firefox.settings.services.mozilla.com/v1/
18.165.201.80200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.165.201.80:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 21:05:15 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4c3c0be12954d0bfb5e695119bb76338.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: eBk2wwJMyXO6fMBMUOSe5nv05DNieIEFNo4dG7hGHvLi1PrdiJWlJg==
Age: 2569
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9225
Expires: Sat, 24 Sep 2022 00:21:49 GMT
Date: Fri, 23 Sep 2022 21:48:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
108.156.28.95200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 108.156.28.95:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: -tqQspaHv-lXuxF9kVCU0Qsd3uNetNp-QUH_hlqF4ZW42aSUg1k0iA==
age: 63302
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.165.201.80200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.165.201.80:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Fri, 23 Sep 2022 21:33:00 GMT
Expires: Fri, 23 Sep 2022 21:34:05 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 398a51ec785027c0cfb5003d3a46ab0a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: dGZttU1hv72rhBzmfW8ZKI_5n9PbNyHfDEp3TstJk1_nopV8kGxEgQ==
Age: 905
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f714931cf870bfa33815fd259b7246fd
38e411ef8ca1b31ead8415ee5f21d98bd9653a86
897675130112daff8bdf6fa25b56faa4b9fdb367daca2b2645ed65c83a2e423f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5384
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:05 GMT
Last-Modified: Fri, 23 Sep 2022 20:18:22 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.27.12.161101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.27.12.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nY90N0T4CfYvBpQQpWXQxw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: o/uPCuYVoolylANQWCa3dwPZF5o=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5740
Expires: Fri, 23 Sep 2022 23:23:46 GMT
Date: Fri, 23 Sep 2022 21:48:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5740
Expires: Fri, 23 Sep 2022 23:23:46 GMT
Date: Fri, 23 Sep 2022 21:48:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5740
Expires: Fri, 23 Sep 2022 23:23:46 GMT
Date: Fri, 23 Sep 2022 21:48:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:48:22 GMT
age: 86384
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b318ea5c36d2b22b925f7dfe382df5f
0264e73c4cfff0bb255757c7e1c760a5ad3ece80
0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:26 GMT
age: 85000
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f10a12719b387d176497669ba75f0acc
16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 92Pj9IQp3mBJQOW-XuHSK8laPqXOSBOmNbYcm4hSFzc1xqYscQKxMA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:48 GMT
age: 84978
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7606ff88f05062b66970d9805f38987a
d47db5fcd83023b4a8de40a47d4510e183de387a
20f89dd859e5715e27c289040fac6a121248e5b6c06da0a7f186984ffb029eb2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8497
x-amzn-requestid: 8543ac70-48ab-4523-856f-5d5fa1191c97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yin-pEryoAMFTfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324205d-660bba3f655f940d143bc437;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:06:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e9KUFhjuFMzjuh37rFiNKaMNVaGZwPGBkLrv0zgfSTT7dCIuWj4G9Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:27 GMT
age: 84999
etag: "d47db5fcd83023b4a8de40a47d4510e183de387a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56968ed0-3207-4af0-8229-5f3698c6c55f.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56968ed0-3207-4af0-8229-5f3698c6c55f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 61059307f07edc4e2ba9d07a258bca43
370d166426ad83fc04ccb6e300238d8cb6ab644a
55ec802097ab49f275686e99844ff4a3b554c8998213bb9c3f0380709297c55b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56968ed0-3207-4af0-8229-5f3698c6c55f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5936
x-amzn-requestid: 39e79389-c158-4427-aae0-b1d0dc1d0377
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VowElZoAMF2Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfd1-2da28eb66f876af76158b090;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -DSp0__jaBzizsfagTtIpwhkPqkvjS1L6T17J0OS5W0QhZww03ywpw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:29 GMT
age: 84997
etag: "370d166426ad83fc04ccb6e300238d8cb6ab644a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b877ead4a15221fdd278ef27f281a7ec
48c10714503e8dfdd3e3c3d39b919ef2792f0d15
f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gWZNsIn_FEbYwMeR1JArmPEgyuHEGgWsfb-wB6P_NrmoHhNgvGWoPw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:07:28 GMT
age: 85238
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1e6c9be31449287ca2725eb224a39e88
c65a22026855d7f48e9e735e19c34470e4487066
b6d0504176ab904be26a92b03910531c3a99a30a542d45a1f4865a5166256096
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:07 GMT
Last-Modified: Fri, 23 Sep 2022 21:41:34 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1e6c9be31449287ca2725eb224a39e88
c65a22026855d7f48e9e735e19c34470e4487066
b6d0504176ab904be26a92b03910531c3a99a30a542d45a1f4865a5166256096
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:07 GMT
Last-Modified: Fri, 23 Sep 2022 21:41:34 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1e6c9be31449287ca2725eb224a39e88
c65a22026855d7f48e9e735e19c34470e4487066
b6d0504176ab904be26a92b03910531c3a99a30a542d45a1f4865a5166256096
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4671
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:07 GMT
Last-Modified: Fri, 23 Sep 2022 20:30:16 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1e6c9be31449287ca2725eb224a39e88
c65a22026855d7f48e9e735e19c34470e4487066
b6d0504176ab904be26a92b03910531c3a99a30a542d45a1f4865a5166256096
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:07 GMT
Last-Modified: Fri, 23 Sep 2022 21:41:34 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f81d321c15c87e7147d792d08ebb7513
47f30d4ca38e6753a393965219321b0394ebb597
390ae5f5435d3f8c8b7f1fa8d7e2a3ebf55ea5dbe98aa3528dd562df4c295753
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
216.58.207.202200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
IP 216.58.207.202:0
File type ASCII text, with very long lines (32025)
Hash 83b3b5729cdff3976db52c51831e96b8
d23dc823e37f58e5366340be755730f3fa9a850d
675fa88b39008a09994460a93b310a7d4593735009a9b24b6f176c347ad12421
GET /ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29725
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 06:17:19 GMT
expires: Fri, 22 Sep 2023 06:17:19 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 142248
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.tubecorp.com/b/loader.js?v=3
45.133.44.24200 OK 831 B URL HTTP/1.1 cdn.tubecorp.com/b/loader.js?v=3
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (1745), with no line terminators
Hash 8143f2c692706afd858455911eb34152
0e9051df8fcf7a51281db01a28185679f5c32c81
03959f368154cb76dbd9d598d9a7efde0005a1f5fb62d5cd60d6e874bbb7abce
GET /b/loader.js?v=3 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Wed, 14 Oct 2020 08:55:58 GMT
ETag: W/"5f86bd1e-6d1"
Cache-Control: max-age=3600
X-Request-ID: c0e6e05964784853ea736c38cff5dcf6
Content-Encoding: gzip
Expires: Fri, 23 Sep 2022 22:48:07 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211200 OK 3.3 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
File type C source, ASCII text, with very long lines (7675)
Hash 994ce2eb3c88a9c1025564da2a49a681
8f8e617b60e5626becb9bd5e4edd5461ccf4279e
8927431d37a4d03469c7d618a05ac02c7149c988766fb34667f06f1310a2246e
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 09:36:46 GMT
Content-Type: application/javascript
Content-Length: 3253
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 389481
Accept-Ranges: bytes
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c874c863e2e5d4f6ed1e77d82d4fa8ac
7f161c50621be6c2c546299df9e7255f59cd1fac
7ad1d23402de4278d8428714d1e98fc1b2b463c748659c7b9b806ca32e04a3d2
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 20:27:04 GMT
Expires: Fri, 30 Sep 2022 20:27:03 GMT
Etag: "7f161c50621be6c2c546299df9e7255f59cd1fac"
Cache-Control: max-age=599335,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f67b941ac11c16-OSL
www.googletagmanager.com/gtag/js?id=UA-98275526-8
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-98275526-8
IP 142.250.74.72:0
File type ASCII text, with very long lines (1720)
Hash 11a2d01e70f6ea41c4938f3180d94fa4
df1f308113355fb01186779fb0adfe712cada4d2
b62d16d5b3f30c8f8c4000f7e2be40d4a5d894eb02b87cf551859c78d6bb1ffc
GET /gtag/js?id=UA-98275526-8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 23 Sep 2022 21:48:07 GMT
expires: Fri, 23 Sep 2022 21:48:07 GMT
cache-control: private, max-age=900
last-modified: Fri, 23 Sep 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
poweredby.jads.co/js/jads.js
185.94.236.246301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 23 Sep 2022 21:48:07 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1e6c9be31449287ca2725eb224a39e88
c65a22026855d7f48e9e735e19c34470e4487066
b6d0504176ab904be26a92b03910531c3a99a30a542d45a1f4865a5166256096
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:07 GMT
Last-Modified: Fri, 23 Sep 2022 21:41:34 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f81d321c15c87e7147d792d08ebb7513
47f30d4ca38e6753a393965219321b0394ebb597
390ae5f5435d3f8c8b7f1fa8d7e2a3ebf55ea5dbe98aa3528dd562df4c295753
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
poweredby.jads.co/js/jads2.js
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.236.246:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:07 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 14:52:00 GMT
expires: Thu, 21 Sep 2023 14:52:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 197768
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 180840
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
youvu.pornfollett.gigixo.com/api2/2b24d434ea.php
51.79.221.186200 OK 1.4 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/api2/2b24d434ea.php
IP 51.79.221.186:0
File type ASCII text, with very long lines (9776), with no line terminators
Hash bcdf724c3447cce902cf96ef2671f39a
001ee82adddec73ce4e3516941d372662bdb4afa
a68bd75a4d74ab48edd02b46edbfb7846f867f823281eccdd4c8006fd88ca53f
GET /api2/2b24d434ea.php HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:30 GMT
Content-Type: application/javascript
Content-Length: 1394
Connection: keep-alive
X-Powered-By: PHP/7.4.23
Vary: Accept-Encoding
Content-Encoding: gzip
X-Backend: core3
X-Backend2: core3
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 389482
wideeyedlady.pro/cXDt9.6KbM2U5DliScWyQs9/NlDWI/2kNoz-MD4ENogF
188.72.219.36301 Moved Permanently 162 B URL HTTP/1.1 wideeyedlady.pro/cXDt9.6KbM2U5DliScWyQs9/NlDWI/2kNoz-MD4ENogF
IP 188.72.219.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /cXDt9.6KbM2U5DliScWyQs9/NlDWI/2kNoz-MD4ENogF HTTP/1.1
Host: wideeyedlady.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://wideeyedlady.pro/cXDt9.6KbM2U5DliScWyQs9/NlDWI/2kNoz-MD4ENogF
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
cdn.tubecorp.com/i/b.html?spot=1929&src=353082707&pid=17794&width=160&height=600&spaceid=1010
45.133.44.24200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=1929&src=353082707&pid=17794&width=160&height=600&spaceid=1010
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=1929&src=353082707&pid=17794&width=160&height=600&spaceid=1010 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d02c9e77"
X-Request-ID: 1e320ae09b4cb8739149d6ae0f00b249
Content-Encoding: gzip
Expires: Fri, 23 Sep 2022 22:48:08 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 389482
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 389482
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36301 Moved Permanently 162 B URL HTTP/1.1 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
188.72.219.36301 Moved Permanently 162 B URL HTTP/1.1 biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
IP 188.72.219.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
104.18.11.207200 OK 18 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
IP 104.18.11.207:0
File type Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Hash 448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
GET /bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:08 GMT
content-type: font/woff2
content-length: 18028
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "448c34a56d699c29117adc64c43affeb"
last-modified: Mon, 25 Jan 2021 22:04:28 GMT
cdn-cachedat: 08/20/2022 05:24:48
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 864
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 19feb746890d945e938aa4be398b257d
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74f67b979c2cfac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.43.25200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4160)
Hash 6b74e813d4d919e3eb5d04f9b3513c29
602d867f617d82bf84725b3865c81ae955f8c37c
fe66f0e50728a115936a5a90b0ee9f172888fc35d5d87c161bcbcb40e8f1f307
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: bbe4e8435d84cf21
Set-Cookie: ts_uid=5f772159-b294-4ac9-ba7a-9b86bcce356c; expires=Thu, 23 Mar 2023 21:48:08 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YYNmzAsHGDRhcWIsYUPPhQRJmJCG3QgFFDIQ4cXfoo; expires=Sat, 24 Sep 2022 21:48:08 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5205655&keywords=&maincat=
217.22.19.194200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5205655&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1364), with no line terminators
Hash ec5732b43f89d2231674ce8392635ea9
421d3d689107100ae6f8a89c23f17934e994952c
3bd6697768be66aeb1af9b9326808f4b69270602b5c27c2e10999c6de8edbbc6
GET /banner.go?spaceid=5205655&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1364
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914544a1c0c07000a4a070b094b054b1705310e5c170c5221492230012a282c00371d492d254b5454544b5055554b57515d4b5251543b555454544a0e1403
51.79.221.186200 167 B URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914544a1c0c07000a4a070b094b054b1705310e5c170c5221492230012a282c00371d492d254b5454544b5055554b57515d4b5251543b555454544a0e1403
IP 51.79.221.186:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914544a1c0c07000a4a070b094b054b1705310e5c170c5221492230012a282c00371d492d254b5454544b5055554b57515d4b5251543b555454544a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
cdn.tubecorp.com/b/tcbanner.js?v=9
45.133.44.24200 OK 18 kB URL HTTP/1.1 cdn.tubecorp.com/b/tcbanner.js?v=9
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (50685), with no line terminators
Hash cdf1ca2de3be908c01fc475c284bd396
41d93ac6b9d836e4ee2317d00b977bc4edd6a294
14b531a858232cd186a0a4c7070ddde07e950a8e7adf0940835f6adf86600590
GET /b/tcbanner.js?v=9 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:35 GMT
ETag: W/"61989abb-c604"
Cache-Control: max-age=3600
X-Request-ID: eb03ce2295c7cf6145769d1f48d5ab66
Content-Encoding: gzip
Expires: Fri, 23 Sep 2022 22:48:08 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
cdn.tubecorp.com/b/tcbanner.js?v=21
45.133.44.24200 OK 18 kB URL HTTP/1.1 cdn.tubecorp.com/b/tcbanner.js?v=21
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (50685), with no line terminators
Hash cdf1ca2de3be908c01fc475c284bd396
41d93ac6b9d836e4ee2317d00b977bc4edd6a294
14b531a858232cd186a0a4c7070ddde07e950a8e7adf0940835f6adf86600590
GET /b/tcbanner.js?v=21 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.tubecorp.com/i/b.html?spot=1929&src=353082707&pid=17794&width=160&height=600&spaceid=1010
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:35 GMT
ETag: W/"61989abb-c604"
Cache-Control: max-age=3600
X-Request-ID: eb03ce2295c7cf6145769d1f48d5ab66
Content-Encoding: gzip
Expires: Fri, 23 Sep 2022 22:48:08 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 674 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (674), with no line terminators
Hash bc58553cfaa054522193309d76801afb
2ee5e96ca9f7b8bbefca4a970f24dffcac6963c6
5cfcf4564cfff7d630144aa90206762d2ccdde0d0feea64d3181df3c56263d9b
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 674
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
maxcdn.bootstrapcdn.com/bootswatch/3.3.7/sandstone/bootstrap.min.css
104.18.11.207200 OK 22 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootswatch/3.3.7/sandstone/bootstrap.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (65156)
Hash 0110d218942af27abc469d598f3d0a4a
f3bcfc01b759bcd313d3c4842cbc8f063643dbcc
555953d2bb082796a44936995f2f37307b55bf0ce70e76e39e432ff66a93a3f6
GET /bootswatch/3.3.7/sandstone/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:07 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"193a9c738b1f86bbb65f69ffa04f3bd8"
last-modified: Mon, 25 Jan 2021 22:04:28 GMT
cdn-cachedat: 08/20/2022 09:02:21
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 39062ae27ac66e6f0fd619705db7428e
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74f67b9409cefac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
104.18.11.207200 OK 6.8 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (27303)
Hash 4f4b3d741beaab004d75f877ea1fc006
b12a95e64c33ffc108614d7ff5e95ab0f48253e0
47ec69db6bfc2e99c06822e1aca51089d1199752b0f17e8f5250dc0070ed2ddf
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:07 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"4fbd15cb6047af93373f4f895639c8bf"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 08/20/2022 02:39:36
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 632
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: da9b25322ccde813e32cedc33103deaf
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74f67b93f9c3fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.43.25200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4204)
Hash 3c447e3e67d55ca84e9a7bf86cccccc5
9a0cd2b84bd34f3e9141063bc1c7a28738ffcd24
7cd8d71fc9c32626ec9a64323e483a845b2a5bd91e4c8b91359c10bd61a0ebb8
GET /iframes2/663422ed4341433597d6546506d00321.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 76732f06b729172d
Set-Cookie: ts_uid=d4bf6267-24dd-42a0-aca5-aa66a6b9d431; expires=Thu, 23 Mar 2023 21:48:08 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 662 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (662), with no line terminators
Hash 297489c5d676b7a590a64b0af2b2f79b
e635ab45d7be69995c7863525ab67061841f20d8
a1e44e38ad99c86941b2c46e31c48443b3879863818e5f78da987f7c4ec31621
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 662
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.43.25200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: f33fbf4ba4f86a6e
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211200 OK 2.8 kB URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Tue, 08 Mar 2022 10:11:03 GMT
Content-Type: application/javascript
Content-Length: 2808
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235425
Accept-Ranges: bytes
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.43.25200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 4299266d54ba1275
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=pkBtYJAR1zNvl6Mwy9LXX4VW8j8eAUN7MiN0ke--ls5Ftl4Kv-8LdefqBjLfuV9I_VlLItjp-XH3iDLIGL_B2veSs3VMNMdcBpoG-uU_gUIDRUi&p1=3844273
104.18.42.40301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=pkBtYJAR1zNvl6Mwy9LXX4VW8j8eAUN7MiN0ke--ls5Ftl4Kv-8LdefqBjLfuV9I_VlLItjp-XH3iDLIGL_B2veSs3VMNMdcBpoG-uU_gUIDRUi&p1=3844273
IP 104.18.42.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=pkBtYJAR1zNvl6Mwy9LXX4VW8j8eAUN7MiN0ke--ls5Ftl4Kv-8LdefqBjLfuV9I_VlLItjp-XH3iDLIGL_B2veSs3VMNMdcBpoG-uU_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 21:48:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Sep 2022 22:48:08 GMT
Location: https://go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=pkBtYJAR1zNvl6Mwy9LXX4VW8j8eAUN7MiN0ke--ls5Ftl4Kv-8LdefqBjLfuV9I_VlLItjp-XH3iDLIGL_B2veSs3VMNMdcBpoG-uU_gUIDRUi&p1=3844273
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67b9a0a3cb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 674 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (674), with no line terminators
Hash bc58553cfaa054522193309d76801afb
2ee5e96ca9f7b8bbefca4a970f24dffcac6963c6
5cfcf4564cfff7d630144aa90206762d2ccdde0d0feea64d3181df3c56263d9b
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 674
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235425
tsyndicate.com/iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.43.25200 OK 2.8 kB URL HTTP/1.1 tsyndicate.com/iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4476)
Hash f5433b1a3c6563938e15e6e9eb99ee01
ef1d529a3ad239ef43561614ed9194ab361c71a3
a427311ed22b74d3af187c39aa06709381ccb28d3c68e14cec93368376b3701b
GET /iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 606ba079f0f5c67e
Set-Cookie: ts_uid=0493ecee-58bd-4299-a78d-6ec6e7742192; expires=Thu, 23 Mar 2023 21:48:08 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YYNmzAsHEjRhcWIsYUPPhQRJmJCG3QgFFDIQ4cXfoo; expires=Sat, 24 Sep 2022 21:48:08 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
static.eabids.com/data/bannerpools/94553/23583.gif
217.22.19.195200 OK 22 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/23583.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 120 x 600\012- data
Hash 3fae52bda7f67c5e6041fdb7f308eee0
ffa0ac823f79c854ba96342900a858ddbad670ab
fa3937016d2968c241f76ba60acb9daf97dd445de6caa6d67e9314f17d77671c
GET /data/bannerpools/94553/23583.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: image/gif
Content-Length: 21811
Last-Modified: Thu, 28 Apr 2022 14:45:41 GMT
Connection: keep-alive
ETag: "626aa895-5533"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
217.22.19.194200 OK 679 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (679), with no line terminators
Hash 08463e5606879289ba13ddd8e113bfbf
86cfe4dbcfa347e33bd4f43e30487ebbffe31825
8496c6ceb0edb3a226cc7c409e12abc5cc362668bfa92de92bf1c01d480ad07b
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 679
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26980), with no line terminators
Hash cc7e17ee40fbb399b010efc385a976f3
05372eebb028d23582c0e3d09363ad1b37c032d8
39eada6e1a816d9c3951a53a2da04020319b0a658eba10cde1711e5a0cee4ff5
GET /3cb5727a16a2f566d5a822edf1d58427/invoke.js HTTP/1.1
Host: www.effectivedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4f35d565999d1ef2b87301de9954824e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36200 OK 5.3 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type ASCII text, with very long lines (2401)
Hash f2c3f6afd63821f92e52ee59987f718e
6ea3a34e2076e013880ed173b8d42faeb383eb5a
8ef0644007bf0696abf41c39b6df0e13f327d1ed0bb7d18ad60e675464b3f647
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:08 GMT
content-type: application/javascript
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b07084a140c0a07000a4a070b094b140d07174b0508061109174b5456504b5d5c5c4b5252554b5755555c55535c54554b4c0959062f500c000505010705054d4c090c5923360c21051256102d0237252b4909364d0b160d030d0a05083b5755555c55535c54554a0e1403
51.79.221.186200 49 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b07084a140c0a07000a4a070b094b140d07174b0508061109174b5456504b5d5c5c4b5252554b5755555c55535c54554b4c0959062f500c000505010705054d4c090c5923360c21051256102d0237252b4909364d0b160d030d0a05083b5755555c55535c54554a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 575x323, components 3\012- data
Hash 07c3f329063d965bb9fcee224c061b5c
accf65ccdd115849db8a4349b6e6e9926f941146
ed22c802ffb2208c86fa339cc2038fd4f584abd878f7ae9379530c0bc153c751
GET /viewImage3?data=0c101014175e4b4b07084a140c0a07000a4a070b094b140d07174b0508061109174b5456504b5d5c5c4b5252554b5755555c55535c54554b4c0959062f500c000505010705054d4c090c5923360c21051256102d0237252b4909364d0b160d030d0a05083b5755555c55535c54554a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:30 GMT
Content-Length: 48781
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
youvu.pornfollett.gigixo.com/s3/ad_wc1_v_01/3151.jpg
51.79.221.186200 OK 22 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/s3/ad_wc1_v_01/3151.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x450, components 3\012- data
Hash f754b7d1da2cbfa57ca908cbb10d92c0
93c51083d7cbfc6ff6aac7f649f4cbef8cf217eb
3cbaa1cec5b11ccbcbaee8e474798d5017ab734a45bfc4512b663e47f05c6a16
GET /s3/ad_wc1_v_01/3151.jpg HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:30 GMT
Content-Type: image/jpeg
Content-Length: 21902
Connection: keep-alive
Last-Modified: Fri, 02 Apr 2021 18:05:58 GMT
ETag: "60675d06-558e"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c7Zt2otrvit7xMsp%2BUwKOw2%2BA02o1fYhMnoiohGiyUFAttuhsMgmN9GCnuQUptSE%2FqNfYO1gfH4hKI7OkQYiwGoM83goPG8lxyigao3enVkFXWVZ4jP7QI88l%2Fz0drU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74f67b956be11908-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235425
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2da89ec046234c47a5e6ff1a9def7d1c
23b65cbf4e1f056e4d2621b307ed8df5a5e546c0
7961c0a6323204035971611044f6480ede6d347f8809b767761138303a78506e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5314
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:08 GMT
Last-Modified: Fri, 23 Sep 2022 20:19:34 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235425
wideeyedlady.pro/cXDt9.6KbM2U5DliScWyQs9/NlDWI/2kNoz-MD4ENogF
188.72.219.36200 OK 15 kB URL HTTP/2 wideeyedlady.pro/cXDt9.6KbM2U5DliScWyQs9/NlDWI/2kNoz-MD4ENogF
IP 188.72.219.36:0
File type Unicode text, UTF-8 text, with very long lines (5600)
Hash 2620dc781ef143d5c5d0becbe897e5f3
8445e324dc25a7a7bfae5b25e6e4fd5c208bd65f
0aa6d5ad8aa090eb789a4243081da98614cb115d29464c713c807821fbb1b671
GET /cXDt9.6KbM2U5DliScWyQs9/NlDWI/2kNoz-MD4ENogF HTTP/1.1
Host: wideeyedlady.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:08 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
last-modified: Fri, 23 Sep 2022 21:48:08 GMT
access-control-allow-credentials: true
set-cookie: kadSlcJ=eyJ0aW1lU3RhbXAiOjE2NjM5Njk2ODgsInpvbmVzIjp7IjQyNjczODYiOls0MjY3Mzg2LDEsMTY2Mzk2OTY4OF19fQ==; max-age=1695505688; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1
217.22.19.196200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1
IP 217.22.19.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-243
Content-Encoding: gzip
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|113814|no|1|40694670|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1
217.22.19.196200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|113814|no|1|40694670|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1
IP 217.22.19.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|113814|no|1|40694670|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-242
Content-Encoding: gzip
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|7017784|no|1|40694670|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1
217.22.19.196200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|7017784|no|1|40694670|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1
IP 217.22.19.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|7017784|no|1|40694670|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-240
Content-Encoding: gzip
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1
217.22.19.196200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1
IP 217.22.19.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-247
Content-Encoding: gzip
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=M7gcMXPRDXfgSO__wbu-9Q6GNqcGSwIfXU3ioJ9fiH5yQFVI3ZNHANndffWYTCCciluCUIjny-H87wkFnrl6H_bSdmS3QOps-gmjfv4_gUIDRUi&p1=3844240
104.18.42.40301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=M7gcMXPRDXfgSO__wbu-9Q6GNqcGSwIfXU3ioJ9fiH5yQFVI3ZNHANndffWYTCCciluCUIjny-H87wkFnrl6H_bSdmS3QOps-gmjfv4_gUIDRUi&p1=3844240
IP 104.18.42.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=M7gcMXPRDXfgSO__wbu-9Q6GNqcGSwIfXU3ioJ9fiH5yQFVI3ZNHANndffWYTCCciluCUIjny-H87wkFnrl6H_bSdmS3QOps-gmjfv4_gUIDRUi&p1=3844240 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 21:48:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Sep 2022 22:48:08 GMT
Location: https://go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=M7gcMXPRDXfgSO__wbu-9Q6GNqcGSwIfXU3ioJ9fiH5yQFVI3ZNHANndffWYTCCciluCUIjny-H87wkFnrl6H_bSdmS3QOps-gmjfv4_gUIDRUi&p1=3844240
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67b9b4b8eb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.kinogogly.pro/cdf471/4f8a112651cb.js
185.18.187.89200 OK 27 kB URL HTTP/2 www.kinogogly.pro/cdf471/4f8a112651cb.js
IP 185.18.187.89:0
ASN #61107 Toonbox Studio Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Hash 20bea30fa209d7cf04b0da12e49e3a3c
8360406c45ac3d2e3bf10ae514bfef011d7db35e
7a2abb6133558401d46a2338aaa65ba01a6929e68a5f2f55a5dd59cc73898901
GET /cdf471/4f8a112651cb.js HTTP/1.1
Host: www.kinogogly.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Fri, 23 Sep 2022 21:48:08 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315357112, public
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr3uaLidETSLqKazNe79F20GEByJQyhOC8MENovHnWAlKl6rDOZz1zoddCAgTNgNdg=
x-served-from: l1
x-vhostid: 6589, 23890
content-encoding: br
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 663 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (663), with no line terminators
Hash be2224de01c18b59b84edabfc58726d0
6b00801f36933e7c12297a60f91f443aaddf3ebc
8138569a4831009b69a22eb3b8b3ada9433a89c88d0d872365ddf8c49ccc7d4f
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 663
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235425
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1417), with no line terminators
Hash 6ac1f6f7277a4baeec1677dc0a67677d
d78bc5aefeedd0482fe1395d8121ff6a78734932
6933ee7c1cd366eb1a181194f409e0cc385fa26fd9407c3610a57259134e29eb
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1417
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
217.22.19.194200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1421), with no line terminators
Hash 43cf67b72fc5589506625939f67db5c3
617ab429845b9a9c616c4d41c4d597fe46f30459
fd0eb497ff1ebc61be9e346c9fb32c703cfa5cde512d74630f62f66a332e7c5e
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1421
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
biptolyla.com/auW.ZvywPx3-Bz1AcB2Ch_aEbF2G5Hl-SJWKQL9MN_DOEP4QMRj-kT0UNVCW0_0YMZTagby-OdTeQf1gJ_nipjvkblm-VnJoZpDq0_0sMtTugvy-OxTyQz0AL_TCQDxEOFD-IH5INJDKU_?iframeId=egwomy
188.72.219.36200 OK 1.2 kB URL HTTP/2 biptolyla.com/auW.ZvywPx3-Bz1AcB2Ch_aEbF2G5Hl-SJWKQL9MN_DOEP4QMRj-kT0UNVCW0_0YMZTagby-OdTeQf1gJ_nipjvkblm-VnJoZpDq0_0sMtTugvy-OxTyQz0AL_TCQDxEOFD-IH5INJDKU_?iframeId=egwomy
IP 188.72.219.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (713)
Hash 5c3c2233228b8671faccec238cd79bc4
0ee459d6fcab76bc9bc761fc0fa54fedfadd4215
de74cdd9be7d43488b3b74ec46fd96878b5d711fff24b0aad545ce48d580dd7f
GET /auW.ZvywPx3-Bz1AcB2Ch_aEbF2G5Hl-SJWKQL9MN_DOEP4QMRj-kT0UNVCW0_0YMZTagby-OdTeQf1gJ_nipjvkblm-VnJoZpDq0_0sMtTugvy-OxTyQz0AL_TCQDxEOFD-IH5INJDKU_?iframeId=egwomy HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:08 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Fri, 23 Sep 2022 21:48:08 GMT
set-cookie: kadCCap=168401:1:1663017409;210190:1:1662153287;180343:1:1656296307;199455:1:1662011125;211845:1:1661388894;132751:1:1663300715;199507:1:1655888030;194136:1:1663118711;210565:1:1660883596; max-age=1695505688; path=/
kadACap=443007:1:1661388894;383700:1:1662671864;419299:1:1662523186;419303:1:1662804291;419297:1:1662889803;419291:1:1662829503;434524:1:1657107027;434768:1:1656274688;422197:1:1661937740;444360:1:1662446108;407186:1:1660140957;433660:1:1662623802;442673:1:1660504936;419295:1:1661224266;401659:1:1662418246;419293:1:1662883102;446120:1:1663148405;384014:1:1658355870;432805:1:1656295137;438036:1:1657029440;427172:1:1661328422;346327:1:1663881239;426142:1:1655888030;444565:1:1663112893;419321:1:1662477203;432801:1:1656295814;445475:1:1662616891;445933:1:1662662013;442019:1:1663736826;424441:1:1662472246;443580:1:1661935629;419301:1:1663566374;445389:1:1663209970;435966:1:1656602141;320483:1:1661342695;444410:1:1662620118;438050:1:1657036135;272913:1:1661284037;410252:1:1662915839;319611:1:1659066943;419323:1:1661776141;444311:1:1663771206; max-age=1695505688; path=/
kadRPixJ=bnVsbA==; max-age=1695505688; path=/
kadUnP3=CAcQgqCvmQYaDQjGkpUCEAEY7OGzmQYqDAje9CcQARjs4bOZBg==; max-age=1695505688; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
creative.xxxvjmp.com/widgets/v4/Universal?actionButtonPlacement=bottom&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&iterationId=30231&masterSmartpopId=0&memberId=pkBtYJAR1zNvl6Mwy9LXX4VW8j8eAUN7MiN0ke--ls5Ftl4Kv-8LdefqBjLfuV9I_VlLItjp-XH3iDLIGL_B2veSs3VMNMdcBpoG-uU_gUIDRUi&p1=3844273&ruleId=0&showButton=1&showModelName=1&showTitle=&smartpopId=1548&sourceId=226440&thumbSizeKey=big&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=22460
104.18.42.40200 OK 663 B URL HTTP/2 creative.xxxvjmp.com/widgets/v4/Universal?actionButtonPlacement=bottom&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&iterationId=30231&masterSmartpopId=0&memberId=pkBtYJAR1zNvl6Mwy9LXX4VW8j8eAUN7MiN0ke--ls5Ftl4Kv-8LdefqBjLfuV9I_VlLItjp-XH3iDLIGL_B2veSs3VMNMdcBpoG-uU_gUIDRUi&p1=3844273&ruleId=0&showButton=1&showModelName=1&showTitle=&smartpopId=1548&sourceId=226440&thumbSizeKey=big&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=22460
IP 104.18.42.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 74219e48fbf752a0452457629563bc3f
5734f2fb9c84b26011d8220af3d835fb0897cec4
3f0bf7c078ec93e7a5669e5de802fce4e0bd1dc2571cadad71894abe4b998c83
GET /widgets/v4/Universal?actionButtonPlacement=bottom&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&iterationId=30231&masterSmartpopId=0&memberId=pkBtYJAR1zNvl6Mwy9LXX4VW8j8eAUN7MiN0ke--ls5Ftl4Kv-8LdefqBjLfuV9I_VlLItjp-XH3iDLIGL_B2veSs3VMNMdcBpoG-uU_gUIDRUi&p1=3844273&ruleId=0&showButton=1&showModelName=1&showTitle=&smartpopId=1548&sourceId=226440&thumbSizeKey=big&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=22460 HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:08 GMT
content-type: text/html
last-modified: Mon, 19 Sep 2022 11:33:49 GMT
expires: Fri, 23 Sep 2022 21:48:01 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 1
