZuRdrAuBekvyEbBm3e7FaLCiiVIhluS6wzF4DkobVnGGDfg9eV0bylg%2FKweFHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efdbb7bb3e68c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/stacimarierose.jpg?1669930920
104.19.241.83200 OK 11 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/stacimarierose.jpg?1669930920
IP 104.19.241.83:0
Hash 2e61c590c0847a4a6c92547bf77923ee
3feddc4e6fa5ab60463935615e49398e020ef849
ee26b0efecb2c88c90a9e5d892836257f237c55c0b2e29c6cc960b837b8b7cb2
GET /riw/stacimarierose.jpg?1669930920 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:11 GMT
content-type: image/jpeg
content-length: 11148
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=11154
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6
last-modified: Thu, 01 Dec 2022 21:42:05 GMT
expires: Thu, 01 Dec 2022 21:42:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OKfxskzwXp8LqqNVRLAfcMYmV2EInoRd2e43lelrJjrsSyL0oxtWgMDxV3Z2DSpMnMTKUfVcWq91s%2FmbWd1aBudeb8NYYQmjSa%2FvgB8J9BYyITrxZJtk5Ru3XywGV4XMtyUBbxSv5MoRli0V%2BjDgkss%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=iJtLzFaOPUwbkEDKzcpyi2YzAgmAfRWHsl71YKKA.Bs-1669930931299-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 772efdc088540b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/amandamedrano.jpg?1669930920
104.19.241.83200 OK 13 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/amandamedrano.jpg?1669930920
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 3203757da5df3fb1c6535a87d33d0fe8
7c2e76ed00eaeaf33307d67acaef02bad55d8814
eb2bd298978fb69924a121dc097504324df13c3b6410fd69b76be63ee95a80a8
GET /riw/amandamedrano.jpg?1669930920 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:11 GMT
content-type: image/jpeg
content-length: 13336
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 14
last-modified: Thu, 01 Dec 2022 21:41:57 GMT
expires: Thu, 01 Dec 2022 21:42:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2LqgWtHiB9zoAp43FbPadWRZ8Zbhc5xzTtY8u%2FwgGJMorj8HBinUkSOnXjGSStxPkudESitz8n5CtwBhCwxM4sy%2BYQNMF7%2FHs8cZ2F63XoZUJ5M8T%2B91CYo44K%2FWSQoMO%2Fz9u40%2BdD0uFT9onx8JVPM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=7cJ8cwQY2fXVe2gIYkXNFhWiyaljTOrIl0HCpmW9bHA-1669930931301-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 772efdc088730b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 183393cb0fc9e02f9e08b1f69d2c48d8
ab6b36b04bab8f20962d858f6c008d91737092b8
a7935aea418755ea1b1238449d8d633438fd95d2ece3b923b19516fe707e3389
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3262
Cache-Control: max-age=88995
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:11 GMT
Etag: "6387cb98-138"
Expires: Fri, 02 Dec 2022 22:25:26 GMT
Last-Modified: Wed, 30 Nov 2022 21:31:04 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
93.184.220.29200 OK 2.6 kB IP 93.184.220.29:0
Hash f457cb076e8862e62c9021337208fe97
134bbda7eadb5170a9c668e7d9856204cfe99677
8b7b5a4f27c22c8a58abef3cb26a19e4a3419a445ba3cc6344ef1b292f1b5742
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3171
Cache-Control: max-age=159107
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 21:42:11 GMT
Etag: "6388ddd3-139"
Expires: Sat, 03 Dec 2022 17:53:59 GMT
Last-Modified: Thu, 01 Dec 2022 17:01:07 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.130.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 21:42:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 3498
x-timer: S1669930932.513601,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 19 kB URL HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:0
Hash 78eedfa69dd85f3a58766a1beef46fa4
74c88bf19b9a2ae3424f73fad3ec1569d787aa8f
6e8d9ec727632b58c296551e606ac88712c09aa626e5d98476d3ec1eef61f548
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 21:42:11 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10563609
X-HW: 1669930931.dop221.sk1.t,1669930931.cds001.sk1.shn,1669930931.cds001.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 21:42:11 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10721591
X-HW: 1669930931.dop222.sk1.t,1669930931.cds255.sk1.shn,1669930931.dop222.sk1.t,1669930931.cds228.sk1.c
Access-Control-Allow-Origin: *
adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669930928457&t_i=1669930928731&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=90fa0bca-ce7f-4ddf-b4a5-b7981a653972&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=394ad11504189d8088da6ace14154d09&sid=ac951cb4b77e98d5bd17da490bdce19a&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%22022ae72e-71c1-11ed-a3c4-e25a5bb9767f%22%7D&t_op=1.459&cb=gl.cb.pv
185.98.53.29200 OK 65 B URL HTTP/1.1 adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669930928457&t_i=1669930928731&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=90fa0bca-ce7f-4ddf-b4a5-b7981a653972&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=394ad11504189d8088da6ace14154d09&sid=ac951cb4b77e98d5bd17da490bdce19a&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%22022ae72e-71c1-11ed-a3c4-e25a5bb9767f%22%7D&t_op=1.459&cb=gl.cb.pv
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 30a81e754a0718a345f1d19969e354aa
442b1140cd8fd863278ba70cf505c03cf0c02f72
9bdef5a8bd68a734e4b0835123f22202b64ee73109762ebaafb0180d8c0489ab
GET /t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669930928457&t_i=1669930928731&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=90fa0bca-ce7f-4ddf-b4a5-b7981a653972&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=394ad11504189d8088da6ace14154d09&sid=ac951cb4b77e98d5bd17da490bdce19a&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%22022ae72e-71c1-11ed-a3c4-e25a5bb9767f%22%7D&t_op=1.459&cb=gl.cb.pv HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 21:42:11 GMT
Content-Type: text/javascript
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=c74ecc12d4fe70603696837072ea7e20; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.adxadserv.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1129&ck=1&ref=https://chaturbate.com/tours/3/&ap=22&be=620&fe=889&dc=807&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669930928964,%22n%22:0,%22r%22:0,%22re%22:247,%22f%22:247,%22dn%22:247,%22dne%22:247,%22c%22:247,%22s%22:247,%22ce%22:247,%22rq%22:249,%22rp%22:445,%22rpe%22:445,%22dl%22:546,%22di%22:789,%22ds%22:806,%22de%22:812,%22dc%22:887,%22l%22:887,%22le%22:889%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=790&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFELUF9VA1UPWFpTVAFTDBh4Yy8TFUMhJTshCU0XAwlRHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE10AW1VcU1BbGAxUBVcUVQZVXU5fDgRcHFQDDFAHWwVVUVtRDRNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtQDQBUUwlXWwAGBl8bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQx8e&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1129&ck=1&ref=https://chaturbate.com/tours/3/&ap=22&be=620&fe=889&dc=807&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669930928964,%22n%22:0,%22r%22:0,%22re%22:247,%22f%22:247,%22dn%22:247,%22dne%22:247,%22c%22:247,%22s%22:247,%22ce%22:247,%22rq%22:249,%22rp%22:445,%22rpe%22:445,%22dl%22:546,%22di%22:789,%22ds%22:806,%22de%22:812,%22dc%22:887,%22l%22:887,%22le%22:889%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=790&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFELUF9VA1UPWFpTVAFTDBh4Yy8TFUMhJTshCU0XAwlRHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE10AW1VcU1BbGAxUBVcUVQZVXU5fDgRcHFQDDFAHWwVVUVtRDRNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtQDQBUUwlXWwAGBl8bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQx8e&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1129&ck=1&ref=https://chaturbate.com/tours/3/&ap=22&be=620&fe=889&dc=807&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669930928964,%22n%22:0,%22r%22:0,%22re%22:247,%22f%22:247,%22dn%22:247,%22dne%22:247,%22c%22:247,%22s%22:247,%22ce%22:247,%22rq%22:249,%22rp%22:445,%22rpe%22:445,%22dl%22:546,%22di%22:789,%22ds%22:806,%22de%22:812,%22dc%22:887,%22l%22:887,%22le%22:889%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=790&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFELUF9VA1UPWFpTVAFTDBh4Yy8TFUMhJTshCU0XAwlRHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE10AW1VcU1BbGAxUBVcUVQZVXU5fDgRcHFQDDFAHWwVVUVtRDRNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtQDQBUUwlXWwAGBl8bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQx8e&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 21:42:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 