www.xxxfiles.tv/videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320
104.21.83.6200 OK 16 kB URL HTTP/1.1 www.xxxfiles.tv/videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320
IP 104.21.83.6:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7475)
Hash 4e35fde7dd0aedace02decdba8e82cc0
0d3fae10497993a40947dea251e6767a37228b21
9aeedb7ec374d806bd980f018de3ac7984a6999abd78622e81f1e909cc6390dc
GET /videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320 HTTP/1.1
Host: www.xxxfiles.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 19:50:45 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=g5550e95mc1prco8sfbop0ec4k; path=/; domain=.xxxfiles.tv; SameSite=Lax
second_643539=true; expires=Thu, 09-Feb-2023 19:50:43 GMT; Max-Age=0; path=/
kt_qparams=id%3D189105%26dir%3Df1f6fb16d6af0de72cf183a54452cb6e%26sid%3D12320; expires=Fri, 10-Feb-2023 19:50:44 GMT; Max-Age=86400; path=/; domain=.xxxfiles.tv; SameSite=Lax
kt_ips=91.90.42.154; expires=Fri, 10-Feb-2023 19:50:44 GMT; Max-Age=86400; path=/; domain=.xxxfiles.tv; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kJepuOog9tkjO8y%2BNVrGGU0ELvfekayO6G1xxTs5PD%2FZMMWCi3ZkxczrOlqfkYKhO8wxdAKTbXYUfsA14S5xzDP9k57v3KGv6X4Is1urWqT3GR8PerYk%2Ber40M7E2h%2FMuUk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 796f22c2fa87b4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84247d80b610d0c6da587141b21323ae
46461f8709d099f5295998f41aaafa5be4387ea6
bee5e9e0d7b4a24609950ceb40194bffb482c36152d376bb119e7cc3aba488dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BEE5E9E0D7B4A24609950CEB40194BFFB482C36152D376BB119E7CC3ABA488DC"
Last-Modified: Thu, 09 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12309
Expires: Thu, 09 Feb 2023 23:15:54 GMT
Date: Thu, 09 Feb 2023 19:50:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 408d1564e8f59e6626e41be4106ce2e6
4149a1f17e8f7c446e7aa4963f3a49b6a00b6164
46e2e79c7977854058dec9cde88f963dd498dd235c3bb15b39a9e5ce1027d7fe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E2E79C7977854058DEC9CDE88F963DD498DD235C3BB15B39A9E5CE1027D7FE"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15583
Expires: Fri, 10 Feb 2023 00:10:28 GMT
Date: Thu, 09 Feb 2023 19:50:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 19:34:16 GMT
content-type: application/json
age: 989
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 50a2f8cdbbd1059f5318753155bba7ef
405e63ea4683be44f876feae34b5cb645ff751f2
f6ac743a5a17d64d2858fec5791050d2dc8074ddd823826c93e67bffdb2f0868
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6AC743A5A17D64D2858FEC5791050D2DC8074DDD823826C93E67BFFDB2F0868"
Last-Modified: Thu, 09 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14171
Expires: Thu, 09 Feb 2023 23:46:56 GMT
Date: Thu, 09 Feb 2023 19:50:45 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: nAEljaKqV/OjEI8cuQvaPuVSH6IynKf90Fa6dS5fva3PBnADwTAVpUsHLuhgeNo/FbwWlWs+Obc=
x-amz-request-id: PJ5FVRQ5C4ZW04KP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 19:46:31 GMT
age: 254
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 19:50:45 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.xxxfiles.tv/vpaid/videojs.vast.vpaid.min.css
104.21.83.6200 OK 773 B URL HTTP/1.1 www.xxxfiles.tv/vpaid/videojs.vast.vpaid.min.css
IP 104.21.83.6:0
File type ASCII text, with very long lines (1935)
Hash 6845152df80dd7d9aeb046f4e4a31772
5cd1f9eb1e2d19f7b0f46ccecf12d658a62ad324
937976cc423649a6506d474e36ee37a9c6dae07ec617296369f106a32159813e
GET /vpaid/videojs.vast.vpaid.min.css HTTP/1.1
Host: www.xxxfiles.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320
Cookie: PHPSESSID=g5550e95mc1prco8sfbop0ec4k; kt_qparams=id%3D189105%26dir%3Df1f6fb16d6af0de72cf183a54452cb6e%26sid%3D12320; kt_ips=91.90.42.154
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 19:50:45 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 20 Nov 2019 10:54:23 GMT
Vary: Accept-Encoding
ETag: W/"5dd51b5f-7c7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 295854
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EKxJUVvXFC4ybTSz3WVBWVWgiYSwRAybCurI8UJYAob4EsS1UfRywWjOx0GYkQZN4MywpcILElkKFA70yW8XuxXV9TTRveuSZdcKxt8WEM61eke1F2IGfTjYCwDcX1FXV28%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 796f22c65a18b529-OSL
alt-svc: h2=":443"; ma=60
www.xxxfiles.tv/vpaid/videojs_5.vast.vpaid.min.js?v=1675972244
104.21.83.6200 OK 32 kB URL HTTP/1.1 www.xxxfiles.tv/vpaid/videojs_5.vast.vpaid.min.js?v=1675972244
IP 104.21.83.6:0
File type ASCII text, with very long lines (32057)
Hash 560633af767972e3920012cbf83c148b
7f4848825c8237cdac326b8ee74ef20fe1531c83
cc2f218efee95ea1599ff2c3879cc93bcf23e974210aef7f56694fa83861e9fa
GET /vpaid/videojs_5.vast.vpaid.min.js?v=1675972244 HTTP/1.1
Host: www.xxxfiles.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320
Cookie: PHPSESSID=g5550e95mc1prco8sfbop0ec4k; kt_qparams=id%3D189105%26dir%3Df1f6fb16d6af0de72cf183a54452cb6e%26sid%3D12320; kt_ips=91.90.42.154
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 19:50:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 20 Nov 2019 11:59:07 GMT
Vary: Accept-Encoding
ETag: W/"5dd52a8b-19ebe"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cor8G2YorrYnBQvioZ%2F%2FBkERJGS20beN32gTQBaeQRGNJbglGOoomDFV1nzgbm%2F0b1n1eVnYEduL4I3h7nuk9L2F%2B838ZRhZ7cnSD9ZJc2rYs4za9PUeMwAJO5R6tXbPFlg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 796f22c61f3fb4eb-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
IP 142.250.74.163:0
Hash 7da86bdd89cc89c9915dfd90e2b53985
c642a66ce5aa1590827b809bbbce7f07bf63ce7e
171ec2eaaa83f69a2764ed50f288dd3089a99448f5216695bdc566c3aaa2c1df
POST /s/gts1p5/5_QnQxpkYFI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hegdcrxavrtk.cdnvideo3.com/XEXvawa.js
135.181.208.216200 OK 84 kB URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/XEXvawa.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65503), with no line terminators
Hash 5c2c956785e26f396413829808801281
e02d3c590f5e6d8c227dc716bcb3fa2a47692ab3
99f1fb8568194c0a512ead373edca1fd9467361353ddc6aa7267e26e98e72266
GET /XEXvawa.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 09 Feb 2023 10:10:19 GMT
ETag: W/"63e4c68b-4882e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Vary: Accept-Encoding, Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: 6ffCG80ozGYIdJpKYNQKUmWmEG1yamn8Wfa06LkACNuaVY0QId4Djg==
Age: 142
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/8sq5gA5.js
135.181.208.216200 OK 54 kB URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/8sq5gA5.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65472), with no line terminators
Hash 816ae9fca946f3ed76d6e5287f07299b
c16aca96271ad46e03af8b9d415f89398ba1e28f
9dddf083f3fedaee07412500b2434fc86e79be0f137336f128bb5b1a3f8b020d
GET /8sq5gA5.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 09 Feb 2023 10:10:19 GMT
ETag: W/"63e4c68b-2af11"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Vary: Accept-Encoding, Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: 2o18awUSrWzMSyOreuPxPEad3ZhHebOxva2wUz9L-71vVjMwEN6Fdg==
Age: 35
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/cZAjeQ7.js
135.181.208.216200 OK 54 kB URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/cZAjeQ7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65472), with no line terminators
Hash 816ae9fca946f3ed76d6e5287f07299b
c16aca96271ad46e03af8b9d415f89398ba1e28f
9dddf083f3fedaee07412500b2434fc86e79be0f137336f128bb5b1a3f8b020d
GET /cZAjeQ7.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 09 Feb 2023 10:10:19 GMT
ETag: W/"63e4c68b-2af11"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Vary: Accept-Encoding, Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: 2o18awUSrWzMSyOreuPxPEad3ZhHebOxva2wUz9L-71vVjMwEN6Fdg==
Age: 35
Content-Encoding: gzip
ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
IP 142.250.74.163:0
Hash 7da86bdd89cc89c9915dfd90e2b53985
c642a66ce5aa1590827b809bbbce7f07bf63ce7e
171ec2eaaa83f69a2764ed50f288dd3089a99448f5216695bdc566c3aaa2c1df
POST /s/gts1p5/5_QnQxpkYFI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hegdcrxavrtk.cdnvideo3.com/Ka0q1Ad.js
135.181.208.216200 OK 84 kB URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/Ka0q1Ad.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65503), with no line terminators
Hash 5c2c956785e26f396413829808801281
e02d3c590f5e6d8c227dc716bcb3fa2a47692ab3
99f1fb8568194c0a512ead373edca1fd9467361353ddc6aa7267e26e98e72266
GET /Ka0q1Ad.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 09 Feb 2023 10:10:19 GMT
ETag: W/"63e4c68b-4882e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Vary: Accept-Encoding, Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dddc8f2bbf76628526b9a5a150e6e5ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: 6ffCG80ozGYIdJpKYNQKUmWmEG1yamn8Wfa06LkACNuaVY0QId4Djg==
Age: 142
Content-Encoding: gzip
ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
IP 142.250.74.163:0
Hash 7da86bdd89cc89c9915dfd90e2b53985
c642a66ce5aa1590827b809bbbce7f07bf63ce7e
171ec2eaaa83f69a2764ed50f288dd3089a99448f5216695bdc566c3aaa2c1df
POST /s/gts1p5/5_QnQxpkYFI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
IP 142.250.74.163:0
Hash 7da86bdd89cc89c9915dfd90e2b53985
c642a66ce5aa1590827b809bbbce7f07bf63ce7e
171ec2eaaa83f69a2764ed50f288dd3089a99448f5216695bdc566c3aaa2c1df
POST /s/gts1p5/5_QnQxpkYFI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ad5b23aac490c2e9ccbac5a9dbcc6b
ef73076be963061b44563356cb33201e401f65e8
92d2469a14b9fe0eb637029f9f2782228441a65c44feb1a37b73ccc606e2b55d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4727
Cache-Control: max-age=93186
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:45 GMT
Etag: "63e40520-117"
Expires: Fri, 10 Feb 2023 21:43:51 GMT
Last-Modified: Wed, 08 Feb 2023 20:25:04 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
vjs.zencdn.net/7.5.5/video-js.css
151.101.194.217200 OK 10 kB URL HTTP/2 vjs.zencdn.net/7.5.5/video-js.css
IP 151.101.194.217:0
File type ASCII text, with very long lines (5636)
Hash 63ef1aa5ef8f1bb4fcb8019a9ad157cd
9cbb2b320cce447d40e3af5118042587263158d5
d5b5c765198056aece9fbee1b43a9873a8a6e0fe6a954f48d001bc030e106146
GET /7.5.5/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 13 Jun 2019 18:18:21 GMT
etag: "29daa9b197765c0111b16939ce1264a9"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Thu, 09 Feb 2023 19:50:45 GMT
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 1020
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10533
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ad5b23aac490c2e9ccbac5a9dbcc6b
ef73076be963061b44563356cb33201e401f65e8
92d2469a14b9fe0eb637029f9f2782228441a65c44feb1a37b73ccc606e2b55d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4727
Cache-Control: max-age=93186
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:45 GMT
Etag: "63e40520-117"
Expires: Fri, 10 Feb 2023 21:43:51 GMT
Last-Modified: Wed, 08 Feb 2023 20:25:04 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
d1nubxdgom3wqt.cloudfront.net/?xbund=831295
54.230.245.116200 OK 99 kB URL HTTP/1.1 d1nubxdgom3wqt.cloudfront.net/?xbund=831295
IP 54.230.245.116:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash 05ac06424b99cc8fe5e2de0d98d2840f
ebba7a6c50ec5ec421348069e1b8db01efef56c9
85de55ac12add2335e4708dfbaa0134e8cfa3fbafbe03e01fbe3bb126dba6cf4
GET /?xbund=831295 HTTP/1.1
Host: d1nubxdgom3wqt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Content-Length: 99019
Connection: keep-alive
Date: Thu, 09 Feb 2023 19:50:45 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FHlE62riHl_7ArAMwIDcYIt_4PIcQu1WZkgbHzaQAFNvGKpXzjSgqg==
cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
151.101.193.229200 OK 1.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
IP 151.101.193.229:0
File type ASCII text, with very long lines (1619)
Hash 0216b1edd2fa7ad9cfa258108fd95af4
39c12f744959428d391ab0593dcc69295e63fd18
ae34cfdf4075a9766062b578ca857f1b10e53ea9979d87769b37bc388daf1138
GET /npm/js-cookie@2/src/js.cookie.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.2.1
x-jsd-version-type: version
etag: W/"79f-7pVBzxqV0qiF+LFDoQXKqgjKnJ0"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 09 Feb 2023 19:50:45 GMT
age: 5195
x-served-by: cache-fra-eddf8230059-FRA, cache-bma1678-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1062
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/silvermine-videojs-quality-selector@1.1.2/dist/css/quality-selector.min.css
151.101.193.229200 OK 373 B URL HTTP/2 cdn.jsdelivr.net/npm/silvermine-videojs-quality-selector@1.1.2/dist/css/quality-selector.min.css
IP 151.101.193.229:0
File type ASCII text, with very long lines (449)
Hash 713a835376f717af04161e5edb84afd5
c98e5c3b2ed59274a3a53d4c0f5e77a826c7c64a
df0337185e5b8cec5027e548fd4d3b7230ffb0f9783ba4cd2dd72058a3ec2c86
GET /npm/silvermine-videojs-quality-selector@1.1.2/dist/css/quality-selector.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.1.2
x-jsd-version-type: version
etag: W/"299-rLWKZXMtTX2vbGY6rnhXUEYaKx8"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 09 Feb 2023 19:50:45 GMT
age: 6094645
x-served-by: cache-fra-eddf8230050-FRA, cache-bma1678-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 373
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.js
104.17.24.14200 OK 1.7 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.js
IP 104.17.24.14:0
Hash 25262966b8186937356da73b4437077e
119334d19971c98dbb41ed0a074df6f9ee76414c
550053ac2111a284edfc27b8c6ed672dea9d9ae72e389e555620e1ab53e3fd78
GET /ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 1675
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04020-18dd"
last-modified: Mon, 04 May 2020 16:17:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 14608784
expires: Tue, 30 Jan 2024 19:50:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4yNArXd2kFImowWCuqlJsW7hfmXQ3hBRBrtmvHDKQBHqFP8rch3SFetKXODxKaKDC4C55kVUd%2BpCLhuBHD0NluB%2BrwM5oPsK5de5DdaVW4S4NiTLoAVx%2BMxuCiq6GasIaiWeTfE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796f22c80cb00b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.css
104.17.24.14200 OK 256 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.css
IP 104.17.24.14:0
Hash 098110bd3ec60e725e6ac659dec292f3
2079d41c25bec276e4dcd4dcbc3c2cdd5c8cad25
13a4726b6560cb70580a6535e9b165bf3c0a447ea054c844043668d1e2ef5e6e
GET /ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:45 GMT
content-type: text/css; charset=utf-8
content-length: 256
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04020-36a"
last-modified: Mon, 04 May 2020 16:17:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1198496
expires: Tue, 30 Jan 2024 19:50:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Z0uZkGtC8P4%2BkMgnX9OyMo84qgeqhWoHpDeMZU%2BFRlx6uRbfDkkPOnbFlCCUWnUAYjTPL4puqW2reLBReR3pWdSiqQlkJQfenVUyKgcMQ%2Bl4GsKju4n1OWIMx278EEYpkYIVYy3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796f22c82cc60b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
IP 142.250.74.163:0
Hash 7da86bdd89cc89c9915dfd90e2b53985
c642a66ce5aa1590827b809bbbce7f07bf63ce7e
171ec2eaaa83f69a2764ed50f288dd3089a99448f5216695bdc566c3aaa2c1df
POST /s/gts1p5/5_QnQxpkYFI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/5_QnQxpkYFI
IP 142.250.74.163:0
Hash 7da86bdd89cc89c9915dfd90e2b53985
c642a66ce5aa1590827b809bbbce7f07bf63ce7e
171ec2eaaa83f69a2764ed50f288dd3089a99448f5216695bdc566c3aaa2c1df
POST /s/gts1p5/5_QnQxpkYFI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js
104.16.122.175200 OK 7.9 kB URL HTTP/2 unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js
IP 104.16.122.175:0
File type ASCII text, with very long lines (21159)
Hash 7e5d6745efe7148fd6d7a54f75cb301e
3fd2beb694f32e14b41e04714bb70d6c392cf3e1
ec7a6c3bc9aedbbf1e8971c28cff2fdeba20007df4aee2c3e528e110c86ee94a
GET /silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:45 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Wed, 10 Jan 2018 00:56:00 GMT
etag: W/"5329-e6FW82qZOTCVRh707R8p5aJnMuY"
via: 1.1 fly.io
fly-request-id: 01G7549ZE3WWN11S6HGDRQ6KSN-fra
cf-cache-status: HIT
age: 19016267
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 796f22c86b441c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash 26e8cb23926cd29622b28367ff7bdab1
bdd857651aa3ca5bbeffb5497b26d12936f2a023
407eb19f4ba04af8706e804ba7807e0d427573257328cc6b4f573195861a7e95
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 19:50:45 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "4980D15285866E1A0945E06DF1F3A7C35F23BD55"
Expires: Fri, 10 Feb 2023 07:00:00 GMT
Last-Modified: Thu, 09 Feb 2023 19:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2096
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f22c8c979b518-OSL
badgegirdle.com/63/d4/5b/63d45b685911cef3b8cc3d1d1550bf85.js
173.233.137.44200 OK 21 kB URL HTTP/1.1 badgegirdle.com/63/d4/5b/63d45b685911cef3b8cc3d1d1550bf85.js
IP 173.233.137.44:0
File type HTML document, ASCII text, with very long lines (60183), with no line terminators
Hash 32a25f7ca38bf6e7011142936021dd3c
769303b6a7778bb2b4f165c37fe8f23f98ba5d10
960ce12da1374b1fae0e634107f795196c1dd89d1f83a83d53e77ea69c0218e0
Analyzer Verdict Alert quad9 Sinkholed
GET /63/d4/5b/63d45b685911cef3b8cc3d1d1550bf85.js HTTP/1.1
Host: badgegirdle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 Feb 2023 19:50:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0e604deefb9e8680fd969df8970946c4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hegdcrxavrtk.cdnvideo3.com/api/spots/329587?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.5 kB URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/329587?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash 39df28e44e34a6b3d6e8685818c15c7d
56cdcd3cae11dc57745fb5501b2e1f5e753bfb89
f3fb5868dd96f6170f6fa418e9c18842117aeff5c4efcbace74f8891dc249f60
GET /api/spots/329587?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: nauid=y0oAmmRq7t83Rowh5onl; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; SameSite=None
Cache-Control: private
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/329585?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.5 kB URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/329585?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (3198)
Hash 2a8ea6e27e5079e53ac7d7941ca595ed
e141bfbb224bbd726b9adf904025205b0351d533
3f153d1d0ef4646a6c03481b5029ad25940726b2eb18f155fa147db0f1417aac
GET /api/spots/329585?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: nauid=Wu2JunQGyrXWbg1EgExv; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; SameSite=None
Cache-Control: private
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/329584?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.5 kB URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/329584?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash a9faebd957f53e278b1f395bba3e0289
f4fd5a5338dcef17e532894f304a926412640746
c6a60dc0f2aa40bfc7adaa35cf8573f5bda85e5c095215754fd8d13303762142
GET /api/spots/329584?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: nauid=FmLz0od0oncZQTlaXOX5; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; SameSite=None
Cache-Control: private
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 19:14:53 GMT
age: 2153
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/329586?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.5 kB URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/329586?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash fbe52811740d14e095c6327c57079ebe
ffdc6b06aa8ce2b3a2ae1347f500bf8f8c0aae93
801e0df99669a9c2cdc99ed5aec25547087ce8d967590ac8c303c10736b38c64
GET /api/spots/329586?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: nauid=4dyrlGVjMomNIiI0iBfz; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; SameSite=None
Cache-Control: private