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f67b9acee7fac8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5651564b5d565553525c56524b5d565553525c56523b5454553b5d0754534a0e1403
51.79.221.186200 105 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5651564b5d565553525c56524b5d565553525c56523b5454553b5d0754534a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1024x683, components 3\012- data
Size 105 kB (105217 bytes)
Hash 92410eb5bc3f626941cc18bd67a44512
d141c2c0712d1b57083d85f57dda7990e871a108
347e02f171ad0028e5df60b5dbd327af01b7c29d6b5f57083516d7d863709681
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5651564b5d565553525c56524b5d565553525c56523b5454553b5d0754534a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:30 GMT
Content-Length: 105217
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b0f2f57370311340a09283213052e2f2f090a0a2f22034b5454544b5053544b5551564b555c513b555454544a0e1403
51.79.221.186200 77 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b0f2f57370311340a09283213052e2f2f090a0a2f22034b5454544b5053544b5551564b555c513b555454544a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 605x1000, components 3\012- data
Hash 98ea8065754948f10f5a305e0b4f4950
eae54f629a7683a262abfd936be69312af4622e3
78a5b9b6edb5952de34e7effd19202b887edb5a5a8692447207cf7b217410d5f
GET /viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b0f2f57370311340a09283213052e2f2f090a0a2f22034b5454544b5053544b5551564b555c513b555454544a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:30 GMT
Content-Length: 76671
Connection: keep-alive
Cache-Control: max-age=31418383
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1
217.22.19.196200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1
IP 217.22.19.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-243
Content-Encoding: gzip
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|7017784|no|1|40694670|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1
217.22.19.196200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|7017784|no|1|40694670|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1
IP 217.22.19.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|7017784|no|1|40694670|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:08 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-242
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 4.7 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a54be5669768bed5e8313c458b4e77cc
33eb9bfeceea87739cde2815e5e9f1731e8a3c12
bf89fc3f941b2b62dd9dfd467d69dfa752c168968ec2ac658af572361ed9010e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E74F0E6D6A26D46B92252FDAFA728EDA5B0647844EC7BF215986B7A3E9B1B42E"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5280
Expires: Fri, 23 Sep 2022 23:16:08 GMT
Date: Fri, 23 Sep 2022 21:48:08 GMT
Connection: keep-alive
biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
188.72.219.36200 OK 15 kB URL HTTP/2 biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
IP 188.72.219.36:0
File type ASCII text, with very long lines (2401)
Hash bd656fb8027b4b585207402414b00ed6
822427b8f45894e149681bb04326adedfb40c110
130dfc0e7ffcb7d7a5e9cecd63687657e08bd34dce159f248c20e3d112b15b93
GET /aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:08 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.43.25200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 10a400860e9b65b3
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=lDAz2TCqcToMzn-ME7LMi2gZUHN1qB0hPGSPyW_ZqqIBZ4UqrGGvnzBvpmWRAKPzQTC64C9_DmueRMRJHWeNDnZ1JiFpqWuBFiaQ39o_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707
104.18.42.40301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=lDAz2TCqcToMzn-ME7LMi2gZUHN1qB0hPGSPyW_ZqqIBZ4UqrGGvnzBvpmWRAKPzQTC64C9_DmueRMRJHWeNDnZ1JiFpqWuBFiaQ39o_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707
IP 104.18.42.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=lDAz2TCqcToMzn-ME7LMi2gZUHN1qB0hPGSPyW_ZqqIBZ4UqrGGvnzBvpmWRAKPzQTC64C9_DmueRMRJHWeNDnZ1JiFpqWuBFiaQ39o_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 21:48:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Sep 2022 22:48:09 GMT
Location: https://go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=lDAz2TCqcToMzn-ME7LMi2gZUHN1qB0hPGSPyW_ZqqIBZ4UqrGGvnzBvpmWRAKPzQTC64C9_DmueRMRJHWeNDnZ1JiFpqWuBFiaQ39o_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67b9c4cc4b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.sca1b.amazontrust.com/
108.138.212.162200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 108.138.212.162:0
Hash b912b648b93421767076bd6436ae2a36
0fc695b3079e70d1d7cf4fa415d4bd00e4350f9d
be7e29208c3efbb0f655fcf49ce1c51889aa4d4af8722f96e17abdc88eca9735
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 21:48:08 GMT
Last-Modified: Fri, 23 Sep 2022 20:54:08 GMT
Server: ECS (dcb/7FA8)
X-Cache: Miss from cloudfront
Via: 1.1 208aec8d7d6b69028fbed7a7605feea6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: YqRPLaHV2CTD5bWaewDOpCSeiJpydB0bhU1sT94MxOYrRsTc2oJaEQ==
Age: 3240
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 30881f5684679983c7a45df9a14e30cd
40fbb81f86e5b7ec1ad45c714c968c53672fb8ec
b4b60905cd70b83b1a295352dba588c6259720cbfd4d783e8658ee1e1d8f2d69
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://youvu.pornfollett.gigixo.com
access-control-allow-credentials: true
set-cookie: uid_id2=387798b0-f6e3-44e8-917e-1b5b9b8bb156:3:1; expires=Mon, 20 Sep 2032 21:48:09 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
10945-2.s.cdn15.com/creatives/152327/199277/425836_3c46a.jpg
67.216.91.19200 OK 70 kB URL HTTP/2 10945-2.s.cdn15.com/creatives/152327/199277/425836_3c46a.jpg
IP 67.216.91.19:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash e53bc60f487144e444db992e488835f2
a71e26d160eb3acdc706e664becee83aee2362af
aa337bdbd1e934a163c41407ec2fdd8641a110a10d7885836cda1eb6615ad2f9
GET /creatives/152327/199277/425836_3c46a.jpg HTTP/1.1
Host: 10945-2.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: image/jpeg
content-length: 69717
last-modified: Fri, 01 Apr 2022 16:13:12 GMT
etag: "e53bc60f487144e444db992e488835f2"
x-timestamp: 1648829591.65871
x-trans-id: tx878ef9f2182a4446bd540-00631e762b
x-openstack-request-id: tx878ef9f2182a4446bd540-00631e762b
expires: Wed, 22 Feb 2023 07:43:46 GMT
cache-control: max-age=13082137
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsog41fW3hOd965Uj5PfSqLO3GY8s5N7WkiuyFrNS0bW2JpoQosFRHg7MChOCzn8QdY=
x-served-from: l1
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 119, 20851
accept-ranges: bytes
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=830960
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830960
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (428), with CRLF, LF line terminators
Hash 6d7d12d06ac7af3eac9927e9ccc786a9
de95b0ea785676af101cdb9d73fde6be2ba93e74
01a157c38454ef7d21c8675c200f94a23589952ef320a86896cdc29805c040bf
GET /adshow.php?adzone=830960 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=4e4dec34d8061412c792b856aa5bba3e; expires=Sat, 23-Sep-2023 21:48:08 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps42805=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExODgyNTQ7aToxNjY0MjI4ODg4O30%3D; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
simplewebanalysis.com/stats
52.29.95.124200 OK 78 kB URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
Hash 1b2eef620e150b6ea94716bd771ab77c
0666301de79476a1d9c4acb10cc5f9975ad850cf
0a501b56aa64f09cbe7a49d581c99d0e0c8d052687bed201f383202c88f1feb3
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Cookie: uid_id2=387798b0-f6e3-44e8-917e-1b5b9b8bb156:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://youvu.pornfollett.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/if/203282
88.208.59.102200 OK 364 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364), with no line terminators
Hash c64529578fdecd3831f4afd6a4e4be4e
672ae6efe0d189c4ed3c332dc57f44f569f48455
7abf8e5dd0e1976987a64aa4ae1f517dad66aba028acfe1df4d59b03f024256f
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
youvu.pornfollett.gigixo.com/?iyanna
51.79.221.186200 OK 38 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/?iyanna
IP 51.79.221.186:0
Hash 509df5b0ae31bd7e218fd46aeb183f3a
3dbfde77d6f14d467558f3875683f1ffc0d029a4
b6fdb673e4373acd5476398f217c6723e935c4d2b4fc10db798903e5d4c1cd0e
GET /?iyanna HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36200 OK 7.3 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type ASCII text, with very long lines (2401)
Hash af48ffa98ad5dbe47c6b619cd6d7eb37
59605af60bc3214a8b58242235e14ad0e788a274
d102aab073e4a297889357d0e19f0c7b99f1b364fa80e36f2f06513fed24c404
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:08 GMT
content-type: application/javascript
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Mon, 19 Sep 2022 08:52:46 GMT
If-None-Match: W/"63282dde-b00"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:04:07 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:52:46 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282dde-b00"
Age: 391442
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1
217.22.19.196200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1
IP 217.22.19.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:09 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-240
Content-Encoding: gzip
28980.weednewspro.com/v2/a/na/if/203282
88.208.59.102200 OK 364 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364), with no line terminators
Hash c64529578fdecd3831f4afd6a4e4be4e
672ae6efe0d189c4ed3c332dc57f44f569f48455
7abf8e5dd0e1976987a64aa4ae1f517dad66aba028acfe1df4d59b03f024256f
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/if/203282
88.208.59.102200 OK 364 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364), with no line terminators
Hash c64529578fdecd3831f4afd6a4e4be4e
672ae6efe0d189c4ed3c332dc57f44f569f48455
7abf8e5dd0e1976987a64aa4ae1f517dad66aba028acfe1df4d59b03f024256f
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/if/203282
88.208.59.102200 OK 364 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364), with no line terminators
Hash c64529578fdecd3831f4afd6a4e4be4e
672ae6efe0d189c4ed3c332dc57f44f569f48455
7abf8e5dd0e1976987a64aa4ae1f517dad66aba028acfe1df4d59b03f024256f
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=943747
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=943747
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (425), with CRLF, LF line terminators
Hash e8e4181d3fffa2bc3d58109305720e7a
6deb4295ea97a8459ba7a17788dc4653a6fc0091
341f9e6d9cd29050c0af6b321931f0babcc22c6a690753393912601aa5ae8910
GET /adshow.php?adzone=943747 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=4e4dec34d8061412c792b856aa5bba3e; expires=Sat, 23-Sep-2023 21:48:08 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY5NjY7aToxNjY0MjI4ODg4O30%3D; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235426
video.ktkjmp.com/adsbygoogle.js
172.64.145.216200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 172.64.145.216:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: kyl0IVMMo5KW4pDdzfnQKUa/Cfs4W9YHdQTiL3YWd73Il6pI7lh92KHTCplsaUtVSNRKq3KXr04=
x-amz-request-id: 3YWBDN4EWV9170D8
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xxxvjmp.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 124
expires: Sat, 24 Sep 2022 01:48:09 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f67b9d6e8e0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
10945-2.s.cdn15.com/creatives/247/186312/407101_7e0ee.gif
67.216.91.19200 OK 151 kB URL HTTP/2 10945-2.s.cdn15.com/creatives/247/186312/407101_7e0ee.gif
IP 67.216.91.19:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 151 kB (151349 bytes)
Hash d54dd57938fae321d6aa3c3ec6c5b832
cf3cc70af54f818ee816cfb32d5e85eb4b559130
31f3fbfb56e3520b3ac5d7b8b424ae5a5f02d4aeeb774da7815b163f81e97a77
GET /creatives/247/186312/407101_7e0ee.gif HTTP/1.1
Host: 10945-2.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ucdn/1.22.0
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: image/gif
content-length: 151349
last-modified: Fri, 22 Oct 2021 11:43:47 GMT
etag: "d54dd57938fae321d6aa3c3ec6c5b832"
x-timestamp: 1634903026.50737
x-trans-id: txce78ead0d4b24b5c9b023-0063214aeb
x-openstack-request-id: txce78ead0d4b24b5c9b023-0063214aeb
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsog41fW3hOd965Uj5PfSqLODP99yEHNfh/s/vR6hhueV3G4T22j7gpuyiYxqgRvrx/KlSKPPOMGF3+ZZQmU8yxq
x-served-from: l1
expires: Fri, 24 Feb 2023 11:16:02 GMT
cache-control: max-age=13267673
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 197, 20796
accept-ranges: bytes
X-Firefox-Spdy: h2
a.realsrv.com/ads.js
205.185.216.42200 OK 974 B IP 205.185.216.42:0
File type ASCII text, with very long lines (2475), with no line terminators
Hash f2e9f79e4bd643ca1264fca98531c71e
7acaa14a18676a38bdc3043d0e016e8cfacb275a
db8cf84b422102aa8bc89c36a569921dc69ed556703a96ca44434d2fe98af57b
GET /ads.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:09 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 974
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"f4fddb85b686269b678e3caf766"
X-HW: 1663969689.dop024.sk1.t,1663969689.cds258.sk1.shn,1663969689.dop024.sk1.t,1663969689.cds013.sk1.c
Access-Control-Allow-Origin: *, *
static.eabids.com/data/bannerpools/112022/34024.gif
217.22.19.195200 OK 105 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/34024.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 105 kB (104932 bytes)
Hash 5d740b7d1fa248477f31cf0d242876fa
b05865894319720f21e5e3b7ac66459859648fdb
42376ebf5e9dab5fa7d57a22f9ce19e0cbd7b88846d427ba15578500563a631b
GET /data/bannerpools/112022/34024.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: image/gif
Content-Length: 104932
Last-Modified: Thu, 28 Apr 2022 14:46:16 GMT
Connection: keep-alive
ETag: "626aa8b8-199e4"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b5455574b535d534b5355554b5553575656515457554b4c095901491d0505231505054d4c090c59072e502331055314150a0055170b15034d0b160d030d0a05083b5553575656515457554a0e1403
51.79.221.186200 146 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b5455574b535d534b5355554b5553575656515457554b4c095901491d0505231505054d4c090c59072e502331055314150a0055170b15034d0b160d030d0a05083b5553575656515457554a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 575x861, components 3\012- data
Size 146 kB (146093 bytes)
Hash c7035982f10bd18f2812e7f1eb6339ee
5944d9062c11dfcb871aa0065bb6f35714a81dc0
80bd27602d329e5225e786d70115680fc5ad5cc304ed410c34a6e93dc544d200
GET /viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b5455574b535d534b5355554b5553575656515457554b4c095901491d0505231505054d4c090c59072e502331055314150a0055170b15034d0b160d030d0a05083b5553575656515457554a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:30 GMT
Content-Length: 146093
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.254.252.211200 OK 102 kB URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.254.252.211:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 102 kB (102388 bytes)
Hash b761fe954e9423addda999b0975f1ee1
7baeb7f4b5824624fbe3f2dd6b8e8b291996fd89
824c9ecf5047e7d7f90fbc438be225dbc6c3e2513fca402294432c04667a8509
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Date: Wed, 22 Jun 2022 09:39:46 GMT
Content-Type: image/png
Content-Length: 102388
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62b2dfdb-18fbf"
Age: 8078903
Accept-Ranges: bytes
www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26974), with no line terminators
Hash 6f3b8d865d72fb8c4e02bbc1cdabaabb
9f9416f4b30c468844da60efaa8ae394f8926b19
007e36d5912921a20a68e44348addc50f7de35275e1000df21fdb2f470d2b049
GET /3cb5727a16a2f566d5a822edf1d58427/invoke.js HTTP/1.1
Host: www.effectivedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 16088cc58feaee8645a93d6ff8971fe3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.eabids.com/data/bannerpools/119449/56538.gif
217.22.19.195200 OK 352 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/119449/56538.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 352 kB (351733 bytes)
Hash 7191781e782d49c40fc74c79c73acb6e
c4b793faa16b4bf1ddf1f8f74f326a06316f97e2
b48ddad71c6dfc527c36c00f628deb6b6a9c16a2177e84a0081c4b7f2418a238
GET /data/bannerpools/119449/56538.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: image/gif
Content-Length: 351733
Last-Modified: Thu, 28 Apr 2022 14:30:28 GMT
Connection: keep-alive
ETag: "626aa504-55df5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3DpkBtYJAR1zNvl6Mwy9LXX4VW8j8eAUN7MiN0ke--ls5Ftl4Kv-8LdefqBjLfuV9I_VlLItjp-XH3iDLIGL_B2veSs3VMNMdcBpoG-uU_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
104.18.42.40200 OK 2.1 kB URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3DpkBtYJAR1zNvl6Mwy9LXX4VW8j8eAUN7MiN0ke--ls5Ftl4Kv-8LdefqBjLfuV9I_VlLItjp-XH3iDLIGL_B2veSs3VMNMdcBpoG-uU_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
IP 104.18.42.40:0
File type JSON data\012- , ASCII text
Hash ee20b56e615a9986f250c5dfe65bb0fe
7de4d7a76b2327294b92b5664af7c628f612f3fd
b8df8a972f11172fd41b8cacaa4e116b0baa7068ed3800c5b2dc465b8da57f14
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3DpkBtYJAR1zNvl6Mwy9LXX4VW8j8eAUN7MiN0ke--ls5Ftl4Kv-8LdefqBjLfuV9I_VlLItjp-XH3iDLIGL_B2veSs3VMNMdcBpoG-uU_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460 HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Fri, 23 Sep 2022 21:48:09 GMT
cf-cache-status: MISS
set-cookie: __cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatEsaHx1ux3jFJc; SameSite=None; Secure; path=/; expires=Sat, 24-Sep-22 20:48:09 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f67b9d5841b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/if/203282
88.208.59.102200 OK 364 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364), with no line terminators
Hash c64529578fdecd3831f4afd6a4e4be4e
672ae6efe0d189c4ed3c332dc57f44f569f48455
7abf8e5dd0e1976987a64aa4ae1f517dad66aba028acfe1df4d59b03f024256f
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 1892433
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XIoJHDxpgZYnC0MCOmZAsaZMiIaZFjxowaLcjYEDOmDI0wNDjeCCPiYZg6YzKWmTFUTI4aY1rAyAEDxskbMGa0wCFGZcwZOWKEsQHVRo0ZMHpCJGOHIg6OOB7CqSNmoY0YMW74hAOHIlYaD-fAmahjxlkaMm7MeDimTV0dMmTYyAnDJxkzFB-KceOGog0bMLjiFdHGDUaGMxI3FgGn82evNCqKqBMjIxo6dODM0fHixZk3LvDoTqPGsIsxb9q8mNMmjJzYb-C8iCEDBwwZOW7gsEGyDJmOZsrgcO4SRkkYOIiOqZm6DHMZYsKALxMYLlOqY3JwJGpmho3wOX_UmYMwCZke1tEwVE45yPAcTjeZEQYOMczQEAw75UAGc2HEEJ8NMoQWw3Qw2CSGGePJEEaFYrhU4XbRiYFZGVzU0ZRic7xRhxw1-ddDYovRAEOLL9rQRhltiNHff2OkEUUWVbzBRh1FRBFFE240MUQYZURhxlEyTDFFGjC0QcUVSMARxxhDMFFGHmt80cIRN0yhBRVsGHXHEG88kUcRNcDhhhpyxOEEEk40cYUWUFyhRBxHyBBEHDXIcAQaZlhBRxBvKCGHgHTEIAQcNdgxRhB4HBEFFFrAUcUYX5xRRRJESFFFGjw-ZwMcMfTgV06BzSAWGcFllIeMdtThAhxvyOGGGUqyUQZsLpyRhrN44AZcG2KNEQZfWzjYhWSQ6QCDCzCoJocdh4H1UB11pJFRDWbccIMMDeXQghjQ0XBSRPKmtxNLIc003lA1eCRWGoeJkJULTLkAmAsN0SCWHF8QnNHBCS_csFh18KSDCE28oUcabLARxgs1gAsCCljAtQMITKThRh14gIDHdF8stvK4OnQEbgogHFHGGGu88YKBMTRVdAwgGJGGHGUgi8cLOodFWFAbO_GEWMV-MV5GVovFBtUiFOHErmXY8QXTbFBUg7vh3dfUQ3KcURliNeAglwgHmS2GHAtt91DeX7TxBhkLNffW33K8sdBgIryhEGJqJY5HHgttxnS3A8EGB20v_FpHsMMWe2yyy9LR7LNpRPtbcC-INce4GSVOx7XFtlCHG2nQ0cKGLpAhw65gH_SF72LRQS1Dl2FlQ0d-i2D878jboDzz4QXm2Nll6PXFtZZJ3xH1D5W9vbLHPZ4tDdtCJAZfeDf9ExsTqfX1QqON8RkMfSgQEA%3D%3D&s=0d53e8a8f1fd5a2a8b6bc49e1d6bd7e9a910e17b26969a647e96512fddc390781663969688&w=t&r=1&d=588&priv=false
94.130.141.49200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XIoJHDxpgZYnC0MCOmZAsaZMiIaZFjxowaLcjYEDOmDI0wNDjeCCPiYZg6YzKWmTFUTI4aY1rAyAEDxskbMGa0wCFGZcwZOWKEsQHVRo0ZMHpCJGOHIg6OOB7CqSNmoY0YMW74hAOHIlYaD-fAmahjxlkaMm7MeDimTV0dMmTYyAnDJxkzFB-KceOGog0bMLjiFdHGDUaGMxI3FgGn82evNCqKqBMjIxo6dODM0fHixZk3LvDoTqPGsIsxb9q8mNMmjJzYb-C8iCEDBwwZOW7gsEGyDJmOZsrgcO4SRkkYOIiOqZm6DHMZYsKALxMYLlOqY3JwJGpmho3wOX_UmYMwCZke1tEwVE45yPAcTjeZEQYOMczQEAw75UAGc2HEEJ8NMoQWw3Qw2CSGGePJEEaFYrhU4XbRiYFZGVzU0ZRic7xRhxw1-ddDYovRAEOLL9rQRhltiNHff2OkEUUWVbzBRh1FRBFFE240MUQYZURhxlEyTDFFGjC0QcUVSMARxxhDMFFGHmt80cIRN0yhBRVsGHXHEG88kUcRNcDhhhpyxOEEEk40cYUWUFyhRBxHyBBEHDXIcAQaZlhBRxBvKCGHgHTEIAQcNdgxRhB4HBEFFFrAUcUYX5xRRRJESFFFGjw-ZwMcMfTgV06BzSAWGcFllIeMdtThAhxvyOGGGUqyUQZsLpyRhrN44AZcG2KNEQZfWzjYhWSQ6QCDCzCoJocdh4H1UB11pJFRDWbccIMMDeXQghjQ0XBSRPKmtxNLIc003lA1eCRWGoeJkJULTLkAmAsN0SCWHF8QnNHBCS_csFh18KSDCE28oUcabLARxgs1gAsCCljAtQMITKThRh14gIDHdF8stvK4OnQEbgogHFHGGGu88YKBMTRVdAwgGJGGHGUgi8cLOodFWFAbO_GEWMV-MV5GVovFBtUiFOHErmXY8QXTbFBUg7vh3dfUQ3KcURliNeAglwgHmS2GHAtt91DeX7TxBhkLNffW33K8sdBgIryhEGJqJY5HHgttxnS3A8EGB20v_FpHsMMWe2yyy9LR7LNpRPtbcC-INce4GSVOx7XFtlCHG2nQ0cKGLpAhw65gH_SF72LRQS1Dl2FlQ0d-i2D878jboDzz4QXm2Nll6PXFtZZJ3xH1D5W9vbLHPZ4tDdtCJAZfeDf9ExsTqfX1QqON8RkMfSgQEA%3D%3D&s=0d53e8a8f1fd5a2a8b6bc49e1d6bd7e9a910e17b26969a647e96512fddc390781663969688&w=t&r=1&d=588&priv=false
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XIoJHDxpgZYnC0MCOmZAsaZMiIaZFjxowaLcjYEDOmDI0wNDjeCCPiYZg6YzKWmTFUTI4aY1rAyAEDxskbMGa0wCFGZcwZOWKEsQHVRo0ZMHpCJGOHIg6OOB7CqSNmoY0YMW74hAOHIlYaD-fAmahjxlkaMm7MeDimTV0dMmTYyAnDJxkzFB-KceOGog0bMLjiFdHGDUaGMxI3FgGn82evNCqKqBMjIxo6dODM0fHixZk3LvDoTqPGsIsxb9q8mNMmjJzYb-C8iCEDBwwZOW7gsEGyDJmOZsrgcO4SRkkYOIiOqZm6DHMZYsKALxMYLlOqY3JwJGpmho3wOX_UmYMwCZke1tEwVE45yPAcTjeZEQYOMczQEAw75UAGc2HEEJ8NMoQWw3Qw2CSGGePJEEaFYrhU4XbRiYFZGVzU0ZRic7xRhxw1-ddDYovRAEOLL9rQRhltiNHff2OkEUUWVbzBRh1FRBFFE240MUQYZURhxlEyTDFFGjC0QcUVSMARxxhDMFFGHmt80cIRN0yhBRVsGHXHEG88kUcRNcDhhhpyxOEEEk40cYUWUFyhRBxHyBBEHDXIcAQaZlhBRxBvKCGHgHTEIAQcNdgxRhB4HBEFFFrAUcUYX5xRRRJESFFFGjw-ZwMcMfTgV06BzSAWGcFllIeMdtThAhxvyOGGGUqyUQZsLpyRhrN44AZcG2KNEQZfWzjYhWSQ6QCDCzCoJocdh4H1UB11pJFRDWbccIMMDeXQghjQ0XBSRPKmtxNLIc003lA1eCRWGoeJkJULTLkAmAsN0SCWHF8QnNHBCS_csFh18KSDCE28oUcabLARxgs1gAsCCljAtQMITKThRh14gIDHdF8stvK4OnQEbgogHFHGGGu88YKBMTRVdAwgGJGGHGUgi8cLOodFWFAbO_GEWMV-MV5GVovFBtUiFOHErmXY8QXTbFBUg7vh3dfUQ3KcURliNeAglwgHmS2GHAtt91DeX7TxBhkLNffW33K8sdBgIryhEGJqJY5HHgttxnS3A8EGB20v_FpHsMMWe2yyy9LR7LNpRPtbcC-INce4GSVOx7XFtlCHG2nQ0cKGLpAhw65gH_SF72LRQS1Dl2FlQ0d-i2D878jboDzz4QXm2Nll6PXFtZZJ3xH1D5W9vbLHPZ4tDdtCJAZfeDf9ExsTqfX1QqON8RkMfSgQEA%3D%3D&s=0d53e8a8f1fd5a2a8b6bc49e1d6bd7e9a910e17b26969a647e96512fddc390781663969688&w=t&r=1&d=588&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
94.130.141.49200 OK 354 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash 859dd9607483b28e581f507a75bae6fa
3803cc2a18be5dc13c2a80f1ecc244d1b58bf3b7
a363a5558966f04d0cf06f322a19e69099e97de5e959453cab801f39be28aefa
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
i.jads.co/network/user500/42805-1620419809-0253172001620419809.gif
69.16.175.42200 OK 8.3 kB URL HTTP/1.1 i.jads.co/network/user500/42805-1620419809-0253172001620419809.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 468 x 60\012- data
Hash 46cdb8abb9eabc18f81a7d4ff0d7cdf2
38b34efc70e89c453ecea927587f323c15f6fced
5a372b99bac64f44bf2243ff42635f41dc986cf092c8ae5d9d43528b8d91e05e
GET /network/user500/42805-1620419809-0253172001620419809.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:09 GMT
Connection: Keep-Alive
ETag: "1620419809"
Cache-Control: max-age=19536069
Content-Length: 8325
Content-Type: image/gif
Last-Modified: Fri, 07 May 2021 20:36:49 GMT
Accept-Ranges: bytes
X-HW: 1663969689.dop022.sk1.t,1663969689.cds261.sk1.c
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 30881f5684679983c7a45df9a14e30cd
40fbb81f86e5b7ec1ad45c714c968c53672fb8ec
b4b60905cd70b83b1a295352dba588c6259720cbfd4d783e8658ee1e1d8f2d69
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Cookie: uid_id2=387798b0-f6e3-44e8-917e-1b5b9b8bb156:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://youvu.pornfollett.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
syndication.realsrv.com/ads-iframe-display.php?idzone=4211568&type=300x250&p=http%3A//youvu.pornfollett.gigixo.com/&dt=1663969688355&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.245200 OK 1.4 kB URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=4211568&type=300x250&p=http%3A//youvu.pornfollett.gigixo.com/&dt=1663969688355&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1208)
Hash 048a6aee2f9f3f9f6afa06fa13b527bc
43252e5b8c7df17cdbd08706d73db9381eb65bc2
981e73d8bf7ea3b39e6c337ddd39ea3b71ad03ab318fe684fce29307480a0497
GET /ads-iframe-display.php?idzone=4211568&type=300x250&p=http%3A//youvu.pornfollett.gigixo.com/&dt=1663969688355&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632e29994fe0e5.194138443244006681%22%3B%7D; expires=Sun, 22 Sep 2024 21:48:09 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmroemnxgxaasmmxxmogeicxbmsbocnxgxaaslabrxbgeioslmrxbrnxgxaaslalcmbgeicxbmsbxcnxgxaaslcsrobgeicxbmsbcenxgxaaslaalcrgeislsaroornxgxaasbbrbolgeicxbmsboenxgxaaslalcmbgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaasmxelmageimcclsoeenxgxaasamsoccgeimcclosconxgxaasabxarlgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaasabxarlgeioslmrxlsnxgxaaslaalcrgeicaormbbonxgxaasalbbregeioslmrxlrnxgxaasmebascgeimcclsxscnxgxaasmebascgeimrerbmbbnxgxaasmeceesgeialbsereanxgxaasboxexogeialbserebnxgxaasborcsogeiccmblmmcnxgxaaslsbacbgeimcssmlrensgxaasbbrbolgxcceimxxerrebnxgxaasbbrbolgxcceimrsreamansgxaasbbleccgxcceimrsreabenxgxaasbbleccgxcceimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaaslaalcrgeimrblelmbnxgxaasblsoxxgeimcclossanxgxaasblsoxxgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaasblsoxxgeimrmaoboenogxaasblsmbogxcceimrxccosonxgxaasblmabsgxcceimrxccosbnogxaasblmabsgxcceimrxccosenogxaasblmabsgxcceimememseonxgxaasblmabsgxcceimrsreamonsgxaasbllxsmgxcceimrsreamcnsgxaasbllxsmgxcceimrsreamensgxaaslerraogxcceimrsreabonsgxaaslerraogxcceimcoaxmxcncgxaaslelsomgxcceimcssmlrcnsgxaaslelsomgxcceialaroxrcnxgxaaslelssegxcceimxcbrxsenxgxaaslxeercgxcceiaaxcamlanxgxaaslxeercgxcceimoobcoaonxgxaasloloorgxcceixaoosscrnxgxaasloloorgxcceimrlxebecnxgxaaslsxlmsgxcceimxlbmxlcnsgxaaslsccmbgxcceimxxrecsanxgxaaslsrmocgxcceimxlbmoobnogxaaslsrmocgxcceimsacexoonxgxaaslsrmocgxcceimxlbmoscnogxaaslsbacbgxcceiaaxcabeonxgxaaslsbaclgxcceicloaxxobnxgxaaslsbaclgxcceixaoossalnxgxaaslsbaclgxcceicloaxxxbnxgxaaslsbaclgxcceiaaxcabecnxgxaaslsbaclgxcceimxlbmosenogxaaslsbaclgxcceiaaxcamlcnxgxaaslcxxsegxcceimeembesonxgxaaslcxxsegxcceimrxccoscnxgxaaslcxxsegxcceimeembescnxgxaaslcxxsegxcceimeembecenxgxaaslcxxsegxcceimrbboaxcnxgxaaslcxxsegxcceiceecmorsnxgxaaslcxxsegxcceimccloscenxgxaaslcsrobgeimxlbmxlonagxaaslcsrobgxcceimcclsxacnxgxaaslcsrobgeimrmaobxanxgxaaslcsrolgxcceicmarxbbonsgxaaslcsrolgxcceirreacmsbnxgxaaslcarmcgxcceicloaecoenxgxaaslcarmrgxcceimxlbalscncgxaaslreembgxcceimxlbalsbnogxaaslreembgxcceimxlbmxlenogxaaslreembgxcceimxlbalcenogxaaslreembgxcceimxlbmxbbnsgxaaslreembgxcceialbbebsbnogxaaslreebxgxcceimemlxbocnogxaaslreebogxcceialbbebrenxgxaaslreebogxcceialbbebsanogxaaslreebsgxcceimxcbrxscnogxaaslreebcgxcceimxcbrxobnxgxaaslreebrgxcceimemlxmcbnxgxaaslaosmxgxcceimxlbmoconogxaaslaosmxgxcceimxlbmosanxgxaaslaosmxgxcceimxeoxsacnxgxaaslaaelcgxcceimrmcmmcanxgxaaslaalcrgxcceimcssmlronsgxaaslaalcrgxcceicbbmelocnxgxaaslabrxbgxcceimxeoxsbenxgxaaslalcmbgxcceimxlbmosonxgxaaslalcmbgxcceimememsecnxgxaaslalcmlgxcce; expires=Sat, 24 Sep 2022 21:48:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=961909
185.94.236.246200 OK 1.6 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=961909
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (424), with CRLF, LF line terminators
Hash 9e29cbfa9e4655e013a5ca1cacea229a
680e6a3f76bacf04ff51811dd2e49e27ac4b7cf6
4cfcf5b0214dac94a95b847a8fde776ce35a5cdda90f147db1120504292eb842
GET /adshow.php?adzone=961909 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=4e4dec34d8061412c792b856aa5bba3e; expires=Sat, 23-Sep-2023 21:48:08 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjExOTY3MjI7aToxNjY0MjI4ODg4O2k6NTkyOTgxO2k6MTY2NDIyODg4ODt9; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
28980.weednewspro.com/v2/a/na/if/203282
88.208.59.102200 OK 683 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
Hash 643f073ebc61e260f7f6709fcaedfe28
ebe304e18d884d1dcf6ba37c09e0901639573526
560e1ac8e98482aa30aa7fe0b1c2952bde7f7691d427f92783164079ef776c8b
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
www.kinogogly.pro/cdf471/4f8a112651cb.js
185.18.187.89200 OK 55 kB URL HTTP/2 www.kinogogly.pro/cdf471/4f8a112651cb.js
IP 185.18.187.89:0
ASN #61107 Toonbox Studio Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Hash d29ae5690cee695f78518c95165f4d0d
f916cbd18dcabb9f5812bfdf839142e0c78199c7
0a7ee2fc0cfd0cf251552578ed69a1d424ed6c8204624e55ba2cb4280179a04e
GET /cdf471/4f8a112651cb.js HTTP/1.1
Host: www.kinogogly.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Fri, 23 Sep 2022 21:48:08 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315357112, public
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr3uaLidETSLqKazNe79F20GEByJQyhOC8MENovHnWAlKl6rDOZz1zoddCAgTNgNdg=
x-served-from: l1
x-vhostid: 6589, 24354
content-encoding: br
X-Firefox-Spdy: h2
youvu.pornfollett.gigixo.com/s3/wc_oct20/0041.jpeg
51.79.221.186200 OK 41 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/s3/wc_oct20/0041.jpeg
IP 51.79.221.186:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=14, height=718, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1024], progressive, precision 8, 200x200, components 3\012- data
Hash 3df7730011979593dfcd57d9f1a6f3b5
0b57917c1add193650ab904e27e6db045379fc07
459e2d0709e650eb8bac1a9a571594506e776a734a1b30e8404f1aaddb57041c
GET /s3/wc_oct20/0041.jpeg HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:31 GMT
Content-Type: image/jpeg
Content-Length: 40659
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:50:06 GMT
ETag: "5f80ccfe-9ed3"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YiFA4f08K9Dl7CgvIjEfopQrvJOYz2ZyZzOK%2FLgILhUm4QNMKvJHL4Xr9angh9BFdynU9kfVQlzKoFXom5o9wG%2BJzGfEsD8ZCigspqUZIq8twsB9Dgm6zuTGl2sVlT4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74f5328dfa919f95-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: REVALIDATED
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
i.jads.co/network/user1037/131-1573234880-0093291001573234880.gif
69.16.175.42200 OK 53 kB URL HTTP/1.1 i.jads.co/network/user1037/131-1573234880-0093291001573234880.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 160 x 600\012- data
Hash 834f8fe5b551daa770ceeca60a5c8b7a
688f8a49b74b83ae48d753f1b5ba24ebb00fcd7a
d5adb7faec21791c5946baae199c4bc4a5caeb686c3c03008988282220adc5a1
GET /network/user1037/131-1573234880-0093291001573234880.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:09 GMT
Connection: Keep-Alive
ETag: "1573234880"
Cache-Control: max-age=24795191
Content-Length: 53401
Content-Type: image/gif
Last-Modified: Fri, 08 Nov 2019 17:41:20 GMT
Accept-Ranges: bytes
X-HW: 1663969689.dop022.sk1.t,1663969689.cds235.sk1.c
poweredby.jads.co/adshow.php?adzone=910219
185.94.236.246200 OK 1.9 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=910219
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1604), with CRLF, LF line terminators
Hash a9204f754274d80cfa927bc3f6f4e400
8176cfcfd35c0f3e5c36633e126370bbf0ba78a2
e5b8b055a4512c94cf1c677659834bc1cf44d2e0a47790cd928270612b35ee19
GET /adshow.php?adzone=910219 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=4e4dec34d8061412c792b856aa5bba3e; expires=Sat, 23-Sep-2023 21:48:08 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps31629=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps32597=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjc1MDExNTtpOjE2NjQyMjg4ODg7aToxMjA5MTY0O2k6MTY2NDIyODg4ODt9; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
youvu.pornfollett.gigixo.com/s3/gam_oct20/0106.gif
51.79.221.186200 OK 36 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/s3/gam_oct20/0106.gif
IP 51.79.221.186:0
File type GIF image data, version 89a, 300 x 250\012- data
Hash b3429742ea410154b16dce2db1af300f
30cae41cf1bebf38076b0c0a16d7e191d0914cb7
0652930ac5ab2b84c52002e65c3f367460ce37f8b5b11c0045a01d18c18df9ef
GET /s3/gam_oct20/0106.gif HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:31 GMT
Content-Type: image/gif
Content-Length: 35880
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:20:19 GMT
ETag: "5f80c603-8c28"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BPYZm%2BO9RSPk6tU%2FhJ573Iyv5eQF0FLcRfD2qsrDxpfD3gsDTDmjB3cTQarswDzZld09Q7y5Hqcfq8GRbzZJ3whUZ4s0ORZ6PzRrStXueVNUNvoUUAIwcDMbFjG%2Fzz4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74f624bd3a1ba02f-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26968), with no line terminators
Hash 8c4e321c8efe7fdd7364e0822021bf95
7e975c350e8a89821fb30673dd1b7e9af62c0fb4
75c4fdc5c436d89e0bc2d65f3fbee2ee12cb53f38868bbbe44c1441da069a0ad
GET /3cb5727a16a2f566d5a822edf1d58427/invoke.js HTTP/1.1
Host: www.effectivedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 010639f86fa2f47561d68013240765e3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=youvu.pornfollett.gigixo.com&et=126
94.130.141.49200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=youvu.pornfollett.gigixo.com&et=126
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=youvu.pornfollett.gigixo.com&et=126 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
rtbrennab.com/banner/in/show/?mid=1097544143&pid=0&site=1929&sc=NO&usage_type=DCH&subid=353082707&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-10&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=1929&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D353082707%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D1929%26utm1%3Dtcban_i%26utm2%3D1929%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fyouvu.pornfollett.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D79&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
116.202.60.158302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=1097544143&pid=0&site=1929&sc=NO&usage_type=DCH&subid=353082707&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-10&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=1929&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D353082707%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D1929%26utm1%3Dtcban_i%26utm2%3D1929%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fyouvu.pornfollett.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D79&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=1097544143&pid=0&site=1929&sc=NO&usage_type=DCH&subid=353082707&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-10&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=1929&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D353082707%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D1929%26utm1%3Dtcban_i%26utm2%3D1929%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fyouvu.pornfollett.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D79&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Fri, 23 Sep 2022 21:48:09 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F&katds_labels=&btype=0&score=79