772efdc30d2ab4ed-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=c03c8a54adc1f5a2; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAgEHDBowYOXC0CJNDBo0WNMzgOIljBgwzLczYsFHDhhgZYjiGCSPiYZg6YzKaKXODTI4aMca0sGmmBsoxZGyMzHFjRoscB5HCsHEDR04aPSGSsbPQRg4bMh7CqSOGoowcH33CgbMQxw0aMx7OgTNRxwwcMADDfdhmb18aW5FSfTimDV0dNGTUyHHUJxkzC2XgeCjGjZvMgGPgqOFQRBs3GHXIqGpW7enUNGlUFFEnRkY0dOjAmaPjxYswLgzSQe1izJs2L86UofMixkbnJnH8oJOmTZkeDUvSyLFd8w0ZNrjU2Qg-DJ0xPSJPPiqevI0wcMT0MPKFCJkqTtDIuYI1yxE9NBQBxQ146BFGEkQQEQN1eijhRhNWwKHcT1g8gUUMX4QxQx0zkPGEFGLMcYURNdRRlQx24CFDHHpcYYcYXwjBhhtIMEFGFi0sccUNOSRRxxNHQAHjFFa48UYRT0BBxRxBDCHFHHi0cUUWdghBRhFLQBGEFjFgoYYMTXxxRhUISlFFGmHB0QZFD72hJpsikHFcRsC5YV4dcoTBBkF60oHGHG_gOUYZxbHBVlhjmLfQFjPE0IVacgSlAwwuPMcZZpNWOpscdjzW0EN11IGmDiLgVFMZL5WBUlJK4VVDGFeRUVULZYhhwxg85lDGWWHY9lAaj4mQQwwuwOVCZC40BNZDcnwBbEbDFkspssqGVQdPpDbxhh5psMFGGC_UUCkIKFyRhhty3jEHCE5QAYJzle4Agrlu2ECDvHjYKy-nDMEgLgwpgHBEGWOs8cYLMnz03EcgGJGGHGWY8QYezflbKaKSiuDEE2G90ewYGW8cFhsZF-FEWAfZ8QXEbFBUww1dzWADYDAwe8ZnqtVg10MpfyGGHHVtFmcZKrfxBhmg2TAbGXK8sVBeIryhEGSQTpzHQjQwG_Ftue3W228u2EkHnnryyYafgApK6BiGivFCWHdkFINmMISFhtwwmBTWHJxm1DQd5nncQh1upEFHCzPQ4AIZY8yNcsYHfcG44xatydBMlLmUg0uVy0AR5pvDEHoNM5Rm0Mpl7JVhXzGArjnnIhCdIRsI0TE1ozQ8CpEYfQ1txk9np0nyQjWLMEZqMPShQEA%3D&s=018775752596e85efc66d405987646ba42031c6810fcc1d64c10761a94af018c1669930930&w=t&r=1&d=538&priv=false
136.243.134.97200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAgEHDBowYOXC0CJNDBo0WNMzgOIljBgwzLczYsFHDhhgZYjiGCSPiYZg6YzKaKXODTI4aMca0sGmmBsoxZGyMzHFjRoscB5HCsHEDR04aPSGSsbPQRg4bMh7CqSOGoowcH33CgbMQxw0aMx7OgTNRxwwcMADDfdhmb18aW5FSfTimDV0dNGTUyHHUJxkzC2XgeCjGjZvMgGPgqOFQRBs3GHXIqGpW7enUNGlUFFEnRkY0dOjAmaPjxYswLgzSQe1izJs2L86UofMixkbnJnH8oJOmTZkeDUvSyLFd8w0ZNrjU2Qg-DJ0xPSJPPiqevI0wcMT0MPKFCJkqTtDIuYI1yxE9NBQBxQ146BFGEkQQEQN1eijhRhNWwKHcT1g8gUUMX4QxQx0zkPGEFGLMcYURNdRRlQx24CFDHHpcYYcYXwjBhhtIMEFGFi0sccUNOSRRxxNHQAHjFFa48UYRT0BBxRxBDCHFHHi0cUUWdghBRhFLQBGEFjFgoYYMTXxxRhUISlFFGmHB0QZFD72hJpsikHFcRsC5YV4dcoTBBkF60oHGHG_gOUYZxbHBVlhjmLfQFjPE0IVacgSlAwwuPMcZZpNWOpscdjzW0EN11IGmDiLgVFMZL5WBUlJK4VVDGFeRUVULZYhhwxg85lDGWWHY9lAaj4mQQwwuwOVCZC40BNZDcnwBbEbDFkspssqGVQdPpDbxhh5psMFGGC_UUCkIKFyRhhty3jEHCE5QAYJzle4Agrlu2ECDvHjYKy-nDMEgLgwpgHBEGWOs8cYLMnz03EcgGJGGHGWY8QYezflbKaKSiuDEE2G90ewYGW8cFhsZF-FEWAfZ8QXEbFBUww1dzWADYDAwe8ZnqtVg10MpfyGGHHVtFmcZKrfxBhmg2TAbGXK8sVBeIryhEGSQTpzHQjQwG_Ftue3W228u2EkHnnryyYafgApK6BiGivFCWHdkFINmMISFhtwwmBTWHJxm1DQd5nncQh1upEFHCzPQ4AIZY8yNcsYHfcG44xatydBMlLmUg0uVy0AR5pvDEHoNM5Rm0Mpl7JVhXzGArjnnIhCdIRsI0TE1ozQ8CpEYfQ1txk9np0nyQjWLMEZqMPShQEA%3D&s=018775752596e85efc66d405987646ba42031c6810fcc1d64c10761a94af018c1669930930&w=t&r=1&d=538&priv=false
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAgEHDBowYOXC0CJNDBo0WNMzgOIljBgwzLczYsFHDhhgZYjiGCSPiYZg6YzKaKXODTI4aMca0sGmmBsoxZGyMzHFjRoscB5HCsHEDR04aPSGSsbPQRg4bMh7CqSOGoowcH33CgbMQxw0aMx7OgTNRxwwcMADDfdhmb18aW5FSfTimDV0dNGTUyHHUJxkzC2XgeCjGjZvMgGPgqOFQRBs3GHXIqGpW7enUNGlUFFEnRkY0dOjAmaPjxYswLgzSQe1izJs2L86UofMixkbnJnH8oJOmTZkeDUvSyLFd8w0ZNrjU2Qg-DJ0xPSJPPiqevI0wcMT0MPKFCJkqTtDIuYI1yxE9NBQBxQ146BFGEkQQEQN1eijhRhNWwKHcT1g8gUUMX4QxQx0zkPGEFGLMcYURNdRRlQx24CFDHHpcYYcYXwjBhhtIMEFGFi0sccUNOSRRxxNHQAHjFFa48UYRT0BBxRxBDCHFHHi0cUUWdghBRhFLQBGEFjFgoYYMTXxxRhUISlFFGmHB0QZFD72hJpsikHFcRsC5YV4dcoTBBkF60oHGHG_gOUYZxbHBVlhjmLfQFjPE0IVacgSlAwwuPMcZZpNWOpscdjzW0EN11IGmDiLgVFMZL5WBUlJK4VVDGFeRUVULZYhhwxg85lDGWWHY9lAaj4mQQwwuwOVCZC40BNZDcnwBbEbDFkspssqGVQdPpDbxhh5psMFGGC_UUCkIKFyRhhty3jEHCE5QAYJzle4Agrlu2ECDvHjYKy-nDMEgLgwpgHBEGWOs8cYLMnz03EcgGJGGHGWY8QYezflbKaKSiuDEE2G90ewYGW8cFhsZF-FEWAfZ8QXEbFBUww1dzWADYDAwe8ZnqtVg10MpfyGGHHVtFmcZKrfxBhmg2TAbGXK8sVBeIryhEGSQTpzHQjQwG_Ftue3W228u2EkHnnryyYafgApK6BiGivFCWHdkFINmMISFhtwwmBTWHJxm1DQd5nncQh1upEFHCzPQ4AIZY8yNcsYHfcG44xatydBMlLmUg0uVy0AR5pvDEHoNM5Rm0Mpl7JVhXzGArjnnIhCdIRsI0TE1ozQ8CpEYfQ1txk9np0nyQjWLMEZqMPShQEA%3D&s=018775752596e85efc66d405987646ba42031c6810fcc1d64c10761a94af018c1669930930&w=t&r=1&d=538&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=2b56e0fe-41cc-435a-9d73-eb6c799e96a1; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYuAFD4Y0ZM2B06aMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:11 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 86ccba20424bf990eb3d3dedeecc1f70
f25c365e531305b99f2de451b5a5dccba12abf90
e72ebdf45378915e055ddbd27dba3f34bfcffed4c17d1cef451ec19b00d19a41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E72EBDF45378915E055DDBD27DBA3F34BFCFFED4C17D1CEF451EC19B00D19A41"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14980