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/329591?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.5 kB URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/329591?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (3198)
Hash ead0e2805016e4bde85cdf800c62e197
a47ad4ff0004c16ca860492446ec7c415f069200
ef4b752ea496f84fee30392816097a106078f642bfe273b748926f34e96284b5
GET /api/spots/329591?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: nauid=jvjzrVV5IqXdT2QmAQrh; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; SameSite=None
Cache-Control: private
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/377391?v2=1&fill=0&kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25&s2=%25subid2%25&i=1
135.181.208.216200 OK 605 B URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/377391?v2=1&fill=0&kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25&s2=%25subid2%25&i=1
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text
Hash cd2d73e4e862df55ac00ceb24e022a88
bfbbac0b31d4edaa88c3ba0b6ff3669822eaa3b0
d4d54cc4dc3dd9ebea25beeba0f00dd165868477e7816d825a1613adb78227e3
GET /api/spots/377391?v2=1&fill=0&kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25&s2=%25subid2%25&i=1 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:46 GMT
Content-Type: text/xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.xxxfiles.tv
Access-Control-Expose-Headers: X-Asg-Config, X-t
Set-Cookie: nauid=4WHmngmUt4zE60paGz2Z; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; SameSite=None
X-T: 0
Cache-Control: private
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12381
Expires: Thu, 09 Feb 2023 23:17:07 GMT
Date: Thu, 09 Feb 2023 19:50:46 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 4f2f88314f749d4c7a7e191f6048e567
664f0e39dd5da0a254653709a6e5c7758796e7b1
06b8f63716968fbcda99cab5960c2629c985a2886f78fcb674b981e88486ae79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 337726
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 Feb 2023 10:26:49 GMT
expires: Sun, 04 Feb 2024 10:26:49 GMT
cache-control: public, max-age=31536000
age: 465837
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 13:09:06 GMT
expires: Wed, 07 Feb 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 196900
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/settings/377391
135.181.208.216200 OK 525 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/settings/377391
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 12a3cd5abb44945542c66601a3b58c8e
a826db9f6c611f9d87ad34e60da7ecb2005093a5
4fbd14ff2dc27326eb59dc23073b3543800f1763d7d387b4b1cdc6fdee502a58
GET /api/settings/377391 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 19:50:46 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/dgyjH_VdWBg
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dgyjH_VdWBg
IP 142.250.74.163:0
Hash 2ca655a99d4bb9586ce780c04b9393a4
6229e9cd71fb67da32b389a24f7f117e0a410901
3e21989988dd20842c59ca910a08bc1212b8c7d6722817c243820043573ce94b
POST /s/gts1p5/dgyjH_VdWBg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lifesoonersoar.org/RjlYUWgnWzs8VycEOncdNFVldFoAHGoXDHdXLTMQIl43PFsxSCx/CypWLTUONFY2JUYoXCx0WgBuCgUxcloePgURbwEGMhJ/Pgktd1A8NgsNag9oAh58KzcmAmwUMysPXhMZKQt3Ggg8IE5sEi4Cfw0ZDxdeEQAbD28yCAMRf2EfDgV7AQZYd0sBYAwlfDU1EAN8LxAmFQ0UBxApXhNgBBV6DBQBEHtsFyd1UToHHylDEwcYHG8PNiwHQQIQDnVaHxQpJUMTYCIeeyE9DwR4PzQkK3gdEi0ASDkmMSJoIDkPBHg/GSU/ShkVLhBJGiklDWgbGxIHUXVgLAF+GRQrB3ArCCkQDAkGGDF+GTkyIAo7FjA+bG0dBC1dCTkQdXs/PSknVwkWKxBvNzU+BGsZO1Asbg0TPid4FRkrA29oNToEdwwGG2BTKz4GNgQMAxIrf2wVJBBwbiMmMls
65.9.44.108200 OK 1.2 kB URL HTTP/1.1 lifesoonersoar.org/RjlYUWgnWzs8VycEOncdNFVldFoAHGoXDHdXLTMQIl43PFsxSCx/CypWLTUONFY2JUYoXCx0WgBuCgUxcloePgURbwEGMhJ/Pgktd1A8NgsNag9oAh58KzcmAmwUMysPXhMZKQt3Ggg8IE5sEi4Cfw0ZDxdeEQAbD28yCAMRf2EfDgV7AQZYd0sBYAwlfDU1EAN8LxAmFQ0UBxApXhNgBBV6DBQBEHtsFyd1UToHHylDEwcYHG8PNiwHQQIQDnVaHxQpJUMTYCIeeyE9DwR4PzQkK3gdEi0ASDkmMSJoIDkPBHg/GSU/ShkVLhBJGiklDWgbGxIHUXVgLAF+GRQrB3ArCCkQDAkGGDF+GTkyIAo7FjA+bG0dBC1dCTkQdXs/PSknVwkWKxBvNzU+BGsZO1Asbg0TPid4FRkrA29oNToEdwwGG2BTKz4GNgQMAxIrf2wVJBBwbiMmMls
IP 65.9.44.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash 5e6f795c95012fde3804382ef5ccde00
b3044265aeb4c1ef61b1c1290b5ebac469992b6d
f461e1d7c9fc224d4ccb6033c0b2486739d5200c384a90bc42f9ab4a4d70176e
GET /RjlYUWgnWzs8VycEOncdNFVldFoAHGoXDHdXLTMQIl43PFsxSCx/CypWLTUONFY2JUYoXCx0WgBuCgUxcloePgURbwEGMhJ/Pgktd1A8NgsNag9oAh58KzcmAmwUMysPXhMZKQt3Ggg8IE5sEi4Cfw0ZDxdeEQAbD28yCAMRf2EfDgV7AQZYd0sBYAwlfDU1EAN8LxAmFQ0UBxApXhNgBBV6DBQBEHtsFyd1UToHHylDEwcYHG8PNiwHQQIQDnVaHxQpJUMTYCIeeyE9DwR4PzQkK3gdEi0ASDkmMSJoIDkPBHg/GSU/ShkVLhBJGiklDWgbGxIHUXVgLAF+GRQrB3ArCCkQDAkGGDF+GTkyIAo7FjA+bG0dBC1dCTkQdXs/PSknVwkWKxBvNzU+BGsZO1Asbg0TPid4FRkrA29oNToEdwwGG2BTKz4GNgQMAxIrf2wVJBBwbiMmMls HTTP/1.1
Host: lifesoonersoar.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1198
Connection: keep-alive
Date: Thu, 09 Feb 2023 19:50:46 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: r7dYgOL8qzoxspXdpqA43TMbxXHn_8cg5WzrX-ewOTH-jDtkW-xZ9Q==
unpkg.com/silvermine-videojs-quality-selector/dist/js/silvermine-videojs-quality-selector.min.js
104.16.122.175302 Found 587 B URL HTTP/2 unpkg.com/silvermine-videojs-quality-selector/dist/js/silvermine-videojs-quality-selector.min.js
IP 104.16.122.175:0
Hash 21663de32ea9753f205696bca188cc6d
96a5ca27d0224392ac1210e6467fa6a6f4343bcb
dd195728ad129795d56ef2a1958aae5d2ff5caee73d76e7b331d6702aa5aeb6b
GET /silvermine-videojs-quality-selector/dist/js/silvermine-videojs-quality-selector.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 09 Feb 2023 19:50:45 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GRVV70WXHXBJETS31AB9BQN3-ams
cf-cache-status: HIT
age: 488
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 796f22c79a521c02-OSL
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/320559?v2=1&fill=0&kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25&s2=%25subid2%25&i=1
135.181.208.216200 OK 13 kB URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/320559?v2=1&fill=0&kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25&s2=%25subid2%25&i=1
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 1211e497bffb861ae59c96de8487a759
c47bb0d38580207ba9533ba128c603fd07616f06
faab5026a6328c664eff30ae324df7f692dc9234fb609ca4a531e3624a51d4d8
GET /api/spots/320559?v2=1&fill=0&kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25&s2=%25subid2%25&i=1 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:46 GMT
Content-Type: text/xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.xxxfiles.tv
Access-Control-Expose-Headers: X-Asg-Config, X-t
Set-Cookie: nauid=tZfgih5bzXUIIIiVhynz; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; SameSite=None
X-T: 0
Cache-Control: private
Content-Encoding: gzip
lifesoonersoar.org/ZWFQcUwEAzMccwRcMlc5Fw1tVH4jRGI3KFQPJRM0AQY/HH8SECRfLwkOJRUqFw4+BWILBCRUfiMmHRsOMCwVKx49GyAmKTA7CjwNVERiNw4SCTgwBCQ0BxgoAyoVOAItMApDGhICEyY1AVUBNgJAUxY4CxElFSMVHDIWIzwkJhIUGTERCBQ0NzcfHQJSICgofTMiASEOLSsVPyBUAzEkGQo3PCQ1MjI4KRotKxY7O1wFH0EjEzk8Bn0jOQJBDj0OESg7JCA2NC8TORYgezcbBSkNCDM1PCQGIgowClcpETM0JBYBKQ0IMxg9fRImCTMaVAISJyEkJWQ0Di1MFTUOJwITKwksFhYGATMgCCgELQwBKxUSIBE8fTANByd1HSA3MA0kJgUwKAIsESseM1ERHRVcMDk/GT0YJycoLTASKw0zDhEZFQ0lCBJqDxI/HzxYKGZBKVI3OxAGFVYfFxUWJA
65.9.44.108200 OK 1.2 kB URL HTTP/1.1 lifesoonersoar.org/ZWFQcUwEAzMccwRcMlc5Fw1tVH4jRGI3KFQPJRM0AQY/HH8SECRfLwkOJRUqFw4+BWILBCRUfiMmHRsOMCwVKx49GyAmKTA7CjwNVERiNw4SCTgwBCQ0BxgoAyoVOAItMApDGhICEyY1AVUBNgJAUxY4CxElFSMVHDIWIzwkJhIUGTERCBQ0NzcfHQJSICgofTMiASEOLSsVPyBUAzEkGQo3PCQ1MjI4KRotKxY7O1wFH0EjEzk8Bn0jOQJBDj0OESg7JCA2NC8TORYgezcbBSkNCDM1PCQGIgowClcpETM0JBYBKQ0IMxg9fRImCTMaVAISJyEkJWQ0Di1MFTUOJwITKwksFhYGATMgCCgELQwBKxUSIBE8fTANByd1HSA3MA0kJgUwKAIsESseM1ERHRVcMDk/GT0YJycoLTASKw0zDhEZFQ0lCBJqDxI/HzxYKGZBKVI3OxAGFVYfFxUWJA
IP 65.9.44.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3050), with no line terminators
Hash 61d910c1c613cff542607343d61489cc
296abd3f1f9ebad71806c8a54e95263165a2b8f9
8c5a585eed25b3cda0450004c814bb88677b0a58770ce131e31c81c57164978a
GET /ZWFQcUwEAzMccwRcMlc5Fw1tVH4jRGI3KFQPJRM0AQY/HH8SECRfLwkOJRUqFw4+BWILBCRUfiMmHRsOMCwVKx49GyAmKTA7CjwNVERiNw4SCTgwBCQ0BxgoAyoVOAItMApDGhICEyY1AVUBNgJAUxY4CxElFSMVHDIWIzwkJhIUGTERCBQ0NzcfHQJSICgofTMiASEOLSsVPyBUAzEkGQo3PCQ1MjI4KRotKxY7O1wFH0EjEzk8Bn0jOQJBDj0OESg7JCA2NC8TORYgezcbBSkNCDM1PCQGIgowClcpETM0JBYBKQ0IMxg9fRImCTMaVAISJyEkJWQ0Di1MFTUOJwITKwksFhYGATMgCCgELQwBKxUSIBE8fTANByd1HSA3MA0kJgUwKAIsESseM1ERHRVcMDk/GT0YJycoLTASKw0zDhEZFQ0lCBJqDxI/HzxYKGZBKVI3OxAGFVYfFxUWJA HTTP/1.1
Host: lifesoonersoar.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1197
Connection: keep-alive
Date: Thu, 09 Feb 2023 19:50:46 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: UziurxsXQWubsykSJ2IffNzyOWl4sRzT_YTnkHM5nGdwPhvTWbmqVw==
www.xxxfiles.tv/css/plugins.css?v=1675972244
104.21.83.6200 OK 9.0 kB URL HTTP/2 www.xxxfiles.tv/css/plugins.css?v=1675972244
IP 104.21.83.6:0
File type ASCII text, with very long lines (29529)
Hash 208760cf3a368190bec308046024a74b
876a3c42db82732090139585477d4173c909ff55
342961d3e08dc11044ea7edf37aef2014a339f755fff8ca0b6761cddfb7c9e70
GET /css/plugins.css?v=1675972244 HTTP/1.1
Host: www.xxxfiles.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:45 GMT
content-type: text/css
last-modified: Wed, 20 Nov 2019 10:53:49 GMT
vary: Accept-Encoding
etag: W/"5dd51b3d-c445"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jqSh1NFQ%2BF%2FfAqgwYY%2FOkKSDdr%2BuH0WcH9f6SFO8TSA6IonRb6azrCaReK4xQltJW5fbSz6LKuWrss8q665xQpPWxCB%2BsHBRcI0awmfplgVSh7Syw1ALeFoqSG6%2BjYQ1usc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22c7acb8b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 0946c34219ce74aed7ccb3bb3054c4e5
df61935ce6a4c2ce7d3757562508ad8471e0ab0a
37fe08c1a99f4e14b2e2a544a635ffe223fdadcfb5eae911bc8ac91ca768e227
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 09 Feb 2023 19:50:46 GMT
Last-Modified: Thu, 09 Feb 2023 18:11:09 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LaHM2_AdeyGQDVlTQl_tzzP4wg9dMsnlw9ObNrZfk-PfAEIwXYA7pA==
Age: 5977
www.xxxfiles.tv/videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320&video_id=189105&mode=async&action=js_stats&rand=1675972307212
104.21.83.6200 OK 43 B URL HTTP/1.1 www.xxxfiles.tv/videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320&video_id=189105&mode=async&action=js_stats&rand=1675972307212
IP 104.21.83.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
GET /videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320&video_id=189105&mode=async&action=js_stats&rand=1675972307212 HTTP/1.1
Host: www.xxxfiles.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320
Cookie: PHPSESSID=g5550e95mc1prco8sfbop0ec4k; kt_qparams=id%3D189105%26dir%3Df1f6fb16d6af0de72cf183a54452cb6e%26sid%3D12320; kt_ips=91.90.42.154; show_pops2=true2; show_pops1=true1; ppu_show_on_63d45b685911cef3b8cc3d1d1550bf85=1; kt_tcookie=1
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 19:50:46 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Set-Cookie: kt_is_visited=1; expires=Fri, 10-Feb-2023 19:50:46 GMT; Max-Age=86400; path=/; domain=.xxxfiles.tv; SameSite=Lax
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKdts6uEGWzs7BSsq614lFGT4553AF9nUv%2F6NoQSX8FSGYXLZ8fWZOYlNXP5Pgj623%2BKhfBDuhaSQa3QdXhXYJ%2By4PMwiV4PFrCu92WPgoO%2Fdz0wHwzgf%2FYhSimgu7Q43mg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 796f22ce2cc5b529-OSL
alt-svc: h2=":443"; ma=60
dgemanowhowe.xyz/RFdGRkFraCU1fB07CAAPDDMRHy8NFhcAMSwzIRAHEWUiPgMBEmAyKCBqfnVwdm5zYDEtM3t3ZzcjJzI0N2p3YCgqMSl7ZzJqd2hycHl1d292cTN7cGIjNicmeWZgNjUwO3t3d3Nif3Fzd2dwf3B1
172.67.150.94204 No Content 0 B URL HTTP/2 dgemanowhowe.xyz/RFdGRkFraCU1fB07CAAPDDMRHy8NFhcAMSwzIRAHEWUiPgMBEmAyKCBqfnVwdm5zYDEtM3t3ZzcjJzI0N2p3YCgqMSl7ZzJqd2hycHl1d292cTN7cGIjNicmeWZgNjUwO3t3d3Nif3Fzd2dwf3B1
IP 172.67.150.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RFdGRkFraCU1fB07CAAPDDMRHy8NFhcAMSwzIRAHEWUiPgMBEmAyKCBqfnVwdm5zYDEtM3t3ZzcjJzI0N2p3YCgqMSl7ZzJqd2hycHl1d292cTN7cGIjNicmeWZgNjUwO3t3d3Nif3Fzd2dwf3B1 HTTP/1.1
Host: dgemanowhowe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 09 Feb 2023 19:50:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XB1A8tkM5%2Bk9CdWrw6h%2FzZ4M0mlfPVeibqVBQdpYgPFX5%2BtL99OgDk2f3tHDhXUtfPe4HDBCx3eJOWdkW7Ds25hUHI7lrw%2FK5Q28NzKpyoZ1pmpnQLAN245BgIUeHmJ17tdo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22cdbb25b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.191.5.58101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.5.58:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tEJoQavyQHpY7aXZc16g1A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0G40vWwQ3jgKvlt18+/teOQg4ZQ=
www.xxxfiles.tv/js/main.js?v=1675972244
104.21.83.6200 OK 5.7 kB URL HTTP/2 www.xxxfiles.tv/js/main.js?v=1675972244
IP 104.21.83.6:0
Hash 10e7838f983c9bd9dbb46191bf395106
bf599f768817d7f362cade70453962c0b6ac15b5
83abab865806ea64d1102431c4a96a0403b290b866952ac9f0fb3c6fe2cebb14
GET /js/main.js?v=1675972244 HTTP/1.1
Host: www.xxxfiles.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:45 GMT
content-type: application/javascript
last-modified: Tue, 04 May 2021 10:44:25 GMT
vary: Accept-Encoding
etag: W/"60912589-511f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7AJFwOlDdnUEuC47Wxqtc6jk9dCDxYJNPxcbk4KFKlGN5I1an4Wmf2CM5CNoFMulKnfUfefEFrsGcYB6ZRziJ97qlgQ1vRq57LA%2B%2Fuceyc%2Bz6J7Gkxh6Her9sXtVIHiqm8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22c7dd18b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dgemanowhowe.xyz/Y1lnelNMZgQJbjQfPRYyNwMSIAUtCyUXIwkPMRERAQ4pLQQEFEEOOgdkXk9rVmlRXCMKPVpJYUUqExsnFipaS3UKNwEVbkUvWkp9WndWVGBFLFpLdRcpBh1uUn8XDicPZFZMZFZgUEhgU25XSGY
172.67.150.94204 No Content 0 B URL HTTP/2 dgemanowhowe.xyz/Y1lnelNMZgQJbjQfPRYyNwMSIAUtCyUXIwkPMRERAQ4pLQQEFEEOOgdkXk9rVmlRXCMKPVpJYUUqExsnFipaS3UKNwEVbkUvWkp9WndWVGBFLFpLdRcpBh1uUn8XDicPZFZMZFZgUEhgU25XSGY
IP 172.67.150.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Y1lnelNMZgQJbjQfPRYyNwMSIAUtCyUXIwkPMRERAQ4pLQQEFEEOOgdkXk9rVmlRXCMKPVpJYUUqExsnFipaS3UKNwEVbkUvWkp9WndWVGBFLFpLdRcpBh1uUn8XDicPZFZMZFZgUEhgU25XSGY HTTP/1.1
Host: dgemanowhowe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 09 Feb 2023 19:50:46 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NfWDkjYWYlr7qaQ13%2BhP42VNCGGL8w8ZDZE9yFajj6GKTiPKGRadePHUVOqFwiL9ZpL5hp%2BrKtfJDGhBwFV%2BhLwTMo5hR5jwt6Mo7RlOe%2B85lsFPZjecZI6HseX9PGGHKbSY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22cddb5db50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dgyjH_VdWBg
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dgyjH_VdWBg
IP 142.250.74.163:0
Hash 2ca655a99d4bb9586ce780c04b9393a4
6229e9cd71fb67da32b389a24f7f117e0a410901
3e21989988dd20842c59ca910a08bc1212b8c7d6722817c243820043573ce94b
POST /s/gts1p5/dgyjH_VdWBg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
outdilateinterrupt.com/pixel/purst?dl=0&th=0&sc=0&rs=1060&rd=1060&fd=579&bv=22.10.v.9&tmpl=70
173.233.137.52200 OK 0 B URL HTTP/1.1 outdilateinterrupt.com/pixel/purst?dl=0&th=0&sc=0&rs=1060&rd=1060&fd=579&bv=22.10.v.9&tmpl=70
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1060&rd=1060&fd=579&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 Feb 2023 19:50:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
hegdcrxavrtk.cdnvideo3.com/api/click/10561349347904471095?c=90
135.181.208.216200 OK 0 B URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/click/10561349347904471095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/10561349347904471095?c=90 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/api/spots/329584?p=1&s1=%subid1%&kw=
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: private
hegdcrxavrtk.cdnvideo3.com/api/click/17391335711173036095?c=90
135.181.208.216200 OK 0 B URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/click/17391335711173036095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/17391335711173036095?c=90 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/api/spots/329586?p=1&s1=%subid1%&kw=
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: private
hegdcrxavrtk.cdnvideo3.com/api/click/7703176296166855095?c=90
135.181.208.216200 OK 0 B URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/click/7703176296166855095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/7703176296166855095?c=90 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/api/spots/329585?p=1&s1=%subid1%&kw=
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: private
outdilateinterrupt.com/cc/48/f4/cc48f4cc72bd1ab0cd76dca8048a896c.js
173.233.137.52200 OK 51 kB URL HTTP/1.1 outdilateinterrupt.com/cc/48/f4/cc48f4cc72bd1ab0cd76dca8048a896c.js
IP 173.233.137.52:0
Hash de23fcd639712fe1df77c2fecb20a90c
94f4cde616e2b0a2dce179ef4d9171b9c22a57cf
9506a66b047aded2e5a4459e7953b3744c1cd72c2b2ace6a07f7ef633ad47444
Analyzer Verdict Alert quad9 Sinkholed
GET /cc/48/f4/cc48f4cc72bd1ab0cd76dca8048a896c.js HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 Feb 2023 19:50:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5783870c96db0327c4d7a53a26e96bcc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.xxxfiles.tv/favicon-16x16.png
104.21.83.6200 OK 1.5 kB URL HTTP/1.1 www.xxxfiles.tv/favicon-16x16.png
IP 104.21.83.6:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 552872354755cb050014a9501cfec4fa
fd05b4d7002b52e705344db04db723495910e4c7
88ef331642f08aaee6990894bd8015032891181d446faa6c4bbec095a56aba8d
GET /favicon-16x16.png HTTP/1.1
Host: www.xxxfiles.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320
Cookie: PHPSESSID=g5550e95mc1prco8sfbop0ec4k; kt_qparams=id%3D189105%26dir%3Df1f6fb16d6af0de72cf183a54452cb6e%26sid%3D12320; kt_ips=91.90.42.154; show_pops2=true2; show_pops1=true1; ppu_show_on_63d45b685911cef3b8cc3d1d1550bf85=1; kt_tcookie=1; kt_is_visited=1
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: image/png
Content-Length: 1489
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 12:46:44 GMT
ETag: "6380b934-5d1"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: HIT
Age: 295850
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nNduPW%2BSf82IC2By9%2Bm%2FFkdH1jwPNY2ni1gvWDXPxTTAASkrXuqh3SH2Gnj0XOJrxQub%2F3w979QujzfSx%2B8QUsC93Poqz17oBLTl79rdqIDqLpX1RhCAw%2BhjpuxTlfTtoQs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f22d02de9b4eb-OSL
alt-svc: h2=":443"; ma=60
www.xxxfiles.tv/apple-touch-icon.png
104.21.83.6200 OK 14 kB URL HTTP/1.1 www.xxxfiles.tv/apple-touch-icon.png
IP 104.21.83.6:0
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 302003967bcce57931c372aa26310c88
526045f535e90a6d7b19240532f9100c9535beee
117477b129e4ca959b0afd092f7edca8f460ff25120b8dbe2011a88d9f48bef8
GET /apple-touch-icon.png HTTP/1.1
Host: www.xxxfiles.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/videos/189105/f1f6fb16d6af0de72cf183a54452cb6e/?sid=12320
Cookie: PHPSESSID=g5550e95mc1prco8sfbop0ec4k; kt_qparams=id%3D189105%26dir%3Df1f6fb16d6af0de72cf183a54452cb6e%26sid%3D12320; kt_ips=91.90.42.154; show_pops2=true2; show_pops1=true1; ppu_show_on_63d45b685911cef3b8cc3d1d1550bf85=1; kt_tcookie=1; kt_is_visited=1
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: image/png
Content-Length: 13713
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 12:46:44 GMT
ETag: "6380b934-3591"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: HIT
Age: 295415
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BXn3L9EiCsaeCr1JIr0plfvJEObprWFnyaaDeu0Xjd04kaDNjl3rv%2Bc2CK1Hdc130EnDSTfwQhgFmKCuzLH%2Fn5i6srkDGuSjqpeIg9kQzQY7UnsbCKsfHsFHHi033ikGuJM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f22d02f8db529-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6e9d9944eb23d9c50f913101d5e96281
b6288f7cc87bf9b54a3854ff2a3e7e8076c0f23c
a6357e63c1ffbe5a2d37de20fc2e6b0e9818a78474f2b161b39e3d37d8e03c2c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 249
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:47 GMT