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.29.95.124200 OK 1.7 kB URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
Hash 456a3e7a54423831d805abb6dc4a7c3a
db64be38f6dae4aa5787753a907f039d65056ba8
479a463d269640d6eb0b046bb50344c41b2bba7675d747e3916275e61c9f7c85
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Cookie: uid_id2=387798b0-f6e3-44e8-917e-1b5b9b8bb156:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://youvu.pornfollett.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
plainmarshyaltered.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
173.233.137.60200 OK 29 kB URL HTTP/1.1 plainmarshyaltered.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 1868f24d82372c16dd585e3983d5fe8b
88ff6fa263fb281abe47244c0bf4a53b0a80ba32
7388aa5b1b3e7fb3aa69767ead5eabade6784e1cbda94c6781a4a3729464bc7b
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /01/b6/49/01b64935b8061c1f61d213a27ce2d729.js HTTP/1.1
Host: plainmarshyaltered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3543778f9b0cbe5d78e378d516b5f02
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c54cb9749023a30a2ff01514259986aa
d4493f0e32f93525d86be2472fd7b155e48a4149
07fb0f1ac09b7e952f00909d421e3ea454795e9320009424ded5257479ec3647
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "07FB0F1AC09B7E952F00909D421E3EA454795E9320009424DED5257479EC3647"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10986
Expires: Sat, 24 Sep 2022 00:51:15 GMT
Date: Fri, 23 Sep 2022 21:48:09 GMT
Connection: keep-alive
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMmXGDRgwcZGC0wDGGTI0WNGTQMNMiB44bN1rAkGFmjI0YK2mMgZFDxMMwdcZkNOORxgwxZGi0MCOmJkobZMa0CIMDR4yWYW6QgWqjzI0YZsz4hEjGDkUcNFw-hFNHzMKbMW78hAOHIoyvNh7OgTNRxwy0KWnAeDimTV0dMmTYMJrjJxmxOm4-FOPGDUUbNmDYuDHjYRs3GBnOSDxYBJzPoW3U8PiwToyMaOjQgTNHx4sXZ964wMM7jRrDLsa8afNiTpswcma_gfNio5kwM2jckIEDRo0bOMrkgBEmRxkcYcTEKGODOoydZWbcrKGSTMMYUZuSFyOmhpjpM8yU0S59zHccP9QxB0JJkNFDGUmlR0NaMswUxoJhPGfVDA3d1Z17MoQRwxg5lDfaR5mVQUNTY4yRoYZizDCDhlXlcIMYIXJRBwwz2TDHG3XI4V-BPSS22Aw5yEijYm2U0YYYBBrYBhVDrKEFFV1ZYYYRRdzhRh1L5LBGEnpAAUMQcGARwxFsxCCFEWSI8YQcVUhxBhZRtFAFTUIYIUYdbZqBBRFsRGEEEk40oYYcNaTxhRFSrMFGHUrUYUcdScgBgxE0uKHGF0vQYIQMazSBxBBBIEFFGm4oMcMYYWTRwoZFfHFGFUkQIUUVaQhZIxwx9PDXgirBMBYZw2WUB46PugDHG3K4YcYbbLBRhmwunJGGtHjoJlwbY6Ha1xY3dDEZZDC4AENFIshhx2EzlFZHHWlklFRT5W3WQntkoJShSBGFcVIYYWDWrxg5JEXhWGkcJkIOMbiwnQspudAQDWPJ8UXBGSGscLgNPzxWHWFk1MQbeqTRbBgv1CAuCCiIGcMOIDBBah14gIAHDjZ8sRjL5urQobgpgHBEGWOs8cYLDcZAo9ExgGBEGnKUsSweL-zsK2FC6SCCE0-MhewXJWaE9VhsVC1CEU78WoYdXzTNBkXXYadedaXJcYZliNXw0kMHoS2GHAtVhffZX7TxBhkLUSeZCGTI8cZCnYnwhkKIraU4HnksRMNDTUM2kGxw2PbCsI7WYSyyyjLrLLTSUmvtcC-MdUdGMZg3FhqwzwSxXuZmpDgdYdCBbAt1uJEGHTIlTIYMv4p90BfHj0UHtgxhBqQNHfotwvPIR2_D9NWjVQO5BqVdxl5f9H7Z9h12_xDgYTibHORbROctRGL0hbjTQLEx0VphL1TaGKGBQR8UEBA%3D&s=1f40c07f480c3e93db6e3f9556d26d41f337cc2ded274b80e543ad577e11c5e01663969688&w=t&r=1&d=860&priv=false
94.130.141.49200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMmXGDRgwcZGC0wDGGTI0WNGTQMNMiB44bN1rAkGFmjI0YK2mMgZFDxMMwdcZkNOORxgwxZGi0MCOmJkobZMa0CIMDR4yWYW6QgWqjzI0YZsz4hEjGDkUcNFw-hFNHzMKbMW78hAOHIoyvNh7OgTNRxwy0KWnAeDimTV0dMmTYMJrjJxmxOm4-FOPGDUUbNmDYuDHjYRs3GBnOSDxYBJzPoW3U8PiwToyMaOjQgTNHx4sXZ964wMM7jRrDLsa8afNiTpswcma_gfNio5kwM2jckIEDRo0bOMrkgBEmRxkcYcTEKGODOoydZWbcrKGSTMMYUZuSFyOmhpjpM8yU0S59zHccP9QxB0JJkNFDGUmlR0NaMswUxoJhPGfVDA3d1Z17MoQRwxg5lDfaR5mVQUNTY4yRoYZizDCDhlXlcIMYIXJRBwwz2TDHG3XI4V-BPSS22Aw5yEijYm2U0YYYBBrYBhVDrKEFFV1ZYYYRRdzhRh1L5LBGEnpAAUMQcGARwxFsxCCFEWSI8YQcVUhxBhZRtFAFTUIYIUYdbZqBBRFsRGEEEk40oYYcNaTxhRFSrMFGHUrUYUcdScgBgxE0uKHGF0vQYIQMazSBxBBBIEFFGm4oMcMYYWTRwoZFfHFGFUkQIUUVaQhZIxwx9PDXgirBMBYZw2WUB46PugDHG3K4YcYbbLBRhmwunJGGtHjoJlwbY6Ha1xY3dDEZZDC4AENFIshhx2EzlFZHHWlklFRT5W3WQntkoJShSBGFcVIYYWDWrxg5JEXhWGkcJkIOMbiwnQspudAQDWPJ8UXBGSGscLgNPzxWHWFk1MQbeqTRbBgv1CAuCCiIGcMOIDBBah14gIAHDjZ8sRjL5urQobgpgHBEGWOs8cYLDcZAo9ExgGBEGnKUsSweL-zsK2FC6SCCE0-MhewXJWaE9VhsVC1CEU78WoYdXzTNBkXXYadedaXJcYZliNXw0kMHoS2GHAtVhffZX7TxBhkLUSeZCGTI8cZCnYnwhkKIraU4HnksRMNDTUM2kGxw2PbCsI7WYSyyyjLrLLTSUmvtcC-MdUdGMZg3FhqwzwSxXuZmpDgdYdCBbAt1uJEGHTIlTIYMv4p90BfHj0UHtgxhBqQNHfotwvPIR2_D9NWjVQO5BqVdxl5f9H7Z9h12_xDgYTibHORbROctRGL0hbjTQLEx0VphL1TaGKGBQR8UEBA%3D&s=1f40c07f480c3e93db6e3f9556d26d41f337cc2ded274b80e543ad577e11c5e01663969688&w=t&r=1&d=860&priv=false
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMmXGDRgwcZGC0wDGGTI0WNGTQMNMiB44bN1rAkGFmjI0YK2mMgZFDxMMwdcZkNOORxgwxZGi0MCOmJkobZMa0CIMDR4yWYW6QgWqjzI0YZsz4hEjGDkUcNFw-hFNHzMKbMW78hAOHIoyvNh7OgTNRxwy0KWnAeDimTV0dMmTYMJrjJxmxOm4-FOPGDUUbNmDYuDHjYRs3GBnOSDxYBJzPoW3U8PiwToyMaOjQgTNHx4sXZ964wMM7jRrDLsa8afNiTpswcma_gfNio5kwM2jckIEDRo0bOMrkgBEmRxkcYcTEKGODOoydZWbcrKGSTMMYUZuSFyOmhpjpM8yU0S59zHccP9QxB0JJkNFDGUmlR0NaMswUxoJhPGfVDA3d1Z17MoQRwxg5lDfaR5mVQUNTY4yRoYZizDCDhlXlcIMYIXJRBwwz2TDHG3XI4V-BPSS22Aw5yEijYm2U0YYYBBrYBhVDrKEFFV1ZYYYRRdzhRh1L5LBGEnpAAUMQcGARwxFsxCCFEWSI8YQcVUhxBhZRtFAFTUIYIUYdbZqBBRFsRGEEEk40oYYcNaTxhRFSrMFGHUrUYUcdScgBgxE0uKHGF0vQYIQMazSBxBBBIEFFGm4oMcMYYWTRwoZFfHFGFUkQIUUVaQhZIxwx9PDXgirBMBYZw2WUB46PugDHG3K4YcYbbLBRhmwunJGGtHjoJlwbY6Ha1xY3dDEZZDC4AENFIshhx2EzlFZHHWlklFRT5W3WQntkoJShSBGFcVIYYWDWrxg5JEXhWGkcJkIOMbiwnQspudAQDWPJ8UXBGSGscLgNPzxWHWFk1MQbeqTRbBgv1CAuCCiIGcMOIDBBah14gIAHDjZ8sRjL5urQobgpgHBEGWOs8cYLDcZAo9ExgGBEGnKUsSweL-zsK2FC6SCCE0-MhewXJWaE9VhsVC1CEU78WoYdXzTNBkXXYadedaXJcYZliNXw0kMHoS2GHAtVhffZX7TxBhkLUSeZCGTI8cZCnYnwhkKIraU4HnksRMNDTUM2kGxw2PbCsI7WYSyyyjLrLLTSUmvtcC-MdUdGMZg3FhqwzwSxXuZmpDgdYdCBbAt1uJEGHTIlTIYMv4p90BfHj0UHtgxhBqQNHfotwvPIR2_D9NWjVQO5BqVdxl5f9H7Z9h12_xDgYTibHORbROctRGL0hbjTQLEx0VphL1TaGKGBQR8UEBA%3D&s=1f40c07f480c3e93db6e3f9556d26d41f337cc2ded274b80e543ad577e11c5e01663969688&w=t&r=1&d=860&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
btds.zog.link/in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F&katds_labels=&btype=0&score=79
109.206.176.122302 Found 1.8 kB URL HTTP/2 btds.zog.link/in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F&katds_labels=&btype=0&score=79
IP 109.206.176.122:0
Hash 2f7d68d83e50182a20380eb79511da06
b0995285fcee7d9e902aa0fd63c76673851355d3
b0e15b4b8d5bd89ef5a8b04bda40fd3017bca057d92fa828894c5bd80729d962
GET /in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F&katds_labels=&btype=0&score=79 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Sat, 24 Sep 2022 21:48:09 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
104.21.235.2200 OK 23 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP 104.21.235.2:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 487ad2b48cd98e36abf708a3b60f4a36
ccf7b110523d50bb619becd48c3f013cc5fdce87
768eff747f795e1232d182eb859170e32d4f06ed29da872c09af5363c459668f
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 9713984ab367fb88283b80b312fe8116
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 23 Sep 2022 21:48:09 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATlAMFzCgnh8wqPA9nNgRb6V1NyP2lHtL0pDt1Hlf2uDYkOkkDuSYQrFKb1oaRwpGhY0jVjKSpKbObOsBBUtSPrOD4ikdp5%2F%2BaBBtBw%2FgPQ3oBHYg3%2FHdEw98Ij07KD1jijn6fE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67ba03f497737-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
youvu.pornfollett.gigixo.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b50564b565456555050565d4b5249565c541c5551534a0e1403
51.79.221.186200 167 B URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b50564b565456555050565d4b5249565c541c5551534a0e1403
IP 51.79.221.186:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b50564b565456555050565d4b5249565c541c5551534a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Mon, 19 Sep 2022 08:52:46 GMT
If-None-Match: W/"63282dde-b00"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:04:07 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:52:46 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282dde-b00"
Age: 391442
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 30881f5684679983c7a45df9a14e30cd
40fbb81f86e5b7ec1ad45c714c968c53672fb8ec
b4b60905cd70b83b1a295352dba588c6259720cbfd4d783e8658ee1e1d8f2d69
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Cookie: uid_id2=387798b0-f6e3-44e8-917e-1b5b9b8bb156:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://youvu.pornfollett.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b32012334253e2f2d2128080e33293e0d2e05550106354b5454544b5052564b5650514b5655563b555454544a0e1403
51.79.221.186200 136 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b32012334253e2f2d2128080e33293e0d2e05550106354b5454544b5052564b5650514b5655563b555454544a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x683, components 3\012- data
Size 136 kB (136478 bytes)
Hash 5bc47236af90da720c6458a979beed2f
a4f6d74c303dd94c63c78d7673dacf1f88b02018
fa852c17e34a322782edfeee5c2b7bae2d1de6f4dc0875b33c03378a0bfc48ba
GET /viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b32012334253e2f2d2128080e33293e0d2e05550106354b5454544b5052564b5650514b5655563b555454544a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:31 GMT
Content-Length: 136478
Connection: keep-alive
Cache-Control: max-age=31418383
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMgQHjhhgaZMa0wFFmBowWNGbQuNEiRw4xZlqYgRHGTAwxNcbkuBGGhoiHYeqMyRjmhhkxHc3kaMERBw6UMWDIaBFm51QyNMTMyMFxjJgyNcL8hEjGDkUcNHLgeAinjpiFNmLEuAEUDhyKW2k8nANnoo4ZNtDeuAHj4Zg2d3XIkGEjJV2yZhbKmPFQjBs3FG3YgGHjRkURbdxgZDhjcWERcEKPtlGDxuc6MTKioUMHzhwdL16ceeMCj-80ahC7GPOmzYs5bcLIqf0GzosxM8yEUXlDBg4YNW6Q5Fq1DI4wYmKUsWEdxsaScWvIANkwRkiY48XgFFM9epkyOVaO8Y7jR505CCVBRg9lYFUSDWnJIFVPNNQUBg4xzNBQR1WREYMMYcSgE3mlxYDDZmVkZcYYY2CYoVYzZOjUTmKAyEUdHDE2xxt1yLGfgD0s1tgMN7wYow1tlNHGV3LgeIUcbTihR1FjQGEFDUucQUMTRshRhA1shHHGGTK8occScohBxRhazIEHG3kskQMZZqABAxY1kIGEHE0sccQNOQSRBxtFaGFHGGEI8cUdYrxxBxV1qMFGElc88YYNSMzxRRpKDPFEHFDMwEQWSZjBxBJ5DCFEFksIMcQbWazRhqRnVJEEEVJUkYaPUtkARww9ACYYYbQyJkYdtL3hxqlsvCFHDyVMloNJm9nQK5Zp2FGGEAadUQaxxiI7mRkzEXbDWGQUl1EeNNpRhwtwGOuGGW-wwUYZtLlwRhrz4sEbcW2MNUYYfm1RWEWU6eUQXReyMBcLkyGslwwOmdRFZZHpAIMLMHwmhx2JmfRQHXWkkREMac1Qxn5ltFADDmKQgZIMLlGlnco2jBzzYDTIEEMOMoyVRmIi5BCDC1y5ULMLDfn0kByT8uwz0BMPXfRYdYilgwhNeJmGu2G8UAPFIKCAhVw7gMBEGm7UgQcIeHz4RWNhX6xDDjZQnAIIR4y8xhsvKBhVxRWDYEQacpTBLh4vwE2xvkNN7cQTYxn7BYkZLT4WG4mLUIQT4JZhxxeBs0FRdtrpytHRZ2Cm2MmPHbS5GHIs5NRDqn_RxhtkSPbhZ2TI8cZClInwhkKKsaU7HnkspJcIgUc8EG1w4PYCuXWYi6667LoLLx3y0puGvcMV98JYd2R04XVjoSG-VEaLMMfFGelOB7_GtlCHG2nQwdTPZOQMe-UHfZH_WHTIF0M0sxUbwO11IghgzgZogwIe8EM0WAtZOFcGvnyBX5lpINwe-BDNXfBdywHeFlTyMIiIwS8iOIh06sCGibCFcgs5zRhGA4M-KCAg&s=ca4e42527cc7470543eee65d80f40d34c23387e5874a68d86e3ad09157c415c01663969688&w=t&r=1&d=809&priv=false
94.130.141.49200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMgQHjhhgaZMa0wFFmBowWNGbQuNEiRw4xZlqYgRHGTAwxNcbkuBGGhoiHYeqMyRjmhhkxHc3kaMERBw6UMWDIaBFm51QyNMTMyMFxjJgyNcL8hEjGDkUcNHLgeAinjpiFNmLEuAEUDhyKW2k8nANnoo4ZNtDeuAHj4Zg2d3XIkGEjJV2yZhbKmPFQjBs3FG3YgGHjRkURbdxgZDhjcWERcEKPtlGDxuc6MTKioUMHzhwdL16ceeMCj-80ahC7GPOmzYs5bcLIqf0GzosxM8yEUXlDBg4YNW6Q5Fq1DI4wYmKUsWEdxsaScWvIANkwRkiY48XgFFM9epkyOVaO8Y7jR505CCVBRg9lYFUSDWnJIFVPNNQUBg4xzNBQR1WREYMMYcSgE3mlxYDDZmVkZcYYY2CYoVYzZOjUTmKAyEUdHDE2xxt1yLGfgD0s1tgMN7wYow1tlNHGV3LgeIUcbTihR1FjQGEFDUucQUMTRshRhA1shHHGGTK8occScohBxRhazIEHG3kskQMZZqABAxY1kIGEHE0sccQNOQSRBxtFaGFHGGEI8cUdYrxxBxV1qMFGElc88YYNSMzxRRpKDPFEHFDMwEQWSZjBxBJ5DCFEFksIMcQbWazRhqRnVJEEEVJUkYaPUtkARww9ACYYYbQyJkYdtL3hxqlsvCFHDyVMloNJm9nQK5Zp2FGGEAadUQaxxiI7mRkzEXbDWGQUl1EeNNpRhwtwGOuGGW-wwUYZtLlwRhrz4sEbcW2MNUYYfm1RWEWU6eUQXReyMBcLkyGslwwOmdRFZZHpAIMLMHwmhx2JmfRQHXWkkREMac1Qxn5ltFADDmKQgZIMLlGlnco2jBzzYDTIEEMOMoyVRmIi5BCDC1y5ULMLDfn0kByT8uwz0BMPXfRYdYilgwhNeJmGu2G8UAPFIKCAhVw7gMBEGm7UgQcIeHz4RWNhX6xDDjZQnAIIR4y8xhsvKBhVxRWDYEQacpTBLh4vwE2xvkNN7cQTYxn7BYkZLT4WG4mLUIQT4JZhxxeBs0FRdtrpytHRZ2Cm2MmPHbS5GHIs5NRDqn_RxhtkSPbhZ2TI8cZClInwhkKKsaU7HnkspJcIgUc8EG1w4PYCuXWYi6667LoLLx3y0puGvcMV98JYd2R04XVjoSG-VEaLMMfFGelOB7_GtlCHG2nQwdTPZOQMe-UHfZH_WHTIF0M0sxUbwO11IghgzgZogwIe8EM0WAtZOFcGvnyBX5lpINwe-BDNXfBdywHeFlTyMIiIwS8iOIh06sCGibCFcgs5zRhGA4M-KCAg&s=ca4e42527cc7470543eee65d80f40d34c23387e5874a68d86e3ad09157c415c01663969688&w=t&r=1&d=809&priv=false
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMgQHjhhgaZMa0wFFmBowWNGbQuNEiRw4xZlqYgRHGTAwxNcbkuBGGhoiHYeqMyRjmhhkxHc3kaMERBw6UMWDIaBFm51QyNMTMyMFxjJgyNcL8hEjGDkUcNHLgeAinjpiFNmLEuAEUDhyKW2k8nANnoo4ZNtDeuAHj4Zg2d3XIkGEjJV2yZhbKmPFQjBs3FG3YgGHjRkURbdxgZDhjcWERcEKPtlGDxuc6MTKioUMHzhwdL16ceeMCj-80ahC7GPOmzYs5bcLIqf0GzosxM8yEUXlDBg4YNW6Q5Fq1DI4wYmKUsWEdxsaScWvIANkwRkiY48XgFFM9epkyOVaO8Y7jR505CCVBRg9lYFUSDWnJIFVPNNQUBg4xzNBQR1WREYMMYcSgE3mlxYDDZmVkZcYYY2CYoVYzZOjUTmKAyEUdHDE2xxt1yLGfgD0s1tgMN7wYow1tlNHGV3LgeIUcbTihR1FjQGEFDUucQUMTRshRhA1shHHGGTK8occScohBxRhazIEHG3kskQMZZqABAxY1kIGEHE0sccQNOQSRBxtFaGFHGGEI8cUdYrxxBxV1qMFGElc88YYNSMzxRRpKDPFEHFDMwEQWSZjBxBJ5DCFEFksIMcQbWazRhqRnVJEEEVJUkYaPUtkARww9ACYYYbQyJkYdtL3hxqlsvCFHDyVMloNJm9nQK5Zp2FGGEAadUQaxxiI7mRkzEXbDWGQUl1EeNNpRhwtwGOuGGW-wwUYZtLlwRhrz4sEbcW2MNUYYfm1RWEWU6eUQXReyMBcLkyGslwwOmdRFZZHpAIMLMHwmhx2JmfRQHXWkkREMac1Qxn5ltFADDmKQgZIMLlGlnco2jBzzYDTIEEMOMoyVRmIi5BCDC1y5ULMLDfn0kByT8uwz0BMPXfRYdYilgwhNeJmGu2G8UAPFIKCAhVw7gMBEGm7UgQcIeHz4RWNhX6xDDjZQnAIIR4y8xhsvKBhVxRWDYEQacpTBLh4vwE2xvkNN7cQTYxn7BYkZLT4WG4mLUIQT4JZhxxeBs0FRdtrpytHRZ2Cm2MmPHbS5GHIs5NRDqn_RxhtkSPbhZ2TI8cZClInwhkKKsaU7HnkspJcIgUc8EG1w4PYCuXWYi6667LoLLx3y0puGvcMV98JYd2R04XVjoSG-VEaLMMfFGelOB7_GtlCHG2nQwdTPZOQMe-UHfZH_WHTIF0M0sxUbwO11IghgzgZogwIe8EM0WAtZOFcGvnyBX5lpINwe-BDNXfBdywHeFlTyMIiIwS8iOIh06sCGibCFcgs5zRhGA4M-KCAg&s=ca4e42527cc7470543eee65d80f40d34c23387e5874a68d86e3ad09157c415c01663969688&w=t&r=1&d=809&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=663422ed4341433597d6546506d00321&hn=youvu.pornfollett.gigixo.com&et=109
94.130.141.49200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=663422ed4341433597d6546506d00321&hn=youvu.pornfollett.gigixo.com&et=109
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20250x150&sc=663422ed4341433597d6546506d00321&hn=youvu.pornfollett.gigixo.com&et=109 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 30881f5684679983c7a45df9a14e30cd
40fbb81f86e5b7ec1ad45c714c968c53672fb8ec
b4b60905cd70b83b1a295352dba588c6259720cbfd4d783e8658ee1e1d8f2d69
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Cookie: uid_id2=387798b0-f6e3-44e8-917e-1b5b9b8bb156:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://youvu.pornfollett.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cc6106c29096b26379becd198c12f102
2afdc7b056da1130a2b8ea32ae6e3973380a2123
3ccf721b94f667264af2c1638839fe7e65b6d305ad43293f9bd8a89fe8f8abe3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3CCF721B94F667264AF2C1638839FE7E65B6D305AD43293F9BD8A89FE8F8ABE3"
Last-Modified: Fri, 23 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13641
Expires: Sat, 24 Sep 2022 01:35:30 GMT
Date: Fri, 23 Sep 2022 21:48:09 GMT
Connection: keep-alive
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36200 OK 34 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type ASCII text, with very long lines (2401)
Hash 98a824e37b634f528f59c559b5ee2c5c
a0a924d06523936a69c84a0ac0569c18f258e34e
11a357612768ac73dfef1004f0bcc7caeaa80a99d9b97b60caf590d71abfe93f
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=940998
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=940998
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (426), with CRLF, LF line terminators
Hash 5f2033685023f2ef1d9a773860d2ab3a
f740fd059cd9adb0acd08192554657ebf92c9b5b
f82f68136a586db7749728eaed8cdc49533a2a73ac112c0f5ad0092f774f8b5e
GET /adshow.php?adzone=940998 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=68eadca406dab630222db2d0fe1d0d70; expires=Sat, 23-Sep-2023 21:48:09 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sat, 24-Sep-2022 21:48:09 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY3NTc7aToxNjY0MjI4ODg5O30%3D; expires=Mon, 26-Sep-2022 21:48:09 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:09 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
youvu.pornfollett.gigixo.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b01054b565456545c5251564b5549565c541c5551534a0e1403
51.79.221.186200 167 B URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b01054b565456545c5251564b5549565c541c5551534a0e1403
IP 51.79.221.186:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b01054b565456545c5251564b5549565c541c5551534a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL3lvdXZ1LnBvcm5mb2xsZXR0LmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjI5OTQwYTIxY2E3ZTM1MTZiZWQ5YWYzYmU1NmVkYWMzIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4Nzk2N319
116.202.60.158200 OK 91 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL3lvdXZ1LnBvcm5mb2xsZXR0LmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjI5OTQwYTIxY2E3ZTM1MTZiZWQ5YWYzYmU1NmVkYWMzIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4Nzk2N319
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash b7240014373289a42ee5abcfe162a21a
240bb04a82eb4ae5c625e557ea09727fc0583f8e
c1c8edad4108cf8229769cee2c363eb9623d9f5345258d2e5b2db18fb23e651d
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL3lvdXZ1LnBvcm5mb2xsZXR0LmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjI5OTQwYTIxY2E3ZTM1MTZiZWQ5YWYzYmU1NmVkYWMzIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4Nzk2N319 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
i.jads.co/network/user500/22340-1505050866.jpg
69.16.175.42200 OK 95 kB URL HTTP/1.1 i.jads.co/network/user500/22340-1505050866.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x600, components 3\012- data
Hash 8747f3a714da73b9c7df64d9f3b22811
aa3844b7d6c0d66e4e01b5ea5be883624821caa1
4a0b3b26c25ea6006a00c75ebd284082dc90c0fbb088d530d5dc5818d790a0e9
GET /network/user500/22340-1505050866.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:09 GMT
Connection: Keep-Alive
ETag: "1505050866"
Cache-Control: max-age=16736028
Content-Length: 94590
Content-Type: image/jpeg
Last-Modified: Sun, 10 Sep 2017 13:41:06 GMT
Accept-Ranges: bytes
X-HW: 1663969689.dop213.sk1.t,1663969689.cds251.sk1.c
wadmargincling.com/pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 wadmargincling.com/pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
poweredby.jads.co/adshow.php?adzone=910221
185.94.236.246200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=910221
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1604), with CRLF, LF line terminators
Hash a0b5154f33bd39f309c1c6d8bfb5dff0
b7a373c69c44645aaa1d5138f037f261aa2c650b
56d3e013b459594a43a11375680a0f36bc3ccb8bba51e64d97e4d5874af8fd58
GET /adshow.php?adzone=910221 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=4e4dec34d8061412c792b856aa5bba3e; expires=Sat, 23-Sep-2023 21:48:08 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps131=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjkwMjA2MTtpOjE2NjQyMjg4ODg7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=160058
185.94.236.246200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=160058
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (424), with CRLF, LF line terminators
Hash eb9e9a649851a95021181281787fae2d
3f52f6fb0bed3fe24928f71e691f33d1fe5eeef6
605d3802ecc2ecb182d649d9e7935b88ad9149ed8836e3c6adfe5f661c514172
GET /adshow.php?adzone=160058 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=68eadca406dab630222db2d0fe1d0d70; expires=Sat, 23-Sep-2023 21:48:09 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps131=1; expires=Sat, 24-Sep-2022 21:48:09 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjgwOTQ1MjtpOjE2NjQyMjg4ODk7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:09 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:09 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=youvu.pornfollett.gigixo.com&et=304
94.130.141.49200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=youvu.pornfollett.gigixo.com&et=304
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=youvu.pornfollett.gigixo.com&et=304 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
s3t3d2y8.afcdn.net/library/475567/1a4cdacc035d7940c3405b77a8aa4a08bf6ff2fb.mp4
185.76.9.14206 Partial Content 72 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/1a4cdacc035d7940c3405b77a8aa4a08bf6ff2fb.mp4
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash f9b9f7a17854c52409d44c2dadaf378d
1a4cdacc035d7940c3405b77a8aa4a08bf6ff2fb
0ca6f0f9f6c98b3116c97d377c877173b3dc4fefc0642cd61e7bb57183555b31
GET /library/475567/1a4cdacc035d7940c3405b77a8aa4a08bf6ff2fb.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://syndication.realsrv.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: video/mp4
content-length: 72269
last-modified: Fri, 29 Jan 2021 09:40:16 GMT
etag: "6013d800-11a4d"
expires: Fri, 30 Jun 2023 15:16:38 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195255
server: CDN77-Turbo
x-77-nzt: AblMCQ1jm17/Y4xvAA
x-77-nzt-ray: 6j21+9SzILI
x-cache: HIT
x-age: 7310435
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-72268/72269
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=941000
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=941000
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (426), with CRLF, LF line terminators
Hash 5357418c0e093eeb999a47690070c4cd
05c558bbf529cfe646cb261769c8c57f0bbc6a76
7888fc33f2d596b8418bbadfd10b1ba30ab0d7db716f75eaae950d46f75fc09d
GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=68eadca406dab630222db2d0fe1d0d70; expires=Sat, 23-Sep-2023 21:48:09 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sat, 24-Sep-2022 21:48:09 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY3NTg7aToxNjY0MjI4ODg5O30%3D; expires=Mon, 26-Sep-2022 21:48:09 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:09 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Wed, 22 Jun 2022 09:24:43 GMT
If-None-Match: W/"62b2dfdb-18fbf"
HTTP/1.1 304 Not Modified
Date: Wed, 22 Jun 2022 09:39:46 GMT
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62b2dfdb-18fbf"
Age: 8078904
youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b252c1e5d0f1c1605001236335d3352092a32561325254b5454544b5052544b5152514b525c563b555454544a0e1403
51.79.221.186200 72 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b252c1e5d0f1c1605001236335d3352092a32561325254b5454544b5052544b5152514b525c563b555454544a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 750x1000, components 3\012- data
Hash dfb911b2f503e298044ef493aff4dded
137e3a53abaf6e50723b1f12ff557e3b6a76c505
3debcc62ad85a88ad096a48165989c4c23beb631b386e37d0c4e15204b04c359
GET /viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b252c1e5d0f1c1605001236335d3352092a32561325254b5454544b5052544b5152514b525c563b555454544a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:31 GMT
Content-Length: 72391
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
i.jads.co/network/user500/32597-1626977804-0378224001626977804.gif
69.16.175.42200 OK 70 kB URL HTTP/1.1 i.jads.co/network/user500/32597-1626977804-0378224001626977804.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 160 x 600\012- data
Hash 00c5c96270f955636ac83b4f6fb29aea
9e72f95366dffc0b69c1dca676fc2a0d064bb542
e8b06b4f1dfd00c56c62cbb832f0fca535386a1a046802fd01fde5a708a925e9
GET /network/user500/32597-1626977804-0378224001626977804.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1626977804"
Cache-Control: max-age=26101325
Content-Length: 70255
Content-Type: image/gif
Last-Modified: Thu, 22 Jul 2021 18:16:44 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop022.sk1.t,1663969690.cds232.sk1.c
i.jads.co/1x1.gif
69.16.175.42200 OK 43 B IP 69.16.175.42:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1457030838"
Cache-Control: max-age=23255576
Content-Length: 43
Content-Type: image/gif
Last-Modified: Thu, 03 Mar 2016 18:47:18 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop065.sk1.t,1663969690.cds217.sk1.c
28980.weednewspro.com/v2/a/na/js/203282?container=c
88.208.59.102200 OK 96 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/js/203282?container=c
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
Hash fbd0d65ed6307d94abf210fac6a5d81b
bf6c1b4c6175ecf7d7ef6d827f213e5d259b890f
b6d56d135201c8859b3263f1587f6d743b38fbb0c0506c893c42b07f5ebb21f5
GET /v2/a/na/js/203282?container=c HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
i.jads.co/network/user22416/31627-1553293848-0993153001553293848.gif
69.16.175.42200 OK 407 kB URL HTTP/1.1 i.jads.co/network/user22416/31627-1553293848-0993153001553293848.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 407 kB (407017 bytes)
Hash f27b33052fcee42206dfac4b4cb66732
66f8abcb68379cda62195e0de71535641d9e6ce7
f48d6d2f59381092deb2abc5b05d235ee128359e06b4f3edad451470977e0eb2
GET /network/user22416/31627-1553293848-0993153001553293848.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1553293849"
Cache-Control: max-age=24787486
Content-Length: 407017
Content-Type: image/gif
Last-Modified: Fri, 22 Mar 2019 22:30:49 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop213.sk1.t,1663969690.cds020.sk1.c
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 30881f5684679983c7a45df9a14e30cd
40fbb81f86e5b7ec1ad45c714c968c53672fb8ec
b4b60905cd70b83b1a295352dba588c6259720cbfd4d783e8658ee1e1d8f2d69
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Cookie: uid_id2=387798b0-f6e3-44e8-917e-1b5b9b8bb156:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://youvu.pornfollett.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
kazanwhoeveryowl.com/pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136
173.233.137.36200 OK 0 B URL HTTP/1.1 kazanwhoeveryowl.com/pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: kazanwhoeveryowl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A08%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
88.208.59.102200 OK 13 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A08%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
Hash a13421b9d6a6b40bdde0932aeb16422d
a16be25f564ceb7521eb1445dc072969e251213f
5e2d96d8883caaf1e0e5656c8e65652d27bd6d449ae8d5dc2c35bbc2267de451
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A08%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 23 Sep 2022 21:48:10 UTC
expires: Fri, 23 Sep 2022 21:48:10 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
precedentadministrator.com/pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 precedentadministrator.com/pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: precedentadministrator.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5553574b5d5c535c5351505d4b5d5c535c5351505d3b5454553b055d545d4a0e1403
51.79.221.186200 331 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5553574b5d5c535c5351505d4b5d5c535c5351505d3b5454553b055d545d4a0e1403
IP 51.79.221.186:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, xresolution=50, yresolution=58, resolutionunit=2], baseline, precision 8, 800x1200, components 3\012- data
Size 331 kB (330673 bytes)
Hash 990f2f7ba00adca62337811c6fc7c384
0348f123ac0152b97f9dc89d0745d841560900fd
77aa26c5d00819a582775f20ededb9331eb4f861fd36a79002626dbe8073c42c
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5553574b5d5c535c5351505d4b5d5c535c5351505d3b5454553b055d545d4a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:31 GMT
Content-Length: 330673
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
youvu.pornfollett.gigixo.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b52524b56545550535d515d4b5d49565c541c5551534a0e1403
51.79.221.186200 9.5 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b52524b56545550535d515d4b5d49565c541c5551534a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 280x157, components 3\012- data
Hash 3d9169038fe2692e03c548d9d4c4882b
9b98a0e2fad043bac1b063d7ab08d4762a7f7dbc
760c6cb96443677d31c5f90ef8c8814565a007253a11529ada3e27828ba29ae6
GET /viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b52524b56545550535d515d4b5d49565c541c5551534a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:32 GMT
Content-Length: 9467
Connection: keep-alive
Cache-Control: max-age=31418383
i.jads.co/network/user1037/131-1584677623-0093913001584677623.jpg
69.16.175.42200 OK 86 kB URL HTTP/1.1 i.jads.co/network/user1037/131-1584677623-0093913001584677623.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x250, components 3\012- data
Hash d0ff2ddc1c789783194568f4501e7542
92fbdd1b3b42e6d4d9564f4616725f68c654e2e5
9c26067833385fdf131ef704ecb5261c41690ff474571aff57f1caeea78bb202
GET /network/user1037/131-1584677623-0093913001584677623.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1584677623"
Cache-Control: max-age=20453400
Content-Length: 85743
Content-Type: image/jpeg
Last-Modified: Fri, 20 Mar 2020 04:13:43 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop213.sk1.t,1663969690.cds220.sk1.c
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=youvu.pornfollett.gigixo.com&et=126
94.130.141.49200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=youvu.pornfollett.gigixo.com&et=126
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=youvu.pornfollett.gigixo.com&et=126 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
i.jads.co/network/user1037/131-1584677622-0552777001584677622.jpg
69.16.175.42200 OK 73 kB URL HTTP/1.1 i.jads.co/network/user1037/131-1584677622-0552777001584677622.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x250, components 3\012- data
Hash 19b8bb99764354aac93a3e1ff855bd28
bd8ffa0064491be8bd24a171ec1136814f5907fe
97bbd9a2a1ecd069a628c91a89b057843f9728144ea58dff95af14b9010e5329
GET /network/user1037/131-1584677622-0552777001584677622.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1584677622"
Cache-Control: max-age=8361800
Content-Length: 72900
Content-Type: image/jpeg
Last-Modified: Fri, 20 Mar 2020 04:13:42 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop213.sk1.t,1663969690.cds239.sk1.c
i.jads.co/network/user1037/131-1584677621-0447542001584677621.jpg
69.16.175.42200 OK 107 kB URL HTTP/1.1 i.jads.co/network/user1037/131-1584677621-0447542001584677621.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x600, components 3\012- data
Size 107 kB (106980 bytes)
Hash 61d40587eae8b518ace0ac83a6b37ad6
a87b0c1d600d833bd7a9cf92a10a9b02b4bdc000
fa5b9db2dc61c7f4e231272a05e9d54a933dc56ed4695b3af70a106ae87f3dd7
GET /network/user1037/131-1584677621-0447542001584677621.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1584677621"
Cache-Control: max-age=27892262
Content-Length: 106980
Content-Type: image/jpeg
Last-Modified: Fri, 20 Mar 2020 04:13:41 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop022.sk1.t,1663969690.cds242.sk1.c
i.jads.co/network/user1037/131-1573234879-0672616001573234879.gif
69.16.175.42200 OK 55 kB URL HTTP/1.1 i.jads.co/network/user1037/131-1573234879-0672616001573234879.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 160 x 600\012- data
Hash 91ebc432ed4947d05bd7ca13cea1ef9e
a954283710f7ee1c374574164b5f52cd84ba1c76
06b58fb6d42894e3953f5f85fc9aa296e5dc774a1e272481f54a210d0118e1bb
GET /network/user1037/131-1573234879-0672616001573234879.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1573234879"
Cache-Control: max-age=23256782
Content-Length: 54567
Content-Type: image/gif
Last-Modified: Fri, 08 Nov 2019 17:41:19 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop065.sk1.t,1663969690.cds023.sk1.c
youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b084920532c2b5525121c1c3d5c2c311c3e550a070a134b5454544b565d574b565d574b5654533b555454544a0e1403
51.79.221.186200 53 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b084920532c2b5525121c1c3d5c2c311c3e550a070a134b5454544b565d574b565d574b5654533b555454544a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x563, components 3\012- data
Hash e6fd98a946b6f77360f042bcff0bc502
59e0ec0396168bfc6e12b0f6fc7fa98cb6c6c07a
888cfc6ea3dad2992919edc17767c2e5013a60ba23ede7d329674363b9c8e7ed
GET /viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b084920532c2b5525121c1c3d5c2c311c3e550a070a134b5454544b565d574b565d574b5654533b555454544a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:32 GMT
Content-Length: 52645
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
ads.realsrv.com/ads.js
205.185.216.42200 OK 974 B IP 205.185.216.42:0
File type ASCII text, with very long lines (2475), with no line terminators
Hash f2e9f79e4bd643ca1264fca98531c71e
7acaa14a18676a38bdc3043d0e016e8cfacb275a
db8cf84b422102aa8bc89c36a569921dc69ed556703a96ca44434d2fe98af57b
GET /ads.js HTTP/1.1
Host: ads.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632e29994fe0e5.194138443244006681%22%3B%7D; impressions=oslmroemnxgxaasmmxxmogeicxbmsbocnxgxaaslabrxbgeioslmrxbrnxgxaaslalcmbgeicxbmsbxcnxgxaaslcsrobgeicxbmsbcenxgxaaslaalcrgeislsaroornxgxaasbbrbolgeicxbmsboenxgxaaslalcmbgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaasmxelmageimcclsoeenxgxaasamsoccgeimcclosconxgxaasabxarlgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaasabxarlgeioslmrxlsnxgxaaslaalcrgeicaormbbonxgxaasalbbregeioslmrxlrnxgxaasmebascgeimcclsxscnxgxaasmebascgeimrerbmbbnxgxaasmeceesgeialbsereanxgxaasboxexogeialbserebnxgxaasborcsogeiccmblmmcnxgxaaslsbacbgeimcssmlrensgxaasbbrbolgxcceimxxerrebnxgxaasbbrbolgxcceimrsreamansgxaasbbleccgxcceimrsreabenxgxaasbbleccgxcceimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaaslaalcrgeimrblelmbnxgxaasblsoxxgeimcclossanxgxaasblsoxxgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaasblsoxxgeimrmaoboenogxaasblsmbogxcceimrxccosonxgxaasblmabsgxcceimrxccosbnogxaasblmabsgxcceimrxccosenogxaasblmabsgxcceimememseonxgxaasblmabsgxcceimrsreamonsgxaasbllxsmgxcceimrsreamcnsgxaasbllxsmgxcceimrsreamensgxaaslerraogxcceimrsreabonsgxaaslerraogxcceimcoaxmxcncgxaaslelsomgxcceimcssmlrcnsgxaaslelsomgxcceialaroxrcnxgxaaslelssegxcceimxcbrxsenxgxaaslxeercgxcceiaaxcamlanxgxaaslxeercgxcceimoobcoaonxgxaasloloorgxcceixaoosscrnxgxaasloloorgxcceimrlxebecnxgxaaslsxlmsgxcceimxlbmxlcnsgxaaslsccmbgxcceimxxrecsanxgxaaslsrmocgxcceimxlbmoobnogxaaslsrmocgxcceimsacexoonxgxaaslsrmocgxcceimxlbmoscnogxaaslsbacbgxcceiaaxcabeonxgxaaslsbaclgxcceicloaxxobnxgxaaslsbaclgxcceixaoossalnxgxaaslsbaclgxcceicloaxxxbnxgxaaslsbaclgxcceiaaxcabecnxgxaaslsbaclgxcceimxlbmosenogxaaslsbaclgxcceiaaxcamlcnxgxaaslcxxsegxcceimeembesonxgxaaslcxxsegxcceimrxccoscnxgxaaslcxxsegxcceimeembescnxgxaaslcxxsegxcceimeembecenxgxaaslcxxsegxcceimrbboaxcnxgxaaslcxxsegxcceiceecmorsnxgxaaslcxxsegxcceimccloscenxgxaaslcsrobgeimxlbmxlonagxaaslcsrobgxcceimcclsxacnxgxaaslcsrobgeimrmaobxanxgxaaslcsrolgxcceicmarxbbonsgxaaslcsrolgxcceirreacmsbnxgxaaslcarmcgxcceicloaecoenxgxaaslcarmrgxcceimxlbalscncgxaaslreembgxcceimxlbalsbnogxaaslreembgxcceimxlbmxlenogxaaslreembgxcceimxlbalcenogxaaslreembgxcceimxlbmxbbnsgxaaslreembgxcceialbbebsbnogxaaslreebxgxcceimemlxbocnogxaaslreebogxcceialbbebrenxgxaaslreebogxcceialbbebsanogxaaslreebsgxcceimxcbrxscnogxaaslreebcgxcceimxcbrxobnxgxaaslreebrgxcceimemlxmcbnxgxaaslaosmxgxcceimxlbmoconogxaaslaosmxgxcceimxlbmosanxgxaaslaosmxgxcceimxeoxsacnxgxaaslaaelcgxcceimrmcmmcanxgxaaslaalcrgxcceimcssmlronsgxaaslaalcrgxcceicbbmelocnxgxaaslabrxbgxcceimxeoxsbenxgxaaslalcmbgxcceimxlbmosonxgxaaslalcmbgxcceimememsecnxgxaaslalcmlgxcce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 974