Expires: Fri, 02 Dec 2022 01:51:52 GMT
Date: Thu, 01 Dec 2022 21:42:12 GMT
Connection: keep-alive
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1346&ck=1&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1346&ck=1&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1346&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1776
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 21:42:12 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 772efdc45e95b4ed-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
analitits.com/t/xfeid?cb=gl.cb.xf
31.220.24.19200 OK 65 B URL HTTP/1.1 analitits.com/t/xfeid?cb=gl.cb.xf
IP 31.220.24.19:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash ba017f654e1dac52ebaff97f95352aa0
16ad1583d151824fa5fca81430c57a52077b0158
0d067339d36778d3347446dea39cf6446ed6bdc888d1e870651bf517070828c4
GET /t/xfeid?cb=gl.cb.xf HTTP/1.1
Host: analitits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 01 Dec 2022 21:42:12 GMT
Content-Type: application/octet-stream
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=9cecaa7f46b98f5e61dd01b04b3154d4; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.analitits.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 8fc9abf03d1d459bb0daa8b68edb7e54
02efb7c701f5516d1ed8ce95739ecf018758b742
84ece66ccbf08c20f3fa95700c2789a2a7c3e531dfaf0b0c4df456b9ddb5ccb3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=112396
Date: Thu, 01 Dec 2022 21:42:12 GMT
Etag: "638830b4-1d7"
Expires: Sat, 03 Dec 2022 04:55:28 GMT
Last-Modified: Thu, 01 Dec 2022 04:42:28 GMT
Server: ECS (dcb/7FA3)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FoRH1hoTqmfXT4UFx79tmiej7Moy-8UH_zhJI1vs7gBhVdJkti9kQQ==
Age: 780
hw-cdn2.ang-content.com/a7/creatives/1/1322/814271/1028051/1028051_logo.png
205.185.208.20200 OK 5.2 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/1/1322/814271/1028051/1028051_logo.png
IP 205.185.208.20:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8c686ca5474e85aedbfb61135a124e0c
7338251777bf3441c6366d53ce21da8b95b70a55
40a6848d79dbaf3be2139d48a130c74cbd3858f36123f00686295441a4d86bc2
GET /a7/creatives/1/1322/814271/1028051/1028051_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 21:42:11 GMT
Connection: Keep-Alive
ETag: "1648748302"
Content-Length: 61941
Content-Type: image/png
Last-Modified: Thu, 31 Mar 2022 17:38:22 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10757791
X-HW: 1669930931.dop215.sk1.t,1669930931.cds231.sk1.shn,1669930931.dop215.sk1.t,1669930931.cds024.sk1.c
Access-Control-Allow-Origin: *
poweredby.jads.co/adshow.php?adzone=969388
185.94.236.247200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=969388
IP 185.94.236.247:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1332), with CRLF, LF line terminators
Hash 9872867085306b83fe86176cec8eaaba
1010193dbcad1c1d685fa5a6594dc227816b785e
b7500c3f66bbc8772240f3e7bcf0242407476f949ee679400b95a61d4be6e66c
GET /adshow.php?adzone=969388 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Dec 2022 21:42:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=41f70ba4fd6103c1d3d58e315ade80b3; expires=Fri, 01-Dec-2023 21:42:11 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sun, 04-Dec-2022 21:42:11 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 04-Dec-2022 21:42:11 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
i.jads.co/network/user1037/78-1639151702-0195345001639151702.jpg
69.16.175.42200 OK 75 kB URL HTTP/2 i.jads.co/network/user1037/78-1639151702-0195345001639151702.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 900x250, components 3\012- data
Hash ecd36c8fc2cee07a0b3396b8b21335cd
ca29134b764a3611fe752338b8f472d937cf5015
30bb6c8297b47fbcf0bed2eba60d37ad2e3099732eeeda2a7effd6be8d521bb1
GET /network/user1037/78-1639151702-0195345001639151702.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=41f70ba4fd6103c1d3d58e315ade80b3; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:12 GMT
etag: "1639151702"
cache-control: max-age=9756921
content-length: 74596
content-type: image/jpeg
last-modified: Fri, 10 Dec 2021 15:55:02 GMT
accept-ranges: bytes
x-hw: 1669930932.dop067.sk1.t,1669930932.cds240.sk1.hn,1669930932.cds250.sk1.c
X-Firefox-Spdy: h2
i.jads.co/1x1.gif