Last-Modified: Thu, 09 Feb 2023 19:46:38 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
simplewebanalysis.com/stats
18.192.190.118200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.192.190.118:0
File type ASCII text, with no line terminators
Hash bcec4fdec04fc7dd57930a92f51788fe
5e0c075ee6b0f30c01e45d83536697399e954258
85fa572a4932f12fbb4e80c82d78840d242808b5c04dce6f0dcef4329d733a74
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Cookie: uid_id2=3e3cf260-afc7-4014-9541-70dfd284bcad:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:47 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.xxxfiles.tv
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 734412ff0b413327f71aa15ae7bac787
c5390b842cdcd095c1795ecc76038446dc12831d
4e4010a95cefdd7149f0d1a33644dd3f0e04520b3e6205823c932af694da964c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash f16eecdd472f99af839e8e6dfc101bc0
33e345a8e9f776920b90dc78acefc457e15da35c
9a819ca8ca6890f29a418e976b224ae9095b72538324800f38eefc4d95050448
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.xxxfiles.tv/js/videojs.persistvolume.js?v=1675972244
104.21.83.6200 OK 1.9 kB URL HTTP/2 www.xxxfiles.tv/js/videojs.persistvolume.js?v=1675972244
IP 104.21.83.6:0
Hash dedc6d85fa6c0289a8354dde0542525a
055877be804e0d263cdfd309ac920f7f05b13406
2b319af57f4d55ef45b80720f6440fb47de68d38a437c0da902cf388e129da56
GET /js/videojs.persistvolume.js?v=1675972244 HTTP/1.1
Host: www.xxxfiles.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:45 GMT
content-type: application/javascript
last-modified: Wed, 20 Nov 2019 11:00:42 GMT
vary: Accept-Encoding
etag: W/"5dd51cda-e5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cVJxiGNQSVZcRQ09JEGARUvA0LvzKfHi8SAMoyCeStuGYf1oeKcb9xeoiL8A5iySqCZGEy9QbYP4Z5o3PEIqEzP%2BQz2nVF8BVvIvpYKtlTwWzCexnpQAIjqijJZXjaYjNOY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22c73c21b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d1nubxdgom3wqt.cloudfront.net/WRTY4cFomWVYWZTFfXE1idgcKSW9jXEsfNDULbCIgKHAMNBYTfw4CFDFUHgQgIQsIVjYkWF9NfCBYW01rY1dcEmdxEEwANS4LVxogK1lSCTEiVB4FO3hbVwozKVpZVWgDAxZAf3cGEAczK1JXBylgBAgeLmAECEFqawYdQxhgBAgHMysADFVpBxMKQCJzAh-1DGGAECAIsYAV5QWpwGAhZf3cGXxU5LlkdQhx3BglAanQGCVVodVBRAj8jWUBVaAMHCEV0dRBNTWs
54.230.245.116200 OK 494 B URL HTTP/1.1 d1nubxdgom3wqt.cloudfront.net/WRTY4cFomWVYWZTFfXE1idgcKSW9jXEsfNDULbCIgKHAMNBYTfw4CFDFUHgQgIQsIVjYkWF9NfCBYW01rY1dcEmdxEEwANS4LVxogK1lSCTEiVB4FO3hbVwozKVpZVWgDAxZAf3cGEAczK1JXBylgBAgeLmAECEFqawYdQxhgBAgHMysADFVpBxMKQCJzAh-1DGGAECAIsYAV5QWpwGAhZf3cGXxU5LlkdQhx3BglAanQGCVVodVBRAj8jWUBVaAMHCEV0dRBNTWs
IP 54.230.245.116:0
File type ASCII text, with very long lines (671), with no line terminators
Hash 2ac561643be8762c60f58cf2750a9142
01871d7b78a3c334c1fafd6dca7013a856db0126
f0fb821137f67ff3b497b958de6c018cbad0a9277c7baaa1b8ee1bd18918c49e
GET /WRTY4cFomWVYWZTFfXE1idgcKSW9jXEsfNDULbCIgKHAMNBYTfw4CFDFUHgQgIQsIVjYkWF9NfCBYW01rY1dcEmdxEEwANS4LVxogK1lSCTEiVB4FO3hbVwozKVpZVWgDAxZAf3cGEAczK1JXBylgBAgeLmAECEFqawYdQxhgBAgHMysADFVpBxMKQCJzAh-1DGGAECAIsYAV5QWpwGAhZf3cGXxU5LlkdQhx3BglAanQGCVVodVBRAj8jWUBVaAMHCEV0dRBNTWs HTTP/1.1
Host: d1nubxdgom3wqt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lifesoonersoar.org/
HTTP/1.1 200 OK
Content-Length: 494
Connection: keep-alive
Date: Thu, 09 Feb 2023 19:50:47 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: T2f-jgrK-AZcZTxRWFx7ZIFgkFJfKVHxOR9BebvXSY-NFqcJripD5A==
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.2 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1596), with no line terminators
Hash 0757301a9e3a7ad93b3f06747f989e43
909b5234fb89290b6da8bb79fa5ed00d36856bf0
5ef6e2c0d74be71e4212a6f3c3387c5e42d4e2f3928a7f8794fabc8cdfad6899
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain
Content-Length: 334
Origin: http://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e54e971417a0.168153822406293710%22%3B%7D; expires=Sat, 08-Feb-2025 19:50:47 GMT; Max-Age=63072000; path=/; domain=realsrv.com
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fa14da68c942a019cdb336cfb7278659
f26dde3da46819864e92857a0aea65555af38e91
f3e94dba9ca6ef22fff623847e8dcb648b475349248916510248f3b1e8f7977b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F3E94DBA9CA6EF22FFF623847E8DCB648B475349248916510248F3B1E8F7977B"
Last-Modified: Tue, 07 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2244
Expires: Thu, 09 Feb 2023 20:28:11 GMT
Date: Thu, 09 Feb 2023 19:50:47 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c401431df81ddb15caa41c0dd46d1e89
1425acaf4f62be49ed25a6ed3ee9ea9f4b64cc27
728bea4c87ad7bdc5e5755af61323951bdd7604698a67360e38837131b20c426
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 388 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash ba3ed6a77508ef49fc156822f1d11d3b
c53a78142877204357fcc5b5284de1c5ce90162c
a61b7eabb6c90d3ac13a413893ede92a2266678374ef3cd788108df9b638f4af
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 09 Feb 2023 19:50:47 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-150905343%3A1675972247209016&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfN9TYi8E4H2mWCZ-l7693Fz59GArmvZIYoUljrlmRXQGPWFFF_z142e1WehsvAlF-ZHZPd
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-n_l6HLUF1FR6ifebOJGiyA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 388
server: GSE
set-cookie: __Host-GAPS=1:SrtDqJfDmNqLNnrDNzY1bE_Vfq8hVQ:E8IZjsYkcmBoxwOj;Path=/;Expires=Sat, 08-Feb-2025 19:50:47 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
d1nubxdgom3wqt.cloudfront.net/GMjBUMEZRXzpWeUZZMA1/BwhhAHAUWidfKEINHQZ2VwcCWyd4QGN/IGtDERYySFRpAGBeUTpXexRVOlN7AxY1VCQPBHJENl1baUUoVlUyWShXVHJFJw9dO0ovXlw1FXR0BXoAYwAAfEcvXFQ7RzUXAmReMhcCZAF2HABxAwQXAmRHL1wGYBV1cBVmAD4EBH-EDBBcCZEIwFwMVAXYHHmQZYwAAM1UlWV9xAgAAAGUAdgMAZRV0AlY9QiNUXywVdHQBZAVoAhYhDXc
54.230.245.116200 OK 364 B URL HTTP/1.1 d1nubxdgom3wqt.cloudfront.net/GMjBUMEZRXzpWeUZZMA1/BwhhAHAUWidfKEINHQZ2VwcCWyd4QGN/IGtDERYySFRpAGBeUTpXexRVOlN7AxY1VCQPBHJENl1baUUoVlUyWShXVHJFJw9dO0ovXlw1FXR0BXoAYwAAfEcvXFQ7RzUXAmReMhcCZAF2HABxAwQXAmRHL1wGYBV1cBVmAD4EBH-EDBBcCZEIwFwMVAXYHHmQZYwAAM1UlWV9xAgAAAGUAdgMAZRV0AlY9QiNUXywVdHQBZAVoAhYhDXc
IP 54.230.245.116:0
File type ASCII text, with very long lines (464), with no line terminators
Hash 8cabd4da8e0653986944f11d4c523477
0b9babf3b87306e3c354f02ac47d2247bd89cfef
33a41c8e1419a806115ed95b07f2591f26e21cae812dd2adc4d4629de0d567ee
GET /GMjBUMEZRXzpWeUZZMA1/BwhhAHAUWidfKEINHQZ2VwcCWyd4QGN/IGtDERYySFRpAGBeUTpXexRVOlN7AxY1VCQPBHJENl1baUUoVlUyWShXVHJFJw9dO0ovXlw1FXR0BXoAYwAAfEcvXFQ7RzUXAmReMhcCZAF2HABxAwQXAmRHL1wGYBV1cBVmAD4EBH-EDBBcCZEIwFwMVAXYHHmQZYwAAM1UlWV9xAgAAAGUAdgMAZRV0AlY9QiNUXywVdHQBZAVoAhYhDXc HTTP/1.1
Host: d1nubxdgom3wqt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lifesoonersoar.org/
HTTP/1.1 200 OK
Content-Length: 364
Connection: keep-alive
Date: Thu, 09 Feb 2023 19:50:47 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: XKeP8YKTpkyHa8kzcui80BcP6XCowJj5KD8KnhTTKUyqPg4ytSsexg==
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.2 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1574), with no line terminators
Hash ed3de3a119c82389751df861b4c505fa
5c9265438128e2e2cc926c5887141eb5a76670c6
19a0c2c2ddda1fc8fec711d7c7e36ca880ee63ef90736c034dfadd58c729cc1b
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain
Content-Length: 334
Origin: http://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e54e971acc74.911633103433254526%22%3B%7D; expires=Sat, 08-Feb-2025 19:50:47 GMT; Max-Age=63072000; path=/; domain=realsrv.com
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fa14da68c942a019cdb336cfb7278659
f26dde3da46819864e92857a0aea65555af38e91
f3e94dba9ca6ef22fff623847e8dcb648b475349248916510248f3b1e8f7977b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F3E94DBA9CA6EF22FFF623847E8DCB648B475349248916510248F3B1E8F7977B"
Last-Modified: Tue, 07 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2244
Expires: Thu, 09 Feb 2023 20:28:11 GMT
Date: Thu, 09 Feb 2023 19:50:47 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 09 Feb 2023 19:44:09 GMT
expires: Thu, 09 Feb 2023 21:44:09 GMT
cache-control: public, max-age=7200
age: 398
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lifesoonersoar.org/utx?cb=Zmu42CpRSqEr&top=www.xxxfiles.tv&tid=958506
65.9.44.108204 No Content 0 B URL HTTP/2 lifesoonersoar.org/utx?cb=Zmu42CpRSqEr&top=www.xxxfiles.tv&tid=958506
IP 65.9.44.108:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Zmu42CpRSqEr&top=www.xxxfiles.tv&tid=958506 HTTP/1.1
Host: lifesoonersoar.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 09 Feb 2023 19:50:47 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.xxxfiles.tv
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 09 Feb 2023 19:51:47 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 58899c559ea4c71daeb5333a74914042.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: lk8Qhp46abTdQsgPKGnG9UVWsWe15qlP_5QHPnYkNr-4lWHB-f7ifQ==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fa14da68c942a019cdb336cfb7278659
f26dde3da46819864e92857a0aea65555af38e91
f3e94dba9ca6ef22fff623847e8dcb648b475349248916510248f3b1e8f7977b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F3E94DBA9CA6EF22FFF623847E8DCB648B475349248916510248F3B1E8F7977B"
Last-Modified: Tue, 07 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2244
Expires: Thu, 09 Feb 2023 20:28:11 GMT
Date: Thu, 09 Feb 2023 19:50:47 GMT
Connection: keep-alive
lifesoonersoar.org/utx?cb=OFq33E0XNLZ8&top=www.xxxfiles.tv&tid=831295
65.9.44.108204 No Content 0 B URL HTTP/2 lifesoonersoar.org/utx?cb=OFq33E0XNLZ8&top=www.xxxfiles.tv&tid=831295
IP 65.9.44.108:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=OFq33E0XNLZ8&top=www.xxxfiles.tv&tid=831295 HTTP/1.1
Host: lifesoonersoar.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 09 Feb 2023 19:50:47 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.xxxfiles.tv
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 09 Feb 2023 19:51:47 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 58899c559ea4c71daeb5333a74914042.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: EAQb8hmP91zkkedzfWHmtoaW28oc7eY_CVrqz9L_3D4cZ0nSONi-7A==
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.141.24200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.141.24:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 84fbb60d5070ef140295a98ca5bbddb9
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Thu, 09 Feb 2023 19:50:47 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=id8n%2FFCtYocxknfSbwKvGrJUIFSOFsKDpePPCh6iFXL4m%2Bsq3Pfu8D8F8WsBaqZwKrzlKSmZb%2BHxFPv%2FDR3aPGK4X7OiflP4LV80g%2B4LqVac07sqxn5F5hRpMoyHROm%2FWjDbTCo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f22d0b80574d9-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash fc1f967ec6111200dfd19a0387317d55
71faee95f92095e2036a35d84fb8365625acd717
a815a4fed8d42c6000a43abfe086308f86157374e02d30cadb2b296a869fea34
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 09 Feb 2023 19:50:47 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1912529714%3A1675972247248493&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcnHyb4TyqlYIvFP0KFIx8JIFjoQuoNmJeIObjA0evCYaUIujxk4KEg3LGArksxBvkxif6o
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-xRlQTUL7s8f-ZtR3PSKQXw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:aVjhSua6408I_KbxZhjrXHO2RHxx2g:V3aKUxOW4cCPgpma;Path=/;Expires=Sat, 08-Feb-2025 19:50:47 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5578), with no line terminators
Hash 7b6c8e843bed9b4ddc41df4c270e4667
280982e012852ae128981ba8535362f83e71ec4e
3929332e2b13d7bf52135986fac2d602a3146159dd5a3ecf711cb51f6a9b9297
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain
Content-Length: 334
Origin: http://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e54e97217692.086698752597765373%22%3B%7D; expires=Sat, 08-Feb-2025 19:50:47 GMT; Max-Age=63072000; path=/; domain=realsrv.com
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a38248ac5d9614d846e981de5b7b85da
eadc10b05e5eb18bb27e1acaa3e7ddf396344e72
b1a279792426d316b4b938b5c5c90d2575c1aba4f486e6f59821a3226dfac7f5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6583
Cache-Control: max-age=109808
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:47 GMT
Etag: "63e43ed0-1d7"
Expires: Sat, 11 Feb 2023 02:20:55 GMT
Last-Modified: Thu, 09 Feb 2023 00:31:12 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
banquetunarmedgrater.com/advertisers.js
173.233.137.44200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6e55e074420a96796b0159276ee63bbe
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6e9d9944eb23d9c50f913101d5e96281
b6288f7cc87bf9b54a3854ff2a3e7e8076c0f23c
a6357e63c1ffbe5a2d37de20fc2e6b0e9818a78474f2b161b39e3d37d8e03c2c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 249
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:47 GMT
Last-Modified: Thu, 09 Feb 2023 19:46:38 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 1.8 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
Hash 2611ce5e383f6c0512e3380278e81508
2979904b23d5687aa09c4b15ce073635c19fc38d
0cc3677e19364ba778be836ba3d7714864a30f70fd5df952d82166620f1cefde
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 2y1y44SKiBVLJJUoxhDmza4I+b4k/IfeomXfKHi0C2jFKNubtY3yo5npHFkan7AsXVDkM92EDNVtYAd0XaCSsQ==
date: Thu, 09 Feb 2023 19:50:47 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 1.2 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
File type gzip compressed data, max compression\012- data
Hash 153229e9b4a9ea7d32941cb38f610a14
6e6bbfd68fa2a04492adf8b8a2f138d659bd9b64
139ae0eae6cca47883d936f5dfac24d185ae15cb00f78a5d20aa6f02fe41b730
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F3E94DBA9CA6EF22FFF623847E8DCB648B475349248916510248F3B1E8F7977B"
Last-Modified: Tue, 07 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2244
Expires: Thu, 09 Feb 2023 20:28:11 GMT
Date: Thu, 09 Feb 2023 19:50:47 GMT
Connection: keep-alive
hegdcrxavrtk.cdnvideo3.com/api/spots/11361572322753823095/1635934?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
135.181.208.216200 OK 565 B URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/11361572322753823095/1635934?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text
Hash 200e3ca6da4144402adc30a084c3e292
eb94fa340ce07b62120ab4c4d482f9a38dff57d6
3ed50578e672b3a09e55fcf0afe94ca4620afe1139470b16ecf37152884a6221
GET /api/spots/11361572322753823095/1635934?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: text/xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.xxxfiles.tv
Cache-Control: private
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/11361572322753823095/1636027?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
135.181.208.216200 OK 789 B URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/11361572322753823095/1636027?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (543)
Hash b6fc9a9506588f4fd95e45ff184fffc2
f669508d8f122035ff43d3923c09e23d586245e2
f9a069453992865d79c0a81d9d4c93ca3b42e446967f9d71d74ca7e2202bd853
GET /api/spots/11361572322753823095/1636027?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: text/xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.xxxfiles.tv
Cache-Control: private
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/11361572322753823095/1636039?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
135.181.208.216200 OK 573 B URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/11361572322753823095/1636039?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text
Hash 277aa27839d0600ad29efd464bd9f7ee
3aa7faaad3f452ca6f4fec9f1504a14a8ddd50fe
014f793dc44688a59cfa683185eab4dd2664a39daeaa1d663d5408c7ff1354c2
GET /api/spots/11361572322753823095/1636039?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: text/xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.xxxfiles.tv
Cache-Control: private
Content-Encoding: gzip
twinrdsrv.com/Redirect.eng?MediaSegmentId=31311&dcid=3_ctx_255c8807-d6ca-48f9-a5ae-57c702248ed9&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=0qo3kdvAac4p1MYIEwBPictAzcxYhDX2-gWUMQivDI8O5kzcDFPqXME1z5wjXnSbJOull1xXkfRBcXl3ka-OkI-NqKJZoerZnDDfLk2WIIde4rjqHsA_4l2LNo0NSOKTFKCfeGAYJvEdduAMe7MQrV27XREZ3xxEm32IMH9LfrSrm8xpSJFtRCpFSfZG7DHyvQAXcFl3IMYOrM2l03IdnpbQXcWdTpRZJ26ocKScr98K0dMeSsGtkrT5tCLaIlDqTT6SoS3U2hpZY4T8dChhB1e7VvwCLvjzSrTyf2Ivm-SZEXMewY398sDLXzDzenifsypBjoHsrXg9MOmD6tJllDbYjN7Y7jnoCF4RLOE_QdAgm3U4RHXNRbiUaUccq-s3KBDPsvyNuJVT11wp89y_B5Hqy17qc1DlrqND2682xEcpn7QqYthpri5LZtCuIoF6ByU0_lNkBD9iR-0iyV-awhuFjzynLcqYvXT0pvZeyxh8uUcVE5H4T5z11rCqUKim9dOcEUFrBs68Tem8niD3Nxc1mO8XW6Pecd-g7AuQwyY0inTZSYmtCS8ib5gayHpTV0S-bWUipfmbDSh_qpCWbHMeBQFDso4Yf4s8aw3-JwcQo565o9HSopowm8eRF-WhRJ8nTlYw6x7fhU2y5aZbHjv1JXjmMQhxjI0KSEQvywXuDJli-3AXhpq9OoiU4K7PK1m8Losi13ccR7xnPiD916tjo4_h5dmbsA0n3B2nZYKs8MKzn8PxG43AOxYC-BSMxCq2e8HPcmTgJA9M-yPFITtqBb8Ke-GSP6k4hu09zqePck7g3F8yehj4AxU-vgEhQXvmpE6J9rMMoa65KK86g6TAPimsttqHtJmbIB0sJnuyRay06Ovz3fHUUTzLP4JVrJMrD1HpukLr6NkFC5PP0w2&kw=&mw=300&mh=250&cu=
172.66.43.59302 Found 418 B URL HTTP/2 twinrdsrv.com/Redirect.eng?MediaSegmentId=31311&dcid=3_ctx_255c8807-d6ca-48f9-a5ae-57c702248ed9&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=0qo3kdvAac4p1MYIEwBPictAzcxYhDX2-gWUMQivDI8O5kzcDFPqXME1z5wjXnSbJOull1xXkfRBcXl3ka-OkI-NqKJZoerZnDDfLk2WIIde4rjqHsA_4l2LNo0NSOKTFKCfeGAYJvEdduAMe7MQrV27XREZ3xxEm32IMH9LfrSrm8xpSJFtRCpFSfZG7DHyvQAXcFl3IMYOrM2l03IdnpbQXcWdTpRZJ26ocKScr98K0dMeSsGtkrT5tCLaIlDqTT6SoS3U2hpZY4T8dChhB1e7VvwCLvjzSrTyf2Ivm-SZEXMewY398sDLXzDzenifsypBjoHsrXg9MOmD6tJllDbYjN7Y7jnoCF4RLOE_QdAgm3U4RHXNRbiUaUccq-s3KBDPsvyNuJVT11wp89y_B5Hqy17qc1DlrqND2682xEcpn7QqYthpri5LZtCuIoF6ByU0_lNkBD9iR-0iyV-awhuFjzynLcqYvXT0pvZeyxh8uUcVE5H4T5z11rCqUKim9dOcEUFrBs68Tem8niD3Nxc1mO8XW6Pecd-g7AuQwyY0inTZSYmtCS8ib5gayHpTV0S-bWUipfmbDSh_qpCWbHMeBQFDso4Yf4s8aw3-JwcQo565o9HSopowm8eRF-WhRJ8nTlYw6x7fhU2y5aZbHjv1JXjmMQhxjI0KSEQvywXuDJli-3AXhpq9OoiU4K7PK1m8Losi13ccR7xnPiD916tjo4_h5dmbsA0n3B2nZYKs8MKzn8PxG43AOxYC-BSMxCq2e8HPcmTgJA9M-yPFITtqBb8Ke-GSP6k4hu09zqePck7g3F8yehj4AxU-vgEhQXvmpE6J9rMMoa65KK86g6TAPimsttqHtJmbIB0sJnuyRay06Ovz3fHUUTzLP4JVrJMrD1HpukLr6NkFC5PP0w2&kw=&mw=300&mh=250&cu=
IP 172.66.43.59:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (346), with CRLF line terminators
Hash 4036e1c0742f19b9bbeab34cf161fee9
d750c148999ab5c15673279fa5b52f3513c394b3
eb4e510a10471862bf7b35211456f4cc09704fd331fb890a6ace8d8dc59af171
GET /Redirect.eng?MediaSegmentId=31311&dcid=3_ctx_255c8807-d6ca-48f9-a5ae-57c702248ed9&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=0qo3kdvAac4p1MYIEwBPictAzcxYhDX2-gWUMQivDI8O5kzcDFPqXME1z5wjXnSbJOull1xXkfRBcXl3ka-OkI-NqKJZoerZnDDfLk2WIIde4rjqHsA_4l2LNo0NSOKTFKCfeGAYJvEdduAMe7MQrV27XREZ3xxEm32IMH9LfrSrm8xpSJFtRCpFSfZG7DHyvQAXcFl3IMYOrM2l03IdnpbQXcWdTpRZJ26ocKScr98K0dMeSsGtkrT5tCLaIlDqTT6SoS3U2hpZY4T8dChhB1e7VvwCLvjzSrTyf2Ivm-SZEXMewY398sDLXzDzenifsypBjoHsrXg9MOmD6tJllDbYjN7Y7jnoCF4RLOE_QdAgm3U4RHXNRbiUaUccq-s3KBDPsvyNuJVT11wp89y_B5Hqy17qc1DlrqND2682xEcpn7QqYthpri5LZtCuIoF6ByU0_lNkBD9iR-0iyV-awhuFjzynLcqYvXT0pvZeyxh8uUcVE5H4T5z11rCqUKim9dOcEUFrBs68Tem8niD3Nxc1mO8XW6Pecd-g7AuQwyY0inTZSYmtCS8ib5gayHpTV0S-bWUipfmbDSh_qpCWbHMeBQFDso4Yf4s8aw3-JwcQo565o9HSopowm8eRF-WhRJ8nTlYw6x7fhU2y5aZbHjv1JXjmMQhxjI0KSEQvywXuDJli-3AXhpq9OoiU4K7PK1m8Losi13ccR7xnPiD916tjo4_h5dmbsA0n3B2nZYKs8MKzn8PxG43AOxYC-BSMxCq2e8HPcmTgJA9M-yPFITtqBb8Ke-GSP6k4hu09zqePck7g3F8yehj4AxU-vgEhQXvmpE6J9rMMoa65KK86g6TAPimsttqHtJmbIB0sJnuyRay06Ovz3fHUUTzLP4JVrJMrD1HpukLr6NkFC5PP0w2&kw=&mw=300&mh=250&cu= HTTP/1.1
Host: twinrdsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
Cookie: IKSR={}; INF_DFL8=false; IUID=8943e9f5-822a-4a73-84c5-d7f2bef083e3; ISSH=6931A6; VMI=; IPLH=#{}; IPLH_Q=#[]; CHN=#[]; MSSH=#{}; MSRH=#{}; ILP=null; ILPLU=#1/1/0001 12:00:00 AM; ILEALC=#1/1/0001 12:00:00 AM; ILMPF=#False; IPMPLU=#; IPMUID=#; BSWUID=#; IBL=#[]; IPLSH=#{}; IPLSH_Q=#[]; IZH=#{}; IZH_Q=#[]; IMCH=#{}; IMCH_Q=#[]; IMH=#{}; IMH_Q=#[]; ISH=#{}; ISH_Q=#[]; ISPH=#{}; ISPH_Q=#[]; ICH=#{}; ICH_Q=#[]