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"f4fddb85b686269b678e3caf766"
X-HW: 1663969690.dop009.sk1.t,1663969690.cds209.sk1.shn,1663969690.cds209.sk1.c
Access-Control-Allow-Origin: *, *
28980.weednewspro.com/v2/a/na/js/203282?container=c
88.208.59.102200 OK 61 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/js/203282?container=c
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash e0e64f3c90c6ea813485a12782775c4a
ff27b0d82854e312d5a18f4e1c475d9a04d1c92c
f1373ac1b57444ddf00f0676e13bb0e78e6373a755cb800fa95be8eaca3a8726
GET /v2/a/na/js/203282?container=c HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1663969689497&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.245200 OK 52 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1663969689497&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with no line terminators
Hash c3743cf5e9e53705dc66056f1a34f6ec
740253d7fe753ab9b7d71e1832fd1af41c0677c1
c184a4ce5928e23f286176d3c76a8d5c12c67a8957554c92fb144b1cdd2fb17c
GET /ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1663969689497&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632e29994fe0e5.194138443244006681%22%3B%7D; impressions=oslmroemnxgxaasmmxxmogeicxbmsbocnxgxaaslabrxbgeioslmrxbrnxgxaaslalcmbgeicxbmsbxcnxgxaaslcsrobgeicxbmsbcenxgxaaslaalcrgeislsaroornxgxaasbbrbolgeicxbmsboenxgxaaslalcmbgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaasmxelmageimcclsoeenxgxaasamsoccgeimcclosconxgxaasabxarlgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaasabxarlgeioslmrxlsnxgxaaslaalcrgeicaormbbonxgxaasalbbregeioslmrxlrnxgxaasmebascgeimcclsxscnxgxaasmebascgeimrerbmbbnxgxaasmeceesgeialbsereanxgxaasboxexogeialbserebnxgxaasborcsogeiccmblmmcnxgxaaslsbacbgeimcssmlrensgxaasbbrbolgxcceimxxerrebnxgxaasbbrbolgxcceimrsreamansgxaasbbleccgxcceimrsreabenxgxaasbbleccgxcceimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaaslaalcrgeimrblelmbnxgxaasblsoxxgeimcclossanxgxaasblsoxxgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaasblsoxxgeimrmaoboenogxaasblsmbogxcceimrxccosonxgxaasblmabsgxcceimrxccosbnogxaasblmabsgxcceimrxccosenogxaasblmabsgxcceimememseonxgxaasblmabsgxcceimrsreamonsgxaasbllxsmgxcceimrsreamcnsgxaasbllxsmgxcceimrsreamensgxaaslerraogxcceimrsreabonsgxaaslerraogxcceimcoaxmxcncgxaaslelsomgxcceimcssmlrcnsgxaaslelsomgxcceialaroxrcnxgxaaslelssegxcceimxcbrxsenxgxaaslxeercgxcceiaaxcamlanxgxaaslxeercgxcceimoobcoaonxgxaasloloorgxcceixaoosscrnxgxaasloloorgxcceimrlxebecnxgxaaslsxlmsgxcceimxlbmxlcnsgxaaslsccmbgxcceimxxrecsanxgxaaslsrmocgxcceimxlbmoobnogxaaslsrmocgxcceimsacexoonxgxaaslsrmocgxcceimxlbmoscnogxaaslsbacbgxcceiaaxcabeonxgxaaslsbaclgxcceicloaxxobnxgxaaslsbaclgxcceixaoossalnxgxaaslsbaclgxcceicloaxxxbnxgxaaslsbaclgxcceiaaxcabecnxgxaaslsbaclgxcceimxlbmosenogxaaslsbaclgxcceiaaxcamlcnxgxaaslcxxsegxcceimeembesonxgxaaslcxxsegxcceimrxccoscnxgxaaslcxxsegxcceimeembescnxgxaaslcxxsegxcceimeembecenxgxaaslcxxsegxcceimrbboaxcnxgxaaslcxxsegxcceiceecmorsnxgxaaslcxxsegxcceimccloscenxgxaaslcsrobgeimxlbmxlonagxaaslcsrobgxcceimcclsxacnxgxaaslcsrobgeimrmaobxanxgxaaslcsrolgxcceicmarxbbonsgxaaslcsrolgxcceirreacmsbnxgxaaslcarmcgxcceicloaecoenxgxaaslcarmrgxcceimxlbalscncgxaaslreembgxcceimxlbalsbnogxaaslreembgxcceimxlbmxlenogxaaslreembgxcceimxlbalcenogxaaslreembgxcceimxlbmxbbnsgxaaslreembgxcceialbbebsbnogxaaslreebxgxcceimemlxbocnogxaaslreebogxcceialbbebrenxgxaaslreebogxcceialbbebsanogxaaslreebsgxcceimxcbrxscnogxaaslreebcgxcceimxcbrxobnxgxaaslreebrgxcceimemlxmcbnxgxaaslaosmxgxcceimxlbmoconogxaaslaosmxgxcceimxlbmosanxgxaaslaosmxgxcceimxeoxsacnxgxaaslaaelcgxcceimrmcmmcanxgxaaslaalcrgxcceimcssmlronsgxaaslaalcrgxcceicbbmelocnxgxaaslabrxbgxcceimxeoxsbenxgxaaslalcmbgxcceimxlbmosonxgxaaslalcmbgxcceimememsecnxgxaaslalcmlgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632e29994fe0e5.194138443244006681%22%3B%7D; expires=Sun, 22 Sep 2024 21:48:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
28980.weednewspro.com/v2/a/na/js/203282?container=c
88.208.59.102200 OK 34 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/js/203282?container=c
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 3059c0c66969ebf2d348a5f840411b0a
e79cda4898c6c578f357b06a973e92b8e26c0e32
ed5a554c39c87efdc61fb4551822d8b5fab1db7d50e31d81c6909e8a284b2cbc
GET /v2/a/na/js/203282?container=c HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=961901
185.94.236.246200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=961901
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1307), with CRLF, LF line terminators
Hash a770375bf6df1e5a59a862ffed955de6
11e1f405e997941e480e54149994ed8e0e0fa7f1
db8816a6fdac567e2d223ec12b67dabf837f5b1a8e0d41fdfdd314bff29c7c06
GET /adshow.php?adzone=961901 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=68eadca406dab630222db2d0fe1d0d70; expires=Sat, 23-Sep-2023 21:48:09 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps131=1; expires=Sat, 24-Sep-2022 21:48:09 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22821=1; expires=Sat, 24-Sep-2022 21:48:09 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjkwMjA2MjtpOjE2NjQyMjg4ODk7aTo1ODk0Nzk7aToxNjY0MjI4ODg5O30%3D; expires=Mon, 26-Sep-2022 21:48:09 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:09 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 30881f5684679983c7a45df9a14e30cd
40fbb81f86e5b7ec1ad45c714c968c53672fb8ec
b4b60905cd70b83b1a295352dba588c6259720cbfd4d783e8658ee1e1d8f2d69
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Cookie: uid_id2=387798b0-f6e3-44e8-917e-1b5b9b8bb156:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://youvu.pornfollett.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=940998
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=940998
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (426), with CRLF, LF line terminators
Hash e71e3d39d13d0851426059fc11f12307
7fd92901242015b62869b964687d8e5fb33826aa
5576b0eec7eb4e45d3ef3fe64589c4b0537c04d3952f21eb5ffdddb2ac0814fe
GET /adshow.php?adzone=940998 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=b7aa9e7f4303d6310f25b0ea3ed24499; expires=Sat, 23-Sep-2023 21:48:10 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sat, 24-Sep-2022 21:48:10 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY3NTc7aToxNjY0MjI4ODkwO30%3D; expires=Mon, 26-Sep-2022 21:48:10 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:10 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
i.jads.co/network/user1037/131-1584677622-0046968001584677622.jpg
69.16.175.42200 OK 101 kB URL HTTP/1.1 i.jads.co/network/user1037/131-1584677622-0046968001584677622.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x600, components 3\012- data
Size 101 kB (100897 bytes)
Hash be0394d7bdfeba71b52d8b05c10b68d2
4c6a3001eeb51a67f8f44dc033be9938a3612690
36f3ec80bcdf6de409045ca51420a3202ec6829420b6d65812b3e23ff9edb82d
GET /network/user1037/131-1584677622-0046968001584677622.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1584677622"
Cache-Control: max-age=21613958
Content-Length: 100897
Content-Type: image/jpeg
Last-Modified: Fri, 20 Mar 2020 04:13:42 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop213.sk1.t,1663969690.cds210.sk1.c
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A09%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
88.208.59.102200 OK 132 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A09%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
Size 132 kB (131948 bytes)
Hash a41fbc6074403a8e5ef166b911ca8297
81af43449799e0254725756a51decebf803a527f
7074d596963dd45612cda091ac8b2d92eefe6da7b78a2f38c96bd837e1a85925
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A09%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 23 Sep 2022 21:48:10 UTC
expires: Fri, 23 Sep 2022 21:48:10 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=409784161&pid=0&site=71&sc=NO&usage_type=DCH&subid=479024099&sid=0&cid=13202&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=71&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3DbdYlo08LB-BYST20mTJwIKNRsM4S67P4E_i0Jfue_qmV6ocRnKp9HE4ZG_bWK1vpno9079oqFiC7dHEvdtZeEc4LgiR5d8DWOuYXOmy-r_DMsbwWKgqS1mHXGEXneHUMos0ALtvpzB-ZeSCdyh6_Cci-v120nhpOIxmRZgWDxo1z3IqTYEW2eXLeFBNRa_mBfFH2ZJ0eFQp29ZolhV4dHlRz4heG8KfRzMX-O8-82RmpcNS-RqmFlnetxCy7NAaGxNbiubMUhHMpm8hcT30Kt1HAgHkDbYaNRYNdXwIXt1hLCCgyAlqNiZnxJYUKFkhi8I6M9t_fN6-2Imd6ZRqOhBerUOklaj9fjayqKeWo_zlfqlAbDup6pS_yA1E1g4F18hD3LoMEUTRasXgbDjTw1LSjlDcbWtgdia9smi-ynNgdf7kl_mH-HQ7ft0yF8ea9j9YWam_KpqUgNBIb6Slw-1_0Sgm4zT0aXJkoTo-Rtx-GSyPxj1IGWj8oIgGx10mMchNbTt5HpzdW34ngnytPT3uMXVcllVyg92pgFYJdXWeqqrwcciTnm4kaSuoZNnIZZTW06KIe4nckFEL_2hxEx2h4V36cIw9mG66emFyXA_JTpP0sI2xuXP8IwOj9iyHyAb-0FPeQJclodZE4a-GR8FMStsoLy2lJMGd-WQExx87BQMSray7lsjA9mN3CF1E-GjCuhCp72jTC0U5AVQCT_ggCfj_UQtt2tFCS8pkDwkGbgGyi93fnnaGTbu6dwgvovrSRZRZBau2eA1sN5y5dvVBCc3UhWcNBVbwBNhA-gA-Q37TMn2xtXJBU4KRzCZq0zhAKh-tcLTbheBRxRyEb-L3xteGe0TUktd8eK4IlTTajBRRoJWhS_CukVeO5qO3tzdq_GuJxQLlow3IrHWPJpoqG0JCB3PYTBiINN5HySKWJEYU5KA7eNpJ6vybHlKN09UitifGHEMd2-Fzr5Qem12q0tUrl28eb3yP5zTPA3QxGFDSt4ATICRYQyNyXFMAlNdfIjQuwmZhDt4Fxy7vb-8srjGvY0Ua-NF3qHJ4vGzK5E55JS3AS4E4HpJdINWcpVqLaRLDuHeIQP0RX7WfcVbQFg5CFnh_ChsWB67E5bBeYsANp92VRS-kU1NpXjtvixaEMfLJGDp8bKaUfKzSXSlft6gVHNWXjZIgoDz2RJdwgm6ePsg1YOE6NO3-HeKpT_j0_9NoEWsSu47NCpmvrKaZxvGD1TZrvF-jNAKnjNA06XrWdfuGRdNZLX42a7hinViVoEjKacZ4qXAswz5HS3DbSgwJnXoz_o665feS8vdACRpJ_3OWiRMW6tzlrEmNauwOa7Mz1ce9XX5h5t0_Bpl3QAc-jv-tsV_Y6Svrx5nw8VdCcTQqAsZ1jup-t93EQRBL69pz9Se-VpEz95GX-iYcEB6AZxQkqw_T8ncRdAIoJ0oDnKkZK2hTGN1vBYP5pIecia-WOdm8-nOBiOvXXuhghvS6WoiIht3G88cpnHZ63pEGaOjHZci1rZYJwoXogiG3w04bW5HX6hLuMOG7TspWVtGd3bdyqjceZ7NdTKCOnSeFC8XcHcXNDj6e8Jm4l3vxADZudQGdgjTx3Wdb_YCwZPHqIrvGBGx5RqZlffDpzlpqmtXyzFk6Y48fwUGouLChkoHySsLIblMAogCqXdyPAjHu8JE_N_rpKdAdwuVW_GoeWt3LTxWfsdKTFfUgO4V_GNZapsdx-EkcGDB0dl-sRetBksLXA0q7q_lbkBr12e44e5WhUcU7DRTEsYO661_iMS51Yu4B_DZn7_8F_Rul1d83pDBL0O7SROuFiIatZ6SmCB4mOJKu9lR0meC93diY9P6frdPUqm4JNpzYUPFXOu968Mf2JATrTM19TyYRBCDNwkFh-D741Xmt3poli8qZb_DKCpy6DjjZ0DKguIHpaD-pqMWnKwK-0188jsvT3cVvWqOKPy-8o9jnUk_-GqywyFl8pXzsxJTRciyYXDxQY9xA-MqcjOWYNzl8cMceqJf7cCdHsHxmzXFuc1yWE3M4YugFFMZXFzmbYUQUutwJv2V_zxqYHBBDryJ4YoDWeQm5itLUstso%26sp%3D%24%7BSECOND_PRICE%7D&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
116.202.60.158302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=409784161&pid=0&site=71&sc=NO&usage_type=DCH&subid=479024099&sid=0&cid=13202&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=71&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3DbdYlo08LB-BYST20mTJwIKNRsM4S67P4E_i0Jfue_qmV6ocRnKp9HE4ZG_bWK1vpno9079oqFiC7dHEvdtZeEc4LgiR5d8DWOuYXOmy-r_DMsbwWKgqS1mHXGEXneHUMos0ALtvpzB-ZeSCdyh6_Cci-v120nhpOIxmRZgWDxo1z3IqTYEW2eXLeFBNRa_mBfFH2ZJ0eFQp29ZolhV4dHlRz4heG8KfRzMX-O8-82RmpcNS-RqmFlnetxCy7NAaGxNbiubMUhHMpm8hcT30Kt1HAgHkDbYaNRYNdXwIXt1hLCCgyAlqNiZnxJYUKFkhi8I6M9t_fN6-2Imd6ZRqOhBerUOklaj9fjayqKeWo_zlfqlAbDup6pS_yA1E1g4F18hD3LoMEUTRasXgbDjTw1LSjlDcbWtgdia9smi-ynNgdf7kl_mH-HQ7ft0yF8ea9j9YWam_KpqUgNBIb6Slw-1_0Sgm4zT0aXJkoTo-Rtx-GSyPxj1IGWj8oIgGx10mMchNbTt5HpzdW34ngnytPT3uMXVcllVyg92pgFYJdXWeqqrwcciTnm4kaSuoZNnIZZTW06KIe4nckFEL_2hxEx2h4V36cIw9mG66emFyXA_JTpP0sI2xuXP8IwOj9iyHyAb-0FPeQJclodZE4a-GR8FMStsoLy2lJMGd-WQExx87BQMSray7lsjA9mN3CF1E-GjCuhCp72jTC0U5AVQCT_ggCfj_UQtt2tFCS8pkDwkGbgGyi93fnnaGTbu6dwgvovrSRZRZBau2eA1sN5y5dvVBCc3UhWcNBVbwBNhA-gA-Q37TMn2xtXJBU4KRzCZq0zhAKh-tcLTbheBRxRyEb-L3xteGe0TUktd8eK4IlTTajBRRoJWhS_CukVeO5qO3tzdq_GuJxQLlow3IrHWPJpoqG0JCB3PYTBiINN5HySKWJEYU5KA7eNpJ6vybHlKN09UitifGHEMd2-Fzr5Qem12q0tUrl28eb3yP5zTPA3QxGFDSt4ATICRYQyNyXFMAlNdfIjQuwmZhDt4Fxy7vb-8srjGvY0Ua-NF3qHJ4vGzK5E55JS3AS4E4HpJdINWcpVqLaRLDuHeIQP0RX7WfcVbQFg5CFnh_ChsWB67E5bBeYsANp92VRS-kU1NpXjtvixaEMfLJGDp8bKaUfKzSXSlft6gVHNWXjZIgoDz2RJdwgm6ePsg1YOE6NO3-HeKpT_j0_9NoEWsSu47NCpmvrKaZxvGD1TZrvF-jNAKnjNA06XrWdfuGRdNZLX42a7hinViVoEjKacZ4qXAswz5HS3DbSgwJnXoz_o665feS8vdACRpJ_3OWiRMW6tzlrEmNauwOa7Mz1ce9XX5h5t0_Bpl3QAc-jv-tsV_Y6Svrx5nw8VdCcTQqAsZ1jup-t93EQRBL69pz9Se-VpEz95GX-iYcEB6AZxQkqw_T8ncRdAIoJ0oDnKkZK2hTGN1vBYP5pIecia-WOdm8-nOBiOvXXuhghvS6WoiIht3G88cpnHZ63pEGaOjHZci1rZYJwoXogiG3w04bW5HX6hLuMOG7TspWVtGd3bdyqjceZ7NdTKCOnSeFC8XcHcXNDj6e8Jm4l3vxADZudQGdgjTx3Wdb_YCwZPHqIrvGBGx5RqZlffDpzlpqmtXyzFk6Y48fwUGouLChkoHySsLIblMAogCqXdyPAjHu8JE_N_rpKdAdwuVW_GoeWt3LTxWfsdKTFfUgO4V_GNZapsdx-EkcGDB0dl-sRetBksLXA0q7q_lbkBr12e44e5WhUcU7DRTEsYO661_iMS51Yu4B_DZn7_8F_Rul1d83pDBL0O7SROuFiIatZ6SmCB4mOJKu9lR0meC93diY9P6frdPUqm4JNpzYUPFXOu968Mf2JATrTM19TyYRBCDNwkFh-D741Xmt3poli8qZb_DKCpy6DjjZ0DKguIHpaD-pqMWnKwK-0188jsvT3cVvWqOKPy-8o9jnUk_-GqywyFl8pXzsxJTRciyYXDxQY9xA-MqcjOWYNzl8cMceqJf7cCdHsHxmzXFuc1yWE3M4YugFFMZXFzmbYUQUutwJv2V_zxqYHBBDryJ4YoDWeQm5itLUstso%26sp%3D%24%7BSECOND_PRICE%7D&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=409784161&pid=0&site=71&sc=NO&usage_type=DCH&subid=479024099&sid=0&cid=13202&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=71&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3DbdYlo08LB-BYST20mTJwIKNRsM4S67P4E_i0Jfue_qmV6ocRnKp9HE4ZG_bWK1vpno9079oqFiC7dHEvdtZeEc4LgiR5d8DWOuYXOmy-r_DMsbwWKgqS1mHXGEXneHUMos0ALtvpzB-ZeSCdyh6_Cci-v120nhpOIxmRZgWDxo1z3IqTYEW2eXLeFBNRa_mBfFH2ZJ0eFQp29ZolhV4dHlRz4heG8KfRzMX-O8-82RmpcNS-RqmFlnetxCy7NAaGxNbiubMUhHMpm8hcT30Kt1HAgHkDbYaNRYNdXwIXt1hLCCgyAlqNiZnxJYUKFkhi8I6M9t_fN6-2Imd6ZRqOhBerUOklaj9fjayqKeWo_zlfqlAbDup6pS_yA1E1g4F18hD3LoMEUTRasXgbDjTw1LSjlDcbWtgdia9smi-ynNgdf7kl_mH-HQ7ft0yF8ea9j9YWam_KpqUgNBIb6Slw-1_0Sgm4zT0aXJkoTo-Rtx-GSyPxj1IGWj8oIgGx10mMchNbTt5HpzdW34ngnytPT3uMXVcllVyg92pgFYJdXWeqqrwcciTnm4kaSuoZNnIZZTW06KIe4nckFEL_2hxEx2h4V36cIw9mG66emFyXA_JTpP0sI2xuXP8IwOj9iyHyAb-0FPeQJclodZE4a-GR8FMStsoLy2lJMGd-WQExx87BQMSray7lsjA9mN3CF1E-GjCuhCp72jTC0U5AVQCT_ggCfj_UQtt2tFCS8pkDwkGbgGyi93fnnaGTbu6dwgvovrSRZRZBau2eA1sN5y5dvVBCc3UhWcNBVbwBNhA-gA-Q37TMn2xtXJBU4KRzCZq0zhAKh-tcLTbheBRxRyEb-L3xteGe0TUktd8eK4IlTTajBRRoJWhS_CukVeO5qO3tzdq_GuJxQLlow3IrHWPJpoqG0JCB3PYTBiINN5HySKWJEYU5KA7eNpJ6vybHlKN09UitifGHEMd2-Fzr5Qem12q0tUrl28eb3yP5zTPA3QxGFDSt4ATICRYQyNyXFMAlNdfIjQuwmZhDt4Fxy7vb-8srjGvY0Ua-NF3qHJ4vGzK5E55JS3AS4E4HpJdINWcpVqLaRLDuHeIQP0RX7WfcVbQFg5CFnh_ChsWB67E5bBeYsANp92VRS-kU1NpXjtvixaEMfLJGDp8bKaUfKzSXSlft6gVHNWXjZIgoDz2RJdwgm6ePsg1YOE6NO3-HeKpT_j0_9NoEWsSu47NCpmvrKaZxvGD1TZrvF-jNAKnjNA06XrWdfuGRdNZLX42a7hinViVoEjKacZ4qXAswz5HS3DbSgwJnXoz_o665feS8vdACRpJ_3OWiRMW6tzlrEmNauwOa7Mz1ce9XX5h5t0_Bpl3QAc-jv-tsV_Y6Svrx5nw8VdCcTQqAsZ1jup-t93EQRBL69pz9Se-VpEz95GX-iYcEB6AZxQkqw_T8ncRdAIoJ0oDnKkZK2hTGN1vBYP5pIecia-WOdm8-nOBiOvXXuhghvS6WoiIht3G88cpnHZ63pEGaOjHZci1rZYJwoXogiG3w04bW5HX6hLuMOG7TspWVtGd3bdyqjceZ7NdTKCOnSeFC8XcHcXNDj6e8Jm4l3vxADZudQGdgjTx3Wdb_YCwZPHqIrvGBGx5RqZlffDpzlpqmtXyzFk6Y48fwUGouLChkoHySsLIblMAogCqXdyPAjHu8JE_N_rpKdAdwuVW_GoeWt3LTxWfsdKTFfUgO4V_GNZapsdx-EkcGDB0dl-sRetBksLXA0q7q_lbkBr12e44e5WhUcU7DRTEsYO661_iMS51Yu4B_DZn7_8F_Rul1d83pDBL0O7SROuFiIatZ6SmCB4mOJKu9lR0meC93diY9P6frdPUqm4JNpzYUPFXOu968Mf2JATrTM19TyYRBCDNwkFh-D741Xmt3poli8qZb_DKCpy6DjjZ0DKguIHpaD-pqMWnKwK-0188jsvT3cVvWqOKPy-8o9jnUk_-GqywyFl8pXzsxJTRciyYXDxQY9xA-MqcjOWYNzl8cMceqJf7cCdHsHxmzXFuc1yWE3M4YugFFMZXFzmbYUQUutwJv2V_zxqYHBBDryJ4YoDWeQm5itLUstso%26sp%3D%24%7BSECOND_PRICE%7D&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Fri, 23 Sep 2022 21:48:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: //in16.zog.link/in/tishow/?katds_ep=bdYlo08LB-BYST20mTJwIKNRsM4S67P4E_i0Jfue_qmV6ocRnKp9HE4ZG_bWK1vpno9079oqFiC7dHEvdtZeEc4LgiR5d8DWOuYXOmy-r_DMsbwWKgqS1mHXGEXneHUMos0ALtvpzB-ZeSCdyh6_Cci-v120nhpOIxmRZgWDxo1z3IqTYEW2eXLeFBNRa_mBfFH2ZJ0eFQp29ZolhV4dHlRz4heG8KfRzMX-O8-82RmpcNS-RqmFlnetxCy7NAaGxNbiubMUhHMpm8hcT30Kt1HAgHkDbYaNRYNdXwIXt1hLCCgyAlqNiZnxJYUKFkhi8I6M9t_fN6-2Imd6ZRqOhBerUOklaj9fjayqKeWo_zlfqlAbDup6pS_yA1E1g4F18hD3LoMEUTRasXgbDjTw1LSjlDcbWtgdia9smi-ynNgdf7kl_mH-HQ7ft0yF8ea9j9YWam_KpqUgNBIb6Slw-1_0Sgm4zT0aXJkoTo-Rtx-GSyPxj1IGWj8oIgGx10mMchNbTt5HpzdW34ngnytPT3uMXVcllVyg92pgFYJdXWeqqrwcciTnm4kaSuoZNnIZZTW06KIe4nckFEL_2hxEx2h4V36cIw9mG66emFyXA_JTpP0sI2xuXP8IwOj9iyHyAb-0FPeQJclodZE4a-GR8FMStsoLy2lJMGd-WQExx87BQMSray7lsjA9mN3CF1E-GjCuhCp72jTC0U5AVQCT_ggCfj_UQtt2tFCS8pkDwkGbgGyi93fnnaGTbu6dwgvovrSRZRZBau2eA1sN5y5dvVBCc3UhWcNBVbwBNhA-gA-Q37TMn2xtXJBU4KRzCZq0zhAKh-tcLTbheBRxRyEb-L3xteGe0TUktd8eK4IlTTajBRRoJWhS_CukVeO5qO3tzdq_GuJxQLlow3IrHWPJpoqG0JCB3PYTBiINN5HySKWJEYU5KA7eNpJ6vybHlKN09UitifGHEMd2-Fzr5Qem12q0tUrl28eb3yP5zTPA3QxGFDSt4ATICRYQyNyXFMAlNdfIjQuwmZhDt4Fxy7vb-8srjGvY0Ua-NF3qHJ4vGzK5E55JS3AS4E4HpJdINWcpVqLaRLDuHeIQP0RX7WfcVbQFg5CFnh_ChsWB67E5bBeYsANp92VRS-kU1NpXjtvixaEMfLJGDp8bKaUfKzSXSlft6gVHNWXjZIgoDz2RJdwgm6ePsg1YOE6NO3-HeKpT_j0_9NoEWsSu47NCpmvrKaZxvGD1TZrvF-jNAKnjNA06XrWdfuGRdNZLX42a7hinViVoEjKacZ4qXAswz5HS3DbSgwJnXoz_o665feS8vdACRpJ_3OWiRMW6tzlrEmNauwOa7Mz1ce9XX5h5t0_Bpl3QAc-jv-tsV_Y6Svrx5nw8VdCcTQqAsZ1jup-t93EQRBL69pz9Se-VpEz95GX-iYcEB6AZxQkqw_T8ncRdAIoJ0oDnKkZK2hTGN1vBYP5pIecia-WOdm8-nOBiOvXXuhghvS6WoiIht3G88cpnHZ63pEGaOjHZci1rZYJwoXogiG3w04bW5HX6hLuMOG7TspWVtGd3bdyqjceZ7NdTKCOnSeFC8XcHcXNDj6e8Jm4l3vxADZudQGdgjTx3Wdb_YCwZPHqIrvGBGx5RqZlffDpzlpqmtXyzFk6Y48fwUGouLChkoHySsLIblMAogCqXdyPAjHu8JE_N_rpKdAdwuVW_GoeWt3LTxWfsdKTFfUgO4V_GNZapsdx-EkcGDB0dl-sRetBksLXA0q7q_lbkBr12e44e5WhUcU7DRTEsYO661_iMS51Yu4B_DZn7_8F_Rul1d83pDBL0O7SROuFiIatZ6SmCB4mOJKu9lR0meC93diY9P6frdPUqm4JNpzYUPFXOu968Mf2JATrTM19TyYRBCDNwkFh-D741Xmt3poli8qZb_DKCpy6DjjZ0DKguIHpaD-pqMWnKwK-0188jsvT3cVvWqOKPy-8o9jnUk_-GqywyFl8pXzsxJTRciyYXDxQY9xA-MqcjOWYNzl8cMceqJf7cCdHsHxmzXFuc1yWE3M4YugFFMZXFzmbYUQUutwJv2V_zxqYHBBDryJ4YoDWeQm5itLUstso&sp=${SECOND_PRICE}
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A09%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
88.208.59.102200 OK 2.1 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A09%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (3860), with no line terminators
Hash 53223ca94c56abedde042619270153ab
bd00bc30248603ff5e137ad40997897898255af9
05ab0ce67263a34f5a8f5b292549776225733d72f2c2bd5372f41c7631b94d10
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A09%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 23 Sep 2022 21:48:10 UTC
expires: Fri, 23 Sep 2022 21:48:10 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=0&source=479024099&idzone=3830819&w=300&h=250&mo=&ve=&site_id=71&utm1=tcban_s&utm2=71&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&katds_labels=&btype=0&score=79
109.206.176.122302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=479024099&idzone=3830819&w=300&h=250&mo=&ve=&site_id=71&utm1=tcban_s&utm2=71&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&katds_labels=&btype=0&score=79
IP 109.206.176.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=479024099&idzone=3830819&w=300&h=250&mo=&ve=&site_id=71&utm1=tcban_s&utm2=71&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&katds_labels=&btype=0&score=79 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Cookie: 912.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=479024099&categories={{ad_tags}}
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Sat, 24 Sep 2022 21:48:09 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=910224
185.94.236.246200 OK 2.0 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=910224
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1604), with CRLF, LF line terminators
Hash 9a27734994209d7f6a7b62d980af7f09
73d143968c854b0da4b66704810db97d98c2b51b
900c56e097d358aa363d2fd52e98fd076da6494bb53081fde16c1684d5e96008
GET /adshow.php?adzone=910224 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=4e4dec34d8061412c792b856aa5bba3e; expires=Sat, 23-Sep-2023 21:48:08 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sat, 24-Sep-2022 21:48:08 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTo1OntpOjU5Mjk4MTtpOjE2NjQyMjg4ODg7aTo1NjQ2Mjg7aToxNjY0MjI4ODg4O2k6NTY0NjMwO2k6MTY2NDIyODg4ODtpOjU2NDYyOTtpOjE2NjQyMjg4ODg7aTo1OTI5ODI7aToxNjY0MjI4ODg4O30%3D; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:08 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 883a250a9f8366d93703a9d21356b431
6dfae27ace8d091279e2754045a29d882e1753b1
0b96790767b25748a7a4f4333c10bf45e1b3435b3182eab6ad3480b82c29231e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B96790767B25748A7A4F4333C10BF45E1B3435B3182EAB6AD3480B82C29231E"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16544
Expires: Sat, 24 Sep 2022 02:23:54 GMT
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: keep-alive
youvu.pornfollett.gigixo.com/s3/ad_vc_gam2/banner-00288.gif
51.79.221.186200 OK 710 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/s3/ad_vc_gam2/banner-00288.gif
IP 51.79.221.186:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 710 kB (709946 bytes)
Hash 53b3ca3c969f8eec81d35427e5a7d7c8
ab47bee88ffc0f971fb725f042501baae397b392
3d6423ab45565d43c5e9cbaaa28ebe54d652135c04b4b472195a3e6bfffb62e4
GET /s3/ad_vc_gam2/banner-00288.gif HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:32 GMT
Content-Type: image/gif
Content-Length: 709946
Connection: keep-alive
Last-Modified: Mon, 03 May 2021 19:55:20 GMT
ETag: "60905528-ad53a"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i5y0qnmm61WmiS0AONYQILnn%2FxM5iUbw682PQ4EsOv0r2HpFQHQSamUsAzRQOn%2BsUX3FH1owaOFC0Jd0HMW0XIIziMITwOJ%2BIAijQ1aCwrHZ8denuklhFXGieguqMls%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74f63c0bff3487b4-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b54545c4b5153524b555c554b5556515150525c52554b4c095901491d0505231505054d4c090c593315533c1d1726102e3c30112d090d344d0b160d030d0a05083b5556515150525c52554a0e1403
51.79.221.186200 80 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b54545c4b5153524b555c554b5556515150525c52554b4c095901491d0505231505054d4c090c593315533c1d1726102e3c30112d090d344d0b160d030d0a05083b5556515150525c52554a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 575x1022, components 3\012- data
Hash cd4e4c68f29f2c8050b8cbe8d00e9847
ec2668dd7a7588104e588a2601599baef80f78de
3e1374cbe8f6b59d87bdde8f4cbe5abf3b20d608c925bbc64090a0484d288c6f
GET /viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b54545c4b5153524b555c554b5556515150525c52554b4c095901491d0505231505054d4c090c593315533c1d1726102e3c30112d090d344d0b160d030d0a05083b5556515150525c52554a0e1403 HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200
Server: nginx
Date: Fri, 23 Sep 2022 21:42:32 GMT
Content-Length: 80333
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
i.jads.co/network/user500/16321-1456773456.gif
69.16.175.42200 OK 160 kB URL HTTP/1.1 i.jads.co/network/user500/16321-1456773456.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 160 kB (159963 bytes)
Hash 7ac0d7682e2a5b0fd95c4d549322268b
383de13eb415d95282f577ed439929b309c29f44
fe6fd88fe1e9747efc40e941057baf8d161b1adaae8a96073ad83b87a955825c
GET /network/user500/16321-1456773456.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1456773457"
Cache-Control: max-age=16743401
Content-Length: 159963
Content-Type: image/gif
Last-Modified: Mon, 29 Feb 2016 19:17:37 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop022.sk1.t,1663969690.cds263.sk1.c
rtbrennab.com/banner/in/show/?mid=162577780&pid=0&site=71&sc=NO&usage_type=DCH&subid=479024099&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=71&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D479024099%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D71%26utm1%3Dtcban_s%26utm2%3D71%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fyouvu.pornfollett.gigixo.com%252F%253Fiyanna%26katds_labels%3D%26btype%3D0%26score%3D79&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
116.202.60.158302 Found 1.2 kB URL HTTP/2 rtbrennab.com/banner/in/show/?mid=162577780&pid=0&site=71&sc=NO&usage_type=DCH&subid=479024099&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=71&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D479024099%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D71%26utm1%3Dtcban_s%26utm2%3D71%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fyouvu.pornfollett.gigixo.com%252F%253Fiyanna%26katds_labels%3D%26btype%3D0%26score%3D79&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash 060b0817b18370e2b6877600da339305
d409b507ea6d60004223d28a4335401be304a9c7
a223cf1904ab40522648565640dba87526bcb3afa6ed209f69edd6377ad84a8c
GET /banner/in/show/?mid=162577780&pid=0&site=71&sc=NO&usage_type=DCH&subid=479024099&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=71&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D479024099%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D71%26utm1%3Dtcban_s%26utm2%3D71%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fyouvu.pornfollett.gigixo.com%252F%253Fiyanna%26katds_labels%3D%26btype%3D0%26score%3D79&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Fri, 23 Sep 2022 21:48:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=479024099&idzone=3830819&w=300&h=250&mo=&ve=&site_id=71&utm1=tcban_s&utm2=71&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&katds_labels=&btype=0&score=79
X-Firefox-Spdy: h2
i.jads.co/network/user500/16321-1456773440.gif
69.16.175.42200 OK 330 kB URL HTTP/1.1 i.jads.co/network/user500/16321-1456773440.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 330 kB (330256 bytes)
Hash 25376a9c17bb22b519a0f92b051e8b18
4cbf66f1a605ec0474c729ba353d7b3ed4df096a
54748b22d7a86b17e37ea68452b9db9fe0ea4c3b68ab16c2b0b3c72147e58ed3
GET /network/user500/16321-1456773440.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1456773441"
Cache-Control: max-age=20729669
Content-Length: 330256
Content-Type: image/gif
Last-Modified: Mon, 29 Feb 2016 19:17:21 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop065.sk1.t,1663969690.cds260.sk1.c
in16.zog.link/in/tishow/?katds_ep=bdYlo08LB-BYST20mTJwIKNRsM4S67P4E_i0Jfue_qmV6ocRnKp9HE4ZG_bWK1vpno9079oqFiC7dHEvdtZeEc4LgiR5d8DWOuYXOmy-r_DMsbwWKgqS1mHXGEXneHUMos0ALtvpzB-ZeSCdyh6_Cci-v120nhpOIxmRZgWDxo1z3IqTYEW2eXLeFBNRa_mBfFH2ZJ0eFQp29ZolhV4dHlRz4heG8KfRzMX-O8-82RmpcNS-RqmFlnetxCy7NAaGxNbiubMUhHMpm8hcT30Kt1HAgHkDbYaNRYNdXwIXt1hLCCgyAlqNiZnxJYUKFkhi8I6M9t_fN6-2Imd6ZRqOhBerUOklaj9fjayqKeWo_zlfqlAbDup6pS_yA1E1g4F18hD3LoMEUTRasXgbDjTw1LSjlDcbWtgdia9smi-ynNgdf7kl_mH-HQ7ft0yF8ea9j9YWam_KpqUgNBIb6Slw-1_0Sgm4zT0aXJkoTo-Rtx-GSyPxj1IGWj8oIgGx10mMchNbTt5HpzdW34ngnytPT3uMXVcllVyg92pgFYJdXWeqqrwcciTnm4kaSuoZNnIZZTW06KIe4nckFEL_2hxEx2h4V36cIw9mG66emFyXA_JTpP0sI2xuXP8IwOj9iyHyAb-0FPeQJclodZE4a-GR8FMStsoLy2lJMGd-WQExx87BQMSray7lsjA9mN3CF1E-GjCuhCp72jTC0U5AVQCT_ggCfj_UQtt2tFCS8pkDwkGbgGyi93fnnaGTbu6dwgvovrSRZRZBau2eA1sN5y5dvVBCc3UhWcNBVbwBNhA-gA-Q37TMn2xtXJBU4KRzCZq0zhAKh-tcLTbheBRxRyEb-L3xteGe0TUktd8eK4IlTTajBRRoJWhS_CukVeO5qO3tzdq_GuJxQLlow3IrHWPJpoqG0JCB3PYTBiINN5HySKWJEYU5KA7eNpJ6vybHlKN09UitifGHEMd2-Fzr5Qem12q0tUrl28eb3yP5zTPA3QxGFDSt4ATICRYQyNyXFMAlNdfIjQuwmZhDt4Fxy7vb-8srjGvY0Ua-NF3qHJ4vGzK5E55JS3AS4E4HpJdINWcpVqLaRLDuHeIQP0RX7WfcVbQFg5CFnh_ChsWB67E5bBeYsANp92VRS-kU1NpXjtvixaEMfLJGDp8bKaUfKzSXSlft6gVHNWXjZIgoDz2RJdwgm6ePsg1YOE6NO3-HeKpT_j0_9NoEWsSu47NCpmvrKaZxvGD1TZrvF-jNAKnjNA06XrWdfuGRdNZLX42a7hinViVoEjKacZ4qXAswz5HS3DbSgwJnXoz_o665feS8vdACRpJ_3OWiRMW6tzlrEmNauwOa7Mz1ce9XX5h5t0_Bpl3QAc-jv-tsV_Y6Svrx5nw8VdCcTQqAsZ1jup-t93EQRBL69pz9Se-VpEz95GX-iYcEB6AZxQkqw_T8ncRdAIoJ0oDnKkZK2hTGN1vBYP5pIecia-WOdm8-nOBiOvXXuhghvS6WoiIht3G88cpnHZ63pEGaOjHZci1rZYJwoXogiG3w04bW5HX6hLuMOG7TspWVtGd3bdyqjceZ7NdTKCOnSeFC8XcHcXNDj6e8Jm4l3vxADZudQGdgjTx3Wdb_YCwZPHqIrvGBGx5RqZlffDpzlpqmtXyzFk6Y48fwUGouLChkoHySsLIblMAogCqXdyPAjHu8JE_N_rpKdAdwuVW_GoeWt3LTxWfsdKTFfUgO4V_GNZapsdx-EkcGDB0dl-sRetBksLXA0q7q_lbkBr12e44e5WhUcU7DRTEsYO661_iMS51Yu4B_DZn7_8F_Rul1d83pDBL0O7SROuFiIatZ6SmCB4mOJKu9lR0meC93diY9P6frdPUqm4JNpzYUPFXOu968Mf2JATrTM19TyYRBCDNwkFh-D741Xmt3poli8qZb_DKCpy6DjjZ0DKguIHpaD-pqMWnKwK-0188jsvT3cVvWqOKPy-8o9jnUk_-GqywyFl8pXzsxJTRciyYXDxQY9xA-MqcjOWYNzl8cMceqJf7cCdHsHxmzXFuc1yWE3M4YugFFMZXFzmbYUQUutwJv2V_zxqYHBBDryJ4YoDWeQm5itLUstso&sp=${SECOND_PRICE}
109.206.163.112302 Found 0 B URL HTTP/2 in16.zog.link/in/tishow/?katds_ep=bdYlo08LB-BYST20mTJwIKNRsM4S67P4E_i0Jfue_qmV6ocRnKp9HE4ZG_bWK1vpno9079oqFiC7dHEvdtZeEc4LgiR5d8DWOuYXOmy-r_DMsbwWKgqS1mHXGEXneHUMos0ALtvpzB-ZeSCdyh6_Cci-v120nhpOIxmRZgWDxo1z3IqTYEW2eXLeFBNRa_mBfFH2ZJ0eFQp29ZolhV4dHlRz4heG8KfRzMX-O8-82RmpcNS-RqmFlnetxCy7NAaGxNbiubMUhHMpm8hcT30Kt1HAgHkDbYaNRYNdXwIXt1hLCCgyAlqNiZnxJYUKFkhi8I6M9t_fN6-2Imd6ZRqOhBerUOklaj9fjayqKeWo_zlfqlAbDup6pS_yA1E1g4F18hD3LoMEUTRasXgbDjTw1LSjlDcbWtgdia9smi-ynNgdf7kl_mH-HQ7ft0yF8ea9j9YWam_KpqUgNBIb6Slw-1_0Sgm4zT0aXJkoTo-Rtx-GSyPxj1IGWj8oIgGx10mMchNbTt5HpzdW34ngnytPT3uMXVcllVyg92pgFYJdXWeqqrwcciTnm4kaSuoZNnIZZTW06KIe4nckFEL_2hxEx2h4V36cIw9mG66emFyXA_JTpP0sI2xuXP8IwOj9iyHyAb-0FPeQJclodZE4a-GR8FMStsoLy2lJMGd-WQExx87BQMSray7lsjA9mN3CF1E-GjCuhCp72jTC0U5AVQCT_ggCfj_UQtt2tFCS8pkDwkGbgGyi93fnnaGTbu6dwgvovrSRZRZBau2eA1sN5y5dvVBCc3UhWcNBVbwBNhA-gA-Q37TMn2xtXJBU4KRzCZq0zhAKh-tcLTbheBRxRyEb-L3xteGe0TUktd8eK4IlTTajBRRoJWhS_CukVeO5qO3tzdq_GuJxQLlow3IrHWPJpoqG0JCB3PYTBiINN5HySKWJEYU5KA7eNpJ6vybHlKN09UitifGHEMd2-Fzr5Qem12q0tUrl28eb3yP5zTPA3QxGFDSt4ATICRYQyNyXFMAlNdfIjQuwmZhDt4Fxy7vb-8srjGvY0Ua-NF3qHJ4vGzK5E55JS3AS4E4HpJdINWcpVqLaRLDuHeIQP0RX7WfcVbQFg5CFnh_ChsWB67E5bBeYsANp92VRS-kU1NpXjtvixaEMfLJGDp8bKaUfKzSXSlft6gVHNWXjZIgoDz2RJdwgm6ePsg1YOE6NO3-HeKpT_j0_9NoEWsSu47NCpmvrKaZxvGD1TZrvF-jNAKnjNA06XrWdfuGRdNZLX42a7hinViVoEjKacZ4qXAswz5HS3DbSgwJnXoz_o665feS8vdACRpJ_3OWiRMW6tzlrEmNauwOa7Mz1ce9XX5h5t0_Bpl3QAc-jv-tsV_Y6Svrx5nw8VdCcTQqAsZ1jup-t93EQRBL69pz9Se-VpEz95GX-iYcEB6AZxQkqw_T8ncRdAIoJ0oDnKkZK2hTGN1vBYP5pIecia-WOdm8-nOBiOvXXuhghvS6WoiIht3G88cpnHZ63pEGaOjHZci1rZYJwoXogiG3w04bW5HX6hLuMOG7TspWVtGd3bdyqjceZ7NdTKCOnSeFC8XcHcXNDj6e8Jm4l3vxADZudQGdgjTx3Wdb_YCwZPHqIrvGBGx5RqZlffDpzlpqmtXyzFk6Y48fwUGouLChkoHySsLIblMAogCqXdyPAjHu8JE_N_rpKdAdwuVW_GoeWt3LTxWfsdKTFfUgO4V_GNZapsdx-EkcGDB0dl-sRetBksLXA0q7q_lbkBr12e44e5WhUcU7DRTEsYO661_iMS51Yu4B_DZn7_8F_Rul1d83pDBL0O7SROuFiIatZ6SmCB4mOJKu9lR0meC93diY9P6frdPUqm4JNpzYUPFXOu968Mf2JATrTM19TyYRBCDNwkFh-D741Xmt3poli8qZb_DKCpy6DjjZ0DKguIHpaD-pqMWnKwK-0188jsvT3cVvWqOKPy-8o9jnUk_-GqywyFl8pXzsxJTRciyYXDxQY9xA-MqcjOWYNzl8cMceqJf7cCdHsHxmzXFuc1yWE3M4YugFFMZXFzmbYUQUutwJv2V_zxqYHBBDryJ4YoDWeQm5itLUstso&sp=${SECOND_PRICE}
IP 109.206.163.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/tishow/?katds_ep=bdYlo08LB-BYST20mTJwIKNRsM4S67P4E_i0Jfue_qmV6ocRnKp9HE4ZG_bWK1vpno9079oqFiC7dHEvdtZeEc4LgiR5d8DWOuYXOmy-r_DMsbwWKgqS1mHXGEXneHUMos0ALtvpzB-ZeSCdyh6_Cci-v120nhpOIxmRZgWDxo1z3IqTYEW2eXLeFBNRa_mBfFH2ZJ0eFQp29ZolhV4dHlRz4heG8KfRzMX-O8-82RmpcNS-RqmFlnetxCy7NAaGxNbiubMUhHMpm8hcT30Kt1HAgHkDbYaNRYNdXwIXt1hLCCgyAlqNiZnxJYUKFkhi8I6M9t_fN6-2Imd6ZRqOhBerUOklaj9fjayqKeWo_zlfqlAbDup6pS_yA1E1g4F18hD3LoMEUTRasXgbDjTw1LSjlDcbWtgdia9smi-ynNgdf7kl_mH-HQ7ft0yF8ea9j9YWam_KpqUgNBIb6Slw-1_0Sgm4zT0aXJkoTo-Rtx-GSyPxj1IGWj8oIgGx10mMchNbTt5HpzdW34ngnytPT3uMXVcllVyg92pgFYJdXWeqqrwcciTnm4kaSuoZNnIZZTW06KIe4nckFEL_2hxEx2h4V36cIw9mG66emFyXA_JTpP0sI2xuXP8IwOj9iyHyAb-0FPeQJclodZE4a-GR8FMStsoLy2lJMGd-WQExx87BQMSray7lsjA9mN3CF1E-GjCuhCp72jTC0U5AVQCT_ggCfj_UQtt2tFCS8pkDwkGbgGyi93fnnaGTbu6dwgvovrSRZRZBau2eA1sN5y5dvVBCc3UhWcNBVbwBNhA-gA-Q37TMn2xtXJBU4KRzCZq0zhAKh-tcLTbheBRxRyEb-L3xteGe0TUktd8eK4IlTTajBRRoJWhS_CukVeO5qO3tzdq_GuJxQLlow3IrHWPJpoqG0JCB3PYTBiINN5HySKWJEYU5KA7eNpJ6vybHlKN09UitifGHEMd2-Fzr5Qem12q0tUrl28eb3yP5zTPA3QxGFDSt4ATICRYQyNyXFMAlNdfIjQuwmZhDt4Fxy7vb-8srjGvY0Ua-NF3qHJ4vGzK5E55JS3AS4E4HpJdINWcpVqLaRLDuHeIQP0RX7WfcVbQFg5CFnh_ChsWB67E5bBeYsANp92VRS-kU1NpXjtvixaEMfLJGDp8bKaUfKzSXSlft6gVHNWXjZIgoDz2RJdwgm6ePsg1YOE6NO3-HeKpT_j0_9NoEWsSu47NCpmvrKaZxvGD1TZrvF-jNAKnjNA06XrWdfuGRdNZLX42a7hinViVoEjKacZ4qXAswz5HS3DbSgwJnXoz_o665feS8vdACRpJ_3OWiRMW6tzlrEmNauwOa7Mz1ce9XX5h5t0_Bpl3QAc-jv-tsV_Y6Svrx5nw8VdCcTQqAsZ1jup-t93EQRBL69pz9Se-VpEz95GX-iYcEB6AZxQkqw_T8ncRdAIoJ0oDnKkZK2hTGN1vBYP5pIecia-WOdm8-nOBiOvXXuhghvS6WoiIht3G88cpnHZ63pEGaOjHZci1rZYJwoXogiG3w04bW5HX6hLuMOG7TspWVtGd3bdyqjceZ7NdTKCOnSeFC8XcHcXNDj6e8Jm4l3vxADZudQGdgjTx3Wdb_YCwZPHqIrvGBGx5RqZlffDpzlpqmtXyzFk6Y48fwUGouLChkoHySsLIblMAogCqXdyPAjHu8JE_N_rpKdAdwuVW_GoeWt3LTxWfsdKTFfUgO4V_GNZapsdx-EkcGDB0dl-sRetBksLXA0q7q_lbkBr12e44e5WhUcU7DRTEsYO661_iMS51Yu4B_DZn7_8F_Rul1d83pDBL0O7SROuFiIatZ6SmCB4mOJKu9lR0meC93diY9P6frdPUqm4JNpzYUPFXOu968Mf2JATrTM19TyYRBCDNwkFh-D741Xmt3poli8qZb_DKCpy6DjjZ0DKguIHpaD-pqMWnKwK-0188jsvT3cVvWqOKPy-8o9jnUk_-GqywyFl8pXzsxJTRciyYXDxQY9xA-MqcjOWYNzl8cMceqJf7cCdHsHxmzXFuc1yWE3M4YugFFMZXFzmbYUQUutwJv2V_zxqYHBBDryJ4YoDWeQm5itLUstso&sp=${SECOND_PRICE} HTTP/1.1
Host: in16.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Fri, 23 Sep 2022 21:48:10 GMT
content-length: 0
location: https://12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{ __OS_FAMILY__ }}&__OS_TYPE__={{ __OS_TYPE__ }}&__GEOIP_COUNTRY_SHORT__={{ __GEOIP_COUNTRY_SHORT__ }}&__IP2L_MOBILE__={{ __IP2L_MOBILE__ }}&__BROWSER_FAMILY__={{ __BROWSER_FAMILY__ }}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=youvu.pornfollett.gigixo.com&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=78e2078d-2142-48d6-8317-d2bb80f5627d&id_zone=[idzone]&site={{ site }}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=78e2078d-2142-48d6-8317-d2bb80f5627d&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 2325.0=1; expires=Sat, 24 Sep 2022 21:48:10 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
i.jads.co/network/user500/16321-1456773411.gif
69.16.175.42200 OK 484 kB URL HTTP/1.1 i.jads.co/network/user500/16321-1456773411.gif
IP 69.16.175.42:0
Size 484 kB (484402 bytes)
Hash 10106046ca82b55978ae7c360dd4bf55
a1f4171fdaa10ae1e388ec573eb9db5143b2a431
e3b3a8539517deb5c788fb53a19f2d57495854cbcafa52950226fc9af62ec9ed
GET /network/user500/16321-1456773411.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: Keep-Alive
ETag: "1456773411"
Cache-Control: max-age=14744706
Content-Length: 483151
Content-Type: image/gif
Last-Modified: Mon, 29 Feb 2016 19:16:51 GMT
Accept-Ranges: bytes
X-HW: 1663969690.dop213.sk1.t,1663969690.cds068.sk1.c
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjcxLCJpZCI6ODU5LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo3MSwidHlwZSI6ImJhbm5lciIsInNwYWNlaWQiOjg1OSwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjQ3OTAyNDA5OSIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjcxIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI3MSIsInBhZ2UiOiJodHRwOi8veW91dnUucG9ybmZvbGxldHQuZ2lnaXhvLmNvbS8/aXlhbm5hIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6Ijk0YTEyOWFhODk3MDgzN2JlMjU4NWZmM2Y0MjJmM2NlIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4OTU5MH19