69.16.175.42200 OK 43 B IP 69.16.175.42:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=41f70ba4fd6103c1d3d58e315ade80b3; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:12 GMT
etag: "1457030838"
cache-control: max-age=17294334
content-length: 43
content-type: image/gif
last-modified: Thu, 03 Mar 2016 18:47:18 GMT
accept-ranges: bytes
x-hw: 1669930932.dop067.sk1.t,1669930932.cds240.sk1.hn,1669930932.cds217.sk1.c
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=TX1qQZiXbYqyS9eGBYc4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930925%3Ac%3A1%3Arn%3A137857918%3Arqn%3A1%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C148%2C593%2C0%2C353%2C0%2C%2C179%2C6%2C%2C%2C%2C1435%3Aco%3A0%3Ans%3A1669930922738%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930925%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930925%3Ac%3A1%3Arn%3A137857918%3Arqn%3A1%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C148%2C593%2C0%2C353%2C0%2C%2C179%2C6%2C%2C%2C%2C1435%3Aco%3A0%3Ans%3A1669930922738%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930925%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930925%3Ac%3A1%3Arn%3A137857918%3Arqn%3A1%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C148%2C593%2C0%2C353%2C0%2C%2C179%2C6%2C%2C%2C%2C1435%3Aco%3A0%3Ans%3A1669930922738%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930925%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1441%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214205%3Aet%3A1669930925%3Ac%3A1%3Arn%3A137857918%3Arqn%3A1%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C148%2C593%2C0%2C353%2C0%2C%2C179%2C6%2C%2C%2C%2C1435%3Aco%3A0%3Ans%3A1669930922738%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930925%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Thu, 01 Dec 2022 21:42:07 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=2252213441669930927; Path=/; SameSite=None; Secure
i=nxJJNQjEOS7a7kgbxfka1rRkKCLdgPh1es1RQB+7PabrXcikOb4qrg58l0gNXb80ma4ANuLM65SurTUsK0ej94tDBlw=; Expires=Sun, 28-Nov-2032 21:42:06 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=2996478611669930927; Expires=Fri, 01-Dec-2023 21:42:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=2996478611669930927; Expires=Fri, 01-Dec-2023 21:42:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1701466927.yc.1669930927#1701466927.yrts.1669930927#1701466927.yrtsi.1669930927; Expires=Fri, 01-Dec-2023 21:42:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:07 GMT
last-modified: Thu, 01-Dec-2022 21:42:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.108.13:0
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:08 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1410605
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BREGIz%2Fy72u7X4jHQBeAK9dpAe7d6xuzfD6hnZHBL8QBZ7f5ICNAWL3mtZmBaH%2B%2B9zs5LjgcC%2Fcg8OAfLSjM3VpWb2Ez8PH%2BOep8n8wSoH48ycshGd%2BTKx9e2sf7m%2FcHTHxL76MYl7u9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efdaf7ae5004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-704191492%3A1669930929284696&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuO-tJf-8368l-1KyIbQGAcoYzMDJgFkZHzZD6jDObKQ_wucY9KibfaS5HzftqYu_Yb5POnQQ
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-704191492%3A1669930929284696&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuO-tJf-8368l-1KyIbQGAcoYzMDJgFkZHzZD6jDObKQ_wucY9KibfaS5HzftqYu_Yb5POnQQ
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S-704191492%3A1669930929284696&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuO-tJf-8368l-1KyIbQGAcoYzMDJgFkZHzZD6jDObKQ_wucY9KibfaS5HzftqYu_Yb5POnQQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 21:42:09 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-W3yojORsr-KqlaLne5tNtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
104.18.100.40200 OK 0 B URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP 104.18.100.40:0
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=C8_6ymPJb4b3NK5Sgj_v1bBl.6nZjr4zip.qaAZJiXI-1669930930-0-ARTi7eJm/xuppIaXyat+0kali/NdlVJjtOuMLQtvZTEnma/RO4iLwxCravMqpfquuiTqEjh/+5yyddEsYghoUc8=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: stcki="iuhY4r=0"; expires=Sat, 31-Dec-2022 21:42:10 GMT; Max-Age=2592000; Path=/
affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Sat, 31-Dec-2022 21:42:10 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrda96806b-5edf-4d69-971e-5251e8a67bd4:1p0rJq:SSwIV0CnnD888ruxN2n_ngIAfgo; Domain=.chaturbate.com; expires=Tue, 26-Aug-2025 21:42:10 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 772efdbd69800b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 172.64.162.22:0
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"61c-1835015f17e"
last-modified: Sun, 18 Sep 2022 10:12:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3161869
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yYeSq8ptem9kk2pqTLUkaZ8WEl1hD1TZmHk7Ny55Wjgb%2B1gCYGuxguayRqquWZ7NWy6l%2BvpiPFDXczZwtUjVjfAJkYe2bww3cEs4lvDQwe1wKiUM%2FsgqwVhuR0mcNZY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c780374f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=bhPE-REFV_DS5seJ2wDSBDN3fVN7nwW_nZVyB_YBcsX5tjehpSlMoEgQWHrktzU1cD5idfin50WHFsfg5tDFSB4n81Zr4GgCGbPbgUICesMfg7H_6_eh_gUIDRUi
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=bhPE-REFV_DS5seJ2wDSBDN3fVN7nwW_nZVyB_YBcsX5tjehpSlMoEgQWHrktzU1cD5idfin50WHFsfg5tDFSB4n81Zr4GgCGbPbgUICesMfg7H_6_eh_gUIDRUi
IP 66.254.114.171:0
GET /get/10010248?time=1592494928726&atc=425995&apb=bhPE-REFV_DS5seJ2wDSBDN3fVN7nwW_nZVyB_YBcsX5tjehpSlMoEgQWHrktzU1cD5idfin50WHFsfg5tDFSB4n81Zr4GgCGbPbgUICesMfg7H_6_eh_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 01 Dec 2022 21:42:11 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KEmOJH7NgazUzddQrAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7041; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 63891FB3-42FE72AB01BB5C96-22444D8
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.162.22:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-183501656fb"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3161913
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uRIV6oa3oATZ7SQAfGcsOeq%2FzUpkj2ZEmFjcxDpitDmZmsFCqU2tjymq8C9PkSv%2FeZX4esov74GQXX8enRstQCQuzReqRgvXdJW6TWS4u8wdsUpEBrnxycm6Vm0ru3Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c7ffa74f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/video-slider.js
185.76.9.14200 OK 0 B URL HTTP/2 a.realsrv.com/video-slider.js
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
GET /video-slider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263891fb1f1acc8.353769943381008235%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263891fb20286d0.266230652315443565%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: application/javascript
etag: W/"bfe8e0d358572ef0cbb85c26f8a"
expires: Tue, 29 Nov 2022 13:18:12 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669933155
server: CDN77-Turbo
x-77-nzt: AblMCQ2Zi6z/fyEAAA
x-77-nzt-ray: c0a4cc2867d386c2b21f896380ed8e16
x-cache: HIT
x-age: 8575
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/img/close.svg
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/img/close.svg
IP 172.64.108.13:0
GET /sb/ssp/utility/social-media/facebook/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:08 GMT
content-type: image/svg+xml
last-modified: Thu, 11 Feb 2021 15:13:59 GMT
etag: W/"602549b7-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1410674
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WVOksp6be7JFmGqI5clwlncUdhijYIGlNK5tWYYZA%2FfPJ6HL6Nc4KwbSU7A8uEojb7PrQizPSyheVVVAZYkYCKbyEQKizxFrd8pZd6QzemLi7ig%2FaeCb%2F6pTeS1ouhXk%2F4AXEe1EziR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efdaefa6d004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5
78.46.97.249200 OK 0 B URL HTTP/2 tsyndicate.com/do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5
IP 78.46.97.249:0
ASN #24940 Hetzner Online GmbH
GET /do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.naturalhealthsource.club
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 4196abe5a5c69238
set-cookie: ts_uid=2b56e0fe-41cc-435a-9d73-eb6c799e96a1; expires=Thu, 01 Jun 2023 21:42:10 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYuAFD4Y0ZM2B06aMg; expires=Fri, 02 Dec 2022 21:42:10 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:06 GMT
content-type: application/javascript
last-modified: Sat, 22 Oct 2022 11:28:35 GMT
etag: W/"6353d3e3-1cfaf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 cb05e10ed4a973b87ff15498c30d269c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: oycx6I-_vsnZok9MO6Ni20WCCrU9g5wK2kLouWhMW0ptjlsKaiUEsg==
age: 3146548