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 09 Feb 2023 19:50:47 GMT
content-type: text/html; charset=utf-8
content-length: 418
location: https://twinrdsrv.com/mediahosting.engine?MediaId=54280&AId=6827&CId=27887&PId=49657&SiteId=7003&ZoneId=41951&VolumeMetricId=cb183eab-ec05-46ea-b1b9-56695b8e1c4d&PassBackUrl=&res=&dcid=3_ctx_255c8807-d6ca-48f9-a5ae-57c702248ed9&cu=&kw=&mw=300&mh=250
cache-control: private, no-transform
access-control-allow-origin: *
p3p: CP="CAO PSA OUR IND"
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=8943e9f5-822a-4a73-84c5-d7f2bef083e3; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure
ISSH=6931A6; path=/; SameSite=None; secure
VMI=cb183eab-ec05-46ea-b1b9-56695b8e1c4d; path=/; SameSite=None; secure
IPLH=#{"49657":[{"SId":"6931A6","D":"23/2/9T11:50:47"}]}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[49657]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Thu, 09-Feb-2023 23:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{"41951":[{"SId":"6931A6","D":"23/2/9T11:50:47"}]}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[41951]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{"54280":[{"SId":"6931A6","D":"23/2/9T11:50:47"}]}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[54280]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{"7003":[{"SId":"6931A6","D":"23/2/9T11:50:47"}]}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[7003]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{"27887":[{"SId":"6931A6","D":"23/2/9T11:50:47"}]}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[27887]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XJ0UM5qGgLckGaYI8I3WqaTYgFex4vP%2F4V%2FWiWBkzILIARlG%2Bg%2B2mQ6ll%2FP92RBFOmBHHuebF9Dbt6s0FMThKwz%2BB3e6YtGGGQqHx%2F6%2BmdJiBvOA6ys%2BDDAROUB6GPI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22d28cf7b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
twinrdsrv.com/Redirect.eng?MediaSegmentId=31311&dcid=3_ctx_be68dd26-850c-4f70-bd28-f4082f0f3bf4&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=0qo3kdvAac4p1MYIEwBPicTdlfKSCBaBkvCTRorjgHVrxD5rvBv3aFghIJSlUmTIB00SApVC_x2nXalSLOL9RGWuTJcrb9byc4kbwugasllUzTz2RIghphWfesFohCYFwxTdfj990YWF8fvBCaPwSdc4Im5jmknJc5jgeKCa9kU0xXO1gij0W616cicvgoDHAHBcrnXrWxuafjxJdlz53cS91Pp5CuQ2de8HqDsUt0pO2XYRXWGrzxLBv__rJZQsc5WzPyMcAJiiTKx5C_BzL9sUWhsxjRD9dISQVqqAPjNG5YN0Sjfr3VyW7GpdMglkklN0gDHg5B3NUuFmMeGLft_MqXkT3H5clemF-yHbFMLiwIDDl4MECU3Pfbcg3A83B7UGIaN7MYzNoDDL0UPzbnROs69Ee8JKjpCyoIEI21L_UWhyYbpssaO-7brI_Ca258VB5Jd8x3y_jv9J_9OppXQgI9ee8zNugqUJ1HUSdxS5axxcbGwsKOA_4qLbEiBhq6meInTdC4CvTd-jJvujo4cvZbfgj8zWn7kqJ2Q88n9JPGu91eGV-K1e9G4_v1fNrc-26MFES8i97Vp247OUkuWcda1pWgDonVlpKcdEhNME3ul0pW6SSsQ-GHPEo05Z7O0IfVGT-pZ5_FFFKbOGHO4YkwU6cmiihEgcc7S1H-1nPVYBbInQEvKTvu51A2lceKZUJBJtGO3NG9ppjEhfQ4qCxsEgckTH4UWm2uFinhWAFiUAYDgnAyS-14IENpTqhXLfOjQvRqljjxr4PNGfz2JAu92tL5Bfhmxl-yPbZVDRDsBfBhztAjzAaHl9xhybHyRzr1u8WdvFi5l4hiIqNmazUrFprJePURAmdlSZNBvmPXlCWWAgrTmSO1sqe8nX60Fw-BK-3X_K-dZeIj6zKaop3SvWnxctW6Zt6RQjMXc1&kw=&mw=300&mh=250&cu=
172.66.43.59302 Found 418 B URL HTTP/2 twinrdsrv.com/Redirect.eng?MediaSegmentId=31311&dcid=3_ctx_be68dd26-850c-4f70-bd28-f4082f0f3bf4&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=0qo3kdvAac4p1MYIEwBPicTdlfKSCBaBkvCTRorjgHVrxD5rvBv3aFghIJSlUmTIB00SApVC_x2nXalSLOL9RGWuTJcrb9byc4kbwugasllUzTz2RIghphWfesFohCYFwxTdfj990YWF8fvBCaPwSdc4Im5jmknJc5jgeKCa9kU0xXO1gij0W616cicvgoDHAHBcrnXrWxuafjxJdlz53cS91Pp5CuQ2de8HqDsUt0pO2XYRXWGrzxLBv__rJZQsc5WzPyMcAJiiTKx5C_BzL9sUWhsxjRD9dISQVqqAPjNG5YN0Sjfr3VyW7GpdMglkklN0gDHg5B3NUuFmMeGLft_MqXkT3H5clemF-yHbFMLiwIDDl4MECU3Pfbcg3A83B7UGIaN7MYzNoDDL0UPzbnROs69Ee8JKjpCyoIEI21L_UWhyYbpssaO-7brI_Ca258VB5Jd8x3y_jv9J_9OppXQgI9ee8zNugqUJ1HUSdxS5axxcbGwsKOA_4qLbEiBhq6meInTdC4CvTd-jJvujo4cvZbfgj8zWn7kqJ2Q88n9JPGu91eGV-K1e9G4_v1fNrc-26MFES8i97Vp247OUkuWcda1pWgDonVlpKcdEhNME3ul0pW6SSsQ-GHPEo05Z7O0IfVGT-pZ5_FFFKbOGHO4YkwU6cmiihEgcc7S1H-1nPVYBbInQEvKTvu51A2lceKZUJBJtGO3NG9ppjEhfQ4qCxsEgckTH4UWm2uFinhWAFiUAYDgnAyS-14IENpTqhXLfOjQvRqljjxr4PNGfz2JAu92tL5Bfhmxl-yPbZVDRDsBfBhztAjzAaHl9xhybHyRzr1u8WdvFi5l4hiIqNmazUrFprJePURAmdlSZNBvmPXlCWWAgrTmSO1sqe8nX60Fw-BK-3X_K-dZeIj6zKaop3SvWnxctW6Zt6RQjMXc1&kw=&mw=300&mh=250&cu=
IP 172.66.43.59:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (346), with CRLF line terminators
Hash 1c81d08dd2cb2b96ea5c1a71789be162
60d55ded0dd1bbdd929bd619a9f3f8ddb37750f4
3ac871ae23abb0149470a4ed13a2272e87f0e6fb0a6a6d8245029383021456e0
GET /Redirect.eng?MediaSegmentId=31311&dcid=3_ctx_be68dd26-850c-4f70-bd28-f4082f0f3bf4&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=0qo3kdvAac4p1MYIEwBPicTdlfKSCBaBkvCTRorjgHVrxD5rvBv3aFghIJSlUmTIB00SApVC_x2nXalSLOL9RGWuTJcrb9byc4kbwugasllUzTz2RIghphWfesFohCYFwxTdfj990YWF8fvBCaPwSdc4Im5jmknJc5jgeKCa9kU0xXO1gij0W616cicvgoDHAHBcrnXrWxuafjxJdlz53cS91Pp5CuQ2de8HqDsUt0pO2XYRXWGrzxLBv__rJZQsc5WzPyMcAJiiTKx5C_BzL9sUWhsxjRD9dISQVqqAPjNG5YN0Sjfr3VyW7GpdMglkklN0gDHg5B3NUuFmMeGLft_MqXkT3H5clemF-yHbFMLiwIDDl4MECU3Pfbcg3A83B7UGIaN7MYzNoDDL0UPzbnROs69Ee8JKjpCyoIEI21L_UWhyYbpssaO-7brI_Ca258VB5Jd8x3y_jv9J_9OppXQgI9ee8zNugqUJ1HUSdxS5axxcbGwsKOA_4qLbEiBhq6meInTdC4CvTd-jJvujo4cvZbfgj8zWn7kqJ2Q88n9JPGu91eGV-K1e9G4_v1fNrc-26MFES8i97Vp247OUkuWcda1pWgDonVlpKcdEhNME3ul0pW6SSsQ-GHPEo05Z7O0IfVGT-pZ5_FFFKbOGHO4YkwU6cmiihEgcc7S1H-1nPVYBbInQEvKTvu51A2lceKZUJBJtGO3NG9ppjEhfQ4qCxsEgckTH4UWm2uFinhWAFiUAYDgnAyS-14IENpTqhXLfOjQvRqljjxr4PNGfz2JAu92tL5Bfhmxl-yPbZVDRDsBfBhztAjzAaHl9xhybHyRzr1u8WdvFi5l4hiIqNmazUrFprJePURAmdlSZNBvmPXlCWWAgrTmSO1sqe8nX60Fw-BK-3X_K-dZeIj6zKaop3SvWnxctW6Zt6RQjMXc1&kw=&mw=300&mh=250&cu= HTTP/1.1
Host: twinrdsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
Cookie: IKSR={}; INF_DFL8=false; IUID=8943e9f5-822a-4a73-84c5-d7f2bef083e3; ISSH=6931A6; VMI=; IPLH=#{}; IPLH_Q=#[]; CHN=#[]; MSSH=#{}; MSRH=#{}; ILP=null; ILPLU=#1/1/0001 12:00:00 AM; ILEALC=#1/1/0001 12:00:00 AM; ILMPF=#False; IPMPLU=#; IPMUID=#; BSWUID=#; IBL=#[]; IPLSH=#{}; IPLSH_Q=#[]; IZH=#{}; IZH_Q=#[]; IMCH=#{}; IMCH_Q=#[]; IMH=#{}; IMH_Q=#[]; ISH=#{}; ISH_Q=#[]; ISPH=#{}; ISPH_Q=#[]; ICH=#{}; ICH_Q=#[]
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 09 Feb 2023 19:50:47 GMT
content-type: text/html; charset=utf-8
content-length: 418
location: https://twinrdsrv.com/mediahosting.engine?MediaId=54280&AId=6827&CId=27887&PId=49657&SiteId=7003&ZoneId=41938&VolumeMetricId=c6955854-03af-4b3c-9f56-24f0c9bc02f4&PassBackUrl=&res=&dcid=3_ctx_be68dd26-850c-4f70-bd28-f4082f0f3bf4&cu=&kw=&mw=300&mh=250
cache-control: private, no-transform
access-control-allow-origin: *
p3p: CP="CAO PSA OUR IND"
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=8943e9f5-822a-4a73-84c5-d7f2bef083e3; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure
ISSH=6931A6; path=/; SameSite=None; secure
VMI=c6955854-03af-4b3c-9f56-24f0c9bc02f4; path=/; SameSite=None; secure
IPLH=#{"49657":[{"SId":"6931A6","D":"23/2/9T11:50:47"}]}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[49657]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Thu, 09-Feb-2023 23:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{"41938":[{"SId":"6931A6","D":"23/2/9T11:50:47"}]}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[41938]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{"54280":[{"SId":"6931A6","D":"23/2/9T11:50:47"}]}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[54280]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{"7003":[{"SId":"6931A6","D":"23/2/9T11:50:47"}]}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[7003]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{"27887":[{"SId":"6931A6","D":"23/2/9T11:50:47"}]}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[27887]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2BN0SL%2B2M5JWYNuuq5kQN6JDWkbuzuqJ%2BLt8VC98MCkxYuDuNxu6rAdhLwozfZkPhLKuCjZlBrj0%2BjkbEOMEspuwp6IMZMb6Xw5TYQf%2BkT1QaoP5xuCFypjt7petVHc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22d28ceeb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
outdilateinterrupt.com/pixel/pure
173.233.137.52204 No Content 0 B URL HTTP/1.1 outdilateinterrupt.com/pixel/pure
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Thu, 09 Feb 2023 19:50:47 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
dgemanowhowe.xyz/popunder.gif
172.67.150.94301 Moved Permanently 0 B URL HTTP/1.1 dgemanowhowe.xyz/popunder.gif
IP 172.67.150.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: dgemanowhowe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 301 Moved Permanently
Date: Thu, 09 Feb 2023 19:50:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 09 Feb 2023 20:50:47 GMT
Location: https://dgemanowhowe.xyz/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iGAHwC3WUHj0PcwW8gw5HwUQAL3T2OahKvPhyqGxH8lKWGrULTGkkVetDitcKtJfX3QGPjFddl7zlWurdi5ZOImhabLIzjI9HKxlX5YpMaafBlZKAcaKQQCZ0aUGkAYtz6BA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f22d4da17b4f3-OSL
alt-svc: h2=":443"; ma=60
hegdcrxavrtk.cdnvideo3.com/api/spots/17481570179280817095/997762?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
135.181.208.216200 OK 790 B URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/17481570179280817095/997762?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (591)
Hash 131a80987a53f911fa534c159e43f30b
e26f5c75d2d7872699bd623440bbd521cc9ffd5d
6b2d6a29633d5d1a126080d27c600c917349868628684c691d0ce1d9cf402fdf
GET /api/spots/17481570179280817095/997762?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: text/xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.xxxfiles.tv
Cache-Control: private
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/17481570179280817095/997745?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
135.181.208.216200 OK 566 B URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/17481570179280817095/997745?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text
Hash 309a6b46b1a382cd03b4bf310eaf4160
3c13c46e07497d675c07db4c8b1d39bb25cf3f4c
2f34adba9b6d01cbd0aa9de5ef67fbe60d487802d2bf468760262f52109a90b2
GET /api/spots/17481570179280817095/997745?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: text/xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.xxxfiles.tv
Cache-Control: private
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/17481570179280817095/997869?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
135.181.208.216200 OK 572 B URL HTTP/1.1 hegdcrxavrtk.cdnvideo3.com/api/spots/17481570179280817095/997869?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text
Hash 7c39c14a744d2135329a080fc2d18f76
5e4c6978aa69aa9b9218039712b6dc456c80e2df
e1f562459e4c4ab9b280d09719da330eaac485a2bff2aacd364f0a49773dce97
GET /api/spots/17481570179280817095/997869?fill=0&kw=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: text/xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.xxxfiles.tv
Cache-Control: private
Content-Encoding: gzip
outdilateinterrupt.com/pixel/pure
173.233.137.52200 OK 0 B URL HTTP/1.1 outdilateinterrupt.com/pixel/pure
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 73
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
pogothere.xyz/asd100.bin
172.64.133.29200 OK 103 kB IP 172.64.133.29:0
Size 103 kB (102903 bytes)
Hash 1e909336061cb1218a895befdaba0a5a
0bb760031dd2ebebe9482b156d615963f30d9af8
b6f3bad0a8fcd0502a113e6b0c606dde5a30c209d315d349fe2c3dea6dd7e797
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:47 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.xxxfiles.tv
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Thu, 09 Feb 2023 19:50:47 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0wFTVvO8ATKHk68lzV%2FdDH2F%2Fkk998HWkARsrPb5Tbhczm0TdohXezZKtbmEXXqlVf9GP6LqAmLujhaJ28bJCO9m5VLIbGFEdMCeieJ0PzNsVdIXKIyeODB2aQSS8%2F0R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d16be723ad-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01PUUoEMQy9iheYkqRJm+63/iqs7AFmOnUV2RkZZVkhhzcdEcyjJH28JC8EFAegAcod8kHgwNkKhgKBKaCwPT4djdE+1m05r6GuF2NWFjSKmDOZQlHNxhGZi5qAP0olYbIszlEkY7Bo4CCJzL0KAGhZ7eF0tNPzvROlC9HQpQA3BPBP320Etrfc+oA2aW1z0YxxqtMLcYuT5JZVaozsPtBFr+081+02Xrev91Dn5fo2tzXu3uEXAST1bfRHOAbckwfYXo2f30s1+yfpkL2JzU/rFq1hopxnFeFxFg+uU0IRGBV51PIDM/rIL2EBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01PUUoEMQy9iheYkqRJm+63/iqs7AFmOnUV2RkZZVkhhzcdEcyjJH28JC8EFAegAcod8kHgwNkKhgKBKaCwPT4djdE+1m05r6GuF2NWFjSKmDOZQlHNxhGZi5qAP0olYbIszlEkY7Bo4CCJzL0KAGhZ7eF0tNPzvROlC9HQpQA3BPBP320Etrfc+oA2aW1z0YxxqtMLcYuT5JZVaozsPtBFr+081+02Xrev91Dn5fo2tzXu3uEXAST1bfRHOAbckwfYXo2f30s1+yfpkL2JzU/rFq1hopxnFeFxFg+uU0IRGBV51PIDM/rIL2EBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01PUUoEMQy9iheYkqRJm+63/iqs7AFmOnUV2RkZZVkhhzcdEcyjJH28JC8EFAegAcod8kHgwNkKhgKBKaCwPT4djdE+1m05r6GuF2NWFjSKmDOZQlHNxhGZi5qAP0olYbIszlEkY7Bo4CCJzL0KAGhZ7eF0tNPzvROlC9HQpQA3BPBP320Etrfc+oA2aW1z0YxxqtMLcYuT5JZVaozsPtBFr+081+02Xrev91Dn5fo2tzXu3uEXAST1bfRHOAbckwfYXo2f30s1+yfpkL2JzU/rFq1hopxnFeFxFg+uU0IRGBV51PIDM/rIL2EBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sat, 08 Feb 2025 19:50:47 GMT; path=/; domain=.realsrv.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
outdilateinterrupt.com/pixel/pure
173.233.137.52200 OK 0 B URL HTTP/1.1 outdilateinterrupt.com/pixel/pure
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 73
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
www.xxxfiles.tv/js/kvs/main.min.js?v=1675972244
104.21.83.6200 OK 84 kB URL HTTP/2 www.xxxfiles.tv/js/kvs/main.min.js?v=1675972244
IP 104.21.83.6:0
File type ASCII text, with very long lines (32089)
Hash c94aa81d62894f5c0a08f6c0b2dd65e9
7bccceeeb43cb8095c3dd6de97deb187a83e6245
03c84c3bfc54e40dcceca1065cb2b48295ff14b9c79d3bf7bf06edd3071bf631
GET /js/kvs/main.min.js?v=1675972244 HTTP/1.1
Host: www.xxxfiles.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:45 GMT
content-type: application/javascript
last-modified: Wed, 20 Nov 2019 11:57:15 GMT
vary: Accept-Encoding
etag: W/"5dd52a1b-412c8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2qU4s0XeHVQjlos9G8VA9Z5Gdu76fmsdaoXG72o3E52UMio5t41ROgUtAQYMxIwaxoCJyMAYMTW11f6JfmTS%2BbtY2snnIToEHC9BfuM%2BzfnBnle2%2BwsMTq6LTk%2F0YiNyn2w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22c7ccebb4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash f4d70c08e1218b63bac059805b92675a
1d13e4fe65652b5b36a67ebfba1d83921a789b4d
dbe4cff6cbae66f017e3cdeeb5a5809ec3e5ee80594621aa36e26b11aa8a25e9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6483
Cache-Control: max-age=166577
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:47 GMT
Etag: "63e51cf5-116"
Expires: Sat, 11 Feb 2023 18:07:04 GMT
Last-Modified: Thu, 09 Feb 2023 16:19:01 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 278
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02OYUoEMQyFr+IFpryk6bTZ3/pXYWUP0G1nVhFnZJRlhRzedgQxj5BHyMcLg/0AHqB3JIeAg0RTcgon7CiIPT4dTcg+1m25rK6s70YChGTsKUa2BE0pmngiBVtA6n6EjCbKI1GECcwbmjh4ke4cQBaTPZyOdnq+bwtlz0bGFjndFM32ZONGd+DW8VLPsYgwWqcKnqdYhUKdKZ5zDdog2Mt0qWW75ev29eZKXa6vdVr9/jl+5RBoj8KfBtpHK9ju8uf3Usz+nXSFHWqwSB+W50klF68tfJKac02awcoagMr+B2YB5YpeAQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02OYUoEMQyFr+IFpryk6bTZ3/pXYWUP0G1nVhFnZJRlhRzedgQxj5BHyMcLg/0AHqB3JIeAg0RTcgon7CiIPT4dTcg+1m25rK6s70YChGTsKUa2BE0pmngiBVtA6n6EjCbKI1GECcwbmjh4ke4cQBaTPZyOdnq+bwtlz0bGFjndFM32ZONGd+DW8VLPsYgwWqcKnqdYhUKdKZ5zDdog2Mt0qWW75ev29eZKXa6vdVr9/jl+5RBoj8KfBtpHK9ju8uf3Usz+nXSFHWqwSB+W50klF68tfJKac02awcoagMr+B2YB5YpeAQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA02OYUoEMQyFr+IFpryk6bTZ3/pXYWUP0G1nVhFnZJRlhRzedgQxj5BHyMcLg/0AHqB3JIeAg0RTcgon7CiIPT4dTcg+1m25rK6s70YChGTsKUa2BE0pmngiBVtA6n6EjCbKI1GECcwbmjh4ke4cQBaTPZyOdnq+bwtlz0bGFjndFM32ZONGd+DW8VLPsYgwWqcKnqdYhUKdKZ5zDdog2Mt0qWW75ev29eZKXa6vdVr9/jl+5RBoj8KfBtpHK9ju8uf3Usz+nXSFHWqwSB+W50klF68tfJKac02awcoagMr+B2YB5YpeAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sat, 08 Feb 2025 19:50:47 GMT; path=/; domain=.realsrv.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1P7U7DMAx8FV6gkb+S2PsNf0Ea2gO0STsQokUFTUPyw5N2Yj4pPkc++0xA3AF1YA8ohwgHyW4YDIJQwCj+/HJ0Qf9a1vm8hLJ8eiJOiE6MOZMrmGp2YUQ19QjqbBgtaZNpZiVxAWeHBoossrEAAORZ/el09NPrY/sxYvI2Fry929aN7s3XTVqSGeJQJkBOU080TEMVjqSRMGttIvC38VzLeu0v689HKHW+vNdx4d013BCQedvyXzd0uKcW4Dvrv3/n4n5vuFn2eFdhswglj6lXGduNNTIC0UiJJ7NSUp3+AGJDEgRYAQAA
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1P7U7DMAx8FV6gkb+S2PsNf0Ea2gO0STsQokUFTUPyw5N2Yj4pPkc++0xA3AF1YA8ohwgHyW4YDIJQwCj+/HJ0Qf9a1vm8hLJ8eiJOiE6MOZMrmGp2YUQ19QjqbBgtaZNpZiVxAWeHBoossrEAAORZ/el09NPrY/sxYvI2Fry929aN7s3XTVqSGeJQJkBOU080TEMVjqSRMGttIvC38VzLeu0v689HKHW+vNdx4d013BCQedvyXzd0uKcW4Dvrv3/n4n5vuFn2eFdhswglj6lXGduNNTIC0UiJJ7NSUp3+AGJDEgRYAQAA
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1P7U7DMAx8FV6gkb+S2PsNf0Ea2gO0STsQokUFTUPyw5N2Yj4pPkc++0xA3AF1YA8ohwgHyW4YDIJQwCj+/HJ0Qf9a1vm8hLJ8eiJOiE6MOZMrmGp2YUQ19QjqbBgtaZNpZiVxAWeHBoossrEAAORZ/el09NPrY/sxYvI2Fry929aN7s3XTVqSGeJQJkBOU080TEMVjqSRMGttIvC38VzLeu0v689HKHW+vNdx4d013BCQedvyXzd0uKcW4Dvrv3/n4n5vuFn2eFdhswglj6lXGduNNTIC0UiJJ7NSUp3+AGJDEgRYAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sat, 08 Feb 2025 19:50:47 GMT; path=/; domain=.realsrv.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/140058/a3b3d1c2f130869f26b52dd61424e0edd505bc56.gif
185.76.9.17200 OK 26 kB URL HTTP/1.1 s3t3d2y8.afcdn.net/library/140058/a3b3d1c2f130869f26b52dd61424e0edd505bc56.gif
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type GIF image data, version 89a, 728 x 90\012- data
Hash 6e5a7b8e8caf164b4fc623a8fdd6ddd7
a3b3d1c2f130869f26b52dd61424e0edd505bc56
3848f81bd550318085254b663ae6b86b40fad61f1fb9385771e464c2c1d918e2
GET /library/140058/a3b3d1c2f130869f26b52dd61424e0edd505bc56.gif HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: image/gif
Content-Length: 25514
Connection: keep-alive
Last-Modified: Sat, 19 Jan 2019 06:52:03 GMT
ETag: "5c42c913-63aa"
Expires: Fri, 30 Jun 2023 13:42:55 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
X-Cache-OP: HIT
X-Accel-Expires: @1688195308
Server: CDN77-Turbo
X-Robots-Tag: noindex, follow
X-77-NZT: AblMCQ2Qrpv/K7EmAQ
X-77-NZT-Ray: c0a4cc286cc39685974ee563301ccf3a
X-Cache: HIT
X-Age: 19312939
X-77-POP: stockholmSE
X-77-Cache: HIT
Accept-Ranges: bytes
s3t3d2y8.afcdn.net/library/623611/d072faccd5bf786646901428e54895921ab50f73.jpg
185.76.9.17200 OK 34 kB URL HTTP/1.1 s3t3d2y8.afcdn.net/library/623611/d072faccd5bf786646901428e54895921ab50f73.jpg
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash b91c96358753ce1ab4086e875c84c4e8
d072faccd5bf786646901428e54895921ab50f73
3be413c893134d87bd9a4532d47ad5726d31893c10330b23e8c6fb7935d307c5
GET /library/623611/d072faccd5bf786646901428e54895921ab50f73.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: image/jpeg
Content-Length: 34098
Connection: keep-alive
Last-Modified: Thu, 14 May 2020 09:51:02 GMT
ETag: "5ebd1486-8532"
Expires: Tue, 24 Oct 2023 13:31:26 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
X-Robots-Tag: noindex, follow
X-Cache-OP: HIT
X-Accel-Expires: @1702023665
Server: CDN77-Turbo
X-77-NZT: AblMCQ0CxQb/JrBTAA
X-77-NZT-Ray: c0a4cc286cc39785974ee563ab67ca3a
X-Cache: HIT
X-Age: 5484582
X-77-POP: stockholmSE
X-77-Cache: HIT
Accept-Ranges: bytes
s3t3d2y8.afcdn.net/library/448451/e2992aed94e3ab1b92e7eba60ec25912cdbe4f8b.mp4
185.76.9.17206 Partial Content 11 kB URL HTTP/1.1 s3t3d2y8.afcdn.net/library/448451/e2992aed94e3ab1b92e7eba60ec25912cdbe4f8b.mp4
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 0362ca66d2648842761ab7e897210c2b
e2992aed94e3ab1b92e7eba60ec25912cdbe4f8b
6112e64eff0942f4a746c8840cc94ec23121f5fcc51fa1ac1523a38d05bfa124
GET /library/448451/e2992aed94e3ab1b92e7eba60ec25912cdbe4f8b.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
HTTP/1.1 206 Partial Content
Date: Thu, 09 Feb 2023 19:50:47 GMT
Content-Type: video/mp4
Content-Length: 10631
Connection: keep-alive
Last-Modified: Tue, 09 Aug 2022 11:14:51 GMT
ETag: "62f241ab-2987"