116.202.60.158200 OK 102 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjcxLCJpZCI6ODU5LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo3MSwidHlwZSI6ImJhbm5lciIsInNwYWNlaWQiOjg1OSwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjQ3OTAyNDA5OSIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjcxIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI3MSIsInBhZ2UiOiJodHRwOi8veW91dnUucG9ybmZvbGxldHQuZ2lnaXhvLmNvbS8/aXlhbm5hIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6Ijk0YTEyOWFhODk3MDgzN2JlMjU4NWZmM2Y0MjJmM2NlIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4OTU5MH19
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Size 102 kB (101462 bytes)
Hash 7e007243ce57ae586fad2680a6c68b1f
5d2d31a528f87d26c0130ebcd6d8f2a8a2efa6a6
bca3c6752903ed666d8e6be75293ab705f79c1fc11065c76090e8e6ad2201daf
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjcxLCJpZCI6ODU5LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo3MSwidHlwZSI6ImJhbm5lciIsInNwYWNlaWQiOjg1OSwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjQ3OTAyNDA5OSIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjcxIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI3MSIsInBhZ2UiOiJodHRwOi8veW91dnUucG9ybmZvbGxldHQuZ2lnaXhvLmNvbS8/aXlhbm5hIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6Ijk0YTEyOWFhODk3MDgzN2JlMjU4NWZmM2Y0MjJmM2NlIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4OTU5MH19 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=0&source=479024099&idzone=3830819&w=300&h=250&mo=&ve=&site_id=71&utm1=tcban_s&utm2=71&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&katds_labels=&btype=0&score=79
109.206.176.122302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=479024099&idzone=3830819&w=300&h=250&mo=&ve=&site_id=71&utm1=tcban_s&utm2=71&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&katds_labels=&btype=0&score=79
IP 109.206.176.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=479024099&idzone=3830819&w=300&h=250&mo=&ve=&site_id=71&utm1=tcban_s&utm2=71&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&katds_labels=&btype=0&score=79 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Cookie: 912.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=479024099&categories={{ad_tags}}
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Sat, 24 Sep 2022 21:48:10 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cbe2390ac7e6630961e339bd3e13d7fe
5a141af947f58dcda3d07a5ed66895287a08dc6f
7bb165e7e9354bcdb0855ba8b530418ac4c4e4fea2444b29fe114a412bd3b6ae
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7BB165E7E9354BCDB0855BA8B530418AC4C4E4FEA2444B29FE114A412BD3B6AE"
Last-Modified: Wed, 21 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17305
Expires: Sat, 24 Sep 2022 02:36:35 GMT
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7e262d4e816d3cc3cdb493e0b824729d
2b771cc25dbf6de574bc8ec469a5671cd9b0e534
3764f7e4a36603eab63dd9ffb7a044c06bf331d4966141364176167cebb42938
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3764F7E4A36603EAB63DD9FFB7A044C06BF331D4966141364176167CEBB42938"
Last-Modified: Wed, 21 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=440
Expires: Fri, 23 Sep 2022 21:55:30 GMT
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2b89fd83dd420c52eb8ab9281fdc8133
39210553f2749d69faa22ba0607e7d8129b946c7
add81d1491f25f1c28a70ba8232e742bf10be7ad33cad4aa35d28cf7488c2905
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADD81D1491F25F1C28A70BA8232E742BF10BE7AD33CAD4AA35D28CF7488C2905"
Last-Modified: Wed, 21 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9346
Expires: Sat, 24 Sep 2022 00:23:56 GMT
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: keep-alive
youvu.pornfollett.gigixo.com/s3/ad_amt1_v-01/262.jpg
51.79.221.186200 OK 46 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/s3/ad_amt1_v-01/262.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 133x600, components 3\012- data
Hash 9046f68af31310d081a59093b907dca8
9848561250e5a267f3eb2d2a6c975ae8e4784dff
da7695fb4ff32461e6b2955c37d386a57bc6930694556b989ac0fe3b23d067f2
GET /s3/ad_amt1_v-01/262.jpg HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:33 GMT
Content-Type: image/jpeg
Content-Length: 45903
Connection: keep-alive
Last-Modified: Wed, 31 Mar 2021 20:30:39 GMT
ETag: "6064dbef-b34f"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SdRjZqc1RmocofpOc8yiNtrQdaig0DaVuZ7JrmVNSqDrvlTdZ83jg%2FlE4qkkjue%2F0mGl5SVhL%2FzFVDY0yGN15gO5Jo%2BX7xaIq5FjPXK4e3PdwXqyzkUDsepLWbqM2aQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74f67ba40f616bdb-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
youvu.pornfollett.gigixo.com/s3/ad_tube/b1198.jpg
51.79.221.186200 OK 32 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/s3/ad_tube/b1198.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x320, components 3\012- data
Hash ab2e7d0ae80ef0adac55ad8cc82ab5b4
10752b126590e57960f2fce2abbe37fcf5b08efe
2e177a8b704a270764ca091631f75e8ec4f54cb0724eb63871ddb8ad1ec526df
GET /s3/ad_tube/b1198.jpg HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:32 GMT
Content-Type: image/jpeg
Content-Length: 32242
Connection: keep-alive
Last-Modified: Sun, 10 Jan 2021 15:27:00 GMT
ETag: "5ffb1cc4-7df2"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V3zie0RlCaSAZvTyHAgiVTfmY9zXuprMjjMFZuCBnz2CrHZOX3P2Kez3rkO9oqYz7dSDRNW%2B7An1Bmo3xIssA8aRowTX1t%2F8l3NBfJTsAdhRP%2BLWtY34qAEMHGpQ1ZI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74f67ba2fe4187a0-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a09ab9c5ee4d3f5fb316aa8563339409
26d73d97c7ab96aa2f528ff3d160879bedb10b0b
7fb25157b57260f005f881592c80dbc15874236c984f7d4bdde7f2ed2b1ffb8d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7FB25157B57260F005F881592C80DBC15874236C984F7D4BDDE7F2ED2B1FFB8D"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15531
Expires: Sat, 24 Sep 2022 02:07:01 GMT
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: keep-alive
youvu.pornfollett.gigixo.com/s3/ad_amt1_h_01/2171.jpg
51.79.221.186200 OK 31 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/s3/ad_amt1_h_01/2171.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 706x80, components 3\012- data
Hash 207912588a7c797c8da5670b261b955f
62a9e4db3bde52cc20f19423943471d7bb5ea2d6
c365cb404efcd73d48223076f9eadae0b1f3fe544220528f5305771f3aea630e
GET /s3/ad_amt1_h_01/2171.jpg HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:33 GMT
Content-Type: image/jpeg
Content-Length: 31229
Connection: keep-alive
Last-Modified: Fri, 02 Apr 2021 20:39:05 GMT
ETag: "606780e9-79fd"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zNfsqiwYVYnwqwP1HPOc1fYabbIE4rqNZcUuxKPb7%2Fe%2BItsHl0IicEOk0wj8OMfIM4ADHJwxjlBly11Il%2BeirScrIG8I88eJSNmNc1d6Ngdb%2F5cl6OXPsFEiRv%2BkW2A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74f67ba57aab19b0-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
exerciseundergone.com/pixel/pure
192.243.59.20204 No Content 0 B URL HTTP/1.1 exerciseundergone.com/pixel/pure
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /pixel/pure HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://youvu.pornfollett.gigixo.com/
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
HTTP/1.1 204 No Content
Server: nginx/1.17.9
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A08%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
88.208.59.102200 OK 2.1 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A08%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (3865), with no line terminators
Hash 5807c50103b5a0a82f1b7cb882571cfe
11d56891872bf18fd4f7cc41178426302679d07e
cbec61c0bb80a69f94e450b94ccdb79436b34fcce81f50376b8fea447cf4c683
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A08%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 23 Sep 2022 21:48:10 UTC
expires: Fri, 23 Sep 2022 21:48:10 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash efb50f27cfae640a21c4328b354bb8f4
c30cfc177a7b74bd5637179afa873d851f9edc28
53348e2e439586e24f481ca6bd9ac144edb05d1e7b19ca58ffd8d89272fe747e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 05:56:18 GMT
Expires: Fri, 30 Sep 2022 05:56:17 GMT
Etag: "c30cfc177a7b74bd5637179afa873d851f9edc28"
Cache-Control: max-age=547086,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f67ba7ff651c16-OSL
bcdn.clickaine.com/21361/05e979a0-5672-11eb-98b3-8aec4f8692d5.jpg
92.223.97.97200 OK 66 kB URL HTTP/2 bcdn.clickaine.com/21361/05e979a0-5672-11eb-98b3-8aec4f8692d5.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash d288a6ed4b8f20f81f74fdd10bcc319d
d365c878f58f2f47dead8ad9f86bdb43b84bce94
5b373e6234344873acab9c286f06515dacae12b9d0d1aa5ca3577dfc2d69a408
GET /21361/05e979a0-5672-11eb-98b3-8aec4f8692d5.jpg HTTP/1.1
Host: bcdn.clickaine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: image/jpeg
content-length: 66255
last-modified: Thu, 14 Jan 2021 14:08:49 GMT
etag: "60005071-102cf"
cache: HIT
x-cached-since: 2022-09-23T11:10:35+00:00
x-id: sto5-up-gc10
accept-ranges: bytes
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjcxLCJpZCI6ODU5LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo3MSwidHlwZSI6ImJhbm5lciIsInNwYWNlaWQiOjg1OSwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjQ3OTAyNDA5OSIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjcxIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI3MSIsInBhZ2UiOiJodHRwOi8veW91dnUucG9ybmZvbGxldHQuZ2lnaXhvLmNvbS8/aXlhbm5hIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6Ijk0YTEyOWFhODk3MDgzN2JlMjU4NWZmM2Y0MjJmM2NlIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4OTU4OH19
116.202.60.158200 OK 981 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjcxLCJpZCI6ODU5LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo3MSwidHlwZSI6ImJhbm5lciIsInNwYWNlaWQiOjg1OSwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjQ3OTAyNDA5OSIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjcxIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI3MSIsInBhZ2UiOiJodHRwOi8veW91dnUucG9ybmZvbGxldHQuZ2lnaXhvLmNvbS8/aXlhbm5hIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6Ijk0YTEyOWFhODk3MDgzN2JlMjU4NWZmM2Y0MjJmM2NlIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4OTU4OH19
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1319)
Hash 588aad0564025869837c6fa88382f2df
1217b2918d135d0af11fbec0efdd976c5e770535
609b45014731bcee16306fe96f2f72a7469ee4787975f139f285ad2189d947f2
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjcxLCJpZCI6ODU5LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo3MSwidHlwZSI6ImJhbm5lciIsInNwYWNlaWQiOjg1OSwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjQ3OTAyNDA5OSIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjcxIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI3MSIsInBhZ2UiOiJodHRwOi8veW91dnUucG9ybmZvbGxldHQuZ2lnaXhvLmNvbS8/aXlhbm5hIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6Ijk0YTEyOWFhODk3MDgzN2JlMjU4NWZmM2Y0MjJmM2NlIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4OTU4OH19 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
kazanwhoeveryowl.com/watch.1254169250658.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 kazanwhoeveryowl.com/watch.1254169250658.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1254169250658.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid= HTTP/1.1
Host: kazanwhoeveryowl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Origin: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Credentials: true
Location: https://kazanwhoeveryowl.com/watch.1254169250658.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=513396d7da609a6b19b69909f71afe968505ee26eb0ed1b879dfed64e537d3029f4fbc9b26a8ef3101ba91656ae2c2f23acdbbb31686595e67e55e8c2183fe8e13240e7c14b7e8973aa19ddd7673dbef8de2984b5d383ba4972ec5302b8cf5&pst=1663969750&rmtc=t
Set-Cookie: u_pl=16428146; expires=Sat, 24 Sep 2022 21:48:10 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly95b3V2dS5wb3JuZm9sbGV0dC5naWdpeG8uY29tLz9peWFubmEifX0.uYWmS9P_xz3bZD80Iyb5deQmtyaZLtos14XBUd3OWvo; expires=Fri, 23 Sep 2022 21:49:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 40d2a5043ebf93f5784a21307b776acc
Strict-Transport-Security: max-age=0; includeSubdomains
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPeq5UGrDkp3TkR9TcqEjTypQ7-DcaVFlUAso-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgP72eWY1JVLYnCf39xrlTEzB9gapnmTJzQVM0aDtjl2LCedhZQO35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IwvI7Efe_vri_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSjDt_lWvyqKBdm0cnJm-7G9cQjP2QAh2yNu-DfAvjhWzgJxAtQltcqGfMgcg3kJ9FY6UmaFXesg6X2y0OSHiAU9-dU2Ubd_8RBxbkIoginOEFMVD6PHlklv-vW0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WdgJOBksl7mbxiuJWwpiG2I-w02ecbOp_SyDEhdkZBmB6whUDp54f3a5SNUXbd0EGkmXEEvkJhuHiBjEN1kGJPZtUivsXqgdz6u1CTqZ8wInPiXZb9sSu7LrkIaY2tAn3APkmVv0DM6tzESCei0jGBUufToytxanmjgEW6l8Xa0hOWt0Dqql-CN8WDGTgOA-8QbuykIPlIGaSpg9KMuw8msXUyNsfcFhJzqPJa5DgF1W29vRfb0AsuSCL9WjhDhEx3_qLxZ1-xxJRq1qkA5opaAWUUXYAR9RU5eqEVVp6caotL-noOlYmvDhT0D53X57mYt3SDLZyMu12p1XYqYaaPdZ1zkxRc0Ht-3q0TodWfv7xNImTKA3dAmbYabmoL0mpdcXOMEpOr8qfNMm8dpdWwqKMNGYa6R8gC8B-VbE-Nw1tninT_vcokV3dnEKMS1GMfnwDDGWocpkgj1xurmcnyrvnh9zRfgYZuQNsSaGrBha2md7QVbvCPjj4khOwVNA5_G_accVA78c_K2Oj0N5j4MDM4peJ-9cZId_exmkeV8MoB8YLUX5DTv3_bup58Sz3l15OjHghKThImTLFRzOeVPorP0fbaJGWDxmpKkeGaP06_TmA-GGgPpzy8zwqT4gY-YefKUQLrZ6fHTNimywbXOq_QuDMMhEas-u1z4MfnG5hRw6ajVNc_RYSPTZxB5mRzCqgA
88.208.59.102200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPeq5UGrDkp3TkR9TcqEjTypQ7-DcaVFlUAso-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgP72eWY1JVLYnCf39xrlTEzB9gapnmTJzQVM0aDtjl2LCedhZQO35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IwvI7Efe_vri_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSjDt_lWvyqKBdm0cnJm-7G9cQjP2QAh2yNu-DfAvjhWzgJxAtQltcqGfMgcg3kJ9FY6UmaFXesg6X2y0OSHiAU9-dU2Ubd_8RBxbkIoginOEFMVD6PHlklv-vW0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WdgJOBksl7mbxiuJWwpiG2I-w02ecbOp_SyDEhdkZBmB6whUDp54f3a5SNUXbd0EGkmXEEvkJhuHiBjEN1kGJPZtUivsXqgdz6u1CTqZ8wInPiXZb9sSu7LrkIaY2tAn3APkmVv0DM6tzESCei0jGBUufToytxanmjgEW6l8Xa0hOWt0Dqql-CN8WDGTgOA-8QbuykIPlIGaSpg9KMuw8msXUyNsfcFhJzqPJa5DgF1W29vRfb0AsuSCL9WjhDhEx3_qLxZ1-xxJRq1qkA5opaAWUUXYAR9RU5eqEVVp6caotL-noOlYmvDhT0D53X57mYt3SDLZyMu12p1XYqYaaPdZ1zkxRc0Ht-3q0TodWfv7xNImTKA3dAmbYabmoL0mpdcXOMEpOr8qfNMm8dpdWwqKMNGYa6R8gC8B-VbE-Nw1tninT_vcokV3dnEKMS1GMfnwDDGWocpkgj1xurmcnyrvnh9zRfgYZuQNsSaGrBha2md7QVbvCPjj4khOwVNA5_G_accVA78c_K2Oj0N5j4MDM4peJ-9cZId_exmkeV8MoB8YLUX5DTv3_bup58Sz3l15OjHghKThImTLFRzOeVPorP0fbaJGWDxmpKkeGaP06_TmA-GGgPpzy8zwqT4gY-YefKUQLrZ6fHTNimywbXOq_QuDMMhEas-u1z4MfnG5hRw6ajVNc_RYSPTZxB5mRzCqgA
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeq5UGrDkp3TkR9TcqEjTypQ7-DcaVFlUAso-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgP72eWY1JVLYnCf39xrlTEzB9gapnmTJzQVM0aDtjl2LCedhZQO35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IwvI7Efe_vri_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSjDt_lWvyqKBdm0cnJm-7G9cQjP2QAh2yNu-DfAvjhWzgJxAtQltcqGfMgcg3kJ9FY6UmaFXesg6X2y0OSHiAU9-dU2Ubd_8RBxbkIoginOEFMVD6PHlklv-vW0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WdgJOBksl7mbxiuJWwpiG2I-w02ecbOp_SyDEhdkZBmB6whUDp54f3a5SNUXbd0EGkmXEEvkJhuHiBjEN1kGJPZtUivsXqgdz6u1CTqZ8wInPiXZb9sSu7LrkIaY2tAn3APkmVv0DM6tzESCei0jGBUufToytxanmjgEW6l8Xa0hOWt0Dqql-CN8WDGTgOA-8QbuykIPlIGaSpg9KMuw8msXUyNsfcFhJzqPJa5DgF1W29vRfb0AsuSCL9WjhDhEx3_qLxZ1-xxJRq1qkA5opaAWUUXYAR9RU5eqEVVp6caotL-noOlYmvDhT0D53X57mYt3SDLZyMu12p1XYqYaaPdZ1zkxRc0Ht-3q0TodWfv7xNImTKA3dAmbYabmoL0mpdcXOMEpOr8qfNMm8dpdWwqKMNGYa6R8gC8B-VbE-Nw1tninT_vcokV3dnEKMS1GMfnwDDGWocpkgj1xurmcnyrvnh9zRfgYZuQNsSaGrBha2md7QVbvCPjj4khOwVNA5_G_accVA78c_K2Oj0N5j4MDM4peJ-9cZId_exmkeV8MoB8YLUX5DTv3_bup58Sz3l15OjHghKThImTLFRzOeVPorP0fbaJGWDxmpKkeGaP06_TmA-GGgPpzy8zwqT4gY-YefKUQLrZ6fHTNimywbXOq_QuDMMhEas-u1z4MfnG5hRw6ajVNc_RYSPTZxB5mRzCqgA HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=youvu.pornfollett.gigixo.com&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=78e2078d-2142-48d6-8317-d2bb80f5627d&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=78e2078d-2142-48d6-8317-d2bb80f5627d&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
45.133.44.25200 OK 931 B URL HTTP/2 12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=youvu.pornfollett.gigixo.com&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=78e2078d-2142-48d6-8317-d2bb80f5627d&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=78e2078d-2142-48d6-8317-d2bb80f5627d&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash 77718834a8c99f6e484da84fba6aef3b
b02654441614e14055b55d872653e4c2c8b57fff
3616c39f1e409fe8f091bd69965fe802261290477341882325b1a88bebdda87c
GET /m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=youvu.pornfollett.gigixo.com&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=78e2078d-2142-48d6-8317-d2bb80f5627d&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=78e2078d-2142-48d6-8317-d2bb80f5627d&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0 HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: text/html; charset=utf-8
server: nginx/1.12.2
last-modified: Wed, 02 Sep 2020 10:48:37 GMT
etag: W/"5f4f7885-7e9"
content-encoding: gzip
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: MISS
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPeq5UGrDkp3TkR5dfYEhTpxI24jtWYCc4uLuU7cbkoGmDgR36bpvQmewlPoKhf_RljcxDLkgPrU4FWknSVbOXCwLaAtAdc_O5YBjSMORkYxiNTzIju0p0cQ-zQ0f7aZAJIu_0ubeMwUahHFxs4LsE1hE7W7hT2_ZPvIVLlhf_hd_30JGYXuIjlop9vN3_FRy2MU2WU7vUErvFNbHFJJ4cR-7kJidB_qpNX7ypVXIiaEVkiJLR48lJzBZY5Bb4ODQairALRQrwCyQ9Ap1uruP8V0FLt81VUrGH95kfjGfMuQrTDph6Bxtei4kMncUkvpKHEpapdapfX0KUI9b9-vTMVmuE6rAnUxHZjToVuxQ6fMbMvmA_FyxuxGnB2VIgdICr7RJNOYN023hKees2jIUs4fK5A5uZJ5oagBxXe-6eOQ19IRfByYgVbY91WOWHqabrmu6MqStIqe4Dsr-R6rMw0wIT4d8NdQCcqCgwYmxlJZsFR_YvQ9fVqu3DJ3Eyfy5kIJRx6p8ydTv6soF5yCNKbKbTejnsYAD1rWA5J9s3mBuQckDWOY_JTXEr7SU2hR1nQgw5URRHJlJ82un3tWNAL_X5gjelkO5xMCw-T7dEm0P582yaCH_tZQtbAJaNkGRRciHLOWpyX4H4aUlkGGl0I9GaNToo_CHNCENY49vnEEEVequkQOLU1_c2ultNcZrgJ8eRC7ZEJwOeESQhb8T_KSO_Uq1x5wQg-oDHnouZMPsPr-cLBU9M_32aAedaEV-BmkG9GwV9IWXdcU6HSC2CVcEVxJ0p4FHIUjbkANiClhC9q9y17gl30DVMGwudFur289vCOzJ0zhCuTysFiSrPCurGfokV3dnEKMS1GMfnwDDGWocpkgj1xurmcnyrvnh9zRfgYZuQNsSaGrBha2md7QVbvCPjj4khOwVNA5_G_accVA78c_K2Oj0N5j4MDM4peJ-9cZId_exmkeV8MoB8YLUX5DTv3_bup58Sz3l15OjHghKThImTLFRzOeVPorP0fbaJGWDxmpKkeGaP06_TmA-GGgPpzy8zwqT4gY-YefKUQLrZ6fHTNimywbXOq_QuDMMhEas-u1z4MfnFw2k11-_kEVcTEs1mDHr5241YinA
88.208.59.102200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPeq5UGrDkp3TkR5dfYEhTpxI24jtWYCc4uLuU7cbkoGmDgR36bpvQmewlPoKhf_RljcxDLkgPrU4FWknSVbOXCwLaAtAdc_O5YBjSMORkYxiNTzIju0p0cQ-zQ0f7aZAJIu_0ubeMwUahHFxs4LsE1hE7W7hT2_ZPvIVLlhf_hd_30JGYXuIjlop9vN3_FRy2MU2WU7vUErvFNbHFJJ4cR-7kJidB_qpNX7ypVXIiaEVkiJLR48lJzBZY5Bb4ODQairALRQrwCyQ9Ap1uruP8V0FLt81VUrGH95kfjGfMuQrTDph6Bxtei4kMncUkvpKHEpapdapfX0KUI9b9-vTMVmuE6rAnUxHZjToVuxQ6fMbMvmA_FyxuxGnB2VIgdICr7RJNOYN023hKees2jIUs4fK5A5uZJ5oagBxXe-6eOQ19IRfByYgVbY91WOWHqabrmu6MqStIqe4Dsr-R6rMw0wIT4d8NdQCcqCgwYmxlJZsFR_YvQ9fVqu3DJ3Eyfy5kIJRx6p8ydTv6soF5yCNKbKbTejnsYAD1rWA5J9s3mBuQckDWOY_JTXEr7SU2hR1nQgw5URRHJlJ82un3tWNAL_X5gjelkO5xMCw-T7dEm0P582yaCH_tZQtbAJaNkGRRciHLOWpyX4H4aUlkGGl0I9GaNToo_CHNCENY49vnEEEVequkQOLU1_c2ultNcZrgJ8eRC7ZEJwOeESQhb8T_KSO_Uq1x5wQg-oDHnouZMPsPr-cLBU9M_32aAedaEV-BmkG9GwV9IWXdcU6HSC2CVcEVxJ0p4FHIUjbkANiClhC9q9y17gl30DVMGwudFur289vCOzJ0zhCuTysFiSrPCurGfokV3dnEKMS1GMfnwDDGWocpkgj1xurmcnyrvnh9zRfgYZuQNsSaGrBha2md7QVbvCPjj4khOwVNA5_G_accVA78c_K2Oj0N5j4MDM4peJ-9cZId_exmkeV8MoB8YLUX5DTv3_bup58Sz3l15OjHghKThImTLFRzOeVPorP0fbaJGWDxmpKkeGaP06_TmA-GGgPpzy8zwqT4gY-YefKUQLrZ6fHTNimywbXOq_QuDMMhEas-u1z4MfnFw2k11-_kEVcTEs1mDHr5241YinA
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeq5UGrDkp3TkR5dfYEhTpxI24jtWYCc4uLuU7cbkoGmDgR36bpvQmewlPoKhf_RljcxDLkgPrU4FWknSVbOXCwLaAtAdc_O5YBjSMORkYxiNTzIju0p0cQ-zQ0f7aZAJIu_0ubeMwUahHFxs4LsE1hE7W7hT2_ZPvIVLlhf_hd_30JGYXuIjlop9vN3_FRy2MU2WU7vUErvFNbHFJJ4cR-7kJidB_qpNX7ypVXIiaEVkiJLR48lJzBZY5Bb4ODQairALRQrwCyQ9Ap1uruP8V0FLt81VUrGH95kfjGfMuQrTDph6Bxtei4kMncUkvpKHEpapdapfX0KUI9b9-vTMVmuE6rAnUxHZjToVuxQ6fMbMvmA_FyxuxGnB2VIgdICr7RJNOYN023hKees2jIUs4fK5A5uZJ5oagBxXe-6eOQ19IRfByYgVbY91WOWHqabrmu6MqStIqe4Dsr-R6rMw0wIT4d8NdQCcqCgwYmxlJZsFR_YvQ9fVqu3DJ3Eyfy5kIJRx6p8ydTv6soF5yCNKbKbTejnsYAD1rWA5J9s3mBuQckDWOY_JTXEr7SU2hR1nQgw5URRHJlJ82un3tWNAL_X5gjelkO5xMCw-T7dEm0P582yaCH_tZQtbAJaNkGRRciHLOWpyX4H4aUlkGGl0I9GaNToo_CHNCENY49vnEEEVequkQOLU1_c2ultNcZrgJ8eRC7ZEJwOeESQhb8T_KSO_Uq1x5wQg-oDHnouZMPsPr-cLBU9M_32aAedaEV-BmkG9GwV9IWXdcU6HSC2CVcEVxJ0p4FHIUjbkANiClhC9q9y17gl30DVMGwudFur289vCOzJ0zhCuTysFiSrPCurGfokV3dnEKMS1GMfnwDDGWocpkgj1xurmcnyrvnh9zRfgYZuQNsSaGrBha2md7QVbvCPjj4khOwVNA5_G_accVA78c_K2Oj0N5j4MDM4peJ-9cZId_exmkeV8MoB8YLUX5DTv3_bup58Sz3l15OjHghKThImTLFRzOeVPorP0fbaJGWDxmpKkeGaP06_TmA-GGgPpzy8zwqT4gY-YefKUQLrZ6fHTNimywbXOq_QuDMMhEas-u1z4MfnFw2k11-_kEVcTEs1mDHr5241YinA HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
exerciseundergone.com/pixel/pure
192.243.59.20204 No Content 0 B URL HTTP/1.1 exerciseundergone.com/pixel/pure
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /pixel/pure HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://youvu.pornfollett.gigixo.com/
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
HTTP/1.1 204 No Content
Server: nginx/1.17.9
Date: Fri, 23 Sep 2022 21:48:10 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
dictatepantry.com/watch.1596805218272.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 dictatepantry.com/watch.1596805218272.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1596805218272.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid= HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Origin: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Credentials: true
Location: https://dictatepantry.com/watch.1596805218272.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=806b19f9d6df0b0b1264ebfd1068400a9ff37268c70efdd86c03b2c87a76931f6f73cfe339cd8b660f8f76b07d37d91aac8b9102cb16ef9a825a134350ecae5b515b2c2987736c4b14d162dc34a47c2951ff603e2c40493d1f4535678f507655&pst=1663969750&rmtc=t
Set-Cookie: u_pl=16428146; expires=Sat, 24 Sep 2022 21:48:10 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly95b3V2dS5wb3JuZm9sbGV0dC5naWdpeG8uY29tLz9peWFubmEifX0.uYWmS9P_xz3bZD80Iyb5deQmtyaZLtos14XBUd3OWvo; expires=Fri, 23 Sep 2022 21:49:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d58c1aa127ddb7b7a02f55522859f446
Strict-Transport-Security: max-age=0; includeSubdomains
exerciseundergone.com/pixel/pure
192.243.59.20200 OK 0 B URL HTTP/1.1 exerciseundergone.com/pixel/pure
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /pixel/pure HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 73
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 23 Sep 2022 21:48:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 2.6 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0c70fa9637710e2bf80b8dac686e372
1166a38810cc3559142691b02df05c881ad4e77c
9e81ee1e7b7c71339b91f6166ed14e90291191868cb59b44c4048757b1efec4e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B844225DFDB4332D12809341E3AF141D292AD2D36C33F69D9D45D6F6D600F27"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6197
Expires: Fri, 23 Sep 2022 23:31:28 GMT
Date: Fri, 23 Sep 2022 21:48:11 GMT
Connection: keep-alive
in16.zog.link/in/show/?__OS_FAMILY__=%7B%7B%20__OS_FAMILY__%20%7D%7D&__OS_TYPE__=%7B%7B%20__OS_TYPE__%20%7D%7D&__GEOIP_COUNTRY_SHORT__=%7B%7B%20__GEOIP_COUNTRY_SHORT__%20%7D%7D&__IP2L_MOBILE__=%7B%7B%20__IP2L_MOBILE__%20%7D%7D&__BROWSER_FAMILY__=%7B%7B%20__BROWSER_FAMILY__%20%7D%7D&OS_FAMILY=%5BOS_FAMILY%5D&OS_TYPE=%5BOS_TYPE%5D&COUNTRY_ISO_CODE=%5BCOUNTRY_ISO_CODE%5D&MOBILE_BRAND=%5BMOBILE_BRAND%5D&BROWSER_FAMILY=%5BBROWSER_FAMILY%5D&DOMAIN=youvu.pornfollett.gigixo.com&PRICE=0.0050&PRICING_MODEL=%5BPRICING_MODEL%5D&CAMPAIGN_ID=6435&CLICK_ID=78e2078d-2142-48d6-8317-d2bb80f5627d&id_zone=%5Bidzone%5D&site=%7B%7B%20site%20%7D%7D&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=78e2078d-2142-48d6-8317-d2bb80f5627d&priority=%5BPRIORITY%5D&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0&banner_id=4190&banner_creative_id=8920
109.206.163.112200 OK 2 B URL HTTP/2 in16.zog.link/in/show/?__OS_FAMILY__=%7B%7B%20__OS_FAMILY__%20%7D%7D&__OS_TYPE__=%7B%7B%20__OS_TYPE__%20%7D%7D&__GEOIP_COUNTRY_SHORT__=%7B%7B%20__GEOIP_COUNTRY_SHORT__%20%7D%7D&__IP2L_MOBILE__=%7B%7B%20__IP2L_MOBILE__%20%7D%7D&__BROWSER_FAMILY__=%7B%7B%20__BROWSER_FAMILY__%20%7D%7D&OS_FAMILY=%5BOS_FAMILY%5D&OS_TYPE=%5BOS_TYPE%5D&COUNTRY_ISO_CODE=%5BCOUNTRY_ISO_CODE%5D&MOBILE_BRAND=%5BMOBILE_BRAND%5D&BROWSER_FAMILY=%5BBROWSER_FAMILY%5D&DOMAIN=youvu.pornfollett.gigixo.com&PRICE=0.0050&PRICING_MODEL=%5BPRICING_MODEL%5D&CAMPAIGN_ID=6435&CLICK_ID=78e2078d-2142-48d6-8317-d2bb80f5627d&id_zone=%5Bidzone%5D&site=%7B%7B%20site%20%7D%7D&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=78e2078d-2142-48d6-8317-d2bb80f5627d&priority=%5BPRIORITY%5D&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0&banner_id=4190&banner_creative_id=8920
IP 109.206.163.112:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /in/show/?__OS_FAMILY__=%7B%7B%20__OS_FAMILY__%20%7D%7D&__OS_TYPE__=%7B%7B%20__OS_TYPE__%20%7D%7D&__GEOIP_COUNTRY_SHORT__=%7B%7B%20__GEOIP_COUNTRY_SHORT__%20%7D%7D&__IP2L_MOBILE__=%7B%7B%20__IP2L_MOBILE__%20%7D%7D&__BROWSER_FAMILY__=%7B%7B%20__BROWSER_FAMILY__%20%7D%7D&OS_FAMILY=%5BOS_FAMILY%5D&OS_TYPE=%5BOS_TYPE%5D&COUNTRY_ISO_CODE=%5BCOUNTRY_ISO_CODE%5D&MOBILE_BRAND=%5BMOBILE_BRAND%5D&BROWSER_FAMILY=%5BBROWSER_FAMILY%5D&DOMAIN=youvu.pornfollett.gigixo.com&PRICE=0.0050&PRICING_MODEL=%5BPRICING_MODEL%5D&CAMPAIGN_ID=6435&CLICK_ID=78e2078d-2142-48d6-8317-d2bb80f5627d&id_zone=%5Bidzone%5D&site=%7B%7B%20site%20%7D%7D&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=78e2078d-2142-48d6-8317-d2bb80f5627d&priority=%5BPRIORITY%5D&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0&banner_id=4190&banner_creative_id=8920 HTTP/1.1
Host: in16.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://12112336.pix-cdn.org
Connection: keep-alive
Referer: https://12112336.pix-cdn.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 23 Sep 2022 21:48:11 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://12112336.pix-cdn.org
set-cookie: 770.0=1; expires=Sat, 24 Sep 2022 21:48:10 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
plainmarshyaltered.com/watch.1035381025075.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=737dbe988ef1fcef8248004fbbbb73e6df1fac686a8a13d54001029b131a84d6471d7acb6bcefa44066c0b22ad823dd31067db5a9fcdc59eeb9c687831601513b8d100ad8a41ac9781c93c6fa0500ea6dee61df0359c52ecabc07f34d6d3d7&pst=1663969750&rmtc=t
173.233.137.60200 OK 2.4 kB URL HTTP/1.1 plainmarshyaltered.com/watch.1035381025075.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=737dbe988ef1fcef8248004fbbbb73e6df1fac686a8a13d54001029b131a84d6471d7acb6bcefa44066c0b22ad823dd31067db5a9fcdc59eeb9c687831601513b8d100ad8a41ac9781c93c6fa0500ea6dee61df0359c52ecabc07f34d6d3d7&pst=1663969750&rmtc=t
IP 173.233.137.60:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (3075)
Hash 9fed2c0cbbba80671b8e01a5c21e9646
17f861daa4193a7b318eba72af4543a90caaad2a
45c880de0d37e1857414d5573c04d5b064b3b231f4ca9e798e271a0ccfab4f24
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1035381025075.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=737dbe988ef1fcef8248004fbbbb73e6df1fac686a8a13d54001029b131a84d6471d7acb6bcefa44066c0b22ad823dd31067db5a9fcdc59eeb9c687831601513b8d100ad8a41ac9781c93c6fa0500ea6dee61df0359c52ecabc07f34d6d3d7&pst=1663969750&rmtc=t HTTP/1.1
Host: plainmarshyaltered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Cookie: u_pl=16428146; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly95b3V2dS5wb3JuZm9sbGV0dC5naWdpeG8uY29tLz9peWFubmEifX0.uYWmS9P_xz3bZD80Iyb5deQmtyaZLtos14XBUd3OWvo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Origin: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Credentials: true
Set-Cookie: iprc94e52935101ea0604514b0fd0d1ba8ab=3569681; expires=Sat, 24 Sep 2022 01:48:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
uncs=1; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af5448ce24f00ea64a813fd39b6db1b3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26968), with no line terminators
Hash 8c4e321c8efe7fdd7364e0822021bf95
7e975c350e8a89821fb30673dd1b7e9af62c0fb4
75c4fdc5c436d89e0bc2d65f3fbee2ee12cb53f38868bbbe44c1441da069a0ad
GET /3cb5727a16a2f566d5a822edf1d58427/invoke.js HTTP/1.1
Host: www.effectivedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 59cb55673808aa45a9facf78828d027e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
kazanwhoeveryowl.com/watch.1254169250658.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=513396d7da609a6b19b69909f71afe968505ee26eb0ed1b879dfed64e537d3029f4fbc9b26a8ef3101ba91656ae2c2f23acdbbb31686595e67e55e8c2183fe8e13240e7c14b7e8973aa19ddd7673dbef8de2984b5d383ba4972ec5302b8cf5&pst=1663969750&rmtc=t
173.233.137.36200 OK 2.4 kB URL HTTP/1.1 kazanwhoeveryowl.com/watch.1254169250658.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=513396d7da609a6b19b69909f71afe968505ee26eb0ed1b879dfed64e537d3029f4fbc9b26a8ef3101ba91656ae2c2f23acdbbb31686595e67e55e8c2183fe8e13240e7c14b7e8973aa19ddd7673dbef8de2984b5d383ba4972ec5302b8cf5&pst=1663969750&rmtc=t
IP 173.233.137.36:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (3083)
Hash 880ecb34d029a158d08a716c4adcfa59
3b34130a98f74fc80421e61ef84ca8c85e2f70b6
16ee6823671cdaa52409f7eb964054e382f356c024ff5b9364861a38a652d21d
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1254169250658.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=513396d7da609a6b19b69909f71afe968505ee26eb0ed1b879dfed64e537d3029f4fbc9b26a8ef3101ba91656ae2c2f23acdbbb31686595e67e55e8c2183fe8e13240e7c14b7e8973aa19ddd7673dbef8de2984b5d383ba4972ec5302b8cf5&pst=1663969750&rmtc=t HTTP/1.1
Host: kazanwhoeveryowl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Cookie: u_pl=16428146; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly95b3V2dS5wb3JuZm9sbGV0dC5naWdpeG8uY29tLz9peWFubmEifX0.uYWmS9P_xz3bZD80Iyb5deQmtyaZLtos14XBUd3OWvo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Origin: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Credentials: true
Set-Cookie: iprc94e52935101ea0604514b0fd0d1ba8ab=3569681; expires=Sat, 24 Sep 2022 01:48:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
uncs=1; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aa3682e4c75986fdae42ee4e08aa819b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPeq5UGrDkp3TkR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUoHWkXQV7_W-wbeguAdcfDWlZhuWXEZ_ZVRbIg4M-dr-5qwB35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IxvI7Efe_vrC_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSrDt_lWvyqKBdm0Q3vdrXLmBzDkkq-eX6vOitmzZ4FnFNWqFn95kfbEtaakW6rFbDkyHUTeR6KaLxKaoc_aDS_zSZSy6Bu6hPHdL1P89qcEdh8dadXt-myzxDV0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WVrKBTo-8i2pjEPgx2B4imN3DrhCFDvoydNPpFygAeR8yGpEbZM4OyRJLSSL3rWKUmH4KwhSgt3hHzUZigp8m1jkXzBzSb0B1rfUHaslENKEhFiEVGSr3fv548nGCitqGVoE5JKC9IGenploCCn-da4p6AzRW4tF1BGa7fhEmMsv4hLvqUXLuiN8UNnoUPnnKKb-gTcnz6nEhe5CiyU9Ha1BoFKUOwi85xNRGlfvuTCMPiio-8BFT5Y527QOYt92x0m8z_o3DY5m5SDbW31jEfblaF9jHYPvtvefLuAwWjdrzLu1zf8c9fWSx-VHVHNNIB9JvTN8d4OS0P3sw8ZitRb5fOavxbOpWqf4LYBU2NHenaywqHxflsifBhUGEI5QbruIvkyXscQbolovJJ8_KOXkoNm89bDOTJ4zpyuS68liSrPCtLGfokV3dnEKMS1GMfnwDDGWocpkgj1xurmcnyrvnh9zRfgYZuQNsSaGrBha2md7QVbvCPjj4khOwVNA5_G_accVA78c_K2Oj0N5j4MDM4peJ-9cZId_exmkeV8MoB8YLUX5DTv3_bup58Sz3l15OjHghKThImTLFRzOeVPorP0fbaJGWDxmpKkeGaP06_TmA-GGgPpzy8zwqT4gY-YefKUQLrZ6fHTNimywbXOq_QuDMMhEas-u1z4MfnFhT_GQxs8DWULAsCko6o7Fwv0CEQ
88.208.59.102200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPeq5UGrDkp3TkR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUoHWkXQV7_W-wbeguAdcfDWlZhuWXEZ_ZVRbIg4M-dr-5qwB35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IxvI7Efe_vrC_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSrDt_lWvyqKBdm0Q3vdrXLmBzDkkq-eX6vOitmzZ4FnFNWqFn95kfbEtaakW6rFbDkyHUTeR6KaLxKaoc_aDS_zSZSy6Bu6hPHdL1P89qcEdh8dadXt-myzxDV0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WVrKBTo-8i2pjEPgx2B4imN3DrhCFDvoydNPpFygAeR8yGpEbZM4OyRJLSSL3rWKUmH4KwhSgt3hHzUZigp8m1jkXzBzSb0B1rfUHaslENKEhFiEVGSr3fv548nGCitqGVoE5JKC9IGenploCCn-da4p6AzRW4tF1BGa7fhEmMsv4hLvqUXLuiN8UNnoUPnnKKb-gTcnz6nEhe5CiyU9Ha1BoFKUOwi85xNRGlfvuTCMPiio-8BFT5Y527QOYt92x0m8z_o3DY5m5SDbW31jEfblaF9jHYPvtvefLuAwWjdrzLu1zf8c9fWSx-VHVHNNIB9JvTN8d4OS0P3sw8ZitRb5fOavxbOpWqf4LYBU2NHenaywqHxflsifBhUGEI5QbruIvkyXscQbolovJJ8_KOXkoNm89bDOTJ4zpyuS68liSrPCtLGfokV3dnEKMS1GMfnwDDGWocpkgj1xurmcnyrvnh9zRfgYZuQNsSaGrBha2md7QVbvCPjj4khOwVNA5_G_accVA78c_K2Oj0N5j4MDM4peJ-9cZId_exmkeV8MoB8YLUX5DTv3_bup58Sz3l15OjHghKThImTLFRzOeVPorP0fbaJGWDxmpKkeGaP06_TmA-GGgPpzy8zwqT4gY-YefKUQLrZ6fHTNimywbXOq_QuDMMhEas-u1z4MfnFhT_GQxs8DWULAsCko6o7Fwv0CEQ
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeq5UGrDkp3TkR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUoHWkXQV7_W-wbeguAdcfDWlZhuWXEZ_ZVRbIg4M-dr-5qwB35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IxvI7Efe_vrC_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSrDt_lWvyqKBdm0Q3vdrXLmBzDkkq-eX6vOitmzZ4FnFNWqFn95kfbEtaakW6rFbDkyHUTeR6KaLxKaoc_aDS_zSZSy6Bu6hPHdL1P89qcEdh8dadXt-myzxDV0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WVrKBTo-8i2pjEPgx2B4imN3DrhCFDvoydNPpFygAeR8yGpEbZM4OyRJLSSL3rWKUmH4KwhSgt3hHzUZigp8m1jkXzBzSb0B1rfUHaslENKEhFiEVGSr3fv548nGCitqGVoE5JKC9IGenploCCn-da4p6AzRW4tF1BGa7fhEmMsv4hLvqUXLuiN8UNnoUPnnKKb-gTcnz6nEhe5CiyU9Ha1BoFKUOwi85xNRGlfvuTCMPiio-8BFT5Y527QOYt92x0m8z_o3DY5m5SDbW31jEfblaF9jHYPvtvefLuAwWjdrzLu1zf8c9fWSx-VHVHNNIB9JvTN8d4OS0P3sw8ZitRb5fOavxbOpWqf4LYBU2NHenaywqHxflsifBhUGEI5QbruIvkyXscQbolovJJ8_KOXkoNm89bDOTJ4zpyuS68liSrPCtLGfokV3dnEKMS1GMfnwDDGWocpkgj1xurmcnyrvnh9zRfgYZuQNsSaGrBha2md7QVbvCPjj4khOwVNA5_G_accVA78c_K2Oj0N5j4MDM4peJ-9cZId_exmkeV8MoB8YLUX5DTv3_bup58Sz3l15OjHghKThImTLFRzOeVPorP0fbaJGWDxmpKkeGaP06_TmA-GGgPpzy8zwqT4gY-YefKUQLrZ6fHTNimywbXOq_QuDMMhEas-u1z4MfnFhT_GQxs8DWULAsCko6o7Fwv0CEQ HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:11 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 4.5 kB IP 104.18.32.68:0
Hash e7caab755f7cef7afb11d2982ac6dda1
3fe907e5751d864d0a7ca8f8f6b4f6b14bc6ecb8
c76b76423bf957ce481faf10481750b682f1f2b75e1c0708af3cad42c389c476
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 03:56:18 GMT
Expires: Wed, 28 Sep 2022 03:56:17 GMT
Etag: "17d447e5e984a5c6e103eac541ad4138161e2213"
Cache-Control: max-age=367085,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f67ba82ea20b65-OSL
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=479024099&categories={{ad_tags}}
136.243.43.25200 OK 5.3 kB URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=479024099&categories={{ad_tags}}
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3724)
Hash d0f81345564e878abde03f9394ef75fa
86c713bec847e7fdb11804123af775081a7f2bdd
0c21f8ed5ea623a87e5f8161d0336312a118fb8aa2c95df505e7b8c1b2f33b07
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=479024099&categories={{ad_tags}} HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: cdec743915ae4258