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.162.22:0
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3161869
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9PhMGWuzE4aR2xWM3uf3eZdhoDhKGdDrcRZ3DRrbONDcURbja5hXr1Zse0RutBpZqC%2BSopfevsywLqm7ploU3x4eI7vrsx9J%2BeTmTeGHqeVyVKmdBgoV8bbal2ZNbh8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c7ff074f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.162.22:0
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-1835015f16a"
last-modified: Sun, 18 Sep 2022 10:12:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3161913
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C2DRJZG5l7TzmBf9u7H9fhnJ0x7%2Bwk6ICFvHG7EBzDaYQ2t1wBS%2FFVoXZL7XNuE4qQaYAQdYm9fFSxLKlrluXBArZ6ie2fyLLEfa3bJPbRQbbJ6wQyyH%2BWsM2pAvPb8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c7ff374f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 0 B URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP 172.64.162.22:0
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/620852c85a615f1d0cdf5e9b
Cookie: visitorId=qu33i37iuesn1qe2egpm8; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-1826d2b9f14"
last-modified: Fri, 05 Aug 2022 08:42:31 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 10241879
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jn1Y91FlXGzrOJK7r9bLBtOetYoDqnY3URTBgop4odN4EdWrlyhY2DtyJdbRPoCMRbzpax3A3ILTVilwe%2F%2FyFEXCoBLiaXTB6uHq0oLm1z5zsc3Ldnk%2BOP7C5AtyUWA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9c780474f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5605
last-modified: Thu, 01 Dec 2022 20:08:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nlyh%2FOWbm6ge7aTd4H0G1S83gD12CA4N3Njlo8x1H8yr1WhF4AiPOP%2FbKWZ%2BxiX9oPEyE4EZ%2Fk7PBWQXBnDGNflCYhokObkMP3UVJ3oF%2FQ%2FRoNNgHrebVFZAPNVBiQ83"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efdb4384c76c3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=TX1qQZiXbYqyS9eGBYc4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214207%3Aet%3A1669930927%3Ac%3A1%3Arn%3A823438010%3Arqn%3A8%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1669930922738%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930927%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214207%3Aet%3A1669930927%3Ac%3A1%3Arn%3A823438010%3Arqn%3A8%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1669930922738%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930927%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)ti(2)
IP 93.158.134.119:0
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214207%3Aet%3A1669930927%3Ac%3A1%3Arn%3A823438010%3Arqn%3A8%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1669930922738%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930927%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F620852c85a615f1d0cdf5e9b&charset=utf-8&hittoken=1669930927_1d9a752e809598253feaba138dd192b84f5cbea61c78f26a86f44f7ab425fa45&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A433927189741%3Ahid%3A544021822%3Az%3A0%3Ai%3A20221201214207%3Aet%3A1669930927%3Ac%3A1%3Arn%3A823438010%3Arqn%3A8%3Au%3A1669930925941979786%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1669930922738%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669930927%3At%3Aadult%20xxx%20video%2019%20Thefartbabes%20-%20Eat%20My%20Xmas%20Teddy%20Shit%20%2C%20on%20solo%20female%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29ti%282%29
date: Thu, 01 Dec 2022 21:42:08 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=297666281669930928; Path=/; SameSite=None; Secure
i=eZ0dcCJhJKjvnuVekcUbrsjxLqbnS2dRQeqPZXP547iBIpYuMkforDjwpIyGBX/EIs11knn+TBnDPF2NU4vXQg9Jpwk=; Expires=Sun, 28-Nov-2032 21:42:05 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=7878453741669930928; Expires=Fri, 01-Dec-2023 21:42:08 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7878453741669930928; Expires=Fri, 01-Dec-2023 21:42:08 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1701466928.yc.1669930928#1701466928.yrts.1669930928#1701466928.yrtsi.1669930928; Expires=Fri, 01-Dec-2023 21:42:08 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 21:42:08 GMT
last-modified: Thu, 01-Dec-2022 21:42:08 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.100.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.100.40:0