Expires: Wed, 09 Aug 2023 11:37:57 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
X-Cache-OP: HIT
X-Accel-Expires: @1691581153
Server: CDN77-Turbo
X-Robots-Tag: noindex, follow
X-77-NZT: AblMCQ14PK//NgfzAA
X-77-NZT-Ray: c0a4cc2823c09c85974ee563eb28953b
X-Cache: HIT
X-Age: 15927094
X-77-POP: stockholmSE
X-77-Cache: HIT
Content-Range: bytes 0-10630/10631
go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=30126a95-be4a-4ed9-9147-3b496e1501f7&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
104.18.51.106302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=30126a95-be4a-4ed9-9147-3b496e1501f7&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=30126a95-be4a-4ed9-9147-3b496e1501f7&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdsrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 09 Feb 2023 19:50:48 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=ca6624202b11763d71416a8ead72efb72b6393c2d3c8dd0c6eab3c1996806e05&iterationId=402449&masterSmartpopId=1914&memberId=30126a95-be4a-4ed9-9147-3b496e1501f7&p1=Promo_Banners_Straight_T1_Desk&p2=49657&quality=optimal&ruleId=17&smartpopId=1807&sourceId=xxxfiles.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=30282
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=893328.30282; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatErgREcmYTNdAc; SameSite=None; Secure; path=/; expires=Fri, 10-Feb-23 18:50:48 GMT; HttpOnly
server: cloudflare
cf-ray: 796f22d5fbeab51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=05e0c8f2-6b23-4456-b954-eef67ea0a83f&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
104.18.51.106302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=05e0c8f2-6b23-4456-b954-eef67ea0a83f&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=05e0c8f2-6b23-4456-b954-eef67ea0a83f&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdsrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 09 Feb 2023 19:50:48 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=b1d8c7daf6a59fb399d72f07926edef5ef148a9a77194ce9741b2132d9790c03&iterationId=402449&masterSmartpopId=1914&memberId=05e0c8f2-6b23-4456-b954-eef67ea0a83f&p1=Promo_Banners_Straight_T1_Desk&p2=49657&quality=optimal&ruleId=17&smartpopId=1807&sortBy=stripRanking&sourceId=xxxfiles.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=30283
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=893328.30283; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCddNhqGgfsRfgxdYviEmJU2XhVzk; SameSite=None; Secure; path=/; expires=Fri, 10-Feb-23 18:50:48 GMT; HttpOnly
server: cloudflare
cf-ray: 796f22d5fbf2b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash f4d70c08e1218b63bac059805b92675a
1d13e4fe65652b5b36a67ebfba1d83921a789b4d
dbe4cff6cbae66f017e3cdeeb5a5809ec3e5ee80594621aa36e26b11aa8a25e9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6321
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:48 GMT
Last-Modified: Thu, 09 Feb 2023 18:05:27 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12659
Expires: Thu, 09 Feb 2023 23:21:47 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12659
Expires: Thu, 09 Feb 2023 23:21:47 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12659
Expires: Thu, 09 Feb 2023 23:21:47 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12659
Expires: Thu, 09 Feb 2023 23:21:47 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 79 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 54c1390a077926066bc65a017062ca88
7b34bbc02724a5f167bde0b285e4a99a0e52e945
f26219bc1fe0c4ecbc9a48ffed0c602d7d6b5d90ffca0323de9e3b953899ce39
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12659
Expires: Thu, 09 Feb 2023 23:21:47 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 764b732e88dd1e9c1824529b24b3dffc
2ba954a51c2972b267ae0536e343e608aa9aa7f4
a1efdf03b14bb05cf8e407b92476592c35fa2d27c5e66705322abdb4c6412a06
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8150
x-amzn-requestid: 3834493a-4162-4cc9-b67c-541cc9be895b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwD8IH0TIAMFWqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb380-3746ff7b0a6894366efa848e;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:10:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I3qmC4D6qdsheK8VO3oKbPDU7XV1r9_XEPMcExKnvATDkVUsJHjHbg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 01:59:42 GMT
age: 64266
etag: "2ba954a51c2972b267ae0536e343e608aa9aa7f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GnbG_CYddidhGlygFinwMyN81eHxP_vRzxsm7QBIAJzFqwaKTt-POQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:44 GMT
age: 80164
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9203cfb9f0c1c958dd008eac55a9d3c4
6bdd1047590dd3fb54c15d5d6d38e7c86274b203
09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y-1zzLzVegi0T-SAyTpUuFD6iVVYbuL5u71dc74BY2l7PrxVu-am5w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
age: 80171
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d7814305f961caded310b6f2089219b
efcb6a067bb023865823625e67d9de60d44685e0
3c01637a052e2394774fc8f6dd37a284afaf76b423219ecd26a89c2d8b69c121
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9846
x-amzn-requestid: 4e6cc2be-bc18-4d66-b338-833a05d0d998
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsaDlGV4oAMFoZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db3d49-14fc32183d3c6afb3a64c27d;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 04:34:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BNBH60bI_wBqaKAFD_FeZHbzfIeJh9-x-JiMsF0Uh9pxKHFPdAH6Vw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:02:08 GMT
age: 78520
etag: "efcb6a067bb023865823625e67d9de60d44685e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b11f9f70f5e8af4de6d9fc5b9f50ccbe
753cb08c3f8c7c0750d113253790a08db01986bc
d4b77ba995ea274fd169fc9bc66919b23e72a8edb88d6184bf3d7f3ab398c645
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11036
x-amzn-requestid: 4bd4976c-9500-4d6d-a447-dd2873987d13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswexHCYIAMFzag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db612b-61d430202cbbf52823f38c49;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:07:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1mDt4mKlkZG2_zBPhwB_lbzJ0Im0FlnjmJMa7gcopuv14gwqtwlA2w==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
age: 80171
etag: "753cb08c3f8c7c0750d113253790a08db01986bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb92005b3-7a69-411c-9afb-60b86ab8c5da.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb92005b3-7a69-411c-9afb-60b86ab8c5da.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0c5e12696e3ee13041d043084828210
c48927fb23f59e0949d388086c197699c8f19d1b
47838e958555ff6799d4d1d3994913943726daba5294cd89afe9036628ef6fdb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb92005b3-7a69-411c-9afb-60b86ab8c5da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: fa797448-32c3-4438-a192-5291c48b1d85
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKFq9oAMFgog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-46ff32923a2763b45a5194f4;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2olwTLHKbCas7GcQiRz22bk_I646VcTxN3Yv_ObBVgeGC0l73GNh8A==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "c48927fb23f59e0949d388086c197699c8f19d1b"
content-type: image/jpeg
age: 80171
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 991ebc438c2fd2c80d3d721d35659e7a
aa023ec216acd67d3125b2ddabe36d060ff24ffd
0f8325d8320910fc033552129d042bd9881050c179d4fdcb3251479d71c220b3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2133
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:48 GMT
Last-Modified: Thu, 09 Feb 2023 19:15:15 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
video.ktkjmp.com/adsbygoogle.js
104.18.48.21200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.48.21:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: umnGOMVCjminO+qe5UBV06OrSizh/U59KvaEibge5v1gMRbq/UnThpljPBepeh+5w7wEpQIcu/4=
x-amz-request-id: 3YW9SERF7DC7262X
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1807
expires: Thu, 09 Feb 2023 23:50:48 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d7cbc1b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 991ebc438c2fd2c80d3d721d35659e7a
aa023ec216acd67d3125b2ddabe36d060ff24ffd
0f8325d8320910fc033552129d042bd9881050c179d4fdcb3251479d71c220b3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2133
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:48 GMT
Last-Modified: Thu, 09 Feb 2023 19:15:15 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
pogothere.xyz/asd100.bin
172.64.133.29200 OK 106 kB IP 172.64.133.29:0
Size 106 kB (106429 bytes)
Hash 859f84fb3608b96cf30bbf4f38606033
eecb8d6e64d913911436e35288fdcc0af2eefc19
bf5c22d979425cd6319879204f1c551062d333fec56a5d5a399929eae937d2fa
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:47 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.xxxfiles.tv
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
last-modified: Thu, 09 Feb 2023 19:50:47 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a1tkQZjWyKOlraq%2FSA4G%2BFko%2FjHGwmy2Qxu6avEWZ7GBHyqZXJDnwkncaR%2B%2Bbrx5KJdM8jkkgh1Dgg4icsNp64bSOhaE6k%2BxxWhOGWJNpwu%2BOLhlRLLBKIN7OMrAL4zb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d14bc123ad-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=4646896
95.211.229.248200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4646896
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1522)
Hash edd5bd966d1a9d69d4fe470f9907298e
9ced248a7673b7bf25fe575638c12685f406bca0
65183215b9c534bbe77292eefef7aec07baf7ded76f86ed23e55ef19e58907c6
GET /splash.php?idzone=4646896 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:48 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e54e9863f289.754433312374127162%22%3B%7D; expires=Sat, 08 Feb 2025 19:50:48 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4646896%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cxxxfiles.tv%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 10 Feb 2023 19:50:48 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: http://www.xxxfiles.tv
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?idzone=4248590
95.211.229.248200 OK 2.3 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4248590
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1522)
Hash 7a00d9c9745ea9604171b71d2374eb56
24a10793fcdbdbfd9c1322f68d1e80a1fc3770cb
2d4dc533eed07c293e3ed3b18b2d15f3eb670cd7a01ce8f82f7cc21ea4052944
GET /splash.php?idzone=4248590 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 19:50:48 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%2263e54e9867c1a1.3079042274740181%22%3B%7D; expires=Sat, 08 Feb 2025 19:50:48 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4248590%7C77569256%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cxxxfiles.tv%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 10 Feb 2023 19:50:48 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: http://www.xxxfiles.tv
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
lifesoonersoar.org/floater?cs=R3p1NUhxSUMNeHVPRQV%2Fck9GBn0&abt=0&red=1&sm=83&k=spanks%20endeavours%20oldje%20young&v=0.9.1.3&sts=0&prn=0&emb=0&tid=958506&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.xxxfiles.tv%2Fvideos%2F189105%2Ff1f6fb16d6af0de72cf183a54452cb6e%2F%3Fsid%3D12320&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_mBPg=1675972308330&crc=1
65.9.44.108200 OK 2.4 kB URL HTTP/2 lifesoonersoar.org/floater?cs=R3p1NUhxSUMNeHVPRQV%2Fck9GBn0&abt=0&red=1&sm=83&k=spanks%20endeavours%20oldje%20young&v=0.9.1.3&sts=0&prn=0&emb=0&tid=958506&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.xxxfiles.tv%2Fvideos%2F189105%2Ff1f6fb16d6af0de72cf183a54452cb6e%2F%3Fsid%3D12320&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_mBPg=1675972308330&crc=1
IP 65.9.44.108:0
File type ASCII text, with very long lines (4847), with no line terminators
Hash 662e0057f578422bfd25aaf6bc5e316b
dad712f8e03775cb7bbd510fc66befaf6c61e67a
cade08bd5fbcfc1f948d286352167ba07cf6701e4e5374af890eadf21acc327a
GET /floater?cs=R3p1NUhxSUMNeHVPRQV%2Fck9GBn0&abt=0&red=1&sm=83&k=spanks%20endeavours%20oldje%20young&v=0.9.1.3&sts=0&prn=0&emb=0&tid=958506&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.xxxfiles.tv%2Fvideos%2F189105%2Ff1f6fb16d6af0de72cf183a54452cb6e%2F%3Fsid%3D12320&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_mBPg=1675972308330&crc=1 HTTP/1.1
Host: lifesoonersoar.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2418
date: Thu, 09 Feb 2023 19:50:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.xxxfiles.tv
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=cbff8153-a9c6-4797-aecf-f759fdcb2e7a
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 58899c559ea4c71daeb5333a74914042.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: n9YVS9x8qzmfZGXzNl_N1VTNDMWLy25CuO0fvlnPGDTkuh2QtldMTA==
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/click/11374602104022384095?kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25&t=5&ab=0&keywords=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David&w=1280&h=1024&domain=www.xxxfiles.tv&rnd=0.05212514978990801
135.181.208.216200 OK 3.5 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/click/11374602104022384095?kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25&t=5&ab=0&keywords=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David&w=1280&h=1024&domain=www.xxxfiles.tv&rnd=0.05212514978990801
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash c9b001c8d88f60c1e38d939dcd9c41c3
da5107341b3c41ee1b7119a018419e263b4f257c
dfef1ab0f52d9c303b87b6cc9ddefedca1c6ef44d91686ef80fb56e41f692e79
GET /api/click/11374602104022384095?kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25&t=5&ab=0&keywords=Blowjob,Masturbation,outdoor,Blonde,Teen,missionary,cunnilingus,Old/Young,big-dick,cum-licking,doggy-style,oldje.com,Alessandra%20Jane,David&w=1280&h=1024&domain=www.xxxfiles.tv&rnd=0.05212514978990801 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Cookie: nauid=95OivN9LNgqB4aJ5pkJD
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 543b892aa63850653fff2e7b6147b6a2
eb872445275f3d6899d8c0eace89384d3724d281
53200ea04b8a6fd0eb52d97cd6eb746c5c4e8a383a0609bb774c43d0f7daf4cd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5905
Cache-Control: max-age=128931
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:48 GMT
Etag: "63e48c2a-117"
Expires: Sat, 11 Feb 2023 07:39:39 GMT
Last-Modified: Thu, 09 Feb 2023 06:01:14 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 1.7 kB IP 93.184.220.29:0
File type gzip compressed data, from Unix\012- data
Hash e8e7052e3ba22e81c19aaef3b63a7c6f
9e2b98fc89d8cee01de699c558c0453f7865b76c
8c540bb5636b9693939ee2980c0313165d3401879855a29bb3cbe00e3e6cede3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5851
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:48 GMT
Last-Modified: Thu, 09 Feb 2023 18:13:17 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
helpedhandwritingintestine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3p%2BDelCDF0Gxjwoy6Z6fzIw5LMY1EozZuLsS9FZ%2FPSlT3dVUdU9PAkJwQfY4etpj55tkg24QF88LMvEiwUPag%2BRgbl68Cp5lJgOjD6ree%2FU9qO977311kF%2BSADm92PzI7Cmt6WKrFvhvbqlEmML5G%2Ff9MKgFy%2F6WSpaay%2F5gctn%2BO2HQqgVv%2BR9IvmMW60EYBGEQ%2BqvKysgMFqcoVHrSDWvdoNas18JWEwP7%2F9zlHhz1IPqXZAFKVDe3f3kKxcdI4h9uS7eTmfTt9%2BNc08xY9MXxJ8lOYooE8TyMrIcoOZ5Vw7iKkEfXYJLjmQKY%2FuFEAZiqiPd7CJYcz2iC9Y%2BumDINmYCJF1D0x5B6DEXH4OYBlDgnABfYuIMkfrxhbEF3r1A6QSty45%2B%2FoYqK3PjjFSTx9ytaDfx7RueZMonDICqhBmOo3hhpfopsz4MqTsGzL6EEQRKXUKKcqlZqDBWNoeUQ1HnIJ0d5yCMPeeohFhc%2BbXWjIGhHLGo0Ok3OeaPBeauzJFqi0exEAXI%2BoTVElg7B9RDc7iO1%2B9hR35y3Fs7X12Dzn%2BC2SzjhwWUV8T7eR1%2BUKCRB4QgKSlAogiIjKPrlkdCu7srHQruchTNfn%2FlGOTJZ74AemawnE3KQXpKXJ13xnlt4DTvywue82YmanLfrTISUBVy0lwSnnaDZoZ3uEodTJZS7NhW8pypy868vkKqKXKO%2FgtFTOH0Krl4CzV8HLUbtegC6PWp2AuwlJ4PBIFJauho3MYQpkWY3kO16B%2FqSvDqdzvKLA0h%2BduvHxtTAbYnUlvhc%2FUzQ0w9Hd01BDu%2BawpGnd9JMxWqPTiZ3L6OZvP7dh3K3MFas3XbDb9%2FlE2ASntyXLluniVBJz5EnK0oIaVeN5ZI8W3Nbkm3mbnslt0merm%2B%2Bt7oWp1Y6p0wyBlUVIRdr4Koizz%2F7bLqVbzz5FMqOYfMScX5GZgZlTsHTfbh0zt8ZAqvnNSz1UOTlyNbZ%2FFErAi3nOWUl3H9yNo8P3EP0rAeaPZjuYt%2BW6OsSVA%2Fh8uujLLVnt36bfc60N2LaeodMW%2F31VXOduvBlKwoiGdQli7osatNAdKNml9FuKNusRUNkruJ%2Fbjz6FwAA%2F%2F8BAAD%2F%2F4mEMqptBAAA
192.243.59.12200 OK 7 B URL HTTP/1.1 helpedhandwritingintestine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3p%2BDelCDF0Gxjwoy6Z6fzIw5LMY1EozZuLsS9FZ%2FPSlT3dVUdU9PAkJwQfY4etpj55tkg24QF88LMvEiwUPag%2BRgbl68Cp5lJgOjD6ree%2FU9qO977311kF%2BSADm92PzI7Cmt6WKrFvhvbqlEmML5G%2Ff9MKgFy%2F6WSpaay%2F5gctn%2BO2HQqgVv%2BR9IvmMW60EYBGEQ%2BqvKysgMFqcoVHrSDWvdoNas18JWEwP7%2F9zlHhz1IPqXZAFKVDe3f3kKxcdI4h9uS7eTmfTt9%2BNc08xY9MXxJ8lOYooE8TyMrIcoOZ5Vw7iKkEfXYJLjmQKY%2FuFEAZiqiPd7CJYcz2iC9Y%2BumDINmYCJF1D0x5B6DEXH4OYBlDgnABfYuIMkfrxhbEF3r1A6QSty45%2B%2FoYqK3PjjFSTx9ytaDfx7RueZMonDICqhBmOo3hhpfopsz4MqTsGzL6EEQRKXUKKcqlZqDBWNoeUQ1HnIJ0d5yCMPeeohFhc%2BbXWjIGhHLGo0Ok3OeaPBeauzJFqi0exEAXI%2BoTVElg7B9RDc7iO1%2B9hR35y3Fs7X12Dzn%2BC2SzjhwWUV8T7eR1%2BUKCRB4QgKSlAogiIjKPrlkdCu7srHQruchTNfn%2FlGOTJZ74AemawnE3KQXpKXJ13xnlt4DTvywue82YmanLfrTISUBVy0lwSnnaDZoZ3uEodTJZS7NhW8pypy868vkKqKXKO%2FgtFTOH0Krl4CzV8HLUbtegC6PWp2AuwlJ4PBIFJauho3MYQpkWY3kO16B%2FqSvDqdzvKLA0h%2BduvHxtTAbYnUlvhc%2FUzQ0w9Hd01BDu%2BawpGnd9JMxWqPTiZ3L6OZvP7dh3K3MFas3XbDb9%2FlE2ASntyXLluniVBJz5EnK0oIaVeN5ZI8W3Nbkm3mbnslt0merm%2B%2Bt7oWp1Y6p0wyBlUVIRdr4Koizz%2F7bLqVbzz5FMqOYfMScX5GZgZlTsHTfbh0zt8ZAqvnNSz1UOTlyNbZ%2FFErAi3nOWUl3H9yNo8P3EP0rAeaPZjuYt%2BW6OsSVA%2Fh8uujLLVnt36bfc60N2LaeodMW%2F31VXOduvBlKwoiGdQli7osatNAdKNml9FuKNusRUNkruJ%2Fbjz6FwAA%2F%2F8BAAD%2F%2F4mEMqptBAAA
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3p%2BDelCDF0Gxjwoy6Z6fzIw5LMY1EozZuLsS9FZ%2FPSlT3dVUdU9PAkJwQfY4etpj55tkg24QF88LMvEiwUPag%2BRgbl68Cp5lJgOjD6ree%2FU9qO977311kF%2BSADm92PzI7Cmt6WKrFvhvbqlEmML5G%2Ff9MKgFy%2F6WSpaay%2F5gctn%2BO2HQqgVv%2BR9IvmMW60EYBGEQ%2BqvKysgMFqcoVHrSDWvdoNas18JWEwP7%2F9zlHhz1IPqXZAFKVDe3f3kKxcdI4h9uS7eTmfTt9%2BNc08xY9MXxJ8lOYooE8TyMrIcoOZ5Vw7iKkEfXYJLjmQKY%2FuFEAZiqiPd7CJYcz2iC9Y%2BumDINmYCJF1D0x5B6DEXH4OYBlDgnABfYuIMkfrxhbEF3r1A6QSty45%2B%2FoYqK3PjjFSTx9ytaDfx7RueZMonDICqhBmOo3hhpfopsz4MqTsGzL6EEQRKXUKKcqlZqDBWNoeUQ1HnIJ0d5yCMPeeohFhc%2BbXWjIGhHLGo0Ok3OeaPBeauzJFqi0exEAXI%2BoTVElg7B9RDc7iO1%2B9hR35y3Fs7X12Dzn%2BC2SzjhwWUV8T7eR1%2BUKCRB4QgKSlAogiIjKPrlkdCu7srHQruchTNfn%2FlGOTJZ74AemawnE3KQXpKXJ13xnlt4DTvywue82YmanLfrTISUBVy0lwSnnaDZoZ3uEodTJZS7NhW8pypy868vkKqKXKO%2FgtFTOH0Krl4CzV8HLUbtegC6PWp2AuwlJ4PBIFJauho3MYQpkWY3kO16B%2FqSvDqdzvKLA0h%2BduvHxtTAbYnUlvhc%2FUzQ0w9Hd01BDu%2BawpGnd9JMxWqPTiZ3L6OZvP7dh3K3MFas3XbDb9%2FlE2ASntyXLluniVBJz5EnK0oIaVeN5ZI8W3Nbkm3mbnslt0merm%2B%2Bt7oWp1Y6p0wyBlUVIRdr4Koizz%2F7bLqVbzz5FMqOYfMScX5GZgZlTsHTfbh0zt8ZAqvnNSz1UOTlyNbZ%2FFErAi3nOWUl3H9yNo8P3EP0rAeaPZjuYt%2BW6OsSVA%2Fh8uujLLVnt36bfc60N2LaeodMW%2F31VXOduvBlKwoiGdQli7osatNAdKNml9FuKNusRUNkruJ%2Fbjz6FwAA%2F%2F8BAAD%2F%2F4mEMqptBAAA HTTP/1.1
Host: helpedhandwritingintestine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Cookie: u_pl=17371676; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 09 Feb 2023 19:50:48 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0ec3a8c1d9c2db20eb5513624c8d63d6
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 543b892aa63850653fff2e7b6147b6a2
eb872445275f3d6899d8c0eace89384d3724d281
53200ea04b8a6fd0eb52d97cd6eb746c5c4e8a383a0609bb774c43d0f7daf4cd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5905
Cache-Control: max-age=128931
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:48 GMT
Etag: "63e48c2a-117"
Expires: Sat, 11 Feb 2023 07:39:39 GMT
Last-Modified: Thu, 09 Feb 2023 06:01:14 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
img.strpst.com/thumbs/1675972141/57297042
104.18.63.124200 OK 42 kB URL HTTP/2 img.strpst.com/thumbs/1675972141/57297042