set-cookie: ts_uid=f6a3970a-e558-4c6a-b88b-ac7d00381571; expires=Thu, 23 Mar 2023 21:48:10 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOG7gyBHjRhcWIsYU3BLjoYgyE2PYsEEDRg0bMHLA6NJH; expires=Sat, 24 Sep 2022 21:48:10 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=150f52af-e05c-47ff-9135-0b7b2fe824de; bfq=APeIECNCxxYZN3LIkEFDRhcWIsYU3BLjoYgyE2PYsEEDRg0bMHLA6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Fri, 23 Sep 2022 21:48:11 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 17235428
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPeq5UerDlZHTkR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUoHWkXQV7_W-wbeguAdcfDWlZhuWXEZ_ZVRbIg4M-dr-5qwB35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IxvI7Efe_vrC_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSrDt_lWvyqKBdm0Q3vdrXLmBzDkkq-eX6vOitmzZ4FnFNWqFn95kfbEtaakW6rFbDkyHUTeR6KaLxKaoc_aDS_zSZSy6Bu6hPHdL1P89qcEdh8dadXt-myzxDV0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WVrKBTo-8i2pjEPgx2B4imN3DrhCFDvoydNPpFygAeR8yGpEbZM4OyRJLSSL3rWKUmH4KwhSgt3hHzUZigp8m1jkXzBzSb0B1rfUHaslENKEhFiEVGSr3fv548nGCitqGVoE5JKC9IGenploCCn-da4p6AzRW4tF1BGa7fhEmMsv4hLvqUXLuiN8UNnoUPnnKKb-gTcnz6nEhe5CiyU9Ha1BoFKUOwi85xNRGlfvuTCMPiio-8BFT5Y527QOYt92x0m8z_o3DY5m5SDbW31jEfblaF9jHYPvtvefLuAwWjdrzDmzJzIf4cBrbuCELWlT7bMEOTasInMrZzOear5ZaNeNiX28FXwcB-56crZ9iHT6VmMiNGcSolB_KiNNkpZ2HkXrGJSB9tM0Oh64Ojr-oDV__RarMOGP3C_FOASf4heGLTzSG8De5xaEKqhwTkdoVk8qf7cF-3cDmyL9BVXwh7abBPcknNhGj2-pSh3okw-QUIL1NKBVLgvrkfvvSrvVqAgeqvugKHuJxJM54uIyrW4SK9vK2jtxQv3dsE3bAEleR8fiP5WdShW_3Yw0wdHekIAkvYnzjYG2vuEHMR1BmG_yopmxLUOgC7yUTqo8Mb_I6XGoGVDBx7RkkDvdsWn-ruhvgzJ2OJi-EGjmjqgjYdZRof_8G-IjXVKUOeLSAOTDKktCk10Lrr9Q9UkV7A7MmZoc
88.208.59.102200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPeq5UerDlZHTkR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUoHWkXQV7_W-wbeguAdcfDWlZhuWXEZ_ZVRbIg4M-dr-5qwB35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IxvI7Efe_vrC_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSrDt_lWvyqKBdm0Q3vdrXLmBzDkkq-eX6vOitmzZ4FnFNWqFn95kfbEtaakW6rFbDkyHUTeR6KaLxKaoc_aDS_zSZSy6Bu6hPHdL1P89qcEdh8dadXt-myzxDV0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WVrKBTo-8i2pjEPgx2B4imN3DrhCFDvoydNPpFygAeR8yGpEbZM4OyRJLSSL3rWKUmH4KwhSgt3hHzUZigp8m1jkXzBzSb0B1rfUHaslENKEhFiEVGSr3fv548nGCitqGVoE5JKC9IGenploCCn-da4p6AzRW4tF1BGa7fhEmMsv4hLvqUXLuiN8UNnoUPnnKKb-gTcnz6nEhe5CiyU9Ha1BoFKUOwi85xNRGlfvuTCMPiio-8BFT5Y527QOYt92x0m8z_o3DY5m5SDbW31jEfblaF9jHYPvtvefLuAwWjdrzDmzJzIf4cBrbuCELWlT7bMEOTasInMrZzOear5ZaNeNiX28FXwcB-56crZ9iHT6VmMiNGcSolB_KiNNkpZ2HkXrGJSB9tM0Oh64Ojr-oDV__RarMOGP3C_FOASf4heGLTzSG8De5xaEKqhwTkdoVk8qf7cF-3cDmyL9BVXwh7abBPcknNhGj2-pSh3okw-QUIL1NKBVLgvrkfvvSrvVqAgeqvugKHuJxJM54uIyrW4SK9vK2jtxQv3dsE3bAEleR8fiP5WdShW_3Yw0wdHekIAkvYnzjYG2vuEHMR1BmG_yopmxLUOgC7yUTqo8Mb_I6XGoGVDBx7RkkDvdsWn-ruhvgzJ2OJi-EGjmjqgjYdZRof_8G-IjXVKUOeLSAOTDKktCk10Lrr9Q9UkV7A7MmZoc
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeq5UerDlZHTkR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUoHWkXQV7_W-wbeguAdcfDWlZhuWXEZ_ZVRbIg4M-dr-5qwB35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IxvI7Efe_vrC_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSrDt_lWvyqKBdm0Q3vdrXLmBzDkkq-eX6vOitmzZ4FnFNWqFn95kfbEtaakW6rFbDkyHUTeR6KaLxKaoc_aDS_zSZSy6Bu6hPHdL1P89qcEdh8dadXt-myzxDV0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WVrKBTo-8i2pjEPgx2B4imN3DrhCFDvoydNPpFygAeR8yGpEbZM4OyRJLSSL3rWKUmH4KwhSgt3hHzUZigp8m1jkXzBzSb0B1rfUHaslENKEhFiEVGSr3fv548nGCitqGVoE5JKC9IGenploCCn-da4p6AzRW4tF1BGa7fhEmMsv4hLvqUXLuiN8UNnoUPnnKKb-gTcnz6nEhe5CiyU9Ha1BoFKUOwi85xNRGlfvuTCMPiio-8BFT5Y527QOYt92x0m8z_o3DY5m5SDbW31jEfblaF9jHYPvtvefLuAwWjdrzDmzJzIf4cBrbuCELWlT7bMEOTasInMrZzOear5ZaNeNiX28FXwcB-56crZ9iHT6VmMiNGcSolB_KiNNkpZ2HkXrGJSB9tM0Oh64Ojr-oDV__RarMOGP3C_FOASf4heGLTzSG8De5xaEKqhwTkdoVk8qf7cF-3cDmyL9BVXwh7abBPcknNhGj2-pSh3okw-QUIL1NKBVLgvrkfvvSrvVqAgeqvugKHuJxJM54uIyrW4SK9vK2jtxQv3dsE3bAEleR8fiP5WdShW_3Yw0wdHekIAkvYnzjYG2vuEHMR1BmG_yopmxLUOgC7yUTqo8Mb_I6XGoGVDBx7RkkDvdsWn-ruhvgzJ2OJi-EGjmjqgjYdZRof_8G-IjXVKUOeLSAOTDKktCk10Lrr9Q9UkV7A7MmZoc HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:11 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
exerciseundergone.com/pixel/pure
192.243.59.20200 OK 0 B URL HTTP/1.1 exerciseundergone.com/pixel/pure
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /pixel/pure HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 73
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 389485
dictatepantry.com/watch.1596805218272.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=806b19f9d6df0b0b1264ebfd1068400a9ff37268c70efdd86c03b2c87a76931f6f73cfe339cd8b660f8f76b07d37d91aac8b9102cb16ef9a825a134350ecae5b515b2c2987736c4b14d162dc34a47c2951ff603e2c40493d1f4535678f507655&pst=1663969750&rmtc=t
192.243.61.225200 OK 2.4 kB URL HTTP/1.1 dictatepantry.com/watch.1596805218272.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=806b19f9d6df0b0b1264ebfd1068400a9ff37268c70efdd86c03b2c87a76931f6f73cfe339cd8b660f8f76b07d37d91aac8b9102cb16ef9a825a134350ecae5b515b2c2987736c4b14d162dc34a47c2951ff603e2c40493d1f4535678f507655&pst=1663969750&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (3066)
Hash bb202d8ccc3f4a1bfd38f89aad483ee5
47cc6450c0c17c943c700d40c48648a03f711727
f7ac6e442acb198e2fc912130f2a5ae37191bd2bd83ae9f9d32e09c6a38e2293
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1596805218272.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=806b19f9d6df0b0b1264ebfd1068400a9ff37268c70efdd86c03b2c87a76931f6f73cfe339cd8b660f8f76b07d37d91aac8b9102cb16ef9a825a134350ecae5b515b2c2987736c4b14d162dc34a47c2951ff603e2c40493d1f4535678f507655&pst=1663969750&rmtc=t HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Cookie: u_pl=16428146; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly95b3V2dS5wb3JuZm9sbGV0dC5naWdpeG8uY29tLz9peWFubmEifX0.uYWmS9P_xz3bZD80Iyb5deQmtyaZLtos14XBUd3OWvo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Origin: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Credentials: true
Set-Cookie: iprc94e52935101ea0604514b0fd0d1ba8ab=3569681; expires=Sat, 24 Sep 2022 01:48:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
uncs=1; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2e55eb32473e3e4bfd7336a8815133d1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 389485
youvu.pornfollett.gigixo.com/s3/ad_amt1_h_01/2001.jpg
51.79.221.186200 OK 27 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/s3/ad_amt1_h_01/2001.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 706x80, components 3\012- data
Hash 986e780a4fc33f03caaa76694dd08dbf
826b3a08406acea39a2dfdc7c6125098c42fff0b
540afff13fb85d072398913ce6088f37877dfceb1ce3eb6d2f32f3db903af369
GET /s3/ad_amt1_h_01/2001.jpg HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:33 GMT
Content-Type: image/jpeg
Content-Length: 27019
Connection: keep-alive
Last-Modified: Fri, 02 Apr 2021 20:39:04 GMT
ETag: "606780e8-698b"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x4al5Sf0SyaPYL8tFd25FuahrKaQMFeXkZl1BbESyTYgG3uGfV%2FUINZ6Cb9uDcX0aox6TZKb2wrPExknGEOOrAFQSDPbZ4wLOoD1VGiSj543pOx2srqgqku8XGcAgeA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74f67ba52ecd6bdc-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash dc73e9101ccb87a614785d70b0910c53
17d447e5e984a5c6e103eac541ad4138161e2213
7a599023a769663870439b5c6f0f1c144d39cf06ad997e8f54fed566f14253a4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 03:56:18 GMT
Expires: Wed, 28 Sep 2022 03:56:17 GMT
Etag: "17d447e5e984a5c6e103eac541ad4138161e2213"
Cache-Control: max-age=367085,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f67ba8c8021c16-OSL
reapinject.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
192.243.61.225200 OK 29 kB URL HTTP/1.1 reapinject.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash a44c51f436b3bd90675dcc0765df8a88
facdcd577d97c4f34d797f6cf8a871ece18f7bfd
2ee6eb3d638487d18651eeac3f3a859a80992b2a4fe8ef7f2a9ae3398af47403
Analyzer Verdict Alert quad9 Sinkholed
GET /01/b6/49/01b64935b8061c1f61d213a27ce2d729.js HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 45181604a61f4d8fa3ce6b203c1c48df
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
reapinject.com/watch.656640884948.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 reapinject.com/watch.656640884948.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.656640884948.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid= HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Origin: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Credentials: true
Location: https://reapinject.com/watch.656640884948.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=&shu=2166c0d871bb6877897ab245add4efdffd739cde01a2a6ae52ba429222e6810b2649797eca56e4d0e4235d486c0f1f39bc38a90b1fc81bfd6715c908fdc1cd64cea4d77a66bc0f68f2d69f611b955d93e7192dae&pst=1663969751&rmtc=t
Set-Cookie: u_pl=16428146; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly95b3V2dS5wb3JuZm9sbGV0dC5naWdpeG8uY29tLz9peWFubmEifX0.uYWmS9P_xz3bZD80Iyb5deQmtyaZLtos14XBUd3OWvo; expires=Fri, 23 Sep 2022 21:49:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 34e0703d593325f7ba4c0f1c9f712f3f
Strict-Transport-Security: max-age=0; includeSubdomains
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.43.25200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4132)
Hash 236737a04f98d168dbc3873698bc6c99
681781a52531158cfba90d1b6ef291b8b31681d0
fc680f02e7597959e6c0f57c4277151c2cca831155304d8de2b53662568f7a7b
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: ad72ae4d60da9a81
Set-Cookie: ts_uid=6f9b67ce-f608-44b0-8bcb-6b499b88e32b; expires=Thu, 23 Mar 2023 21:48:11 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YYNmzAsHGDRhcWIsYUPPhQRJmJCG3QgFFDYY4YXfoo; expires=Sat, 24 Sep 2022 21:48:11 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPeqJUerDlZHTkR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUoHWkXQV7_W-wbeguAdcfDWlZhuWXEZ_ZVRbIg4M-dr-5qwB35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IxvI7Efe_vrC_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSrDt_lWvyqKBdm0Q3vdrXLmBzDkkq-eX6vOitmzZ4FnFNWqFn95kfbEtaakW6rFbDkyHUTeR6KaLxKaoc_aDS_zSZSy6Bu6hPHdL1P89qcEdh8dadXt-myzxDV0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WVrKBTo-8i2pjEPgx2B4imN3DrhCFDvoydNPpFygAeR8yGpEbZM4OyRJLSSL3rWKUmH4KwhSgt3hHzUZigp8m1jkXzBzSb0B1rfUHaslENKEhFiEVGSr3fv548nGCitqGVoE5JKC9IGenploCCn-da4p6AzRW4tF1BGa7fhEmMsv4hLvqUXLuiN8UNnoUPnnKKb-gTcnz6nEhe5CiyU9Ha1BoFKUOwi85xNRGlfvuTCMPiio-8BFT5Y527QOYt92x0m8z_o3DY5m5SDbW31jEfblaF9jHYPvtvefLuAwWjdrzOei-6THbfDhD0AWhd8BFA0yFjLZycu12p0X4Hfdf62u8qLwnnr9zmRIZL2XNWlkg75aUo6RduXzfP_9-Q6mOQ8tYdOSNMs9_HSxuUu86J15A8KefIAswvtgI4sKxOtoJOf8PsPe5xaEKqhwTkdoVk8qf7cF-3cDmyL9BVXwh7abBPcknNhGj2-pSh3okw-QUIL1NKBVLgvrkfvvSrvVqAgeqvugF3uJxJM54uIyrW4SK9vK2jtxQv0dsE3bAEleR8fiP5WdShW_3Yw0wdHekIAkvYnzjYG2vuEHMR1BmG_yopmxLUOgC7yUTqo8Mb_I6XGoG1DBx7RkkDvdsWn-ruhvgzJ2OJiuEGjmjqgjYdZRof_8G-IjomecTvTdH_UmuqPGQZoi9K7Bk27SzIYsAPFZ
88.208.59.102200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPeqJUerDlZHTkR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUoHWkXQV7_W-wbeguAdcfDWlZhuWXEZ_ZVRbIg4M-dr-5qwB35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IxvI7Efe_vrC_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSrDt_lWvyqKBdm0Q3vdrXLmBzDkkq-eX6vOitmzZ4FnFNWqFn95kfbEtaakW6rFbDkyHUTeR6KaLxKaoc_aDS_zSZSy6Bu6hPHdL1P89qcEdh8dadXt-myzxDV0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WVrKBTo-8i2pjEPgx2B4imN3DrhCFDvoydNPpFygAeR8yGpEbZM4OyRJLSSL3rWKUmH4KwhSgt3hHzUZigp8m1jkXzBzSb0B1rfUHaslENKEhFiEVGSr3fv548nGCitqGVoE5JKC9IGenploCCn-da4p6AzRW4tF1BGa7fhEmMsv4hLvqUXLuiN8UNnoUPnnKKb-gTcnz6nEhe5CiyU9Ha1BoFKUOwi85xNRGlfvuTCMPiio-8BFT5Y527QOYt92x0m8z_o3DY5m5SDbW31jEfblaF9jHYPvtvefLuAwWjdrzOei-6THbfDhD0AWhd8BFA0yFjLZycu12p0X4Hfdf62u8qLwnnr9zmRIZL2XNWlkg75aUo6RduXzfP_9-Q6mOQ8tYdOSNMs9_HSxuUu86J15A8KefIAswvtgI4sKxOtoJOf8PsPe5xaEKqhwTkdoVk8qf7cF-3cDmyL9BVXwh7abBPcknNhGj2-pSh3okw-QUIL1NKBVLgvrkfvvSrvVqAgeqvugF3uJxJM54uIyrW4SK9vK2jtxQv0dsE3bAEleR8fiP5WdShW_3Yw0wdHekIAkvYnzjYG2vuEHMR1BmG_yopmxLUOgC7yUTqo8Mb_I6XGoG1DBx7RkkDvdsWn-ruhvgzJ2OJiuEGjmjqgjYdZRof_8G-IjomecTvTdH_UmuqPGQZoi9K7Bk27SzIYsAPFZ
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeqJUerDlZHTkR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUoHWkXQV7_W-wbeguAdcfDWlZhuWXEZ_ZVRbIg4M-dr-5qwB35jkOjP82xs1r2ipmDlHVdUieJitaFkeyUrbNamaL334n2ywtnGmbVir6N2x_kToOMKvKmDgmb8IxvI7Efe_vrC_Zc9B3laDcz5uHcl-xEU-1xoSfKIe_qSrDt_lWvyqKBdm0Q3vdrXLmBzDkkq-eX6vOitmzZ4FnFNWqFn95kfbEtaakW6rFbDkyHUTeR6KaLxKaoc_aDS_zSZSy6Bu6hPHdL1P89qcEdh8dadXt-myzxDV0WOCp8uQ51uA4gZVMujCEEtApZNxHnHMcp8qZHdRlZdTrXPancYj6BzK0m46WVrKBTo-8i2pjEPgx2B4imN3DrhCFDvoydNPpFygAeR8yGpEbZM4OyRJLSSL3rWKUmH4KwhSgt3hHzUZigp8m1jkXzBzSb0B1rfUHaslENKEhFiEVGSr3fv548nGCitqGVoE5JKC9IGenploCCn-da4p6AzRW4tF1BGa7fhEmMsv4hLvqUXLuiN8UNnoUPnnKKb-gTcnz6nEhe5CiyU9Ha1BoFKUOwi85xNRGlfvuTCMPiio-8BFT5Y527QOYt92x0m8z_o3DY5m5SDbW31jEfblaF9jHYPvtvefLuAwWjdrzOei-6THbfDhD0AWhd8BFA0yFjLZycu12p0X4Hfdf62u8qLwnnr9zmRIZL2XNWlkg75aUo6RduXzfP_9-Q6mOQ8tYdOSNMs9_HSxuUu86J15A8KefIAswvtgI4sKxOtoJOf8PsPe5xaEKqhwTkdoVk8qf7cF-3cDmyL9BVXwh7abBPcknNhGj2-pSh3okw-QUIL1NKBVLgvrkfvvSrvVqAgeqvugF3uJxJM54uIyrW4SK9vK2jtxQv0dsE3bAEleR8fiP5WdShW_3Yw0wdHekIAkvYnzjYG2vuEHMR1BmG_yopmxLUOgC7yUTqo8Mb_I6XGoG1DBx7RkkDvdsWn-ruhvgzJ2OJiuEGjmjqgjYdZRof_8G-IjomecTvTdH_UmuqPGQZoi9K7Bk27SzIYsAPFZ HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:11 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26976), with no line terminators
Hash 5322b40a05a1157d7e8c6ca8a5ed3562
e3be110f66742bf40a8f887b62b44304d1ab146a
f8c25736e74eb53cace816016d53493e60d72c153c3e88f53a024aa026acd671
GET /3cb5727a16a2f566d5a822edf1d58427/invoke.js HTTP/1.1
Host: www.effectivedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5dce06149f78f18f15e5be4a5e39bafc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1424), with no line terminators
Hash 9e84c42a181f42130a2ad653296f13d0
ab7b24b34d3c6f32d3b91626cc18fa088e5721db
12e242d27b6831c715bebb61fbd5fb723ec07187a1151c1a1462d50e4c0dbffa
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1424
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.43.25200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4104)
Hash f0e9769d18854aa277d227dbe951f395
b589591300419303c40b0133e03bde141adf9afb
e0ad46f604b1d314e612293ff8079eaae27614b30157a34b139e616d15f4a779
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: a0d332c27c7bd4f9
Set-Cookie: ts_uid=191b06a5-1d22-44a0-b621-5870b117fd3c; expires=Thu, 23 Mar 2023 21:48:11 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YYNmzAsHGDRhcWIsYUPPhQRJmJCG3QgFFDYY4YXfoo; expires=Sat, 24 Sep 2022 21:48:11 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1373), with no line terminators
Hash ca00bf45cbb25bba8520109dbbc89374
2b114ca25f0c302584e4fc0a1fac6d10edfaf97b
9b4577788d9f6c41a6d80e84e2bacac5c861317c6fe36a51f434215b220d0b8f
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1373
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 739 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (739), with no line terminators
Hash b682dc9fbd9668d79ce51a3fb5c538a8
bd41ec7f0ad247a6e791fa2af546b2e2427ab40c
6ccf9d5f6d13f01ceb1d52b2d5d9afc76148611f73a72d1c9932247b01cf9a0c
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 739
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.43.25200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 1be8c4b2a56527b8
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 11dfcc23b1eb652050fe35f984d4f064
b40207454c68f397120ae6827c0bd7337cb7e779
48e78f217e7d5224b5b1844a9399a218d909aae273b192bdd2ae1fe731b6acc3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4553
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 21:48:11 GMT
Last-Modified: Fri, 23 Sep 2022 20:32:18 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 314
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.43.25200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: d591deab55552c86
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36200 OK 5.6 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type ASCII text, with very long lines (2401)
Hash b60b76b902a6f0da66d1867a8b89d912
7189d79bb12922696f148097c9a2acfee52ed3ae
348d800280e7f3d50a8f98a850e32703f114c4a0687cc7d84faff2de9d44787a
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:11 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 389485
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 781 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (781), with no line terminators
Hash 3b552b22640ba40881ba6fbd188a6f40
7df736cdf994f18bd8f5e91de24fd4dae16fad2f
8b60419fcd20743c305e7095c5e5ff909b5bc5c493094df67ceba65f98c39043
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 781
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
217.22.19.194200 OK 799 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (799), with no line terminators
Hash e2291d8d0930a254f9ad066fd8d013ac
3a54ffe03e273e13fa834682989b5b626a602469
530805818ad000cb7769c58367a0661a5a5ce989b8bf4303ed86501e94a23581
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 799
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 389485
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1417), with no line terminators
Hash 48b8e4a6a1892441e9062d8bb0145a85
7a68788b939d918690d3f9ccf15fb7fdd9e127e5
511053e6228a6a74c08937316a86f08061772628535a24c83f3d5e3c31923fc0
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1417
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A09%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
88.208.59.102200 OK 2.1 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A09%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (3860), with no line terminators
Hash db60c048358e22e265ff846bda50a235
743c31bbbd81ac6ca1061d88483493e998d504e3
85ed6d1d8cdd726401da5ebf4c713a2563f68855e912338af6e0361e8892ee24
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A09%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 23 Sep 2022 21:48:10 UTC
expires: Fri, 23 Sep 2022 21:48:10 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235428
youvu.pornfollett.gigixo.com/s3/ad_vc_gam2/banner-18012.gif
51.79.221.186200 OK 2.3 kB URL HTTP/1.1 youvu.pornfollett.gigixo.com/s3/ad_vc_gam2/banner-18012.gif
IP 51.79.221.186:0
File type gzip compressed data, from Unix\012- data
Hash 9cd537f94b850fbd2275ce4863a56e6a
f118c5e0d4d174618a0edf4e582feeb27b8f8e97
dff3b138a634a4212e99dfd832df6ffe8e4837ec9bdd749b44d6470fcc2edb90
GET /s3/ad_vc_gam2/banner-18012.gif HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:31 GMT
Content-Type: image/gif
Content-Length: 131951
Connection: keep-alive
Last-Modified: Wed, 05 May 2021 20:07:40 GMT
ETag: "6092fb0c-2036f"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rPejvfUIBGei4%2B73%2BjZcjMbw8h6ZW2%2FX1vzY2dVziWpHk%2BNfeN%2FL07VCD4zqymqSfvquTajmQQLKm6fD3M9R1hOA0Sa8F%2FXSXvl6qJPUxunv9XADCEwvnwPEGEgj61E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74f5620ddcf14cd7-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: REVALIDATED
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235428
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.43.25200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4132)
Hash 7b8ae059cce2a4df8c8a8c7b7068a819
2dbe879e3ddb1f8920ecae6382163435ef303db8
315979a176a1a7134a611415410d97de6a5f5c1e703489c44716798830aba591
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 224ad814b3ccb265
Set-Cookie: ts_uid=d5b48780-b199-4710-aae3-1a2b4a36fb0e; expires=Thu, 23 Mar 2023 21:48:11 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YYNmzAsHGDRhcWIsYUPPhQRJmJCG3QgFFDYY4YXfoo; expires=Sat, 24 Sep 2022 21:48:11 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.43.25200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4160)
Hash 8137af16d87bff193901aa45d1b6da63
c561f46aeb8d54553ab1b305e8246a34db91f527
e2405371a3e59b75b961cf7e8a0236c5092a76ef577f0d9372dad1b983ee9280
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 73f801819ec63265
Set-Cookie: ts_uid=1c2526a9-3345-4bb0-9fed-85fab620e2a8; expires=Thu, 23 Mar 2023 21:48:11 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YYNmzAsHGDRhcWIsYUPPhQRJmJCG3QgFFDYY4YXfoo; expires=Sat, 24 Sep 2022 21:48:11 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235428
static.eabids.com/data/bannerpools/94553/23689.jpg
217.22.19.195200 OK 13 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/23689.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash d14fa3ad9eae4e329f56fe37ba762576
8c88f464e110872b5f907da78d2727e116eeaeba
a28ed81dc3aa9fc418d1ffdab80224cc0c00672cabf264e0e4262f4b2103dca4
GET /data/bannerpools/94553/23689.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: image/jpeg
Content-Length: 12801
Last-Modified: Thu, 28 Apr 2022 14:45:48 GMT
Connection: keep-alive
ETag: "626aa89c-3201"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 781 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (781), with no line terminators
Hash 3b552b22640ba40881ba6fbd188a6f40
7df736cdf994f18bd8f5e91de24fd4dae16fad2f
8b60419fcd20743c305e7095c5e5ff909b5bc5c493094df67ceba65f98c39043
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 781
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
reapinject.com/watch.1419362164753.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 reapinject.com/watch.1419362164753.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1419362164753.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Origin: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Credentials: true
Location: https://reapinject.com/watch.1419362164753.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1&shu=45230ba430f83ea7e063fbd33ab903543e30c2f2a49f05542313d6ba05002863bb00d0b00a039abf6848afda8cebeb392b0de2e270f9394deb3f21887b8f68b3daa95528bb02dd221bd750cd27ef4b90030d1526&pst=1663969751&rmtc=t
Set-Cookie: u_pl=16428146; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly95b3V2dS5wb3JuZm9sbGV0dC5naWdpeG8uY29tLz9peWFubmEifX0.uYWmS9P_xz3bZD80Iyb5deQmtyaZLtos14XBUd3OWvo; expires=Fri, 23 Sep 2022 21:49:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 84e7a9335334d4e75d36c2e30ae8b17b
Strict-Transport-Security: max-age=0; includeSubdomains
static.eabids.com/data/bannerpools/119449/58892.jpg
217.22.19.195200 OK 22 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/119449/58892.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash a7b2814d3f9bb04783d6c6c84fc26e2b
4292057d0cfbaf1952d70d559a0c1fa1175bb6fe
8ea9d5e7234538eade1b019450007f287b9d38ca58ba68b82ecfd833dba53265
GET /data/bannerpools/119449/58892.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: image/jpeg
Content-Length: 21513
Last-Modified: Thu, 28 Apr 2022 14:31:40 GMT
Connection: keep-alive
ETag: "626aa54c-5409"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1
104.18.100.40301 Moved Permanently 0 B URL HTTP/1.1 chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1
IP 104.18.100.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: https://chaturbate.com:443/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=8YBzaisASW65xUi4PS1LgGzKvdK1TE7KV0X9vdw3hrA-1663969691-0-AV+2ggXGbAGbOyTZGs1xNK52AS/NBB8+ZN494jtpxf4Vz+flYS9GTLO8Ny0qfFyAnoU1/Rx+E3VCdt3+j9rpOr8=; path=/; expires=Fri, 23-Sep-22 22:18:11 GMT; domain=.chaturbate.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IJTgrj%2FtTZqfZV6WmVpjEjQfA4swkMRBezxw%2FtZh11mE2TgRnSMzHxTcI5WlOgvaowQHps3FPkqHZp3Xg5vhdBuNMJshwairahHvGeC8Y%2Ba%2BzlMIF2U3IaD0R5klSkHL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74f67bac1cbc1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
go.eabids.com/banner.go?spaceid=2194679&keywords=&maincat=
217.22.19.194200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=2194679&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1377), with no line terminators
Hash 659196df85d7c1f87e182a402242eb1f
da0c1e05cce28e4fa734a00a8cbe2f389c8555af
fd6ad05e84f3a261ce455acf49b6d2f2ea03e495a9dc186f450f4243c64747e5
GET /banner.go?spaceid=2194679&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1377
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
go.eabids.com/banner.go?spaceid=5205778&keywords=&maincat=
217.22.19.194200 OK 1.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5205778&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1508), with no line terminators
Hash e3b27a83f583e7e1d63749f7a97a1187
23a7a0fd13b8580d3598116617376ea97d0a534e
f90cd54e4830eb2dad513cb7dc482062ec0f2603f979671b9a3ef0a1095d722c
GET /banner.go?spaceid=5205778&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1508
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Fri, 23 09 2022 21:48:11 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.43.25200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4196)
Hash 3275ed97dd7339387054ed311076fead
aa1b746e7f13a14dadbc96646d72fc7aafa1463d
c92a1289ae2982abfc2de693bb564148ce5d0336564dcedad63e78cf07772725
GET /iframes2/663422ed4341433597d6546506d00321.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 15999dac0ca901d3
Set-Cookie: ts_uid=ba69ae00-5a92-494b-93dc-985f72a542b3; expires=Thu, 23 Mar 2023 21:48:11 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.43.25200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Sexy,porn,tube,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,impregnated,the,womrn,poses,cell,cox,natasia,brunette,great,hour,fre,tied,look,vintage,high,short,beverley,fakes,machines,jenna,jeans,lingerie,fenny,fucked,lesbian,arab,redtube,bukkakr,baby,mother,popping,beek,hair,pics,your,couples,this,donna,christie,skinned,strapon,luanne,anal,fuck,iamdd,aly,chick,tabitha,chasing,leaves,porn,sickest,champagne,sex,ipod,teenage,brother,martina,football,cute,schoolgirl,group,long,feasts,ross,engine,viedos,downloads,streamen,sluts,swimming,dangers,japanese,online,hippie,show,friend,cock,perfect,annette,homemade,blowjob,amy,sexually,ian,asian,christina,elybabea,rap,binx,719,nasty,party,lena,letting,gold,stoner,charcter,summer,search,i&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 70cb49533bd90c48
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
28980.weednewspro.com/v2/a/na/js/203282?container=c
88.208.59.102200 OK 32 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/js/203282?container=c
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 982af902736f993c8fec5abbed9acc83
466805b01755a81ff2cdd9417ea2d78e99997834
e556434391d9c2b06a0a2a3ca9b6df1a1950823a34d534b03da248a69f23f3cc
GET /v2/a/na/js/203282?container=c HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=AduTZorHRiXKktisuDIwUny0B8k9PgYucWIfOJGGR4rfTFU6ubrxVCDb2zs3Xiwxgb7IZ4-GSHk-nGIONkV8e52aqhFbKjyC6mf3wBM_gUIDRUi&p1=3844273
104.18.42.40301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=AduTZorHRiXKktisuDIwUny0B8k9PgYucWIfOJGGR4rfTFU6ubrxVCDb2zs3Xiwxgb7IZ4-GSHk-nGIONkV8e52aqhFbKjyC6mf3wBM_gUIDRUi&p1=3844273
IP 104.18.42.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=AduTZorHRiXKktisuDIwUny0B8k9PgYucWIfOJGGR4rfTFU6ubrxVCDb2zs3Xiwxgb7IZ4-GSHk-nGIONkV8e52aqhFbKjyC6mf3wBM_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 21:48:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Sep 2022 22:48:11 GMT
Location: https://go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=AduTZorHRiXKktisuDIwUny0B8k9PgYucWIfOJGGR4rfTFU6ubrxVCDb2zs3Xiwxgb7IZ4-GSHk-nGIONkV8e52aqhFbKjyC6mf3wBM_gUIDRUi&p1=3844273
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67bacce06b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 1892435
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 1892435
varietiesplea.com/pixel/pure
173.233.137.52204 No Content 0 B URL HTTP/1.1 varietiesplea.com/pixel/pure
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: varietiesplea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://youvu.pornfollett.gigixo.com/
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Fri, 23 Sep 2022 21:48:11 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
varietiesplea.com/pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136
173.233.137.52200 OK 0 B URL HTTP/1.1 varietiesplea.com/pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: varietiesplea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 5.0 kB URL HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:0
File type ASCII text, with very long lines (5027), with no line terminators
Hash 5e5817bcf4c82c7c85d1d88636d221ce
b5c32cc6c931c33c1297884016e13d3b9a5bf261
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:11 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10398832
X-HW: 1663969691.dop232.sk1.t,1663969691.cds002.sk1.shn,1663969691.cds002.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:11 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10677530
X-HW: 1663969691.dop022.sk1.t,1663969691.cds257.sk1.shn,1663969691.cds257.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/58/612/814876/1038914/1038914_logo.png
205.185.208.20200 OK 3.3 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/58/612/814876/1038914/1038914_logo.png
IP 205.185.208.20:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 6d0e285d54109f995d68403b89f84cfc
b6c5a2b07f4c5772121fc94ba87ac93716fd760c
b42a7e54025ccd8aeda380a13558be674b901779db5c91f5edcb6539f4ad5ff7
GET /a7/creatives/58/612/814876/1038914/1038914_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:11 GMT
Connection: Keep-Alive
ETag: "1659360820"
Content-Length: 3343
Content-Type: image/png
Last-Modified: Mon, 01 Aug 2022 13:33:40 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10639271
X-HW: 1663969691.dop209.sk1.t,1663969691.cds003.sk1.shn,1663969691.dop209.sk1.t,1663969691.cds235.sk1.c
Access-Control-Allow-Origin: *
poweredby.jads.co/adshow.php?adzone=940998
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=940998
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (426), with CRLF, LF line terminators
Hash f74aac14c7baa1989d87f36b676834ab
08618155d5a61fd8cfcce4cd7135cdd370a936b8
cf6c95c111f9a08550f74cbebe952d1457a0ad7100e1d186ce894a5c43097ea9
GET /adshow.php?adzone=940998 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=48fd6ade8ee34baee27c1df0a4ed85d9; expires=Sat, 23-Sep-2023 21:48:11 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sat, 24-Sep-2022 21:48:11 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY3NTc7aToxNjY0MjI4ODkxO30%3D; expires=Mon, 26-Sep-2022 21:48:11 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:11 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
static.eabids.com/data/bannerpools/112022/33790.gif
217.22.19.195200 OK 141 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/33790.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 141 kB (140829 bytes)
Hash b7e10ba510dede95c45e642ab5a77835
fcd220281c2230755a638ac7a5663d5adadc6e4c
87165b6bdd4bdceec456777327e0f9067845c4523acd6a1b56ffaf77e4c318cd
GET /data/bannerpools/112022/33790.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: image/gif
Content-Length: 140829
Last-Modified: Thu, 28 Apr 2022 14:46:23 GMT
Connection: keep-alive
ETag: "626aa8bf-2261d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
varietiesplea.com/pixel/pure
173.233.137.52200 OK 0 B URL HTTP/1.1 varietiesplea.com/pixel/pure
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: varietiesplea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 73
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe893f6f543ab9592fe3da0f5b5fd8fb
63ce71e386c97f4232c4747fa0a117aed69ee7b5
ea3e873ac2d50498a0eab0afe81541a6a1c8ee9ed03925be5ff26565478ff80e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA3E873AC2D50498A0EAB0AFE81541A6A1C8EE9ED03925BE5FF26565478FF80E"
Last-Modified: Wed, 21 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12924
Expires: Sat, 24 Sep 2022 01:23:35 GMT
Date: Fri, 23 Sep 2022 21:48:11 GMT
Connection: keep-alive
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235428
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235428
bngpt.com/promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192301 Moved Permanently 0 B URL HTTP/1.1 bngpt.com/promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://bngpt.com/promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192301 Moved Permanently 0 B URL HTTP/1.1 bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
reapinject.com/watch.1419362164753.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1&shu=45230ba430f83ea7e063fbd33ab903543e30c2f2a49f05542313d6ba05002863bb00d0b00a039abf6848afda8cebeb392b0de2e270f9394deb3f21887b8f68b3daa95528bb02dd221bd750cd27ef4b90030d1526&pst=1663969751&rmtc=t
192.243.61.225200 OK 2.3 kB URL HTTP/1.1 reapinject.com/watch.1419362164753.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1&shu=45230ba430f83ea7e063fbd33ab903543e30c2f2a49f05542313d6ba05002863bb00d0b00a039abf6848afda8cebeb392b0de2e270f9394deb3f21887b8f68b3daa95528bb02dd221bd750cd27ef4b90030d1526&pst=1663969751&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2878)
Hash a9074398d67619d6c4fd65c77e49de5e
3e067fa521a9b4ce4b7bd094e11f033339d8a482
8db4406e809577aa30b64172cc56eb7b178e7159a4e98010b4d0540c26586584
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1419362164753.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1&shu=45230ba430f83ea7e063fbd33ab903543e30c2f2a49f05542313d6ba05002863bb00d0b00a039abf6848afda8cebeb392b0de2e270f9394deb3f21887b8f68b3daa95528bb02dd221bd750cd27ef4b90030d1526&pst=1663969751&rmtc=t HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Cookie: u_pl=16428146; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly95b3V2dS5wb3JuZm9sbGV0dC5naWdpeG8uY29tLz9peWFubmEifX0.uYWmS9P_xz3bZD80Iyb5deQmtyaZLtos14XBUd3OWvo; iprc94e52935101ea0604514b0fd0d1ba8ab=3569681; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Origin: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=387798b0-f6e3-44e8-917e-1b5b9b8bb156:3:1; expires=Fri, 30 Sep 2022 21:48:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
uncs=1; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1b9a3265565d7ce002bd9680c532a9f6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
astonishedmule.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
192.243.61.227200 OK 29 kB URL HTTP/1.1 astonishedmule.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash d8853ec14ab4f16cbfddaab7cb633664
02306573871629b22da4bb779a98397ae67a07c4
61802708726be259f40a7ccf0523a9eecd7709639e21530c45c5a0f344a3e938
Analyzer Verdict Alert quad9 Sinkholed
GET /01/b6/49/01b64935b8061c1f61d213a27ce2d729.js HTTP/1.1
Host: astonishedmule.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6fc764f2ad0870dbae38051c88be971b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