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Tue, 06-Dec-2022 21:42:10 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Sat, 31-Dec-2022 21:42:10 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Fri, 02-Dec-2022 03:42:10 GMT; Max-Age=21600; Path=/
stcki="iuhY4r=0"; expires=Sat, 31-Dec-2022 21:42:10 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrfcdb8a29-1de1-4850-aa84-63185f40a3c2:1p0rJq:lS9DePEMrLPCakCX0hz4KYTbI9I; Domain=.chaturbate.com; expires=Tue, 26-Aug-2025 21:42:10 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=C8_6ymPJb4b3NK5Sgj_v1bBl.6nZjr4zip.qaAZJiXI-1669930930-0-ARTi7eJm/xuppIaXyat+0kali/NdlVJjtOuMLQtvZTEnma/RO4iLwxCravMqpfquuiTqEjh/+5yyddEsYghoUc8=; path=/; expires=Thu, 01-Dec-22 22:12:10 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 772efdbc481b0b55-OSL
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.94.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:11 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 1296888
expires: Sat, 31 Dec 2022 21:42:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJCagj0KbVfg4z%2Fp3DeZKSZII9xZYrDWpZHDwyMiLxqaL%2BaHs99ykT9rZ7KwRbYS6kwoiB9Vv68o5qWkzhJOSmBqXAzoubFcM4b4gpDpGsTRxqiRBfnvHEGyYTxTGX5nBrQGKq4OB2M2%2FoTe5SYM1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=QciWmxCa3BUsQyc1i.BPrmArXzyN63JWiQ0NASOQfgc-1669930931252-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 772efdc04a46b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/video/620852c85a615f1d0cdf5e9b
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/video/620852c85a615f1d0cdf5e9b
IP 172.64.162.22:0
GET /video/620852c85a615f1d0cdf5e9b HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:05 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=qu33i37iuesn1qe2egpm8; Domain=xfantazy.com; Path=/; Expires=Wed, 01 Dec 2032 21:42:04 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Thu, 08 Dec 2022 21:42:04 GMT
experiment-save-to-button-2=0; Path=/; Expires=Thu, 08 Dec 2022 21:42:04 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4i1EkbK5I%2FSI2Y3OymDHFGKxXhflv19ZF9ewxMMxXgFfs%2BS33cSegqKOTM6TVuvUXOi8J4WbGi55e8cie1vQvOxqnQlRckyJQcN8tle7K1v9bAUXr31UE6qohAqBT8k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772efd9848d874f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
IP 172.64.108.13:0
GET /sb/ssp/utility/social-media/facebook/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:08 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1410634
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0THSkn%2Fd0nFZJmndfiliBwvrsgeTlUsuexkrT7FW01zq3CkDrk177h24BMgwMnsXFipNUu7lthxmbJ%2BDMNajkG%2F4GhgU8TpVbEH2q64IwiA5BX2AuB5Y4p6qYhktv8wRuyFQmStknEIl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772efdaefa65004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=TX1qQZiXbYqyS9eGBYc4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 21:42:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:08 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 01 Dec 2022 22:42:08 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.19200 OK 0 B URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:10 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1670929819
server: CDN77-Turbo
x-77-nzt: AblMCQ218OD/F5QAAA
x-77-nzt-ray: c0a4cc2890dbf7c6b21f8963db93770d
x-cache: HIT
x-age: 37911
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
IP 104.16.94.42:0
GET /CACHE/css/output.ef7436bc2788.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 21:42:11 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29618
etag: W/"ade681e2fa92be6f93f43294ddc58941"
last-modified: Thu, 17 Nov 2022 16:34:23 GMT
x-amz-id-2: azvjfLhsZQz0cag4muV1nCoqw4kMQf5PSauhF7VXnYrO6hWxTMgQHmT8X4/+31fVT28kfu+Uu6Q=
x-amz-meta-s3cmd-attrs: md5:ade681e2fa92be6f93f43294ddc58941
x-amz-request-id: X33R15MJ639RYB32
cf-cache-status: HIT
age: 1227937
expires: Sat, 31 Dec 2022 21:42:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sW35cYY78cax1O5iYTYnCFSaze1LN7NkdAyvbDcyznXJCAy0VImS6VuTJgodBvPCCpTpk5NKQQjCwT6SxrMQ3hlTyG40N2o83FyO9r6n%2BTkK1z42b6AEAZlgcWJEJ3TP7N%2F73wVPGoIVoSOxiisE0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=RQyS2bFKW4yuTpZ4ncACRsNav2wBBk3zvl.530hKa10-1669930931266-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 772efdc05a5cb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2