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash f6b7c41332652265eecfc7d695d1bf9a
3fc021a2520a845359a3eaa63804abe1cbf764f3
684489d7470814d0ec55eb98c824b2726352ecdb039c772d5a4597e35b9cd27f
GET /thumbs/1675972141/57297042 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/jpeg
content-length: 41603
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=43270, status=webp_bigger
etag: "295a82f460d78ffcf89b6e8fcad2b1a0"
last-modified: Thu, 09 Feb 2023 19:48:41 GMT
cf-cache-status: HIT
age: 90
expires: Thu, 09 Feb 2023 20:20:48 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d98c0b0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675972141/103516798
104.18.63.124200 OK 26 kB URL HTTP/2 img.strpst.com/thumbs/1675972141/103516798
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 28a30e926c79bb78e4069faa4756aaa9
d4c66d24d4805d063d00314dc6ee07bf4e98981c
efa56241d77b5a19a8f3f9295aba4fce1a275b15dfe99ea99a6aa327b460deff
GET /thumbs/1675972141/103516798 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/jpeg
content-length: 25953
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=27094, status=webp_bigger
etag: "2c9d684ec5321b49b53418bfea51a2c1"
last-modified: Thu, 09 Feb 2023 19:48:53 GMT
cf-cache-status: HIT
age: 34
expires: Thu, 09 Feb 2023 20:20:48 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d99c100b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675972141/54546984
104.18.63.124200 OK 21 kB URL HTTP/2 img.strpst.com/thumbs/1675972141/54546984
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 3f197239613302eb90f053f3426af966
644bc2f7ca3d9abb244f29f50bfefd56d705967b
00c6bc205bf9e28fad4f7b45753faa0e8c742e14cfa4788ed14d0ccfefeea51e
GET /thumbs/1675972141/54546984 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/jpeg
content-length: 21341
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=22234, status=webp_bigger
etag: "a2ca028dc31ec5b80ff8cf09855c9d87"
last-modified: Thu, 09 Feb 2023 19:49:12 GMT
cf-cache-status: HIT
age: 60
expires: Thu, 09 Feb 2023 20:20:48 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d99c0e0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675972141/44985172
104.18.63.124200 OK 24 kB URL HTTP/2 img.strpst.com/thumbs/1675972141/44985172
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 7fe85ded0c1504f5dec8aeaaba27cc13
d6875b090d1de9869f113c2c5ab269e16de6ece0
bb7c1814a589a643cb1cb62eecf4b32144c157c61106e3bc78745feed7b39dec
GET /thumbs/1675972141/44985172 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/jpeg
content-length: 24136
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=25097, status=webp_bigger
etag: "6207e00b65b9893d1d7664beafc75baa"
last-modified: Thu, 09 Feb 2023 19:49:06 GMT
cf-cache-status: HIT
age: 60
expires: Thu, 09 Feb 2023 20:20:48 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d99c1e0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675972141/4838136
104.18.63.124200 OK 26 kB URL HTTP/2 img.strpst.com/thumbs/1675972141/4838136
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 5be0d4e830170c2a193a570ade15b52f
84b3278c8676ad64606d75f64221b7dcac706dae
0ce628474d9e68ed42438ea4b042dc821965b523036c109b8817ed21cf15e8cc
GET /thumbs/1675972141/4838136 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/jpeg
content-length: 26546
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=27673, status=webp_bigger
etag: "3fb8601c07a6261d0d52655440151418"
last-modified: Thu, 09 Feb 2023 19:48:49 GMT
cf-cache-status: HIT
age: 60
expires: Thu, 09 Feb 2023 20:20:48 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d99c230b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 543b892aa63850653fff2e7b6147b6a2
eb872445275f3d6899d8c0eace89384d3724d281
53200ea04b8a6fd0eb52d97cd6eb746c5c4e8a383a0609bb774c43d0f7daf4cd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5851
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:48 GMT
Last-Modified: Thu, 09 Feb 2023 18:13:17 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
img.strpst.com/thumbs/1675972141/92787952
104.18.63.124200 OK 48 kB URL HTTP/2 img.strpst.com/thumbs/1675972141/92787952
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash f42f6e64733af87bd9e474cce726295d
305120a8ff188164cef76d6665fa8df8097403e4
8e720b637eca114a94320fcc18086eb8bd1e95d74c22ecd9998ae9ddb17ed05c
GET /thumbs/1675972141/92787952 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/jpeg
content-length: 47497
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=49365, status=webp_bigger
etag: "fc498bc47f96dda03e2ac9e6ce61b49d"
last-modified: Thu, 09 Feb 2023 19:48:59 GMT
cf-cache-status: HIT
age: 52
expires: Thu, 09 Feb 2023 20:20:48 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d99c280b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675972141/94205872
104.18.63.124200 OK 47 kB URL HTTP/2 img.strpst.com/thumbs/1675972141/94205872
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 080ae8c84745baa97f3ab4ed79128427
ca74415899f5e952a23dd20e25fc4201b8312ace
585449158fb4e4ff81bde4407d07cefb6c9abd98962d91ae31f14be03046271c
GET /thumbs/1675972141/94205872 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/jpeg
content-length: 47040
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=48356, status=webp_bigger
etag: "da08c44dd4d6adf887f1af0d100a2c5c"
last-modified: Thu, 09 Feb 2023 19:49:08 GMT
cf-cache-status: HIT
age: 60
expires: Thu, 09 Feb 2023 20:20:48 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d9bc3f0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675972141/23938902
104.18.63.124200 OK 31 kB URL HTTP/2 img.strpst.com/thumbs/1675972141/23938902
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash ae8340402dca248db39d45d7d08b831f
5a857c791ba035957154bcdb7c486f9699c09f5a
2c384235c7462a1acd7f7542ba6cc62705cb448fca8b2a78aa2f195ac9d3d806
GET /thumbs/1675972141/23938902 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/jpeg
content-length: 31023
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=32514, status=webp_bigger
etag: "3e143fd101bad03ec033b5c6b4d63312"
last-modified: Thu, 09 Feb 2023 19:49:12 GMT
cf-cache-status: HIT
age: 58
expires: Thu, 09 Feb 2023 20:20:48 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d9cc560b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675972141/2935682
104.18.63.124200 OK 30 kB URL HTTP/2 img.strpst.com/thumbs/1675972141/2935682
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash b87cbf21553031d10de62d0d761f8fd6
0f04323bec9b9087c05244ff409968bf0420929a
b3a97058ed1a00f62b3d9b781e81b69bdb955678cabec50ad4046d526546cde6
GET /thumbs/1675972141/2935682 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/jpeg
content-length: 30076
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=31268, status=webp_bigger
etag: "4427b4e0bfd0b7bc18d0918f098adde3"
last-modified: Thu, 09 Feb 2023 19:48:57 GMT
cf-cache-status: HIT
age: 63
expires: Thu, 09 Feb 2023 20:20:48 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d9cc590b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675972141/1128670
104.18.63.124200 OK 23 kB URL HTTP/2 img.strpst.com/thumbs/1675972141/1128670
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 4ca2d40a34063fa43618837ab37783dd
8a93d4d4d8062dab19b50ebc1bbe29ef882ba574
3a8b0a0b8dcbc1fc3ad4e0e9ea07329df4393f889da1be50ea44fa59aaa9d4e2
GET /thumbs/1675972141/1128670 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/jpeg
content-length: 23285
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=24363, status=webp_bigger
etag: "1dfb619bd2486b89d59e1dcc33c1f170"
last-modified: Thu, 09 Feb 2023 19:48:50 GMT
cf-cache-status: HIT
age: 50
expires: Thu, 09 Feb 2023 20:20:48 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d9dc640b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 543b892aa63850653fff2e7b6147b6a2
eb872445275f3d6899d8c0eace89384d3724d281
53200ea04b8a6fd0eb52d97cd6eb746c5c4e8a383a0609bb774c43d0f7daf4cd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5905
Cache-Control: max-age=128931
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:48 GMT
Etag: "63e48c2a-117"
Expires: Sat, 11 Feb 2023 07:39:39 GMT
Last-Modified: Thu, 09 Feb 2023 06:01:14 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dc853c35db7a8b075a58d696561a3e26
e9dccab21b1fc4bafed8d9ed66936a850eb6ac62
f0e5c9db64895ed8530367af9025274b8523e3e4b93a9d0e53659332b8ce5dc7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F0E5C9DB64895ED8530367AF9025274B8523E3E4B93A9D0E53659332B8CE5DC7"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4828
Expires: Thu, 09 Feb 2023 21:11:16 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e52c62e29c66d8b8ced593c18dc6f97b
9fd8008871bcdbe98471cc1d49abe429f68208ec
a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15415
Expires: Fri, 10 Feb 2023 00:07:43 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 1.0 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cca04c3c628eff9be01606b0385ea410
962327b7a4399408ff4f0c39a2a0d7c006765487
7758bc76a41a6fc762ddd767bf4345a0501495a0ccb3e4d549dde457d5c32e41
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15415
Expires: Fri, 10 Feb 2023 00:07:43 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2363332d9434e64599a93230c6c21ec6
784137010c1e08d75f987bb33ecb53c4bb39c8fc
811d44527afe9c93bdfc04d11b7b48198c5c4cdb31c37f3e7ef662986bfd1a97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "811D44527AFE9C93BDFC04D11B7B48198C5C4CDB31C37F3E7EF662986BFD1A97"
Last-Modified: Wed, 08 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19223
Expires: Fri, 10 Feb 2023 01:11:11 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.106200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.106:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 09 Feb 2023 19:50:48 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
go.xlviiirdr.com/smartpop/68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&memberId=f3e683fa-3e6b-430e-a7bd-30b25bc483e3&sourceId=7003&p1=45081&p2=68073&contentType=video/mp4&no_bb=1
104.18.59.150302 Found 0 B URL HTTP/2 go.xlviiirdr.com/smartpop/68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&memberId=f3e683fa-3e6b-430e-a7bd-30b25bc483e3&sourceId=7003&p1=45081&p2=68073&contentType=video/mp4&no_bb=1
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&memberId=f3e683fa-3e6b-430e-a7bd-30b25bc483e3&sourceId=7003&p1=45081&p2=68073&contentType=video/mp4&no_bb=1 HTTP/1.1
Host: go.xlviiirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 09 Feb 2023 19:50:48 GMT
content-length: 0
location: https://go.xlirdr.com/api/models/vast?campaignId=68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490&campaignType=smartpop&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397620&masterSmartpopId=2683&memberId=f3e683fa-3e6b-430e-a7bd-30b25bc483e3&no_bb=1&p1=45081&p2=68073&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3594&sourceId=7003&tag=-girls%2Findian&targetDomain=cambaddies.com&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1
access-control-allow-origin: http://www.xxxfiles.tv
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=8782564.30208; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7mfNputYUgPjAL; SameSite=None; Secure; path=/; expires=Fri, 10-Feb-23 18:50:48 GMT; HttpOnly
server: cloudflare
cf-ray: 796f22dabe38b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
172.64.167.9200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
IP 172.64.167.9:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7451968
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mFMbaIWZR23iiSpl1MBXgUxlW%2BHbFpbwu7wSH8IFc5zP%2FquWwBlQS0U0nrvMQZo1YDgZdzlLKiihF07pGP7jO7Cg68y3FsVGN3PF5gwvYRFssgleiuwFkEtPlVar0Tm7pgDAkX56lybZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22db0aa274a9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dc853c35db7a8b075a58d696561a3e26
e9dccab21b1fc4bafed8d9ed66936a850eb6ac62
f0e5c9db64895ed8530367af9025274b8523e3e4b93a9d0e53659332b8ce5dc7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F0E5C9DB64895ED8530367AF9025274B8523E3E4B93A9D0E53659332B8CE5DC7"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4828
Expires: Thu, 09 Feb 2023 21:11:16 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7873316c03b78ff1885778bd0e51ee34
441406bbfb620c4f0da3b3553840e008655aa689
104baaf054240301dbbfc50991ec38e8879a5c49f12e8e82bf3b5b5dc5b2ee33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "104BAAF054240301DBBFC50991EC38E8879A5C49F12E8E82BF3B5B5DC5B2EE33"
Last-Modified: Wed, 08 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18058
Expires: Fri, 10 Feb 2023 00:51:46 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e52c62e29c66d8b8ced593c18dc6f97b
9fd8008871bcdbe98471cc1d49abe429f68208ec
a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15415
Expires: Fri, 10 Feb 2023 00:07:43 GMT
Date: Thu, 09 Feb 2023 19:50:48 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png
45.133.44.10200 OK 80 kB URL HTTP/2 cdn.cloudimagesb.com/si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 422ab27df20d8765e0fcd3aa74306f6b
3b69a90b3d1a5bd964280b7bad97c2a5baaa6951
9f2c6b29335b1545ddfa2f7e84286472468f737e1d73f6f0562babac6e3afa5a
GET /si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: image/png
content-length: 79704
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:41 GMT
etag: "63a12955-13758"
expires: Sat, 11 Feb 2023 19:50:48 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.163:0
Hash 55f37712d15b26bc72b565d5b4dc5e8c
716c379953d9187da29c696b739540987747c865
80da7288c3c279154975110adb24eeb8c092fdf4651ca4089b9a4f1a3fba1bf6
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unseenreport.com/pxf.gif?uuid=3e3cf260-afc7-4014-9541-70dfd284bcad&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=63d45b685911cef3b8cc3d1d1550bf85&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3e3cf260-afc7-4014-9541-70dfd284bcad&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=63d45b685911cef3b8cc3d1d1550bf85&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3e3cf260-afc7-4014-9541-70dfd284bcad&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=63d45b685911cef3b8cc3d1d1550bf85&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 09 Feb 2023 19:50:49 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 515db2a646b9f3998df8c6d45fc9a260
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=3e3cf260-afc7-4014-9541-70dfd284bcad&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=cc48f4cc72bd1ab0cd76dca8048a896c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3e3cf260-afc7-4014-9541-70dfd284bcad&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=cc48f4cc72bd1ab0cd76dca8048a896c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3e3cf260-afc7-4014-9541-70dfd284bcad&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=cc48f4cc72bd1ab0cd76dca8048a896c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 09 Feb 2023 19:50:49 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ce09262584cba1ac31f9242cba653486
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.163:0
Hash 55f37712d15b26bc72b565d5b4dc5e8c
716c379953d9187da29c696b739540987747c865
80da7288c3c279154975110adb24eeb8c092fdf4651ca4089b9a4f1a3fba1bf6
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a9bec3dfbc27b573153f85a8d152f5db
639b502254713e20172fc3db4f2de54e8471e836
c68fec717f64e1cfaff788a12d8076b8849b1a7698741126bc0b521c75ed7d56
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C68FEC717F64E1CFAFF788A12D8076B8849B1A7698741126BC0B521C75ED7D56"
Last-Modified: Thu, 09 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12576
Expires: Thu, 09 Feb 2023 23:20:25 GMT
Date: Thu, 09 Feb 2023 19:50:49 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7b921d4c7281393b94d2f2240f99d77d
2860b10018fd7b39b5c175365c837b9d9f63f96d
b6638314262bfca1b194232e26a4ac97aee16a6306a0a3f98267f9e4f79642c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 564
Cache-Control: max-age=166438
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:49 GMT
Etag: "63e5338b-117"
Expires: Sat, 11 Feb 2023 18:04:47 GMT
Last-Modified: Thu, 09 Feb 2023 17:55:23 GMT
Server: ECS (amb/6B72)
X-Cache: HIT
Content-Length: 279
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 09 Feb 2023 12:07:36 GMT
Expires: Fri, 09 Feb 2024 12:07:36 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
Age: 27793
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 09 Feb 2023 00:13:23 GMT
Expires: Fri, 09 Feb 2024 00:13:23 GMT
Cache-Control: public, max-age=31536000
Age: 70646
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
helpedhandwritingintestine.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3p%2BDelCDF0Gxjwoy6Z7pyfSYw2JcI8GYjbsrQW%2FVVdWTMtVdTVX39CQgBBdkj6OnPXa%2BSTboBnHxvCATLxI8pD1IDubmxavgWWYyMPqg6r1X34P6vvfeVwfFJfFQ0IvNj%2FSeVIouthue%2B%2BaWTLkurbtx3%2FW9hrfsbsl0KVh2B5PL9N%2FxvXbDe8v9QLAdvdj0fM%2FzPd9dlUbEerA4RSGzk67f6HqNoNnw2wEG5v%2B5LRxY6oD3L8kCJK9vbv%2FyFJKNkSY%2F3BZ2J9fZ2%2B8nhaK5Nujz40%2FSnVSXKZJ5GBsHcXo8q4a2NSGPrkGnxzMF0P3DiQJEsibO7z6i9HhGE1H%2F6IpppCBSRPwFlP0xhBpD0jGYfgDJzwnAODbuIE0eb2hT0t0rlE7Qmtz452%2FIsiY3%2FngFafL9ipID955WRS51ajGIK8jBGLI3RlacIt9zIMtTsPxLSE6QJhUkr6aqpRxDxmMoMQS1DorJkQ6K2EGROUj4hUvb3djzOnEUt1phwBhrtRhrh0u8zVtBGHso2ITWEHk2BFNDMLOPzOxjR35z3l44X1%2BDKX6C3a5guQOb18T5eB99XqEUBKUlKClBKQnKnKDsV0dc2aatHnNli8if%2BebMt6qRznsH9EjnPZGSg%2BySvDzpivPcwmvYERcuY0EYB4x1mhH3aeQx3lnijIZeENKwu8RgZQVpr00F78ma3PzrC2SyJtfor4joKaw6BZMvgRavg5ajTtMD3R4FoYe99GQwGMRSCdtgOgHXFbL8BvJd50Bdklen01l%2BcQDBzm792JoamKmQmQqfy58Jeurh6K4uyeFdXVry9E6Wy0Tu0cnk7uU0F9e%2F%2B1Dsltrwtdt2%2BO27bAJMwpP7wubrNOUy7VnyZEVyLsyqNkyQZ2t2S0Sbhd1eKUxaZOub762uJZkR1kqdjkFlTcjFGpisyfPPPptu5RtPPoU0Y5iiQlKckZlB6lOwbB82m%2FO3msCoeU2UOSiLamSa0fxRSQIl5jmNKtj%2F5NE8PrAP0TMOaP5guot9U6GvKlA1hC2uj%2FLMnN36bfZ5pJxRpIxzGCmjvr5qrpUXbtsPRBiFHcZ5JBj3O81W2PK8JudBpyv8LnJbsz83Hv0LAAD%2F%2FwEAAP%2F%2FnYy8TG0EAAA%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 helpedhandwritingintestine.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3p%2BDelCDF0Gxjwoy6Z7pyfSYw2JcI8GYjbsrQW%2FVVdWTMtVdTVX39CQgBBdkj6OnPXa%2BSTboBnHxvCATLxI8pD1IDubmxavgWWYyMPqg6r1X34P6vvfeVwfFJfFQ0IvNj%2FSeVIouthue%2B%2BaWTLkurbtx3%2FW9hrfsbsl0KVh2B5PL9N%2FxvXbDe8v9QLAdvdj0fM%2FzPd9dlUbEerA4RSGzk67f6HqNoNnw2wEG5v%2B5LRxY6oD3L8kCJK9vbv%2FyFJKNkSY%2F3BZ2J9fZ2%2B8nhaK5Nujz40%2FSnVSXKZJ5GBsHcXo8q4a2NSGPrkGnxzMF0P3DiQJEsibO7z6i9HhGE1H%2F6IpppCBSRPwFlP0xhBpD0jGYfgDJzwnAODbuIE0eb2hT0t0rlE7Qmtz452%2FIsiY3%2FngFafL9ipID955WRS51ajGIK8jBGLI3RlacIt9zIMtTsPxLSE6QJhUkr6aqpRxDxmMoMQS1DorJkQ6K2EGROUj4hUvb3djzOnEUt1phwBhrtRhrh0u8zVtBGHso2ITWEHk2BFNDMLOPzOxjR35z3l44X1%2BDKX6C3a5guQOb18T5eB99XqEUBKUlKClBKQnKnKDsV0dc2aatHnNli8if%2BebMt6qRznsH9EjnPZGSg%2BySvDzpivPcwmvYERcuY0EYB4x1mhH3aeQx3lnijIZeENKwu8RgZQVpr00F78ma3PzrC2SyJtfor4joKaw6BZMvgRavg5ajTtMD3R4FoYe99GQwGMRSCdtgOgHXFbL8BvJd50Bdklen01l%2BcQDBzm792JoamKmQmQqfy58Jeurh6K4uyeFdXVry9E6Wy0Tu0cnk7uU0F9e%2F%2B1Dsltrwtdt2%2BO27bAJMwpP7wubrNOUy7VnyZEVyLsyqNkyQZ2t2S0Sbhd1eKUxaZOub762uJZkR1kqdjkFlTcjFGpisyfPPPptu5RtPPoU0Y5iiQlKckZlB6lOwbB82m%2FO3msCoeU2UOSiLamSa0fxRSQIl5jmNKtj%2F5NE8PrAP0TMOaP5guot9U6GvKlA1hC2uj%2FLMnN36bfZ5pJxRpIxzGCmjvr5qrpUXbtsPRBiFHcZ5JBj3O81W2PK8JudBpyv8LnJbsz83Hv0LAAD%2F%2FwEAAP%2F%2FnYy8TG0EAAA%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3p%2BDelCDF0Gxjwoy6Z7pyfSYw2JcI8GYjbsrQW%2FVVdWTMtVdTVX39CQgBBdkj6OnPXa%2BSTboBnHxvCATLxI8pD1IDubmxavgWWYyMPqg6r1X34P6vvfeVwfFJfFQ0IvNj%2FSeVIouthue%2B%2BaWTLkurbtx3%2FW9hrfsbsl0KVh2B5PL9N%2FxvXbDe8v9QLAdvdj0fM%2FzPd9dlUbEerA4RSGzk67f6HqNoNnw2wEG5v%2B5LRxY6oD3L8kCJK9vbv%2FyFJKNkSY%2F3BZ2J9fZ2%2B8nhaK5Nujz40%2FSnVSXKZJ5GBsHcXo8q4a2NSGPrkGnxzMF0P3DiQJEsibO7z6i9HhGE1H%2F6IpppCBSRPwFlP0xhBpD0jGYfgDJzwnAODbuIE0eb2hT0t0rlE7Qmtz452%2FIsiY3%2FngFafL9ipID955WRS51ajGIK8jBGLI3RlacIt9zIMtTsPxLSE6QJhUkr6aqpRxDxmMoMQS1DorJkQ6K2EGROUj4hUvb3djzOnEUt1phwBhrtRhrh0u8zVtBGHso2ITWEHk2BFNDMLOPzOxjR35z3l44X1%2BDKX6C3a5guQOb18T5eB99XqEUBKUlKClBKQnKnKDsV0dc2aatHnNli8if%2BebMt6qRznsH9EjnPZGSg%2BySvDzpivPcwmvYERcuY0EYB4x1mhH3aeQx3lnijIZeENKwu8RgZQVpr00F78ma3PzrC2SyJtfor4joKaw6BZMvgRavg5ajTtMD3R4FoYe99GQwGMRSCdtgOgHXFbL8BvJd50Bdklen01l%2BcQDBzm792JoamKmQmQqfy58Jeurh6K4uyeFdXVry9E6Wy0Tu0cnk7uU0F9e%2F%2B1Dsltrwtdt2%2BO27bAJMwpP7wubrNOUy7VnyZEVyLsyqNkyQZ2t2S0Sbhd1eKUxaZOub762uJZkR1kqdjkFlTcjFGpisyfPPPptu5RtPPoU0Y5iiQlKckZlB6lOwbB82m%2FO3msCoeU2UOSiLamSa0fxRSQIl5jmNKtj%2F5NE8PrAP0TMOaP5guot9U6GvKlA1hC2uj%2FLMnN36bfZ5pJxRpIxzGCmjvr5qrpUXbtsPRBiFHcZ5JBj3O81W2PK8JudBpyv8LnJbsz83Hv0LAAD%2F%2FwEAAP%2F%2FnYy8TG0EAAA%3D HTTP/1.1