syndication.realsrv.com/ads-iframe-display.php?idzone=4207634&type=300x250&p=http%3A//youvu.pornfollett.gigixo.com/&dt=1663969691067&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.245200 OK 858 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=4207634&type=300x250&p=http%3A//youvu.pornfollett.gigixo.com/&dt=1663969691067&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (1754), with no line terminators
Hash 9fd8ea2848253e98fafe87b76ec73afd
8102e3d7b010b229ee37bd6815fe1ab7c4dbef01
6fd71d3795b739cafa32a7c6717e475ef06b87d02499adbf840fead89689a82f
GET /ads-iframe-display.php?idzone=4207634&type=300x250&p=http%3A//youvu.pornfollett.gigixo.com/&dt=1663969691067&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632e29994fe0e5.194138443244006681%22%3B%7D; impressions=oslmroemnxgxaasmmxxmogeicxbmsbocnxgxaaslabrxbgeioslmrxbrnxgxaaslalcmbgeicxbmsbxcnxgxaaslcsrobgeicxbmsbcenxgxaaslaalcrgeislsaroornxgxaasbbrbolgeicxbmsboenxgxaaslalcmbgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaasmxelmageimcclsoeenxgxaasamsoccgeimcclosconxgxaasabxarlgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaasabxarlgeioslmrxlsnxgxaaslaalcrgeicaormbbonxgxaasalbbregeioslmrxlrnxgxaasmebascgeimcclsxscnxgxaasmebascgeimrerbmbbnxgxaasmeceesgeialbsereanxgxaasboxexogeialbserebnxgxaasborcsogeiccmblmmcnxgxaaslsbacbgeimcssmlrensgxaasbbrbolgxcceimxxerrebnxgxaasbbrbolgxcceimrsreamansgxaasbbleccgxcceimrsreabenxgxaasbbleccgxcceimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaaslaalcrgeimrblelmbnxgxaasblsoxxgeimcclossanxgxaasblsoxxgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaasblsoxxgeimrmaoboenogxaasblsmbogxcceimrxccosonxgxaasblmabsgxcceimrxccosbnogxaasblmabsgxcceimrxccosenogxaasblmabsgxcceimememseonxgxaasblmabsgxcceimrsreamonsgxaasbllxsmgxcceimrsreamcnsgxaasbllxsmgxcceimrsreamensgxaaslerraogxcceimrsreabonsgxaaslerraogxcceimcoaxmxcncgxaaslelsomgxcceimcssmlrcnsgxaaslelsomgxcceialaroxrcnxgxaaslelssegxcceimxcbrxsenxgxaaslxeercgxcceiaaxcamlanxgxaaslxeercgxcceimoobcoaonxgxaasloloorgxcceixaoosscrnxgxaasloloorgxcceimrlxebecnxgxaaslsxlmsgxcceimxlbmxlcnsgxaaslsccmbgxcceimxxrecsanxgxaaslsrmocgxcceimxlbmoobnogxaaslsrmocgxcceimsacexoonxgxaaslsrmocgxcceimxlbmoscnogxaaslsbacbgxcceiaaxcabeonxgxaaslsbaclgxcceicloaxxobnxgxaaslsbaclgxcceixaoossalnxgxaaslsbaclgxcceicloaxxxbnxgxaaslsbaclgxcceiaaxcabecnxgxaaslsbaclgxcceimxlbmosenogxaaslsbaclgxcceiaaxcamlcnxgxaaslcxxsegxcceimeembesonxgxaaslcxxsegxcceimrxccoscnxgxaaslcxxsegxcceimeembescnxgxaaslcxxsegxcceimeembecenxgxaaslcxxsegxcceimrbboaxcnxgxaaslcxxsegxcceiceecmorsnxgxaaslcxxsegxcceimccloscenxgxaaslcsrobgeimxlbmxlonagxaaslcsrobgxcceimcclsxacnxgxaaslcsrobgeimrmaobxanxgxaaslcsrolgxcceicmarxbbonsgxaaslcsrolgxcceirreacmsbnxgxaaslcarmcgxcceicloaecoenxgxaaslcarmrgxcceimxlbalscncgxaaslreembgxcceimxlbalsbnogxaaslreembgxcceimxlbmxlenogxaaslreembgxcceimxlbalcenogxaaslreembgxcceimxlbmxbbnsgxaaslreembgxcceialbbebsbnogxaaslreebxgxcceimemlxbocnogxaaslreebogxcceialbbebrenxgxaaslreebogxcceialbbebsanogxaaslreebsgxcceimxcbrxscnogxaaslreebcgxcceimxcbrxobnxgxaaslreebrgxcceimemlxmcbnxgxaaslaosmxgxcceimxlbmoconogxaaslaosmxgxcceimxlbmosanxgxaaslaosmxgxcceimxeoxsacnxgxaaslaaelcgxcceimrmcmmcanxgxaaslaalcrgxcceimcssmlronsgxaaslaalcrgxcceicbbmelocnxgxaaslabrxbgxcceimxeoxsbenxgxaaslalcmbgxcceimxlbmosonxgxaaslalcmbgxcceimememsecnxgxaaslalcmlgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632e29994fe0e5.194138443244006681%22%3B%7D; expires=Sun, 22 Sep 2024 21:48:11 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmroemnxgxaasmmxxmogeicxbmsbocnxgxaaslabrxbgeioslmrxbrnxgxaaslalcmbgeicxbmsbxcnxgxaaslcsrobgeicxbmsbcenxgxaaslaalcrgeislsaroornxgxaasbbrbolgeicxbmsboenxgxaaslalcmbgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaasmxelmageimcclsoeenxgxaasamsoccgeimcclosconxgxaasabxarlgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaasabxarlgeioslmrxlsnxgxaaslaalcrgeicaormbbonxgxaasalbbregeioslmrxlrnxgxaasmebascgeimcclsxscnxgxaasmebascgeimrerbmbbnxgxaasmeceesgeialbsereanxgxaasboxexogeialbserebnxgxaasborcsogeiccmblmmcnxgxaaslsbacbgeimcssmlrensgxaasbbrbolgxcceimxxerrebnxgxaasbbrbolgxcceimrsreamansgxaasbbleccgxcceimrsreabenxgxaasbbleccgxcceimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaaslaalcrgeimrblelmbnxgxaasblsoxxgeimcclossanxgxaasblsoxxgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaasblsoxxgeimrmaoboenogxaasblsmbogxcceimrxccosonxgxaasblmabsgxcceimrxccosbnogxaasblmabsgxcceimrxccosenogxaasblmabsgxcceimememseonxgxaasblmabsgxcceimrsreamonsgxaasbllxsmgxcceimrsreamcnsgxaasbllxsmgxcceimrsreamensgxaaslerraogxcceimrsreabonsgxaaslerraogxcceimcoaxmxcncgxaaslelsomgxcceimcssmlrcnsgxaaslelsomgxcceialaroxrcnxgxaaslelssegxcceimxcbrxsenxgxaaslxeercgxcceiaaxcamlanxgxaaslxeercgxcceimoobcoaonxgxaasloloorgxcceixaoosscrnxgxaasloloorgxcceimrlxebecnxgxaaslsxlmsgxcceimxlbmxlcnsgxaaslsccmbgxcceimxxrecsanxgxaaslsrmocgxcceimxlbmoobnogxaaslsrmocgxcceimsacexoonxgxaaslsrmocgxcceimxlbmoscnogxaaslsbacbgxcceiaaxcabeonxgxaaslsbaclgxcceicloaxxobnxgxaaslsbaclgxcceixaoossalnxgxaaslsbaclgxcceicloaxxxbnxgxaaslsbaclgxcceiaaxcabecnxgxaaslsbaclgxcceimxlbmosenogxaaslsbaclgxcceiaaxcamlcnxgxaaslcxxsegxcceimeembesonxgxaaslcxxsegxcceimrxccoscnxgxaaslcxxsegxcceimeembescnxgxaaslcxxsegxcceimeembecenxgxaaslcxxsegxcceimrbboaxcnxgxaaslcxxsegxcceiceecmorsnxgxaaslcxxsegxcceimccloscenxgxaaslcsrobgeimxlbmxlonagxaaslcsrobgxcceimcclsxacnxgxaaslcsrobgeimrmaobxanxgxaaslcsrolgxcceicmarxbbonsgxaaslcsrolgxcceirreacmsbnxgxaaslcarmcgxcceicloaecoenxgxaaslcarmrgxcceimxlbalscncgxaaslreembgxcceimxlbalsbnogxaaslreembgxcceimxlbmxlenogxaaslreembgxcceimxlbalcenogxaaslreembgxcceimxlbmxbbnsgxaaslreembgxcceialbbebsbnogxaaslreebxgxcceimemlxbocnogxaaslreebogxcceialbbebrenxgxaaslreebogxcceialbbebsanogxaaslreebsgxcceimxcbrxscnogxaaslreebcgxcceimxcbrxobnxgxaaslreebrgxcceimemlxmcbnxgxaaslaosmxgxcceimxlbmoconogxaaslaosmxgxcceimxlbmosanxgxaaslaosmxgxcceimxeoxsacnxgxaaslaaelcgxcceimrmcmmcanxgxaaslaalcrgxcceimcssmlronsgxaaslaalcrgxcceicbbmelocnxgxaaslabrxbgxcceimxeoxsbenxgxaaslalcmbgxcceimxlbmosonxgxaaslalcmbgxcceimememsecnxgxaaslalcmlgxcceimcrxeoaonxgxaaslalalxgxcce; expires=Sat, 24 Sep 2022 21:48:11 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
static.eabids.com/data/bannerpools/112022/34093.gif
217.22.19.195200 OK 24 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/34093.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 160 x 600\012- data
Hash 325fa577b032b0847fc13b9e86108bb3
8b2055b70855093d31bb9a71fc29f6becfff2878
9c9efc00b6329d620dd00042411429159a663a3f3ecad450a3de2702e03a327c
GET /data/bannerpools/112022/34093.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Type: image/gif
Content-Length: 24324
Last-Modified: Thu, 28 Apr 2022 14:46:26 GMT
Connection: keep-alive
ETag: "626aa8c2-5f04"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
astonishedmule.com/watch.749418795761.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1
192.243.61.227307 Temporary Redirect 0 B URL HTTP/1.1 astonishedmule.com/watch.749418795761.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.749418795761.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1 HTTP/1.1
Host: astonishedmule.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:11 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Origin: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Credentials: true
Location: https://astonishedmule.com/watch.749418795761.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1&shu=5b6a506ec10ed7978dc29012d78f6b2938c0d7a74d063966bd84c416d7e98c7c089c04e7533846a653a76e587e4240b493a8d606ffd44f71af1ad3323a5762cb2b95196c656157f058d54772cd867227f7e6f6fac5163eb8df94a77266&pst=1663969751&rmtc=t
Set-Cookie: u_pl=16428146; expires=Sat, 24 Sep 2022 21:48:11 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly95b3V2dS5wb3JuZm9sbGV0dC5naWdpeG8uY29tLz9peWFubmEifX0.uYWmS9P_xz3bZD80Iyb5deQmtyaZLtos14XBUd3OWvo; expires=Fri, 23 Sep 2022 21:49:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5e17bec2e4bd123bba7409a46baab60c
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash f5c887ff370b7872d04394f9b7b5b002
1adcde0c1596467ce41e6be11cff0841e779d799
871f46b18d299382e01a1de52cfd7eb56b44bc0de159ac4b93d382b3d2655d1b
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 03:35:11 GMT
Expires: Fri, 30 Sep 2022 03:35:10 GMT
Etag: "1adcde0c1596467ce41e6be11cff0841e779d799"
Cache-Control: max-age=603394,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 367
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67baf0ac30b39-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash f5c887ff370b7872d04394f9b7b5b002
1adcde0c1596467ce41e6be11cff0841e779d799
871f46b18d299382e01a1de52cfd7eb56b44bc0de159ac4b93d382b3d2655d1b
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 03:35:11 GMT
Expires: Fri, 30 Sep 2022 03:35:10 GMT
Etag: "1adcde0c1596467ce41e6be11cff0841e779d799"
Cache-Control: max-age=603394,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 367
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67baf085efac0-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash f5c887ff370b7872d04394f9b7b5b002
1adcde0c1596467ce41e6be11cff0841e779d799
871f46b18d299382e01a1de52cfd7eb56b44bc0de159ac4b93d382b3d2655d1b
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 03:35:11 GMT
Expires: Fri, 30 Sep 2022 03:35:10 GMT
Etag: "1adcde0c1596467ce41e6be11cff0841e779d799"
Cache-Control: max-age=603394,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 367
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67baf5b110b39-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235429
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17235429
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Fri, 23 Sep 2022 20:41:09 GMT
expires: Fri, 23 Sep 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 4023
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=4_KZTR85HC67-_NaYXajO0qQaMQHkwg-lboAMPJTT38qBslAsHPBr57ntP-Fb0fUhKrHR0SkWCFcNbEa00_temvIzLTfmOijJPawQUQ_gUIDRUi&p1=3844273
104.18.42.40301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=4_KZTR85HC67-_NaYXajO0qQaMQHkwg-lboAMPJTT38qBslAsHPBr57ntP-Fb0fUhKrHR0SkWCFcNbEa00_temvIzLTfmOijJPawQUQ_gUIDRUi&p1=3844273
IP 104.18.42.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=4_KZTR85HC67-_NaYXajO0qQaMQHkwg-lboAMPJTT38qBslAsHPBr57ntP-Fb0fUhKrHR0SkWCFcNbEa00_temvIzLTfmOijJPawQUQ_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 21:48:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Sep 2022 22:48:12 GMT
Location: https://go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=4_KZTR85HC67-_NaYXajO0qQaMQHkwg-lboAMPJTT38qBslAsHPBr57ntP-Fb0fUhKrHR0SkWCFcNbEa00_temvIzLTfmOijJPawQUQ_gUIDRUi&p1=3844273
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67bafb8d6b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=cDwOoqE6dYxs-DyTjpRZ8zThslxC9UfHDGCbUFGnpbO8n6fvmBC7m1gPW2Zg1yuVrASD90RnffwJhqJQ5neoFFdbceS6RSG8MyY5tDg_gUIDRUi&p1=3844273
104.18.42.40301 Moved Permanently 308 B URL HTTP/1.1 go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=cDwOoqE6dYxs-DyTjpRZ8zThslxC9UfHDGCbUFGnpbO8n6fvmBC7m1gPW2Zg1yuVrASD90RnffwJhqJQ5neoFFdbceS6RSG8MyY5tDg_gUIDRUi&p1=3844273
IP 104.18.42.40:0
Hash f6c83fb0244a75ac94fc4bea17b04fcb
909f3f68c0519918f61d321b480fef1c88f003ec
2f5589879dd1fc0a729455bbb5c2351eff24eab9d6f141f99eec4779e3326752
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=cDwOoqE6dYxs-DyTjpRZ8zThslxC9UfHDGCbUFGnpbO8n6fvmBC7m1gPW2Zg1yuVrASD90RnffwJhqJQ5neoFFdbceS6RSG8MyY5tDg_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 21:48:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Sep 2022 22:48:12 GMT
Location: https://go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=cDwOoqE6dYxs-DyTjpRZ8zThslxC9UfHDGCbUFGnpbO8n6fvmBC7m1gPW2Zg1yuVrASD90RnffwJhqJQ5neoFFdbceS6RSG8MyY5tDg_gUIDRUi&p1=3844273
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67baff908b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Mon, 19 Sep 2022 08:52:46 GMT
If-None-Match: W/"63282dde-b00"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:04:07 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:52:46 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282dde-b00"
Age: 391445
static.eabids.com/data/bannerpools/112022/62657.mp4
217.22.19.195206 Partial Content 16 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/62657.mp4
IP 217.22.19.195:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash c0146b16287d49657187f8004b881110
d8c08855570bec434adfbf746f5104557fd8b366
30cfb68001758a91d941ab35180409e2331e8999136182ac6976c544fbe0d881
GET /data/bannerpools/112022/62657.mp4 HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Type: video/mp4
Content-Length: 15887
Last-Modified: Thu, 28 Apr 2022 14:46:20 GMT
Connection: keep-alive
ETag: "626aa8bc-3e0f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Content-Range: bytes 0-15886/15887
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Mon, 19 Sep 2022 08:52:46 GMT
If-None-Match: W/"63282dde-b00"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:04:07 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:52:46 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282dde-b00"
Age: 391445
kazanwhoeveryowl.com/pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136
173.233.137.36200 OK 0 B URL HTTP/1.1 kazanwhoeveryowl.com/pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=5137&rd=5137&fd=578&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: kazanwhoeveryowl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMsEEGR4wYY8a0oFEwx0gaKFuEqWGmTIsbOGjcEGOGho2GMkU8nCMmDRmFOraIkJkDhgwaMHLkENHlYZg6YzKGyTGDjBkZOMi0gCEmjJmRMGKYzGpjRosxB2vQoGrUBg0yOiGSsbPQRg4bMh7CqSOGoowcN5zCgUNRLNWdcCbqmHHjJuO8Isa0IayDhowZNY46tUrxoRg3bhbKuJFDxlHIbdxg1DF6Yw69qVfHoPERx8M6MTKioUMHzhwdL16EcWGQjmoXY960eXGmDJ0XMWBIr7Fxxg86adqU6dGw9NrZNdTOiMGljnQZNsLQGdPDMuaj5c-nhyOmB5snbe4_cUJGTRw0Y9BABxp6GIGHGXG8EYcMS8BRhR5x0GEDEmk0AcMcd1xBxBpjNAGVFGe0gMUXNVSBxxNn6GFFEXhIcQQMNFAxhx520BGDFlZ8ocQSMtiBRwtF3MBEHk8kQQMTcbQQRRF0GNGEFXmocQcdWsgAxwxTmCFHElKo0UYdOMSBwxA3ECEFER2lMccXZ1SRhJlVpBEXHG2I9tAbdNopAhnKZSQHHWJ8JgdyfT40hnoLbTFeUyLAIUdUrMHgmRkLweDCdA_JYQdlMdhwWx1y6iBCQzCYkZlXLZQBQw0iyWTGVznEgNlWYswkQ0s4HHVQXGlQJkKsLhTlgmUu4BSXHF_0mhGwwhJr7G1hZNTEG3qkwQYbYbxQw6UgoIDFRzuAwEQabtSBBwh44GDDF26Fq6kOd12aAghHlDHGGm-8IENY0kUXAwhGpCFHGWa8gccL8cIQV0gZOfFEXG8gy7CoDsfFBqQiFOFEXAfZ8cXAbFBUww0wbYSDdJmeERprNeAQ2J5leCyGHAvhYBvMHrfxBlysqVvRnnK8sdAMdwIFmaMG57EQDZkSrBtvvgH3wp-BujFocsvFNYemfr5Bh3oRt1CHG2nQsdUNLpAhA8cYH_SF2nHRUSdDNpR1192SiiD32nTbbZddScngkFwflzEHHF8g2vcMdwPulBiKwWzGU2xMpNfFlRq6Ggx9KBAQ&s=b8a4e50a93c7252069660c1fb55885742fef5d4e83900502e0083e871aa7532b1663969690&w=t&r=1&d=902&priv=false
94.130.141.49200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMsEEGR4wYY8a0oFEwx0gaKFuEqWGmTIsbOGjcEGOGho2GMkU8nCMmDRmFOraIkJkDhgwaMHLkENHlYZg6YzKGyTGDjBkZOMi0gCEmjJmRMGKYzGpjRosxB2vQoGrUBg0yOiGSsbPQRg4bMh7CqSOGoowcN5zCgUNRLNWdcCbqmHHjJuO8Isa0IayDhowZNY46tUrxoRg3bhbKuJFDxlHIbdxg1DF6Yw69qVfHoPERx8M6MTKioUMHzhwdL16EcWGQjmoXY960eXGmDJ0XMWBIr7Fxxg86adqU6dGw9NrZNdTOiMGljnQZNsLQGdPDMuaj5c-nhyOmB5snbe4_cUJGTRw0Y9BABxp6GIGHGXG8EYcMS8BRhR5x0GEDEmk0AcMcd1xBxBpjNAGVFGe0gMUXNVSBxxNn6GFFEXhIcQQMNFAxhx520BGDFlZ8ocQSMtiBRwtF3MBEHk8kQQMTcbQQRRF0GNGEFXmocQcdWsgAxwxTmCFHElKo0UYdOMSBwxA3ECEFER2lMccXZ1SRhJlVpBEXHG2I9tAbdNopAhnKZSQHHWJ8JgdyfT40hnoLbTFeUyLAIUdUrMHgmRkLweDCdA_JYQdlMdhwWx1y6iBCQzCYkZlXLZQBQw0iyWTGVznEgNlWYswkQ0s4HHVQXGlQJkKsLhTlgmUu4BSXHF_0mhGwwhJr7G1hZNTEG3qkwQYbYbxQw6UgoIDFRzuAwEQabtSBBwh44GDDF26Fq6kOd12aAghHlDHGGm-8IENY0kUXAwhGpCFHGWa8gccL8cIQV0gZOfFEXG8gy7CoDsfFBqQiFOFEXAfZ8cXAbFBUww0wbYSDdJmeERprNeAQ2J5leCyGHAvhYBvMHrfxBlysqVvRnnK8sdAMdwIFmaMG57EQDZkSrBtvvgH3wp-BujFocsvFNYemfr5Bh3oRt1CHG2nQsdUNLpAhA8cYH_SF2nHRUSdDNpR1192SiiD32nTbbZddScngkFwflzEHHF8g2vcMdwPulBiKwWzGU2xMpNfFlRq6Ggx9KBAQ&s=b8a4e50a93c7252069660c1fb55885742fef5d4e83900502e0083e871aa7532b1663969690&w=t&r=1&d=902&priv=false
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMsEEGR4wYY8a0oFEwx0gaKFuEqWGmTIsbOGjcEGOGho2GMkU8nCMmDRmFOraIkJkDhgwaMHLkENHlYZg6YzKGyTGDjBkZOMi0gCEmjJmRMGKYzGpjRosxB2vQoGrUBg0yOiGSsbPQRg4bMh7CqSOGoowcN5zCgUNRLNWdcCbqmHHjJuO8Isa0IayDhowZNY46tUrxoRg3bhbKuJFDxlHIbdxg1DF6Yw69qVfHoPERx8M6MTKioUMHzhwdL16EcWGQjmoXY960eXGmDJ0XMWBIr7Fxxg86adqU6dGw9NrZNdTOiMGljnQZNsLQGdPDMuaj5c-nhyOmB5snbe4_cUJGTRw0Y9BABxp6GIGHGXG8EYcMS8BRhR5x0GEDEmk0AcMcd1xBxBpjNAGVFGe0gMUXNVSBxxNn6GFFEXhIcQQMNFAxhx520BGDFlZ8ocQSMtiBRwtF3MBEHk8kQQMTcbQQRRF0GNGEFXmocQcdWsgAxwxTmCFHElKo0UYdOMSBwxA3ECEFER2lMccXZ1SRhJlVpBEXHG2I9tAbdNopAhnKZSQHHWJ8JgdyfT40hnoLbTFeUyLAIUdUrMHgmRkLweDCdA_JYQdlMdhwWx1y6iBCQzCYkZlXLZQBQw0iyWTGVznEgNlWYswkQ0s4HHVQXGlQJkKsLhTlgmUu4BSXHF_0mhGwwhJr7G1hZNTEG3qkwQYbYbxQw6UgoIDFRzuAwEQabtSBBwh44GDDF26Fq6kOd12aAghHlDHGGm-8IENY0kUXAwhGpCFHGWa8gccL8cIQV0gZOfFEXG8gy7CoDsfFBqQiFOFEXAfZ8cXAbFBUww0wbYSDdJmeERprNeAQ2J5leCyGHAvhYBvMHrfxBlysqVvRnnK8sdAMdwIFmaMG57EQDZkSrBtvvgH3wp-BujFocsvFNYemfr5Bh3oRt1CHG2nQsdUNLpAhA8cYH_SF2nHRUSdDNpR1192SiiD32nTbbZddScngkFwflzEHHF8g2vcMdwPulBiKwWzGU2xMpNfFlRq6Ggx9KBAQ&s=b8a4e50a93c7252069660c1fb55885742fef5d4e83900502e0083e871aa7532b1663969690&w=t&r=1&d=902&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=150f52af-e05c-47ff-9135-0b7b2fe824de; bfq=APeIECNCxxYZN3LIkEFDRhcWIsYU3BLjoYgyE2PYsEEDRg0bMHLA6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=941000
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=941000
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (426), with CRLF, LF line terminators
Hash accac1b04655521c9769a9d4d01529e2
0fcc340044f238eccbec378525de1eb81318b924
617daf619f6c8b3034f8bba99935a3295e10417268defd1efa859706ca189844
GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=48fd6ade8ee34baee27c1df0a4ed85d9; expires=Sat, 23-Sep-2023 21:48:11 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sat, 24-Sep-2022 21:48:11 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY3NTg7aToxNjY0MjI4ODkxO30%3D; expires=Mon, 26-Sep-2022 21:48:11 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:11 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=VAJENWSrNaYZULsimDvpIKWxNCEsn_8mKYn3uwsAQ7Ih6OpOYJAcLjJnyJ7gFyovQ1oM6STJ4jm6NfIttal0DP34t1ZsNZ5H1PVuBkI_gUIDRUi&p1=3844240
104.18.42.40301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=VAJENWSrNaYZULsimDvpIKWxNCEsn_8mKYn3uwsAQ7Ih6OpOYJAcLjJnyJ7gFyovQ1oM6STJ4jm6NfIttal0DP34t1ZsNZ5H1PVuBkI_gUIDRUi&p1=3844240
IP 104.18.42.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=VAJENWSrNaYZULsimDvpIKWxNCEsn_8mKYn3uwsAQ7Ih6OpOYJAcLjJnyJ7gFyovQ1oM6STJ4jm6NfIttal0DP34t1ZsNZ5H1PVuBkI_gUIDRUi&p1=3844240 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 21:48:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Sep 2022 22:48:12 GMT
Location: https://go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=VAJENWSrNaYZULsimDvpIKWxNCEsn_8mKYn3uwsAQ7Ih6OpOYJAcLjJnyJ7gFyovQ1oM6STJ4jm6NfIttal0DP34t1ZsNZ5H1PVuBkI_gUIDRUi&p1=3844240
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f67bb0fa21b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcIFOjDA4yNsi0EFMjxowWNMTMCDOyzBiRM8jcwAHjBo0wMGyIESPi4Rwxacgo1LFFBI0bOWDIoAEjRw4RXR6GqTMm4wwxH2nUsCGjRQ4yK1GKiWHGaxmTLWbAKHNzBg4zOQre6AmRjJ2FNnJwfQinDk-GMnLckAoHDsUYTmf4hDNRx4wbNkzekPFwTBvDOmhorZFTKhkzFB-KceNmoQwcM3PEGCyijRuMOmTcmJGXr2vYMWjEiIHjYZ0YGdHQoQNnjo4XL8K4MEjntYsxb9q8OFOGzosYMLLXoD3jB500bcr0aJhjqerNNGbE4FInuwwbYeiM6aG5Bmcb7N3DhyOmB5IYbdTwRRFtwBADGnqgQcYRSTAhx1VzNAFDG2_YgcQZYsSRwxdWQKEWGk6EZwcZSSyBRRA21HEDFWQssUYdYUCBRQ1y0HCEbmGgIUMST1RRwxJ02JCHElVE4UYaQoyBwxl6lJGDEmW8qIUUTtgRxxFroKGGHm9QOUQeT4BpRBtLvrFEGnrAwcQZaVDxxRlVJEGEFFWkQRccbZj20Bt46ikCGdFlJAcdO7khx3OBVhbfQluoF5UIcMhRVWwwiAaaDjC4oN1DctiBWQw2-FaHnTqIYAZ8MwgGA0tl2IcDSmPANxIOOIjRQkQbZedWQzcA91AamImgmgtJuUCDDC40RANdcnwBbEbDFntssjUs61sYGTXxhh5psMFGGC_UoCkIKGCx2w4gMJGGG3XgAQIeONjwhQ00oNupDnppmgIIR7i0xhsvyGBgdtjFAIIRachRhhlv4PFCvjDQNcakIjjxBF1vNDtxRhbTxQbFRThB10F2fKEwGxTVcMNMtNFUqQhynFFabDWg9hDJX4ghx0K03lxGyRSSYVq8Ff0pxxsLKSbCG0NRBunReOSxEA2cLhzccMUd98KghR4KnXR0zdGpoG_QEV_GLdRxJB0t1OQCGTKMTPFBX8BNFx15MmSDDanmldfLeMetN996FQ4DDlp5ZnIZc8DxxaKD9224VGI09ufCU7ExEV8fL_TyGLDB0IcCAQE%3D&s=e680b13b0310b44fa149c15ee3c23a2273398cbed61cb30ef693fc722fcf4e221663969690&w=t&r=1&d=866&priv=false
94.130.141.49200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcIFOjDA4yNsi0EFMjxowWNMTMCDOyzBiRM8jcwAHjBo0wMGyIESPi4Rwxacgo1LFFBI0bOWDIoAEjRw4RXR6GqTMm4wwxH2nUsCGjRQ4yK1GKiWHGaxmTLWbAKHNzBg4zOQre6AmRjJ2FNnJwfQinDk-GMnLckAoHDsUYTmf4hDNRx4wbNkzekPFwTBvDOmhorZFTKhkzFB-KceNmoQwcM3PEGCyijRuMOmTcmJGXr2vYMWjEiIHjYZ0YGdHQoQNnjo4XL8K4MEjntYsxb9q8OFOGzosYMLLXoD3jB500bcr0aJhjqerNNGbE4FInuwwbYeiM6aG5Bmcb7N3DhyOmB5IYbdTwRRFtwBADGnqgQcYRSTAhx1VzNAFDG2_YgcQZYsSRwxdWQKEWGk6EZwcZSSyBRRA21HEDFWQssUYdYUCBRQ1y0HCEbmGgIUMST1RRwxJ02JCHElVE4UYaQoyBwxl6lJGDEmW8qIUUTtgRxxFroKGGHm9QOUQeT4BpRBtLvrFEGnrAwcQZaVDxxRlVJEGEFFWkQRccbZj20Bt46ikCGdFlJAcdO7khx3OBVhbfQluoF5UIcMhRVWwwiAaaDjC4oN1DctiBWQw2-FaHnTqIYAZ8MwgGA0tl2IcDSmPANxIOOIjRQkQbZedWQzcA91AamImgmgtJuUCDDC40RANdcnwBbEbDFntssjUs61sYGTXxhh5psMFGGC_UoCkIKGCx2w4gMJGGG3XgAQIeONjwhQ00oNupDnppmgIIR7i0xhsvyGBgdtjFAIIRachRhhlv4PFCvjDQNcakIjjxBF1vNDtxRhbTxQbFRThB10F2fKEwGxTVcMNMtNFUqQhynFFabDWg9hDJX4ghx0K03lxGyRSSYVq8Ff0pxxsLKSbCG0NRBunReOSxEA2cLhzccMUd98KghR4KnXR0zdGpoG_QEV_GLdRxJB0t1OQCGTKMTPFBX8BNFx15MmSDDanmldfLeMetN996FQ4DDlp5ZnIZc8DxxaKD9224VGI09ufCU7ExEV8fL_TyGLDB0IcCAQE%3D&s=e680b13b0310b44fa149c15ee3c23a2273398cbed61cb30ef693fc722fcf4e221663969690&w=t&r=1&d=866&priv=false
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcIFOjDA4yNsi0EFMjxowWNMTMCDOyzBiRM8jcwAHjBo0wMGyIESPi4Rwxacgo1LFFBI0bOWDIoAEjRw4RXR6GqTMm4wwxH2nUsCGjRQ4yK1GKiWHGaxmTLWbAKHNzBg4zOQre6AmRjJ2FNnJwfQinDk-GMnLckAoHDsUYTmf4hDNRx4wbNkzekPFwTBvDOmhorZFTKhkzFB-KceNmoQwcM3PEGCyijRuMOmTcmJGXr2vYMWjEiIHjYZ0YGdHQoQNnjo4XL8K4MEjntYsxb9q8OFOGzosYMLLXoD3jB500bcr0aJhjqerNNGbE4FInuwwbYeiM6aG5Bmcb7N3DhyOmB5IYbdTwRRFtwBADGnqgQcYRSTAhx1VzNAFDG2_YgcQZYsSRwxdWQKEWGk6EZwcZSSyBRRA21HEDFWQssUYdYUCBRQ1y0HCEbmGgIUMST1RRwxJ02JCHElVE4UYaQoyBwxl6lJGDEmW8qIUUTtgRxxFroKGGHm9QOUQeT4BpRBtLvrFEGnrAwcQZaVDxxRlVJEGEFFWkQRccbZj20Bt46ikCGdFlJAcdO7khx3OBVhbfQluoF5UIcMhRVWwwiAaaDjC4oN1DctiBWQw2-FaHnTqIYAZ8MwgGA0tl2IcDSmPANxIOOIjRQkQbZedWQzcA91AamImgmgtJuUCDDC40RANdcnwBbEbDFntssjUs61sYGTXxhh5psMFGGC_UoCkIKGCx2w4gMJGGG3XgAQIeONjwhQ00oNupDnppmgIIR7i0xhsvyGBgdtjFAIIRachRhhlv4PFCvjDQNcakIjjxBF1vNDtxRhbTxQbFRThB10F2fKEwGxTVcMNMtNFUqQhynFFabDWg9hDJX4ghx0K03lxGyRSSYVq8Ff0pxxsLKSbCG0NRBunReOSxEA2cLhzccMUd98KghR4KnXR0zdGpoG_QEV_GLdRxJB0t1OQCGTKMTPFBX8BNFx15MmSDDanmldfLeMetN996FQ4DDlp5ZnIZc8DxxaKD9224VGI09ufCU7ExEV8fL_TyGLDB0IcCAQE%3D&s=e680b13b0310b44fa149c15ee3c23a2273398cbed61cb30ef693fc722fcf4e221663969690&w=t&r=1&d=866&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=150f52af-e05c-47ff-9135-0b7b2fe824de; bfq=APeIECNCxxYZN3LIkEFDRhcWIsYU3BLjoYgyE2PYsEEDRg0bMHLA6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.09a0bf741d47.js
104.16.94.42200 OK 40 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.09a0bf741d47.js
IP 104.16.94.42:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash e4c7d15773dc3fae337c79a17094dc58
6e8909f235127649627612c22ca603dcdeeb23ff
17fc724556407f5e7d448a79299a5a63004566422f499c8ec80668b5e2e644f1
GET /CACHE/js/output.09a0bf741d47.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"bb81bca2482741d6c4dcf148cb33a79d"
last-modified: Wed, 17 Aug 2022 00:26:59 GMT
x-amz-id-2: 3dz298/kgeP1Pq/aBz8wop8Gas15qR9oG1wjU5FgYthy7g6Z9MZpPydhaAydlHaKkHGU8KIJbDw=
x-amz-meta-s3cmd-attrs: md5:bb81bca2482741d6c4dcf148cb33a79d
x-amz-request-id: RGGA1ZRYYYSSRXHH
cf-cache-status: HIT
age: 681478
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ysgy4u%2BX7%2Bpyo%2B0cD4JVb0iNwl4nEXL1zu7BT11fLvaZOofo4dKvEiDokjckZf4Con4dJbBEZoa47eDRSFtVU%2Fw2ndt4OYRxds8A2xkYjrBBsq1RQL2wStvVhqJwBU1O2GS%2B6pX6BDywqsjndSCoGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=7eSVEzDIqwAkqu0pVp5jPqcVj0b1cc9Exhz24dnTWUs-1663969692294-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb0cf71b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
104.16.94.42200 OK 28 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
IP 104.16.94.42:0
File type ASCII text, with very long lines (1534)
Hash 85236465be48e9972ac4c084abb7c0dc
cbed539595754ddef93563e9e24269771bc074c2
08daf5750fe17b102d60eda3ba711e9ef13fe48342b715445756249f7a5998a8
GET /CACHE/js/output.e1067846ea15.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=108152
etag: W/"97a23c5e27826ee4bed1dbcfe0601da8"
last-modified: Thu, 24 Jun 2021 21:24:09 GMT
x-amz-id-2: gJdq637yDaGW5b/k/xLZcaVgKR2zPrz11wa1iwf3/kEEAF2JWIngCVC4T9LIrDSnBaklrTBcytM=
x-amz-meta-s3cmd-attrs: md5:97a23c5e27826ee4bed1dbcfe0601da8
x-amz-request-id: C8A0N4S7KE12CYZQ
cf-cache-status: HIT
age: 519645
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3FdEphADjln%2FBhqIeg2MFS%2Fo4%2FIy0%2FHfpr0WFSQh0BLi%2Bwgo3SgKMs9HTqq0JVns41A9nsKEnlx0pxCM7Uduu8ojW9Ky%2FrJG0wwabvVvBVJQQG9IcTw6HtNrBUgKhjvCYD5axib0N80TU%2FWIX3HH8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=u0MGgdkPJAOelUckuq7vq2ocBGkRC3d7qtuLhk7.QBg-1663969692292-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb0cf6eb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
94.130.141.49200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL3lvdXZ1LnBvcm5mb2xsZXR0LmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjI5OTQwYTIxY2E3ZTM1MTZiZWQ5YWYzYmU1NmVkYWMzIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY5MTA1M319
116.202.60.158200 OK 14 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL3lvdXZ1LnBvcm5mb2xsZXR0LmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjI5OTQwYTIxY2E3ZTM1MTZiZWQ5YWYzYmU1NmVkYWMzIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY5MTA1M319
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash 1d8661a2d71828fe2a8595d97d543624
97da8190390adfb8452f5c3325de77ae1e6bf6e3
c138953bf0839968caf63e7b3d3356d4a401303e14d309d1d8fa04d8bae84139
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL3lvdXZ1LnBvcm5mb2xsZXR0LmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjI5OTQwYTIxY2E3ZTM1MTZiZWQ5YWYzYmU1NmVkYWMzIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY5MTA1M319 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
bngpt.com/promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192200 OK 413 B URL HTTP/2 bngpt.com/promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
Hash 8080ba76606a64a09a3e60a5f263ce4d
e6e517c35b24e5732e0467611f96f7603f9f317a
967bcf0dfe3d9f99ca40e3e6a1de1e6eede211e51020e78bc0cb413bc6c91d5e
GET /promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Fri, 23 Sep 2022 21:48:11 GMT
x-bcs: ded7724
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 105
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=1329412433&pid=0&site=1929&sc=NO&usage_type=DCH&subid=353082707&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-3&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=1929&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D353082707%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D1929%26utm1%3Dtcban_i%26utm2%3D1929%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fyouvu.pornfollett.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D79&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
116.202.60.158302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=1329412433&pid=0&site=1929&sc=NO&usage_type=DCH&subid=353082707&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-3&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=1929&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D353082707%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D1929%26utm1%3Dtcban_i%26utm2%3D1929%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fyouvu.pornfollett.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D79&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=1329412433&pid=0&site=1929&sc=NO&usage_type=DCH&subid=353082707&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=youvu.pornfollett.gigixo.com&hostname=auc-banner-hz-3&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=1929&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=79&ml=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D353082707%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D1929%26utm1%3Dtcban_i%26utm2%3D1929%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fyouvu.pornfollett.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D79&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Fri, 23 Sep 2022 21:48:12 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F&katds_labels=&btype=0&score=79
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F&katds_labels=&btype=0&score=79
109.206.176.122302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F&katds_labels=&btype=0&score=79
IP 109.206.176.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F&katds_labels=&btype=0&score=79 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Cookie: 912.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Sat, 24 Sep 2022 21:48:12 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
astonishedmule.com/watch.749418795761.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1&shu=5b6a506ec10ed7978dc29012d78f6b2938c0d7a74d063966bd84c416d7e98c7c089c04e7533846a653a76e587e4240b493a8d606ffd44f71af1ad3323a5762cb2b95196c656157f058d54772cd867227f7e6f6fac5163eb8df94a77266&pst=1663969751&rmtc=t
192.243.61.227200 OK 2.4 kB URL HTTP/1.1 astonishedmule.com/watch.749418795761.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1&shu=5b6a506ec10ed7978dc29012d78f6b2938c0d7a74d063966bd84c416d7e98c7c089c04e7533846a653a76e587e4240b493a8d606ffd44f71af1ad3323a5762cb2b95196c656157f058d54772cd867227f7e6f6fac5163eb8df94a77266&pst=1663969751&rmtc=t
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (3087)
Hash 826bbdb365680b4436d0faafc20174b4
eefd0e53d421f9b1590982b857e1b80113c8daa5
88ef57e4bd58a7105bb0127e89ad82d9e323ccb7fbe79ca59a03f85c7a73c65d
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.749418795761.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fyouvu.pornfollett.gigixo.com%2F%3Fiyanna&tz=0&dev=r&res=12.29&uuid=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1&shu=5b6a506ec10ed7978dc29012d78f6b2938c0d7a74d063966bd84c416d7e98c7c089c04e7533846a653a76e587e4240b493a8d606ffd44f71af1ad3323a5762cb2b95196c656157f058d54772cd867227f7e6f6fac5163eb8df94a77266&pst=1663969751&rmtc=t HTTP/1.1
Host: astonishedmule.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Referer: http://youvu.pornfollett.gigixo.com/
Connection: keep-alive
Cookie: u_pl=16428146; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly95b3V2dS5wb3JuZm9sbGV0dC5naWdpeG8uY29tLz9peWFubmEifX0.uYWmS9P_xz3bZD80Iyb5deQmtyaZLtos14XBUd3OWvo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Origin: http://youvu.pornfollett.gigixo.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=387798b0-f6e3-44e8-917e-1b5b9b8bb156:3:1; expires=Fri, 30 Sep 2022 21:48:12 GMT; secure; SameSite=None
iprc1c2558d0f8dc618cfb721a7dcfe778cb=3569681; expires=Sat, 24 Sep 2022 01:48:12 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 24 Sep 2022 21:48:12 GMT; secure; SameSite=None
uncs=1; expires=Sat, 24 Sep 2022 21:48:12 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 24 Sep 2022 21:48:12 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 24 Sep 2022 21:48:12 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 27f0e20a27c03a736ac71075945f71eb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
104.16.94.42200 OK 5.2 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
IP 104.16.94.42:0
File type ASCII text, with very long lines (7845)
Hash 096dd2eadc1022bb7ddb5f3366a16019
9eeb09d3da15a006bc9be79b97fa74b1b14652e9
16050215432475c0c79232eaf8a63238705610f01c74f6ade3c87e4813a48563
GET /CACHE/js/output.9b823bb2f723.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"1360376b8f5657814f662391b765d655"
last-modified: Tue, 24 May 2022 17:14:17 GMT
x-amz-id-2: KTWJY/HCZAzfCN7zvoTtoCRDkjCDtsx43npe+RSp0Ebo2HF6WHgess4Ct9QL7Zi8XExzaRuhmCw=
x-amz-meta-s3cmd-attrs: md5:1360376b8f5657814f662391b765d655
x-amz-request-id: M1HHWCFNA8C6CV81
cf-cache-status: HIT
age: 1635267
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qL3Z30eXpBc5CyQX%2BkHJ0AbTPDFUdaPtBkFlNX7arrOOQAw13BiMoJnTfu2bRZG65ubTJyTHP8QiNZcEKZ7zde6SRVOWr%2BUEZ4vvWS64YhN91hwbgozVRpJRA6Eqv8tAnl2A%2FEfTvUKApaBNnW3DNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=DJWzjDhHQvkqaUgbnW0sY9kbs3hnyx37bzH8n28PC7g-1663969692295-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb0cf6db4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.72d88238be93.css
104.16.94.42200 OK 11 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.72d88238be93.css
IP 104.16.94.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f0a35e76e4b15997e17cf7db1137a22b
fd4764e4d68a29e9f03f0ac2c09948dfd66a1a3b
c498d9d083c1c69bcd40a2cbeea74c61f887f2c1d132be27776c73aa1a99f557
GET /CACHE/css/output.72d88238be93.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=82840
etag: W/"65d308a7f2947d48df0d5d3cb0922e33"
last-modified: Thu, 22 Sep 2022 17:33:19 GMT
x-amz-id-2: 2Sx4AjjNCQP7Jj9/b67TvCno8ptfRHnjTtSXwXpuJMBPIBavuQFBtcfztJ/Og11NVgtuHwBEQJw=
x-amz-meta-s3cmd-attrs: md5:65d308a7f2947d48df0d5d3cb0922e33
x-amz-request-id: HBTZ43ZYV65WM6HZ
cf-cache-status: HIT
age: 101521
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJ5%2FSHJGXAlwrdTw4kvjfCwDwBHQsOxhxGXhhrqU7MlYlL22t7kyet%2Fae2qTSDFOlW7K6amxDoDyx%2BwZp8hLmfN913H5GGmp%2FBWkjl9E1rzbl%2Fc0q6s%2BpGOeIL97EOiEIBKs8MUXhDq2SZWOh95iYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=.etoIPJ7jSFc94Yfh7U7hTAbuOFbbf87xj2Q1XS0.Ms-1663969692328-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb0ffb0b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192200 OK 98 kB URL HTTP/2 bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
Hash f74a3085b88c4eda7932433ed35981bd
c2710e7d84fc44b2e3224b29ddd57743160919c6
46ccb1405d260462351feac92a1c08ce42fbfda872ba68dc6f27ab8c98b3ace9
GET /promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Fri, 23 Sep 2022 21:48:11 GMT
x-bcs: ded7724
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 105
X-Firefox-Spdy: h2
bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192200 OK 132 kB URL HTTP/2 bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
Size 132 kB (132058 bytes)
Hash 6e495f01975acd3fdff70da5f7c652ce
52c5a004b50f4e61a5793589ce16a13a08107f74
7c2830107ecefa37bac0eb04cb7b9250fe887a9041ce2ee8099f931d10901762
GET /promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Fri, 23 Sep 2022 21:48:11 GMT
x-bcs: ded7724
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 105
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=youvu.pornfollett.gigixo.com&et=126
94.130.141.49200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=youvu.pornfollett.gigixo.com&et=126
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=youvu.pornfollett.gigixo.com&et=126 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.211304 Not Modified 15 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.211:0
Hash af55c91a7c5ff85e157f6bbd88377d78
9e062d5326ae42593e2369f20196b40c5c5636ca
aa48793f2b46dd348b59c0beba4ffa767d198804edcddbbb4825a5746fa8ebee
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Mon, 19 Sep 2022 08:52:46 GMT
If-None-Match: W/"63282dde-b00"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:04:07 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:52:46 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282dde-b00"
Age: 391445
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XYoHFjhpkyZsa06EiGTAsaZcTAaCHGxhiTIMnECDODI5kxNcyIeBimzpiMNWLYKJNDTAwzLWDUCJPj5IyaLcLAkFFjJI4aOMbkgJGDjI0cP3mSsUMRB40cOB7CqSNmoY0YMW7whAOH4owcNB7OgTNRxwyzNGR0fDimTV0dMmRspAFDrE6GD8W4cUPRhg0YNm7kFdHGDUaGMxI3FgGn82cbNWhUFFEnRkY0dOjAmaPjxYszb1zg2Z1GjWEXY960eTGnTRg5st_AeRFDBo6pOW7gsGFGTBkyOaiXwfH8KQwxKnHMKDNmTBnVZZrLECMVRxnBcLfiEKP17HgzM2yIp0HjR505CCVBRg_XoVTTWTJMFQZ_YZgRBg4xzNAQDDcwJZMMYcSglQ0yhBbDdDCcJ0ZIY2CYoRhPZchddC2FyEUdMExlwxxv1CGHeQL2kNhiMLwYo2JtlNGGdXLkmMQTTxhlRBRkIKGGFmowgUUZdehBhx1ttGEDGsGFgccRTdgQRxtUOAHHFXcQMVsLQwgRhxNX2IDHDXBIQYcQV-ARhRMwuFGFHlL0KQeWVzxBBg1IyJEHHXmkYcYVVzgxQxhRpKGEHU1ogUcSdSwBBxNfuIFDDlSYgdsXZ1SRBBFSVJGGjzLCEUMPf_En2Aw7iUCGcBnlUaMddbgAxxtyuGHGG2ywUUZsLpyRhrN45BZcG7mOEUZfW0jYRWSPweACDKsNetgMo9VRRxoZUVdUZua1YMZlOJxEg0otzDeGGC3YIMZZRXFXRmhtPZTGYSLkEIMLW7kQmAsN0ZCrHF8MnJHBCHu7cMO51hFGRk28oUcayYbxQg3fgoACFnDtAAITabhRBx4g4DHdFxupPKgO2X2bAghHkLfGGy8kGEOMQ8cAghFpyAHSG3i8kDMM1f6kgwhOPJErsV-Ul1HVubIhtQhFOJHrQXZ8oTQbFNVwg3T5PTeaHGdQhhhWculaRtliyLEQdw-R_UUbb5CxkHNv9S3HGwvN8NAbCiGm1uF45LHQZko_NlBscNT2gq91ACssscYiqyyzzkIrrXAv5DrHoBkdTse1xLZQhxtp0JEUDS6QIcPYXx_0he650kEtQ5bd9dVXqwm_O_E2GJ-dwVSNZpDZZez1xbWVNf888g_dfb2yyDWeLQ3bQiRGX3Y7WAcbE6nl9UKjjfEZDH0oEBA%3D&s=48a030621f634d9e04cf41a772ddebc564a7de46d68cd4b3603f1ba93b8234dd1663969691&w=t&r=1&d=1280&priv=false
94.130.141.49200 OK 19 kB URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XYoHFjhpkyZsa06EiGTAsaZcTAaCHGxhiTIMnECDODI5kxNcyIeBimzpiMNWLYKJNDTAwzLWDUCJPj5IyaLcLAkFFjJI4aOMbkgJGDjI0cP3mSsUMRB40cOB7CqSNmoY0YMW7whAOH4owcNB7OgTNRxwyzNGR0fDimTV0dMmRspAFDrE6GD8W4cUPRhg0YNm7kFdHGDUaGMxI3FgGn82cbNWhUFFEnRkY0dOjAmaPjxYszb1zg2Z1GjWEXY960eTGnTRg5st_AeRFDBo6pOW7gsGFGTBkyOaiXwfH8KQwxKnHMKDNmTBnVZZrLECMVRxnBcLfiEKP17HgzM2yIp0HjR505CCVBRg_XoVTTWTJMFQZ_YZgRBg4xzNAQDDcwJZMMYcSglQ0yhBbDdDCcJ0ZIY2CYoRhPZchddC2FyEUdMExlwxxv1CGHeQL2kNhiMLwYo2JtlNGGdXLkmMQTTxhlRBRkIKGGFmowgUUZdehBhx1ttGEDGsGFgccRTdgQRxtUOAHHFXcQMVsLQwgRhxNX2IDHDXBIQYcQV-ARhRMwuFGFHlL0KQeWVzxBBg1IyJEHHXmkYcYVVzgxQxhRpKGEHU1ogUcSdSwBBxNfuIFDDlSYgdsXZ1SRBBFSVJGGjzLCEUMPf_En2Aw7iUCGcBnlUaMddbgAxxtyuGHGG2ywUUZsLpyRhrN45BZcG7mOEUZfW0jYRWSPweACDKsNetgMo9VRRxoZUVdUZua1YMZlOJxEg0otzDeGGC3YIMZZRXFXRmhtPZTGYSLkEIMLW7kQmAsN0ZCrHF8MnJHBCHu7cMO51hFGRk28oUcayYbxQg3fgoACFnDtAAITabhRBx4g4DHdFxupPKgO2X2bAghHkLfGGy8kGEOMQ8cAghFpyAHSG3i8kDMM1f6kgwhOPJErsV-Ul1HVubIhtQhFOJHrQXZ8oTQbFNVwg3T5PTeaHGdQhhhWculaRtliyLEQdw-R_UUbb5CxkHNv9S3HGwvN8NAbCiGm1uF45LHQZko_NlBscNT2gq91ACssscYiqyyzzkIrrXAv5DrHoBkdTse1xLZQhxtp0JEUDS6QIcPYXx_0he650kEtQ5bd9dVXqwm_O_E2GJ-dwVSNZpDZZez1xbWVNf888g_dfb2yyDWeLQ3bQiRGX3Y7WAcbE6nl9UKjjfEZDH0oEBA%3D&s=48a030621f634d9e04cf41a772ddebc564a7de46d68cd4b3603f1ba93b8234dd1663969691&w=t&r=1&d=1280&priv=false
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash 5dbd3f6def9783f1bf159f746eb9402e
fae765a474763cb9d06421a9d1970ee65b9f85e7
63e9cd6f0d6f0f822f425a62d0268e7791e7ffa54b92b6b834f898604f51b907
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XYoHFjhpkyZsa06EiGTAsaZcTAaCHGxhiTIMnECDODI5kxNcyIeBimzpiMNWLYKJNDTAwzLWDUCJPj5IyaLcLAkFFjJI4aOMbkgJGDjI0cP3mSsUMRB40cOB7CqSNmoY0YMW7whAOH4owcNB7OgTNRxwyzNGR0fDimTV0dMmRspAFDrE6GD8W4cUPRhg0YNm7kFdHGDUaGMxI3FgGn82cbNWhUFFEnRkY0dOjAmaPjxYszb1zg2Z1GjWEXY960eTGnTRg5st_AeRFDBo6pOW7gsGFGTBkyOaiXwfH8KQwxKnHMKDNmTBnVZZrLECMVRxnBcLfiEKP17HgzM2yIp0HjR505CCVBRg_XoVTTWTJMFQZ_YZgRBg4xzNAQDDcwJZMMYcSglQ0yhBbDdDCcJ0ZIY2CYoRhPZchddC2FyEUdMExlwxxv1CGHeQL2kNhiMLwYo2JtlNGGdXLkmMQTTxhlRBRkIKGGFmowgUUZdehBhx1ttGEDGsGFgccRTdgQRxtUOAHHFXcQMVsLQwgRhxNX2IDHDXBIQYcQV-ARhRMwuFGFHlL0KQeWVzxBBg1IyJEHHXmkYcYVVzgxQxhRpKGEHU1ogUcSdSwBBxNfuIFDDlSYgdsXZ1SRBBFSVJGGjzLCEUMPf_En2Aw7iUCGcBnlUaMddbgAxxtyuGHGG2ywUUZsLpyRhrN45BZcG7mOEUZfW0jYRWSPweACDKsNetgMo9VRRxoZUVdUZua1YMZlOJxEg0otzDeGGC3YIMZZRXFXRmhtPZTGYSLkEIMLW7kQmAsN0ZCrHF8MnJHBCHu7cMO51hFGRk28oUcayYbxQg3fgoACFnDtAAITabhRBx4g4DHdFxupPKgO2X2bAghHkLfGGy8kGEOMQ8cAghFpyAHSG3i8kDMM1f6kgwhOPJErsV-Ul1HVubIhtQhFOJHrQXZ8oTQbFNVwg3T5PTeaHGdQhhhWculaRtliyLEQdw-R_UUbb5CxkHNv9S3HGwvN8NAbCiGm1uF45LHQZko_NlBscNT2gq91ACssscYiqyyzzkIrrXAv5DrHoBkdTse1xLZQhxtp0JEUDS6QIcPYXx_0he650kEtQ5bd9dVXqwm_O_E2GJ-dwVSNZpDZZez1xbWVNf888g_dfb2yyDWeLQ3bQiRGX3Y7WAcbE6nl9UKjjfEZDH0oEBA%3D&s=48a030621f634d9e04cf41a772ddebc564a7de46d68cd4b3603f1ba93b8234dd1663969691&w=t&r=1&d=1280&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3DAduTZorHRiXKktisuDIwUny0B8k9PgYucWIfOJGGR4rfTFU6ubrxVCDb2zs3Xiwxgb7IZ4-GSHk-nGIONkV8e52aqhFbKjyC6mf3wBM_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
104.18.42.40200 OK 1.7 kB URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3DAduTZorHRiXKktisuDIwUny0B8k9PgYucWIfOJGGR4rfTFU6ubrxVCDb2zs3Xiwxgb7IZ4-GSHk-nGIONkV8e52aqhFbKjyC6mf3wBM_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
IP 104.18.42.40:0
File type JSON data\012- , ASCII text
Hash adc8449f2b2e39ab745376b45d8ee70f
683bec2524f5853220410d3e265aa31911f129b7
8076e0d33ef445d1ff8c048374ff76c289c46a0305cc504fe5e0de4960ffb586
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3DAduTZorHRiXKktisuDIwUny0B8k9PgYucWIfOJGGR4rfTFU6ubrxVCDb2zs3Xiwxgb7IZ4-GSHk-nGIONkV8e52aqhFbKjyC6mf3wBM_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460 HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Fri, 23 Sep 2022 21:48:12 GMT
cf-cache-status: MISS
set-cookie: __cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatEunkWcbtvYEmr; SameSite=None; Secure; path=/; expires=Sat, 24-Sep-22 20:48:12 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f67bb46b1cb4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.jads.co/network/user1037/131-1573234880-0690480001573234880.jpg
69.16.175.42200 OK 116 kB URL HTTP/1.1 i.jads.co/network/user1037/131-1573234880-0690480001573234880.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x600, components 3\012- data
Size 116 kB (115807 bytes)
Hash 9899075f7c10fd117c736fb6704236f6
9bb92845011f7a27c3f7d4448dce45bfa2a640f8
ef25c9e7b512870abd2df002956131169309e2b5664901592750fb18591bd705
GET /network/user1037/131-1573234880-0690480001573234880.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 21:48:12 GMT
Connection: Keep-Alive
ETag: "1573234880"
Cache-Control: max-age=18105368
Content-Length: 115807
Content-Type: image/jpeg
Last-Modified: Fri, 08 Nov 2019 17:41:20 GMT
Accept-Ranges: bytes
X-HW: 1663969692.dop213.sk1.t,1663969692.cds219.sk1.c
poweredby.jads.co/adshow.php?adzone=961906
185.94.236.246200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=961906
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1307), with CRLF, LF line terminators
Hash 6bd5ceb962915c24216e2d935ddba15a
49822a510027a0593b82de82ca26f332d2464b11
6d0f0f6573b870e4df58ede44e6d14feba0397d61c8fb92ba63da67cbdb8f1fe
GET /adshow.php?adzone=961906 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=48fd6ade8ee34baee27c1df0a4ed85d9; expires=Sat, 23-Sep-2023 21:48:11 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps131=1; expires=Sat, 24-Sep-2022 21:48:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjEyMDM0Mjk7aToxNjY0MjI4ODkxO30%3D; expires=Mon, 26-Sep-2022 21:48:11 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:11 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=962240
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=962240
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (425), with CRLF, LF line terminators
Hash 73692ed212f39f4f8f0d679e91b21ecd
e1d7ef37f2c1d11408a67fbfb9d239f06db29b50
4be38faf9d206c2921ac4528ee51cb0e0b4e67f4d7a1ea91b25246adf21516b6
GET /adshow.php?adzone=962240 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=48fd6ade8ee34baee27c1df0a4ed85d9; expires=Sat, 23-Sep-2023 21:48:11 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps131=1; expires=Sat, 24-Sep-2022 21:48:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sat, 24-Sep-2022 21:48:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjkwMjA2MTtpOjE2NjQyMjg4OTE7aTo1NjQ2Mjg7aToxNjY0MjI4ODkxO30%3D; expires=Mon, 26-Sep-2022 21:48:11 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:11 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=940998
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=940998
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (426), with CRLF, LF line terminators
Hash 077e09cd198bdc774c88e0f28ed9d888
255a98c960be8449f15da636703165cac655ce74
8da7b282d7e88104051afa0c5ccf1b110acba0b4d9fbf11915ab36217e7ec163
GET /adshow.php?adzone=940998 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=db2d7c9b47f27e0db90895fed162c4ef; expires=Sat, 23-Sep-2023 21:48:12 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sat, 24-Sep-2022 21:48:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY3NTc7aToxNjY0MjI4ODkyO30%3D; expires=Mon, 26-Sep-2022 21:48:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1663969692282&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.245200 OK 52 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1663969692282&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with no line terminators
Hash c3743cf5e9e53705dc66056f1a34f6ec
740253d7fe753ab9b7d71e1832fd1af41c0677c1
c184a4ce5928e23f286176d3c76a8d5c12c67a8957554c92fb144b1cdd2fb17c
GET /ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1663969692282&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632e29994fe0e5.194138443244006681%22%3B%7D; impressions=oslmroemnxgxaasmmxxmogeicxbmsbocnxgxaaslabrxbgeioslmrxbrnxgxaaslalcmbgeicxbmsbxcnxgxaaslcsrobgeicxbmsbcenxgxaaslaalcrgeislsaroornxgxaasbbrbolgeicxbmsboenxgxaaslalcmbgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaasmxelmageimcclsoeenxgxaasamsoccgeimcclosconxgxaasabxarlgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaasabxarlgeioslmrxlsnxgxaaslaalcrgeicaormbbonxgxaasalbbregeioslmrxlrnxgxaasmebascgeimcclsxscnxgxaasmebascgeimrerbmbbnxgxaasmeceesgeialbsereanxgxaasboxexogeialbserebnxgxaasborcsogeiccmblmmcnxgxaaslsbacbgeimcssmlrensgxaasbbrbolgxcceimxxerrebnxgxaasbbrbolgxcceimrsreamansgxaasbbleccgxcceimrsreabenxgxaasbbleccgxcceimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaaslaalcrgeimrblelmbnxgxaasblsoxxgeimcclossanxgxaasblsoxxgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaasblsoxxgeimrmaoboenogxaasblsmbogxcceimrxccosonxgxaasblmabsgxcceimrxccosbnogxaasblmabsgxcceimrxccosenogxaasblmabsgxcceimememseonxgxaasblmabsgxcceimrsreamonsgxaasbllxsmgxcceimrsreamcnsgxaasbllxsmgxcceimrsreamensgxaaslerraogxcceimrsreabonsgxaaslerraogxcceimcoaxmxcncgxaaslelsomgxcceimcssmlrcnsgxaaslelsomgxcceialaroxrcnxgxaaslelssegxcceimxcbrxsenxgxaaslxeercgxcceiaaxcamlanxgxaaslxeercgxcceimoobcoaonxgxaasloloorgxcceixaoosscrnxgxaasloloorgxcceimrlxebecnxgxaaslsxlmsgxcceimxlbmxlcnsgxaaslsccmbgxcceimxxrecsanxgxaaslsrmocgxcceimxlbmoobnogxaaslsrmocgxcceimsacexoonxgxaaslsrmocgxcceimxlbmoscnogxaaslsbacbgxcceiaaxcabeonxgxaaslsbaclgxcceicloaxxobnxgxaaslsbaclgxcceixaoossalnxgxaaslsbaclgxcceicloaxxxbnxgxaaslsbaclgxcceiaaxcabecnxgxaaslsbaclgxcceimxlbmosenogxaaslsbaclgxcceiaaxcamlcnxgxaaslcxxsegxcceimeembesonxgxaaslcxxsegxcceimrxccoscnxgxaaslcxxsegxcceimeembescnxgxaaslcxxsegxcceimeembecenxgxaaslcxxsegxcceimrbboaxcnxgxaaslcxxsegxcceiceecmorsnxgxaaslcxxsegxcceimccloscenxgxaaslcsrobgeimxlbmxlonagxaaslcsrobgxcceimcclsxacnxgxaaslcsrobgeimrmaobxanxgxaaslcsrolgxcceicmarxbbonsgxaaslcsrolgxcceirreacmsbnxgxaaslcarmcgxcceicloaecoenxgxaaslcarmrgxcceimxlbalscncgxaaslreembgxcceimxlbalsbnogxaaslreembgxcceimxlbmxlenogxaaslreembgxcceimxlbalcenogxaaslreembgxcceimxlbmxbbnsgxaaslreembgxcceialbbebsbnogxaaslreebxgxcceimemlxbocnogxaaslreebogxcceialbbebrenxgxaaslreebogxcceialbbebsanogxaaslreebsgxcceimxcbrxscnogxaaslreebcgxcceimxcbrxobnxgxaaslreebrgxcceimemlxmcbnxgxaaslaosmxgxcceimxlbmoconogxaaslaosmxgxcceimxlbmosanxgxaaslaosmxgxcceimxeoxsacnxgxaaslaaelcgxcceimrmcmmcanxgxaaslaalcrgxcceimcssmlronsgxaaslaalcrgxcceicbbmelocnxgxaaslabrxbgxcceimxeoxsbenxgxaaslalcmbgxcceimxlbmosonxgxaaslalcmbgxcceimememsecnxgxaaslalcmlgxcceimcrxeoaonxgxaaslalalxgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632e29994fe0e5.194138443244006681%22%3B%7D; expires=Sun, 22 Sep 2024 21:48:13 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Wed, 22 Jun 2022 09:24:43 GMT
If-None-Match: W/"62b2dfdb-18fbf"
HTTP/1.1 304 Not Modified
Date: Wed, 22 Jun 2022 09:39:46 GMT
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62b2dfdb-18fbf"
Age: 8078907
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
94.130.141.49200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:13 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
poweredby.jads.co/adshow.php?adzone=830938
185.94.236.246200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830938
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (428), with CRLF, LF line terminators
Hash 95cf266cba4c0da29e2bda98cacb72b5
e3e48967f576403fc4fb72b1a745dcc38579736c
44ab9435b5345f72c19c660f2f721717724b925870600ee7c0d84b007a4e2381
GET /adshow.php?adzone=830938 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:48:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=48fd6ade8ee34baee27c1df0a4ed85d9; expires=Sat, 23-Sep-2023 21:48:11 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps43654=1; expires=Sat, 24-Sep-2022 21:48:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sat, 24-Sep-2022 21:48:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps32597=1; expires=Sat, 24-Sep-2022 21:48:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTozOntpOjEyMDQyOTU7aToxNjY0MjI4ODkxO2k6MTE5Njc0MDtpOjE2NjQyMjg4OTE7aTo3NjY4ODk7aToxNjY0MjI4ODkxO30%3D; expires=Mon, 26-Sep-2022 21:48:11 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 26-Sep-2022 21:48:11 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
static-assets.highwebmedia.com/CACHE/css/output.8c08657b87c3.css
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.8c08657b87c3.css
IP 104.16.94.42:0
GET /CACHE/css/output.8c08657b87c3.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=247795
etag: W/"b18ea1958da9b29c22d9ecb59bd03349"
last-modified: Thu, 22 Sep 2022 16:22:00 GMT
x-amz-id-2: 6x+PN4E14NWuPQOh+xnrIuEJ1D5/CmTMlGpKZ+IKYQckjgFZceGVATQrhGQAkmd8oKcieTnSvhQ=
x-amz-meta-s3cmd-attrs: md5:b18ea1958da9b29c22d9ecb59bd03349
x-amz-request-id: CRTHK2VNR3HPWTE0
cf-cache-status: HIT
age: 105778
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Co%2BcXISHAqK%2Fzz8AigO2xcBgqwVR98fJVDA8rV%2FjdA2baQWlNg1rUD%2BFMcF0TAzbS6BaYff2Dcu1vlJsdr%2Bfj%2B5IjVO50Uf7vpm6fUJT0Fn3TbXTX5kqhB99PGFNWwr81X9Hn3R0Rs3vnqpnuEhDdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=u0MGgdkPJAOelUckuq7vq2ocBGkRC3d7qtuLhk7.QBg-1663969692292-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb0cf6ab4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
IP 104.16.94.42:0
GET /CACHE/js/output.bc85e791cb2f.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=202270
etag: W/"7d90e856406997eee24123ea8a61c92d"
last-modified: Fri, 10 Sep 2021 01:29:44 GMT
x-amz-id-2: HJqgrzmpP8NIgQA+YW8wx4YmDeOFkE860/zZrYgEfEOOhSRenFjn4mxx7ChaQYvyWjZAxImMIY8=
x-amz-meta-s3cmd-attrs: md5:7d90e856406997eee24123ea8a61c92d
x-amz-request-id: EVKN10SQAKNB8VZG
cf-cache-status: HIT
age: 1635268
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5am0NVr2yzvRO12guDsbOYjnlxDcdiVL4smQSbbe8%2FVxEYucOSI8b5eq3NsXvcyNsDz4ELUGf6qcCiOKxqhZ72978gF0322T0nImvHYgoYE5OzI4HcCrL7Sx0FdvjS92tAb2xHbS9WtJhlbmz%2BNPvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=ndFl.Mcf48KZUXC0_up3H3wyDeyKQfT_vDAvY1_RYZg-1663969692326-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb0ffaeb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=90b98dd00874
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=90b98dd00874
IP 104.16.94.42:0
GET /jsi18n/en/djangojs.js?hash=90b98dd00874 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=3271
etag: W/"32cad827f4958bb8450fc33065ba4b42"
last-modified: Thu, 28 Apr 2022 02:42:35 GMT
x-amz-id-2: IvPsyHKpwbQyYiUmlvhn2iS59jWIVAT7Tpgvflt7F3TFud5nyi9QGYB5v9EL2g0BN0hpJ1bB+/8=
x-amz-meta-s3cmd-attrs: md5:32cad827f4958bb8450fc33065ba4b42
x-amz-request-id: BQA5XZ0HC5JB9KMY
cf-cache-status: HIT
age: 6222
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tpHS4oClfUoXOjAeMxW7yPG95Cel7Vtr%2FKx4jxuBJvPHlzFtC2rF1ScFYVBIxBMzVhjCO33MD84anUzNzoLBZSwbZL6r3RficwhE6HeFdmLGWJ26bKxzezqejsnLFY%2B9lgvkUPv1SOD2Q59COnHk%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=dGB4PXfWZ.v_4PqWQEo.6TjPbqT.upQpnO0NZdAcV4g-1663969692339-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb10fb9b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.1486cd5aa4f0.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.1486cd5aa4f0.js
IP 104.16.94.42:0
GET /CACHE/js/output.1486cd5aa4f0.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=117895
etag: W/"eb2259ff6dbd950ae158f73065752aa1"
last-modified: Thu, 21 Oct 2021 18:11:54 GMT
x-amz-id-2: k6NhlyRh+XXZM7+pSOMylQwAMSlxLRy7teDHalfRWz7mnIIf6Ig6amIFaKAolUjBHmL3PkEkULk=
x-amz-meta-s3cmd-attrs: md5:eb2259ff6dbd950ae158f73065752aa1
x-amz-request-id: FHZ86T60E9WK32PB
cf-cache-status: HIT
age: 1642483
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e9ppaNdAKHFExW9CssqcfvdKEOCl6YeFl8lFlqDZAgBcSJK9ZNLVNLepFjO%2F1jshQ9%2FTg9qhwHkaxTBBdX5lpO1K0jwbPAN6yLeA07IXWGO5i9zV7vAg%2FFFgR%2F5yi56ZnUZgU5dHVL1iURwhgJawOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=qmD7Re4fAUAdnsUOtKEc9vBjWwq6MK5MMZ9XkyMP5mc-1663969692337-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb10fbab4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
IP 104.18.11.207:0
GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:07 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"2f624089c65f12185e79925bc5a7fc42"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 08/20/2022 02:31:07
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 601
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 74ac109e62df69b5d977faa68dd5dedd
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74f67b93f9bdfac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
45.133.44.24200 OK 0 B URL HTTP/2 12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags= HTTP/1.1
Host: 12007250.pix-cdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:09 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 20 May 2020 13:08:32 GMT
cache-control: max-age=3600
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=07PlbY6UGHu6%2BuhNOQhdpDcvPumUG0XWd1F0lyfO5Mi7%2B78nl25ahEu6B6viA6L1fqxzy%2BCWUY2dxIlgEJBVtfYAMUp%2Fm5RhQpCoGivr3968sFyua8FN1Nl7aHZP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 732484121c2aabda-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 23 Sep 2022 22:48:09 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=479024099&categories={{ad_tags}}
136.243.43.25200 OK 0 B URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=479024099&categories={{ad_tags}}
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=479024099&categories={{ad_tags}} HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 70d02a1c7e9a3b48
set-cookie: ts_uid=150f52af-e05c-47ff-9135-0b7b2fe824de; expires=Thu, 23 Mar 2023 21:48:10 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZN3LIkEFDRhcWIsYU3BLjoYgyE2PYsEEDRg0bMHLA6NJH; expires=Sat, 24 Sep 2022 21:48:10 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
IP 104.16.94.42:0
GET /CACHE/js/output.97a5db11ca63.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=827275
etag: W/"692ec922d2a39b4037073f70286968b3"
last-modified: Fri, 13 May 2022 09:09:46 GMT
x-amz-id-2: VZ8ol5gj9DR4cR1Ys+gd3EdgeEH8vduV/GWCX0hMYtqbtTyLc8wtgelbUHUwXR/km7ekid2PJdA=
x-amz-meta-s3cmd-attrs: md5:692ec922d2a39b4037073f70286968b3
x-amz-request-id: WKBNH94P832M1DR9
cf-cache-status: HIT
age: 1168173
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DydcWD83Lp196LlLjWEaHLjJ37x1JWCDp3H0N7yco4NNQVHZAHQoHoXvqmtHhC%2BpAM3p%2FGGPP6DLixg4Q%2FnyWrWGSLchGtSSGimdHe2xwms6s7NBypCh181NRKV2z7211cikfLtl2XnjFC6E6CbKTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=srEGBHwXwI6tvrh2ALQINVe_u2bNw7fjqSuCnKSSjNU-1663969692298-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb0cf70b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjcxLCJpZCI6ODU5LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo3MSwidHlwZSI6ImJhbm5lciIsInNwYWNlaWQiOjg1OSwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjQ3OTAyNDA5OSIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjcxIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI3MSIsInBhZ2UiOiJodHRwOi8veW91dnUucG9ybmZvbGxldHQuZ2lnaXhvLmNvbS8/aXlhbm5hIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6Ijk0YTEyOWFhODk3MDgzN2JlMjU4NWZmM2Y0MjJmM2NlIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4OTU5MH19
116.202.60.158200 OK 0 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjcxLCJpZCI6ODU5LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo3MSwidHlwZSI6ImJhbm5lciIsInNwYWNlaWQiOjg1OSwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjQ3OTAyNDA5OSIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjcxIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI3MSIsInBhZ2UiOiJodHRwOi8veW91dnUucG9ybmZvbGxldHQuZ2lnaXhvLmNvbS8/aXlhbm5hIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6Ijk0YTEyOWFhODk3MDgzN2JlMjU4NWZmM2Y0MjJmM2NlIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4OTU5MH19
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjcxLCJpZCI6ODU5LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo3MSwidHlwZSI6ImJhbm5lciIsInNwYWNlaWQiOjg1OSwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjQ3OTAyNDA5OSIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjcxIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI3MSIsInBhZ2UiOiJodHRwOi8veW91dnUucG9ybmZvbGxldHQuZ2lnaXhvLmNvbS8/aXlhbm5hIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6Ijk0YTEyOWFhODk3MDgzN2JlMjU4NWZmM2Y0MjJmM2NlIn0sImV4dCI6eyJkdCI6MTY2Mzk2OTY4OTU5MH19 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
biptolyla.com/a.W-ZpyqPr3sB_1ucv2whxa-bz2A5BlCS_WEQF9GNHD-EJ2KNLDMU_wOOPCQ0R0-MTTUYV0WN_TYAZ5aJbn-pdvebfmgV_JiZjDk0l0-MnToYp0qN_TsAt4uLvT-QxxyNzjAQ_1CMDDEkF?iframeId=mfimlw
188.72.219.36200 OK 0 B URL HTTP/2 biptolyla.com/a.W-ZpyqPr3sB_1ucv2whxa-bz2A5BlCS_WEQF9GNHD-EJ2KNLDMU_wOOPCQ0R0-MTTUYV0WN_TYAZ5aJbn-pdvebfmgV_JiZjDk0l0-MnToYp0qN_TsAt4uLvT-QxxyNzjAQ_1CMDDEkF?iframeId=mfimlw
IP 188.72.219.36:0
GET /a.W-ZpyqPr3sB_1ucv2whxa-bz2A5BlCS_WEQF9GNHD-EJ2KNLDMU_wOOPCQ0R0-MTTUYV0WN_TYAZ5aJbn-pdvebfmgV_JiZjDk0l0-MnToYp0qN_TsAt4uLvT-QxxyNzjAQ_1CMDDEkF?iframeId=mfimlw HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:08 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Fri, 23 Sep 2022 21:48:08 GMT
set-cookie: kadCCap=132751:1:1663300715;168401:1:1663017409;199455:1:1662011125;211845:1:1661388894;210565:1:1660883596;199507:1:1655888030;210190:1:1662153287;180343:1:1656296307;194136:1:1663118711; max-age=1695505688; path=/
kadACap=319611:1:1659066943;427172:1:1661328422;419303:1:1662804291;446120:1:1663148405;443007:1:1661388894;383700:1:1662671864;419321:1:1662477203;410252:1:1662915839;432805:1:1656295137;424441:1:1662472246;419297:1:1662889803;445389:1:1663209970;407186:1:1660140957;419295:1:1661224266;435966:1:1656602141;434768:1:1656274688;419301:1:1663566374;438050:1:1657036135;426142:1:1655888030;445933:1:1662662013;401659:1:1662418246;438036:1:1657029440;432801:1:1656295814;422197:1:1661937740;419323:1:1661776141;444565:1:1663112893;443580:1:1661935629;444360:1:1662446108;346327:1:1663881239;272913:1:1661284037;442019:1:1663736826;444311:1:1663771206;419293:1:1662883102;444410:1:1662620118;445475:1:1662616891;433660:1:1662623802;442673:1:1660504936;384014:1:1658355870;320483:1:1661342695;419299:1:1662523186;419291:1:1662829503;434524:1:1657107027; max-age=1695505688; path=/
kadRPixJ=bnVsbA==; max-age=1695505688; path=/
kadUnP3=CAcQgqCvmQYaDQjGkpUCEAEY7OGzmQYqDAje9CcQARjs4bOZBg==; max-age=1695505688; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3DJfVqkhuBMYa-46PwYYIU0ZfXan9mjgHquFMVW37rr_FTSrKRZmX-FemjWaquOqOcl_Cs5QP041ubVhY-4kFVloE-2uJS-XCmCKxJnIE_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
104.18.42.40200 OK 0 B URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3DJfVqkhuBMYa-46PwYYIU0ZfXan9mjgHquFMVW37rr_FTSrKRZmX-FemjWaquOqOcl_Cs5QP041ubVhY-4kFVloE-2uJS-XCmCKxJnIE_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
IP 104.18.42.40:0
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3DJfVqkhuBMYa-46PwYYIU0ZfXan9mjgHquFMVW37rr_FTSrKRZmX-FemjWaquOqOcl_Cs5QP041ubVhY-4kFVloE-2uJS-XCmCKxJnIE_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460 HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Fri, 23 Sep 2022 21:48:12 GMT
cf-cache-status: MISS
set-cookie: __cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLDKpTvfEnCRQ9i; SameSite=None; Secure; path=/; expires=Sat, 24-Sep-22 20:48:12 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f67bb40aa7b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
youvu.pornfollett.gigixo.com/static/9.ico
51.79.221.186200 OK 0 B URL HTTP/1.1 youvu.pornfollett.gigixo.com/static/9.ico
IP 51.79.221.186:0
GET /static/9.ico HTTP/1.1
Host: youvu.pornfollett.gigixo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/?iyanna
Cookie: ppu_main_01b64935b8061c1f61d213a27ce2d729=1; ppu_idelay_01b64935b8061c1f61d213a27ce2d729=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=387798b0-f6e3-44e8-917e-1b5b9b8bb156%3A3%3A1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:42:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A08%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
88.208.59.102200 OK 0 B URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A08%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Sep%2023%202022%2021%3A48%3A08%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:10 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 23 Sep 2022 21:48:10 UTC
expires: Fri, 23 Sep 2022 21:48:10 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
a.adtng.com/get/10005363?time=1592491455431&atc=423524&apb=aTGc7sm5tdRhItbAZ1fgW5EQo6k_kBSqCPjovp0j5a1qru2G4OKa79r1P1QW7gdyqT3NPkaYggIRv7Aae50J2Q_lf9YTl-TUhWL3a52gjUCSh60ScLRg7ay8_gUIDRUi
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=423524&apb=aTGc7sm5tdRhItbAZ1fgW5EQo6k_kBSqCPjovp0j5a1qru2G4OKa79r1P1QW7gdyqT3NPkaYggIRv7Aae50J2Q_lf9YTl-TUhWL3a52gjUCSh60ScLRg7ay8_gUIDRUi
IP 66.254.114.171:0
GET /get/10005363?time=1592491455431&atc=423524&apb=aTGc7sm5tdRhItbAZ1fgW5EQo6k_kBSqCPjovp0j5a1qru2G4OKa79r1P1QW7gdyqT3NPkaYggIRv7Aae50J2Q_lf9YTl-TUhWL3a52gjUCSh60ScLRg7ay8_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Fri, 23 Sep 2022 21:48:11 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KBmMuKZsQVVfJ6YEXAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded6974; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 632E299B-42FE72AB01BB2159-352FF4CB
X-Firefox-Spdy: h2
biptolyla.com/aeWfZ.ygP_3iBj1kcl2-hnaobp2q5_lsStWuQv9-NxDyEz4AM_jCkD0ENFC-0H0IMJTKg_yMONTOQP1-JRnSpTvUb_mWVXJYZZD-0b0cMdTeg_ygOhTiQj0-LlTmQnxoO_DqIr5sNtD-Uv?iframeId=fpbtqh
188.72.219.36200 OK 0 B URL HTTP/2 biptolyla.com/aeWfZ.ygP_3iBj1kcl2-hnaobp2q5_lsStWuQv9-NxDyEz4AM_jCkD0ENFC-0H0IMJTKg_yMONTOQP1-JRnSpTvUb_mWVXJYZZD-0b0cMdTeg_ygOhTiQj0-LlTmQnxoO_DqIr5sNtD-Uv?iframeId=fpbtqh
IP 188.72.219.36:0
GET /aeWfZ.ygP_3iBj1kcl2-hnaobp2q5_lsStWuQv9-NxDyEz4AM_jCkD0ENFC-0H0IMJTKg_yMONTOQP1-JRnSpTvUb_mWVXJYZZD-0b0cMdTeg_ygOhTiQj0-LlTmQnxoO_DqIr5sNtD-Uv?iframeId=fpbtqh HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 21:48:11 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
last-modified: Fri, 23 Sep 2022 21:48:11 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: kadCCap=132751:1:1663300715;210565:1:1660883596;199507:1:1655888030;194136:1:1663118711;180343:1:1656296307;168401:1:1663017409;199455:1:1662011125;211845:1:1661388894;210190:1:1662153287; max-age=1695505691; path=/
kadACap=445933:1:1662662013;419291:1:1662829503;442019:1:1663736826;383700:1:1662671864;419293:1:1662883102;419323:1:1661776141;320483:1:1661342695;419295:1:1661224266;346327:1:1663881239;419301:1:1663566374;434524:1:1657107027;444410:1:1662620118;319611:1:1659066943;419297:1:1662889803;444311:1:1663771206;445475:1:1662616891;432805:1:1656295137;444565:1:1663112893;419321:1:1662477203;419299:1:1662523186;438036:1:1657029440;427172:1:1661328422;446120:1:1663148405;422197:1:1661937740;442673:1:1660504936;401659:1:1662418246;384014:1:1658355870;435966:1:1656602141;432801:1:1656295814;443580:1:1661935629;272913:1:1661284037;410252:1:1662915839;426142:1:1655888030;444360:1:1662446108;445389:1:1663209970;433660:1:1662623802;434768:1:1656274688;419303:1:1662804291;407186:1:1660140957;438050:1:1657036135;443007:1:1661388894;424441:1:1662472246; max-age=1695505691; path=/
kadRPixJ=bnVsbA==; max-age=1695505691; path=/
kadUnP3=CAcQgqCvmQYaDQjGkpUCEAEY7OGzmQYqDAje9CcQARjs4bOZBg==; max-age=1695505691; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
a.adtng.com/get/10005363?time=1592491455431&atc=445506&apb=V6H_bAfRpWDzqfY3oK_B8s4bQ6EAtri-pzUCSZGQOriMOjQJaQMIHo5wV0Zsbyr58TvuGYjpLCMBKBI5qe6PdWoWmLWT9JcUIgwa-QEeRoSSSiMN2QHsKM4u_gUIDRUi
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=445506&apb=V6H_bAfRpWDzqfY3oK_B8s4bQ6EAtri-pzUCSZGQOriMOjQJaQMIHo5wV0Zsbyr58TvuGYjpLCMBKBI5qe6PdWoWmLWT9JcUIgwa-QEeRoSSSiMN2QHsKM4u_gUIDRUi
IP 66.254.114.171:0
GET /get/10005363?time=1592491455431&atc=445506&apb=V6H_bAfRpWDzqfY3oK_B8s4bQ6EAtri-pzUCSZGQOriMOjQJaQMIHo5wV0Zsbyr58TvuGYjpLCMBKBI5qe6PdWoWmLWT9JcUIgwa-QEeRoSSSiMN2QHsKM4u_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Fri, 23 Sep 2022 21:48:11 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KFmMuKZtexmO1FYo7Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7040; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 632E299B-42FE72AB01BB2159-352FF4C7
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/3.3.6/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://youvu.pornfollett.gigixo.com
Connection: keep-alive
Referer: http://youvu.pornfollett.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:07 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"c5b5b2fa19bd66ff23211d9f844e0131"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 08/20/2022 02:30:10
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: d0a28b50e1de4312cd4020d981e41056
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74f67b9409cffac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/theatermode-react-90b98dd00874.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/theatermode-react-90b98dd00874.js
IP 104.16.94.42:0
GET /cachebust/theatermode-react-90b98dd00874.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=193979
etag: W/"b801a58b661d518dfe85cc92f384327f"
last-modified: Fri, 23 Sep 2022 20:01:32 GMT
x-amz-id-2: vG9DkbFEj/+3/84T7LofiMljeAdhIyD9V2Kfux/WjXc6wImdDQqMWV4nqIphlaS/fTz0kqIuHsA=
x-amz-meta-s3cmd-attrs: md5:b801a58b661d518dfe85cc92f384327f
x-amz-request-id: BQA7Z6YW31VMFX3K
cf-cache-status: HIT
age: 6222
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cbdtyw6rrA7Xv8GSwE%2Bygnh%2FXHcnAmZvGnHyeukoRMI%2BAXmpAH%2FIY4UznBEULUP39H8UiDSpzoC1vtPrkzXfooOBMAYee46BvgnAQ7qgV7Ca3VXiSAfNaincGJxYDmUXiwrWNCOtqMbssyCTYjY7aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=tgSGKSj9DojevC2GeiGXnK8qSA4SSU6oz..Ns5hnids-1663969692315-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb0ef97b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/chatembed-prod-90b98dd00874.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/chatembed-prod-90b98dd00874.js
IP 104.16.94.42:0
GET /cachebust/chatembed-prod-90b98dd00874.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=912466
etag: W/"f398903b3e4d8cc95a5a63f84c84917d"
last-modified: Fri, 23 Sep 2022 20:01:34 GMT
x-amz-id-2: V1r1Tep8aprn1hdGozTNdy/ScoFZYjx3DoHuAO/JdUU9XgSTgyAz4bZW7//Oaa1MNCEvn5YEsP0=
x-amz-meta-s3cmd-attrs: md5:f398903b3e4d8cc95a5a63f84c84917d
x-amz-request-id: BQA4S5Z9K33ZC4TV
cf-cache-status: HIT
age: 6222
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTR3cdfF5UMNPVHowp32DT7GN6pe5Ih2hBKdePqN0bOebJ6y0O4reVSTSe5TwiFTvQaM0Se8jwv4%2BTabB%2BmBD1H3LQ2FMDa58kD02PdWQ4bncIv0w9mGGVDZWK1YsAtooZ4WodIasybOOOBJ5WOZIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=ndFl.Mcf48KZUXC0_up3H3wyDeyKQfT_vDAvY1_RYZg-1663969692326-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb0ffafb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
IP 104.16.94.42:0
GET /CACHE/js/output.caee332d326d.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:12 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"b61e15511bf0db70d0d422e98c465403"
last-modified: Thu, 24 Jun 2021 21:24:08 GMT
x-amz-id-2: gAJe87IyJM0OkbaBgua73HTcoEANURYYk4wpsNNClr414DBIRL/v+K+9hxRFHrgcwnw38qlmXmM=
x-amz-meta-s3cmd-attrs: md5:b61e15511bf0db70d0d422e98c465403
x-amz-request-id: 2D5TZ021KE4200HB
cf-cache-status: HIT
age: 519651
expires: Sun, 23 Oct 2022 21:48:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ww2ZvrjAkV6cADOqS0WfTSn9OhiZI9qKEzTDpAHJU1HdX1c%2F%2Bnd59ArTb0exRgb%2Fn%2BzYgP8Mh0%2F0nT0T3uE1Apr7L5FET88ev2y6QBMYsFF197aWZNMyVCpSe2qSyLxY9Yf0WTJYVGTILpjNMyO%2BlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=DJWzjDhHQvkqaUgbnW0sY9kbs3hnyx37bzH8n28PC7g-1663969692295-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74f67bb0cf6bb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3D4_KZTR85HC67-_NaYXajO0qQaMQHkwg-lboAMPJTT38qBslAsHPBr57ntP-Fb0fUhKrHR0SkWCFcNbEa00_temvIzLTfmOijJPawQUQ_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
104.18.42.40200 OK 0 B URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3D4_KZTR85HC67-_NaYXajO0qQaMQHkwg-lboAMPJTT38qBslAsHPBr57ntP-Fb0fUhKrHR0SkWCFcNbEa00_temvIzLTfmOijJPawQUQ_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
IP 104.18.42.40:0
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3D4_KZTR85HC67-_NaYXajO0qQaMQHkwg-lboAMPJTT38qBslAsHPBr57ntP-Fb0fUhKrHR0SkWCFcNbEa00_temvIzLTfmOijJPawQUQ_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460 HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 21:48:13 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Fri, 23 Sep 2022 21:48:13 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7mjDyi5wUmq1Fz; SameSite=None; Secure; path=/; expires=Sat, 24-Sep-22 20:48:13 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f67bb68d3fb4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2