Host: helpedhandwritingintestine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Cookie: u_pl=17371676; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 09 Feb 2023 19:50:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b564b8ed9af7901d88b6e741356db4bb
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/s/gts1p5/ScMRUlHyK-w
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/ScMRUlHyK-w
IP 142.250.74.163:0
Hash 50f3d62cfeafa3d2031b2a3521102670
329f112c76d9179185027d73807bbf39c51c0d6f
3969c4febfbd7105dbf7ce37dd8ec0f6014a2a43ff06b0948c073d452e22ece5
POST /s/gts1p5/ScMRUlHyK-w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/ScMRUlHyK-w
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/ScMRUlHyK-w
IP 142.250.74.163:0
Hash 50f3d62cfeafa3d2031b2a3521102670
329f112c76d9179185027d73807bbf39c51c0d6f
3969c4febfbd7105dbf7ce37dd8ec0f6014a2a43ff06b0948c073d452e22ece5
POST /s/gts1p5/ScMRUlHyK-w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a.realsrv.com/ad-provider.js
185.76.9.26200 OK 24 kB URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
Hash e8e649986ad3dceba0092c43bbe6964d
3019a5af3df7b8d1b0f6ddbce4b00086c96d5020
5492383b9ee47bfaecda436ae89832371c450d6d79b85ebedc1e8110386e619e
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:46 GMT
content-type: application/javascript
etag: W/"399103e4fd49f2a2ded14428d20"
expires: Wed, 08 Feb 2023 19:23:05 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675981465
server: CDN77-Turbo
x-77-nzt: AblMCRTNgjT/LQYAAA
x-77-nzt-ray: af5856307e709ea4964ee563d5907b39
x-cache: HIT
x-age: 1581
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d0ff15f9deb170a255f7106a451dcc83
83d8f0b20aa81081daaa677058b9ed9d5b39ddc2
5800bf340404de3c1114b6d24238dd85fda63a17f28d14fbe5e5588dc2f1bdc3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5800BF340404DE3C1114B6D24238DD85FDA63A17F28D14FBE5E5588DC2F1BDC3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3633
Expires: Thu, 09 Feb 2023 20:51:22 GMT
Date: Thu, 09 Feb 2023 19:50:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d0ff15f9deb170a255f7106a451dcc83
83d8f0b20aa81081daaa677058b9ed9d5b39ddc2
5800bf340404de3c1114b6d24238dd85fda63a17f28d14fbe5e5588dc2f1bdc3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5800BF340404DE3C1114B6D24238DD85FDA63A17F28D14FBE5E5588DC2F1BDC3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3633
Expires: Thu, 09 Feb 2023 20:51:22 GMT
Date: Thu, 09 Feb 2023 19:50:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e18fc89a11b4d91a0074fc01cf50a29e
1e2aab605e9e25df5b372b38c0b32b2892c009a9
46db9a0482817ea5a35be4e7cfc6679ea6c74370b20377e5f9ea5199da1097b5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46DB9A0482817EA5A35BE4E7CFC6679EA6C74370B20377E5F9EA5199DA1097B5"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15927
Expires: Fri, 10 Feb 2023 00:16:16 GMT
Date: Thu, 09 Feb 2023 19:50:49 GMT
Connection: keep-alive
ptrmx.top/images/campaigns/creativity-2308521-16693108308667.png
188.114.96.1200 OK 25 kB URL HTTP/2 ptrmx.top/images/campaigns/creativity-2308521-16693108308667.png
IP 188.114.96.1:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash c168c6b74312da308388c450def122b4
99a9c781305e19ad2134e843d25a4730c5485737
0f3dddc67a27688b19dc772302fd59dfaed3f16312d3ea6e7e0d31d515a56297
Analyzer Verdict Alert quad9 Sinkholed
GET /images/campaigns/creativity-2308521-16693108308667.png HTTP/1.1
Host: ptrmx.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: image/png
content-length: 24894
cdn-pullzone: 283898
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "637fa96f-613e"
last-modified: Thu, 24 Nov 2022 17:27:11 GMT
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/24/2022 17:34:52
cdn-edgestorageid: 860
cdn-status: 200
cdn-requestid: 4b457e728a77f80c5e024c5c1be2d956
cdn-cache: HIT
cf-cache-status: HIT
age: 324043
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zeKg3ZE%2B9LNBNedzDtwczl2th091CQcY3qAjboaZP0PFHGtY1mBTa0Dj9Gy8OsICH1fIHGokWgGOiSWYUM5hNHD%2Fv%2B1gH2bSmABlIvglr7ktwumbzCOUvFnDdkg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22e18d4cb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e18fc89a11b4d91a0074fc01cf50a29e
1e2aab605e9e25df5b372b38c0b32b2892c009a9
46db9a0482817ea5a35be4e7cfc6679ea6c74370b20377e5f9ea5199da1097b5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46DB9A0482817EA5A35BE4E7CFC6679EA6C74370B20377E5F9EA5199DA1097B5"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15927
Expires: Fri, 10 Feb 2023 00:16:16 GMT
Date: Thu, 09 Feb 2023 19:50:49 GMT
Connection: keep-alive
xml.serve-servee.com/thumbnail?i=anU-vb8bXYE_0&p=1675972248.221566&imgt=icon
172.64.163.38302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=anU-vb8bXYE_0&p=1675972248.221566&imgt=icon
IP 172.64.163.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=anU-vb8bXYE_0&p=1675972248.221566&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 09 Feb 2023 19:50:49 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/300x300_51jfKomy2mYeeCaLq3ex.jpeg
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwOUaK5AvZveWg1Y8djuq5NaVWmgwc6UxrDKTRMY48meh25YcdaspK%2ByYPmyGiRYlnB8lTB9ryIkRtlydsEJNwCoSvTM7Q%2FDbdDxxeHNvg5U%2BTgo2PMF7QHlcKcWnksXx2%2BK3pJ1Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22e13e5e23cf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlirdr.com/api/models/vast?campaignId=68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490&campaignType=smartpop&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397620&masterSmartpopId=2683&memberId=f3e683fa-3e6b-430e-a7bd-30b25bc483e3&no_bb=1&p1=45081&p2=68073&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3594&sourceId=7003&tag=-girls%2Findian&targetDomain=cambaddies.com&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1
104.18.59.150200 OK 84 kB URL HTTP/2 go.xlirdr.com/api/models/vast?campaignId=68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490&campaignType=smartpop&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397620&masterSmartpopId=2683&memberId=f3e683fa-3e6b-430e-a7bd-30b25bc483e3&no_bb=1&p1=45081&p2=68073&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3594&sourceId=7003&tag=-girls%2Findian&targetDomain=cambaddies.com&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1
IP 104.18.59.150:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1987), with no line terminators
Hash ff60301638ae82a637cbb87b00b3d786
549f0ae0ff0f8f75820b10e0bce4d07344689460
2c2dc78c57a45efdddb2ec60ccea910d4252510d1c6e860e2cf468833ff6441f
GET /api/models/vast?campaignId=68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490&campaignType=smartpop&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397620&masterSmartpopId=2683&memberId=f3e683fa-3e6b-430e-a7bd-30b25bc483e3&no_bb=1&p1=45081&p2=68073&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3594&sourceId=7003&tag=-girls%2Findian&targetDomain=cambaddies.com&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1 HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://www.xxxfiles.tv/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28uukSkGJRy5UBr1XYMARUwdYFVsefiKgaLR44d1E; SameSite=None; Secure; path=/; expires=Fri, 10-Feb-23 18:50:49 GMT; HttpOnly
server: cloudflare
cf-ray: 796f22dc9fed1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pt-static2.jsmsat.com/npe/_common/script/adblock/advertisement-v534580.js
93.93.51.201200 OK 21 B URL HTTP/2 pt-static2.jsmsat.com/npe/_common/script/adblock/advertisement-v534580.js
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with no line terminators
Hash 01c6e7ecb819ef28b0c9b962513a1596
1a49f493db7b91ed34a7040d36732352b9a5dc39
e97a9988dce8067f81f57557b349dd481e0335e75175179b6b01322be2ff13a5
GET /npe/_common/script/adblock/advertisement-v534580.js HTTP/1.1
Host: pt-static2.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: application/javascript
content-length: 21
last-modified: Wed, 08 Feb 2023 14:52:14 GMT
etag: "63e3b71e-15"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/ScMRUlHyK-w
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/ScMRUlHyK-w
IP 142.250.74.163:0
Hash 50f3d62cfeafa3d2031b2a3521102670
329f112c76d9179185027d73807bbf39c51c0d6f
3969c4febfbd7105dbf7ce37dd8ec0f6014a2a43ff06b0948c073d452e22ece5
POST /s/gts1p5/ScMRUlHyK-w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.serve-servee.com/n337/ad/300x300_51jfKomy2mYeeCaLq3ex.jpeg
172.64.163.38200 OK 11 kB URL HTTP/2 static.serve-servee.com/n337/ad/300x300_51jfKomy2mYeeCaLq3ex.jpeg
IP 172.64.163.38:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash adb5234c2afcceed55ae21f66e518040
0da9ed3ae238d2fd5e9320e80139e87a6e128cef
50c88f93b6d100588492b65f538466dfe1471cfe8d5544407a73912a3bc0c1f1
GET /n337/ad/300x300_51jfKomy2mYeeCaLq3ex.jpeg HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: image/jpeg
content-length: 10715
last-modified: Sat, 12 Nov 2022 14:02:44 GMT
accept-ranges: bytes
etag: "636fa784-29db"
cache-control: max-age=86400
x-sp-metadata: HS256.CKm5lZ8GEk0KJDJkMTRjOGI4LWFhMzQtNGIwNi04MDk3LTVhZDFiNDBlZmY1NxDA0sGB2rP8AhoGCJmdlZ8GIg4xNzIuNzEuMjQyLjE0MyjIwQIwAhorCAESJDhhMTE1YmQ2LTNhM2YtNDY0ZC04OGFjLWIyYmMyYWY5NjgzZhjbUyIYCAISFGNkczIzMC5sbzQuaHdjZG4ubmV0.7/4tTJnBKWFybCOvuiuk1I2rKU9pF8T4lbEwKsUG4tw=
x-hw: 1675972249.cds271.lo4.h2,1675972249.cds230.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bAlkQhWYQNowfj3KmdkPiJ7Nv5mG52wg%2FQB%2BpiIzP%2BMkh36Zlh7C2POE1LZl9N7xV77Sb3L8PBS1KGuQEaC1dxpeD0A0AD3ZZdf0Z20LLmJfSCvtZllguNwn1QG54xziQFpocrSxAtAu6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22e21fca23cf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7b921d4c7281393b94d2f2240f99d77d
2860b10018fd7b39b5c175365c837b9d9f63f96d
b6638314262bfca1b194232e26a4ac97aee16a6306a0a3f98267f9e4f79642c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 564
Cache-Control: max-age=166438
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 19:50:49 GMT
Etag: "63e5338b-117"
Expires: Sat, 11 Feb 2023 18:04:47 GMT
Last-Modified: Thu, 09 Feb 2023 17:55:23 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
helpedhandwritingintestine.com/pixel/sbs?c=1
192.243.59.12200 OK 0 B URL HTTP/1.1 helpedhandwritingintestine.com/pixel/sbs?c=1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: helpedhandwritingintestine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Cookie: u_pl=17371676; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 09 Feb 2023 19:50:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
pt-static1.jsmsat.com/npe/image/smilies_ex.png
93.93.51.201200 OK 8.5 kB URL HTTP/2 pt-static1.jsmsat.com/npe/image/smilies_ex.png
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type PNG image data, 536 x 138, 8-bit colormap, non-interlaced\012- data
Hash 53fc00ebf44066190d5faea2a7931e7c
21178ac1ffb10f958d26d17a0fe49d5d31a00720
63526a6642f64fadb44cd33d634bb626f8e96af3f850215cfdd78a9c609fc85c
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:50 GMT
content-type: image/png
content-length: 8533
last-modified: Tue, 17 Jan 2023 08:36:49 GMT
etag: "63c65e21-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
crprt.livejasmin.com/hVkdc/hJG.gif?ms_rnd=1675972249.93015&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&im=1
93.93.51.191200 OK 43 B URL HTTP/2 crprt.livejasmin.com/hVkdc/hJG.gif?ms_rnd=1675972249.93015&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&im=1
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hVkdc/hJG.gif?ms_rnd=1675972249.93015&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&im=1 HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/post/play?ms_rnd=1675972249.93015&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&category=girl&site=jsm&utm_medium=network&subaffid=10565_xxxfiles.com&origin=twinrdsrv.com
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:50 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 11-Mar-23 19:50:50 GMT; SameSite=None; Secure
expires: Thu, 09 Feb 2023 19:50:49 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
crprt.livejasmin.com/post/fslf?ms_rnd=1675972249.93015&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3
93.93.51.191200 OK 12 kB URL HTTP/2 crprt.livejasmin.com/post/fslf?ms_rnd=1675972249.93015&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash ed1709b620c7874fb70e00a594509661
43918218a32b7210c9e4b170c7a0ff63aef60321
df8cd45e876c5dfad5f51b6960a17286e180ed4349d92caf05ac2ea349268725
GET /post/fslf?ms_rnd=1675972249.93015&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3 HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/post/play?ms_rnd=1675972249.93015&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&category=girl&site=jsm&utm_medium=network&subaffid=10565_xxxfiles.com&origin=twinrdsrv.com
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Thu, 09 Feb 2023 19:50:50 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 11-Mar-23 19:50:50 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
crprt.livejasmin.com/ijCr4/mfv.gif?ms_rnd=1675972249.93015&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3&im=1
93.93.51.191200 OK 43 B URL HTTP/2 crprt.livejasmin.com/ijCr4/mfv.gif?ms_rnd=1675972249.93015&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3&im=1
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /ijCr4/mfv.gif?ms_rnd=1675972249.93015&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3&im=1 HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/post/fslf?ms_rnd=1675972249.93015&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:50 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 11-Mar-23 19:50:50 GMT; SameSite=None; Secure
expires: Thu, 09 Feb 2023 19:50:49 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
pt-static4.jsmsat.com/npe/pu/fslf/jsm/script/pu.fslf-v534580.js
93.93.51.201200 OK 144 kB URL HTTP/2 pt-static4.jsmsat.com/npe/pu/fslf/jsm/script/pu.fslf-v534580.js
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 144 kB (144315 bytes)
Hash 53b8b5ec8a74ec4f202c16f40790582f
1f70b5fc242c7a2787ea9bf2a294eda0fae74b3d
825ab4fcd374c2a3341f9c803289dc14adc1c5dc480fd2c9fa8a91886f9c5b66
GET /npe/pu/fslf/jsm/script/pu.fslf-v534580.js HTTP/1.1
Host: pt-static4.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:50 GMT
content-type: application/javascript
last-modified: Wed, 08 Feb 2023 14:52:14 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63e3b71e-6cc06"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&performerIds[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21
93.93.51.225200 OK 643 B URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&performerIds[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JSON data\012- , ASCII text, with very long lines (892), with no line terminators
Hash 6d367f7db110fbed693a30763d65c59b
0bb9f69f5d438c121f834d15b5b8c33acb6ad24f
29fe7e2f9060da75260a63ba4a36d69cf2a906c94ab3390a6ce6b4ddefd73d10
GET /v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&performerIds[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21 HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crprt.livejasmin.com/
Origin: https://crprt.livejasmin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:51 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
ngs-edge-95-128-120-41.dditscdn.com/eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMC00MS5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN3ek9EQXhNRGcyTnkxa05XUXlMVFJrWWpFdE9HUmpaUzFqTm1ZeE1XTTFObVpoWXpNc01TdzFaamd3TnpneU9TeENTbVoyTUZoMFZDOXRibGg0V0RkcWFIQm5TekpPVW01M2QzYzkiLCJzdHJlYW1JZCI6ImY5NmYzOThlLTFlOTktNDVhZS1iNDVlLTBiMzYyODAyZGRmNCIsImNJZCI6IjhpNXA2dTdodjIzZmt5NGYiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzU5NzIyNTEsImV4cCI6MTY3NTk3MjMxMX0.XgmHupXdfX8uVTn8PvS301Poi9RC0ecL_NzDoZA5ibY?
95.128.120.41101 Switching Protocols 0 B URL HTTP/1.1 ngs-edge-95-128-120-41.dditscdn.com/eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMC00MS5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN3ek9EQXhNRGcyTnkxa05XUXlMVFJrWWpFdE9HUmpaUzFqTm1ZeE1XTTFObVpoWXpNc01TdzFaamd3TnpneU9TeENTbVoyTUZoMFZDOXRibGg0V0RkcWFIQm5TekpPVW01M2QzYzkiLCJzdHJlYW1JZCI6ImY5NmYzOThlLTFlOTktNDVhZS1iNDVlLTBiMzYyODAyZGRmNCIsImNJZCI6IjhpNXA2dTdodjIzZmt5NGYiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzU5NzIyNTEsImV4cCI6MTY3NTk3MjMxMX0.XgmHupXdfX8uVTn8PvS301Poi9RC0ecL_NzDoZA5ibY?
IP 95.128.120.41:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMC00MS5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN3ek9EQXhNRGcyTnkxa05XUXlMVFJrWWpFdE9HUmpaUzFqTm1ZeE1XTTFObVpoWXpNc01TdzFaamd3TnpneU9TeENTbVoyTUZoMFZDOXRibGg0V0RkcWFIQm5TekpPVW01M2QzYzkiLCJzdHJlYW1JZCI6ImY5NmYzOThlLTFlOTktNDVhZS1iNDVlLTBiMzYyODAyZGRmNCIsImNJZCI6IjhpNXA2dTdodjIzZmt5NGYiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzU5NzIyNTEsImV4cCI6MTY3NTk3MjMxMX0.XgmHupXdfX8uVTn8PvS301Poi9RC0ecL_NzDoZA5ibY? HTTP/1.1
Host: ngs-edge-95-128-120-41.dditscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://crprt.livejasmin.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: o2L+FcxI9C88U7mIJleQUQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 09 Feb 2023 19:50:51 GMT
Connection: upgrade
server: ngs-h5live-proxy
Upgrade: websocket
Sec-WebSocket-Accept: U4ShVAumWygUYMZFOxv2C9A5NFA=
lsc-edge-95-128-121-35.dditscdn.com/memberChat/jasminDaniAbril726f054ba5ee127a2e227f97c3a3157d?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjEuMzUiLCJuaWNrIjoiRGFuaUFicmlsIiwiaGFzaCI6IjcyNmYwNTRiYTVlZTEyN2EyZTIyN2Y5N2MzYTMxNTdkIiwianRpIjo0MzU3NDk1MDAzMDAxODA1LCJpYXQiOjE2NzU5NzIyNTIsImV4cCI6MTY3NTk3MjMxMn0.WSvRE4S1ZsukVGnDO17oycn6-7bCCUXrJWs2IXL4l00
95.128.121.35101 Switching Protocols 0 B URL HTTP/1.1 lsc-edge-95-128-121-35.dditscdn.com/memberChat/jasminDaniAbril726f054ba5ee127a2e227f97c3a3157d?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjEuMzUiLCJuaWNrIjoiRGFuaUFicmlsIiwiaGFzaCI6IjcyNmYwNTRiYTVlZTEyN2EyZTIyN2Y5N2MzYTMxNTdkIiwianRpIjo0MzU3NDk1MDAzMDAxODA1LCJpYXQiOjE2NzU5NzIyNTIsImV4cCI6MTY3NTk3MjMxMn0.WSvRE4S1ZsukVGnDO17oycn6-7bCCUXrJWs2IXL4l00
IP 95.128.121.35:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /memberChat/jasminDaniAbril726f054ba5ee127a2e227f97c3a3157d?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjEuMzUiLCJuaWNrIjoiRGFuaUFicmlsIiwiaGFzaCI6IjcyNmYwNTRiYTVlZTEyN2EyZTIyN2Y5N2MzYTMxNTdkIiwianRpIjo0MzU3NDk1MDAzMDAxODA1LCJpYXQiOjE2NzU5NzIyNTIsImV4cCI6MTY3NTk3MjMxMn0.WSvRE4S1ZsukVGnDO17oycn6-7bCCUXrJWs2IXL4l00 HTTP/1.1
Host: lsc-edge-95-128-121-35.dditscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://crprt.livejasmin.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TVtuZPpOjQKu5DDN5NorTA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 09 Feb 2023 19:50:52 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: USa7jZrGKUgEd25rFaB+tnql/ns=
Server: unknown
ngs-edge-95-128-121-39.dditscdn.com/eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMS0zOS5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN3eU16RTNPV1psWWkxbVpqUXpMVFJoT0RNdFlXWXpOQzAyTlRReE5USTJObUppWlRRc01TdzFaamd3TnpreU55eHJRa2RZUzI1T1UwUnJaV2swVlVwS1lVWnhUM1p4TXpodFpFRTkiLCJzdHJlYW1JZCI6ImE2Y2IxNTAyLTJhNzMtNDU5Yi05YWEyLWYxZGVmNDQzY2I0OSIsImNJZCI6InlkOWZrYjlqYWV4MDdpd2MiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzU5NzIyNTIsImV4cCI6MTY3NTk3MjMxMn0.NF7QweMBEPdY616Y0x5_9YFKIkL5a2yl8pXmJbPx-SE?
95.128.121.39101 Switching Protocols 0 B URL HTTP/1.1 ngs-edge-95-128-121-39.dditscdn.com/eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMS0zOS5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN3eU16RTNPV1psWWkxbVpqUXpMVFJoT0RNdFlXWXpOQzAyTlRReE5USTJObUppWlRRc01TdzFaamd3TnpreU55eHJRa2RZUzI1T1UwUnJaV2swVlVwS1lVWnhUM1p4TXpodFpFRTkiLCJzdHJlYW1JZCI6ImE2Y2IxNTAyLTJhNzMtNDU5Yi05YWEyLWYxZGVmNDQzY2I0OSIsImNJZCI6InlkOWZrYjlqYWV4MDdpd2MiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzU5NzIyNTIsImV4cCI6MTY3NTk3MjMxMn0.NF7QweMBEPdY616Y0x5_9YFKIkL5a2yl8pXmJbPx-SE?
IP 95.128.121.39:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMS0zOS5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN3eU16RTNPV1psWWkxbVpqUXpMVFJoT0RNdFlXWXpOQzAyTlRReE5USTJObUppWlRRc01TdzFaamd3TnpreU55eHJRa2RZUzI1T1UwUnJaV2swVlVwS1lVWnhUM1p4TXpodFpFRTkiLCJzdHJlYW1JZCI6ImE2Y2IxNTAyLTJhNzMtNDU5Yi05YWEyLWYxZGVmNDQzY2I0OSIsImNJZCI6InlkOWZrYjlqYWV4MDdpd2MiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzU5NzIyNTIsImV4cCI6MTY3NTk3MjMxMn0.NF7QweMBEPdY616Y0x5_9YFKIkL5a2yl8pXmJbPx-SE? HTTP/1.1
Host: ngs-edge-95-128-121-39.dditscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://crprt.livejasmin.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CFrwc4tRK7l3v/kYcfHq7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 09 Feb 2023 19:50:52 GMT
Connection: upgrade
server: ngs-h5live-proxy
Upgrade: websocket
Sec-WebSocket-Accept: K6O2ckIB4dtwplFmajNLF2GNFkw=
lsc-edge-95-128-121-35.dditscdn.com/memberChat/jasmin56997896-70ba-4557-921e-c508714846273409181f0804d5ff2f94c46b5dc0ba83?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjEuMzUiLCJuaWNrIjoiNTY5OTc4OTYtNzBiYS00NTU3LTkyMWUtYzUwODcxNDg0NjI3IiwiaGFzaCI6IjM0MDkxODFmMDgwNGQ1ZmYyZjk0YzQ2YjVkYzBiYTgzIiwianRpIjo1OTk4NDI3NDY1ODkyNTQ5LCJpYXQiOjE2NzU5NzIyNTIsImV4cCI6MTY3NTk3MjMxMn0.t4bZNotm4QXVPcqdYRtLSPuOpAxsMa80cvzK6_-ijaA
95.128.121.35101 Switching Protocols 0 B URL HTTP/1.1 lsc-edge-95-128-121-35.dditscdn.com/memberChat/jasmin56997896-70ba-4557-921e-c508714846273409181f0804d5ff2f94c46b5dc0ba83?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjEuMzUiLCJuaWNrIjoiNTY5OTc4OTYtNzBiYS00NTU3LTkyMWUtYzUwODcxNDg0NjI3IiwiaGFzaCI6IjM0MDkxODFmMDgwNGQ1ZmYyZjk0YzQ2YjVkYzBiYTgzIiwianRpIjo1OTk4NDI3NDY1ODkyNTQ5LCJpYXQiOjE2NzU5NzIyNTIsImV4cCI6MTY3NTk3MjMxMn0.t4bZNotm4QXVPcqdYRtLSPuOpAxsMa80cvzK6_-ijaA
IP 95.128.121.35:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /memberChat/jasmin56997896-70ba-4557-921e-c508714846273409181f0804d5ff2f94c46b5dc0ba83?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjEuMzUiLCJuaWNrIjoiNTY5OTc4OTYtNzBiYS00NTU3LTkyMWUtYzUwODcxNDg0NjI3IiwiaGFzaCI6IjM0MDkxODFmMDgwNGQ1ZmYyZjk0YzQ2YjVkYzBiYTgzIiwianRpIjo1OTk4NDI3NDY1ODkyNTQ5LCJpYXQiOjE2NzU5NzIyNTIsImV4cCI6MTY3NTk3MjMxMn0.t4bZNotm4QXVPcqdYRtLSPuOpAxsMa80cvzK6_-ijaA HTTP/1.1
Host: lsc-edge-95-128-121-35.dditscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://crprt.livejasmin.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LZG4lEpfy6V/SrdCMwgh2g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 09 Feb 2023 19:50:52 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: j8s2Viji2xwijSYqukvWcQi40/4=
Server: unknown
ngs-edge-95-128-120-20.dditscdn.com/eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMC0yMC5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN4aFl6UmlZek13TUMwek1ESTBMVFJsTVRrdE9EWXdNQzB5WVRneVpqVmxOekZtWVRJc01TdzFaamd3TnpneE5DeHdkbGxhVHk5TGN6QlZMMDFtV2xRMFJIUkdXbUZQVFVrelZWazkiLCJzdHJlYW1JZCI6IjU4OTdmMzMxLWQwZjAtNDViOS1iM2ZmLTIwZDNhMTFiOTNkZiIsImNJZCI6InQ1Nm1mcWMxaXloczJvZngiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzU5NzIyNTMsImV4cCI6MTY3NTk3MjMxM30._Gf8Th-dWeZzHeB2gj0w4ew_mUNjRueuMcjiTCOcv94?
95.128.120.20101 Switching Protocols 0 B URL HTTP/1.1 ngs-edge-95-128-120-20.dditscdn.com/eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMC0yMC5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN4aFl6UmlZek13TUMwek1ESTBMVFJsTVRrdE9EWXdNQzB5WVRneVpqVmxOekZtWVRJc01TdzFaamd3TnpneE5DeHdkbGxhVHk5TGN6QlZMMDFtV2xRMFJIUkdXbUZQVFVrelZWazkiLCJzdHJlYW1JZCI6IjU4OTdmMzMxLWQwZjAtNDViOS1iM2ZmLTIwZDNhMTFiOTNkZiIsImNJZCI6InQ1Nm1mcWMxaXloczJvZngiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzU5NzIyNTMsImV4cCI6MTY3NTk3MjMxM30._Gf8Th-dWeZzHeB2gj0w4ew_mUNjRueuMcjiTCOcv94?
IP 95.128.120.20:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMC0yMC5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN4aFl6UmlZek13TUMwek1ESTBMVFJsTVRrdE9EWXdNQzB5WVRneVpqVmxOekZtWVRJc01TdzFaamd3TnpneE5DeHdkbGxhVHk5TGN6QlZMMDFtV2xRMFJIUkdXbUZQVFVrelZWazkiLCJzdHJlYW1JZCI6IjU4OTdmMzMxLWQwZjAtNDViOS1iM2ZmLTIwZDNhMTFiOTNkZiIsImNJZCI6InQ1Nm1mcWMxaXloczJvZngiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzU5NzIyNTMsImV4cCI6MTY3NTk3MjMxM30._Gf8Th-dWeZzHeB2gj0w4ew_mUNjRueuMcjiTCOcv94? HTTP/1.1
Host: ngs-edge-95-128-120-20.dditscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://crprt.livejasmin.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vPJ540cY6vQFXdtWGe7R1g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 09 Feb 2023 19:50:53 GMT
Connection: upgrade
server: ngs-h5live-proxy
Upgrade: websocket
Sec-WebSocket-Accept: 5PiBuZT6vdN2FJY6epJ/d3JmOiA=
api-protected.protoawegw.com/v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21&bannedPerformers[]=1378868b-36a9-4654-981a-fc7e6ae6200f&bannedPerformers[]=53a31a20-ce68-4212-90f7-a354238bbb7f&bannedPerformers[]=38dcbba9-d98b-4ea3-a3f1-e81a501df9f5&bannedPerformers[]=RileyRosee&bannedPerformers[]=85c34f7b-0aea-4085-850d-25330bdb4112
93.93.51.225200 OK 649 B URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21&bannedPerformers[]=1378868b-36a9-4654-981a-fc7e6ae6200f&bannedPerformers[]=53a31a20-ce68-4212-90f7-a354238bbb7f&bannedPerformers[]=38dcbba9-d98b-4ea3-a3f1-e81a501df9f5&bannedPerformers[]=RileyRosee&bannedPerformers[]=85c34f7b-0aea-4085-850d-25330bdb4112
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JSON data\012- , ASCII text, with very long lines (897), with no line terminators
Hash ed8c18191c9f33e42399fe8692a66274
c15e54766a7afb19b9541c3fb6accd8417f52110
881860f390acdf6a7d8884d40c9b6c12d0fd9ce94c96ef1c753efa7cf5a70e32
GET /v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21&bannedPerformers[]=1378868b-36a9-4654-981a-fc7e6ae6200f&bannedPerformers[]=53a31a20-ce68-4212-90f7-a354238bbb7f&bannedPerformers[]=38dcbba9-d98b-4ea3-a3f1-e81a501df9f5&bannedPerformers[]=RileyRosee&bannedPerformers[]=85c34f7b-0aea-4085-850d-25330bdb4112 HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crprt.livejasmin.com/
Origin: https://crprt.livejasmin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:52 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
twinrdsrv.com/banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41951&cid=b9c&rand=18769&ver=async&time=0&referrerurl=http%3A%2F%2Fwww.xxxfiles.tv%2F&abr=false&curl=http%3A%2F%2Fwww.xxxfiles.tv%2F
172.66.43.59200 OK 0 B URL HTTP/2 twinrdsrv.com/banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41951&cid=b9c&rand=18769&ver=async&time=0&referrerurl=http%3A%2F%2Fwww.xxxfiles.tv%2F&abr=false&curl=http%3A%2F%2Fwww.xxxfiles.tv%2F
IP 172.66.43.59:0
GET /banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41951&cid=b9c&rand=18769&ver=async&time=0&referrerurl=http%3A%2F%2Fwww.xxxfiles.tv%2F&abr=false&curl=http%3A%2F%2Fwww.xxxfiles.tv%2F HTTP/1.1
Host: twinrdsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:47 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=8943e9f5-822a-4a73-84c5-d7f2bef083e3; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure
ISSH=6931A6; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Thu, 09-Feb-2023 23:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2FQlgawREJqaHivpEqOYy2ET%2FWkngTwcMQ1yO6hULnYaXIXNCeu5LfAY1hIoYd4%2BU%2B3UQZOQ06%2BWp1q3KlDFQE0zgdZjaRkaL7hv7ZaW8A2xHHITcq%2FJNZLLsEFemwc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22d0da71b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/309159?host=www.xxxfiles.tv&ev=205&wh=939&ww=1280&uuid=&i=1&kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/309159?host=www.xxxfiles.tv&ev=205&wh=939&ww=1280&uuid=&i=1&kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/309159?host=www.xxxfiles.tv&ev=205&wh=939&ww=1280&uuid=&i=1&kw=Blowjob%2CMasturbation%2Coutdoor%2CBlonde%2CTeen%2Cmissionary%2Ccunnilingus%2COld%2FYoung%2Cbig-dick%2Ccum-licking%2Cdoggy-style%2Coldje.com%2CAlessandra%20Jane%2CDavid&s1=%25subid1%25 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=95OivN9LNgqB4aJ5pkJD; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.133.29200 OK 0 B IP 172.64.133.29:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:47 GMT
content-type: text/plain
set-cookie: csu=1766393137199232@1@1675972247; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www.xxxfiles.tv
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0XdZIUgovUEnn2yxsBUs7MHceHT0OhHLFykZVyzDekTj7IMwRawppCJlIPZjPJ3cWrEwtpftBrOqSKJg7je6yLuCDBKA4%2BJ4R4WP9dnBJcbRIksYUGhDteY5oqsIhivA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22d28de323ad-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api-protected.protoawegw.com/v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21&bannedPerformers[]=1378868b-36a9-4654-981a-fc7e6ae6200f&bannedPerformers[]=53a31a20-ce68-4212-90f7-a354238bbb7f&bannedPerformers[]=38dcbba9-d98b-4ea3-a3f1-e81a501df9f5&bannedPerformers[]=RileyRosee&bannedPerformers[]=85c34f7b-0aea-4085-850d-25330bdb4112
93.93.51.225200 OK 0 B URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21&bannedPerformers[]=1378868b-36a9-4654-981a-fc7e6ae6200f&bannedPerformers[]=53a31a20-ce68-4212-90f7-a354238bbb7f&bannedPerformers[]=38dcbba9-d98b-4ea3-a3f1-e81a501df9f5&bannedPerformers[]=RileyRosee&bannedPerformers[]=85c34f7b-0aea-4085-850d-25330bdb4112
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21&bannedPerformers[]=1378868b-36a9-4654-981a-fc7e6ae6200f&bannedPerformers[]=53a31a20-ce68-4212-90f7-a354238bbb7f&bannedPerformers[]=38dcbba9-d98b-4ea3-a3f1-e81a501df9f5&bannedPerformers[]=RileyRosee&bannedPerformers[]=85c34f7b-0aea-4085-850d-25330bdb4112 HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crprt.livejasmin.com/
Origin: https://crprt.livejasmin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:52 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
crmt.livejasmin.com/vast/v3?psid=ed_exoronvbunkdt&utm_campaign=exo&ms_notrack=1&pstour=t1&psprogram=REVS&site=jsm&utm_medium=network&categoryName=girl
93.93.51.191200 OK 0 B URL HTTP/2 crmt.livejasmin.com/vast/v3?psid=ed_exoronvbunkdt&utm_campaign=exo&ms_notrack=1&pstour=t1&psprogram=REVS&site=jsm&utm_medium=network&categoryName=girl
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /vast/v3?psid=ed_exoronvbunkdt&utm_campaign=exo&ms_notrack=1&pstour=t1&psprogram=REVS&site=jsm&utm_medium=network&categoryName=girl HTTP/1.1
Host: crmt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/xml; charset=utf-8
cache-control: no-cache
date: Thu, 09 Feb 2023 19:50:48 GMT
x-target-pstool: 401_1
access-control-allow-origin: http://www.xxxfiles.tv
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 11-Mar-23 19:50:48 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2
crprt.livejasmin.com/vast/v3?psid=ed_dpronvbdtno&utm_source=tr&ms_notrack=1&pstour=t1&psprogram=REVS&site=jsm&utm_medium=network&categoryName=girl&subaffid=7407&sub_source=pornpapa.com&utm_campaign=RON_Preroll_Contract
93.93.51.191200 OK 0 B URL HTTP/2 crprt.livejasmin.com/vast/v3?psid=ed_dpronvbdtno&utm_source=tr&ms_notrack=1&pstour=t1&psprogram=REVS&site=jsm&utm_medium=network&categoryName=girl&subaffid=7407&sub_source=pornpapa.com&utm_campaign=RON_Preroll_Contract
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /vast/v3?psid=ed_dpronvbdtno&utm_source=tr&ms_notrack=1&pstour=t1&psprogram=REVS&site=jsm&utm_medium=network&categoryName=girl&subaffid=7407&sub_source=pornpapa.com&utm_campaign=RON_Preroll_Contract HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/xml; charset=utf-8
cache-control: no-cache
date: Thu, 09 Feb 2023 19:50:48 GMT
x-target-pstool: 401_1
access-control-allow-origin: http://www.xxxfiles.tv
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 11-Mar-23 19:50:48 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2
api-protected.protoawegw.com/v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21&bannedPerformers[]=1378868b-36a9-4654-981a-fc7e6ae6200f&bannedPerformers[]=53a31a20-ce68-4212-90f7-a354238bbb7f&bannedPerformers[]=38dcbba9-d98b-4ea3-a3f1-e81a501df9f5&bannedPerformers[]=RileyRosee&bannedPerformers[]=85c34f7b-0aea-4085-850d-25330bdb4112
93.93.51.225200 OK 0 B URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21&bannedPerformers[]=1378868b-36a9-4654-981a-fc7e6ae6200f&bannedPerformers[]=53a31a20-ce68-4212-90f7-a354238bbb7f&bannedPerformers[]=38dcbba9-d98b-4ea3-a3f1-e81a501df9f5&bannedPerformers[]=RileyRosee&bannedPerformers[]=85c34f7b-0aea-4085-850d-25330bdb4112
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=b2157ce6-b2c8-41e7-aee4-3f00f1db2b21&bannedPerformers[]=1378868b-36a9-4654-981a-fc7e6ae6200f&bannedPerformers[]=53a31a20-ce68-4212-90f7-a354238bbb7f&bannedPerformers[]=38dcbba9-d98b-4ea3-a3f1-e81a501df9f5&bannedPerformers[]=RileyRosee&bannedPerformers[]=85c34f7b-0aea-4085-850d-25330bdb4112 HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crprt.livejasmin.com/
Origin: https://crprt.livejasmin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:53 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static2.jsmsat.com/npe/bonuscredit/css/bonuscredit-v534580.css
93.93.51.201200 OK 0 B URL HTTP/2 pt-static2.jsmsat.com/npe/bonuscredit/css/bonuscredit-v534580.css
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/bonuscredit/css/bonuscredit-v534580.css HTTP/1.1
Host: pt-static2.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: text/css
last-modified: Wed, 08 Feb 2023 14:52:14 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63e3b71e-961"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static4.jsmsat.com/npe/_common/script/incognito/di.min-v534580.js
93.93.51.201200 OK 0 B URL HTTP/2 pt-static4.jsmsat.com/npe/_common/script/incognito/di.min-v534580.js
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/_common/script/incognito/di.min-v534580.js HTTP/1.1
Host: pt-static4.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: application/javascript
last-modified: Wed, 08 Feb 2023 14:52:14 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63e3b71e-d47"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static2.jsmsat.com/npe/pu/play/script/pu.play-v534580.js
93.93.51.201200 OK 0 B URL HTTP/2 pt-static2.jsmsat.com/npe/pu/play/script/pu.play-v534580.js
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/pu/play/script/pu.play-v534580.js HTTP/1.1
Host: pt-static2.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: application/javascript
last-modified: Wed, 08 Feb 2023 14:52:14 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63e3b71e-3712c"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static4.jsmsat.com/npe/pu/play/css/play-v534580.css
93.93.51.201200 OK 0 B URL HTTP/2 pt-static4.jsmsat.com/npe/pu/play/css/play-v534580.css
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/pu/play/css/play-v534580.css HTTP/1.1
Host: pt-static4.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: text/css
last-modified: Wed, 08 Feb 2023 14:52:14 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63e3b71e-13491"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
twinrdsrv.com/banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41938&cid=b9c&rand=23685&ver=async&time=0&referrerurl=http%3A%2F%2Fwww.xxxfiles.tv%2F&abr=false&curl=http%3A%2F%2Fwww.xxxfiles.tv%2F
172.66.43.59200 OK 0 B URL HTTP/2 twinrdsrv.com/banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41938&cid=b9c&rand=23685&ver=async&time=0&referrerurl=http%3A%2F%2Fwww.xxxfiles.tv%2F&abr=false&curl=http%3A%2F%2Fwww.xxxfiles.tv%2F
IP 172.66.43.59:0
GET /banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41938&cid=b9c&rand=23685&ver=async&time=0&referrerurl=http%3A%2F%2Fwww.xxxfiles.tv%2F&abr=false&curl=http%3A%2F%2Fwww.xxxfiles.tv%2F HTTP/1.1
Host: twinrdsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:47 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=28cc7b78-3751-4261-aa11-47281e1ed7e0; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure
ISSH=6931A6; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Thu, 09-Feb-2023 23:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Wed, 09-Feb-2033 19:50:47 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUylR4iV0MaI0Ni6DQ78p2S%2FMn4d7qFTjMvNSeHS9ViIwCtpXWBrplzOhDlXSs%2Fl%2B2zRAiojeTY0yOjxNPCshDJhz5uZfmvjXFpsW%2B4e7SPCYSnV2%2F9HJke%2FgIrNep0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22d0ca69b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
vjs.zencdn.net/7.5.5/video.js
151.101.194.217200 OK 0 B URL HTTP/2 vjs.zencdn.net/7.5.5/video.js
IP 151.101.194.217:0
GET /7.5.5/video.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 13 Jun 2019 18:18:22 GMT
etag: "865887bf5b49dc505cb0268884734c12"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Thu, 09 Feb 2023 19:50:45 GMT
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 425400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700
IP 142.250.74.106:0
GET /css?family=Roboto:300,400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.tv/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 Feb 2023 19:50:45 GMT
date: Thu, 09 Feb 2023 19:50:45 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tsyndicate.com/do2/4f374a23cf56497b89d53e89be5502a2/vast?
136.243.51.171200 OK 0 B URL HTTP/2 tsyndicate.com/do2/4f374a23cf56497b89d53e89be5502a2/vast?
IP 136.243.51.171:0
ASN #24940 Hetzner Online GmbH
GET /do2/4f374a23cf56497b89d53e89be5502a2/vast? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: application/xml; charset=utf-8
access-control-allow-origin: http://www.xxxfiles.tv
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-vast: 3.0
x-request-id: 98ee2f473090c274
set-cookie: ts_uid=c950985c-050c-431c-8b9e-1cefb3283c71; expires=Wed, 09 Aug 2023 19:50:48 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMmTcmAEDRxcWIsYU3BLjoYgyE2PYuGEDRg0cNmg47KMg; expires=Fri, 10 Feb 2023 19:50:48 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
tsyndicate.com/do2/5a4d8c9f24e543abb29e2f21424e70ea/vast?
136.243.51.171200 OK 0 B URL HTTP/2 tsyndicate.com/do2/5a4d8c9f24e543abb29e2f21424e70ea/vast?
IP 136.243.51.171:0
ASN #24940 Hetzner Online GmbH
GET /do2/5a4d8c9f24e543abb29e2f21424e70ea/vast? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: application/xml; charset=utf-8
access-control-allow-origin: http://www.xxxfiles.tv
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-vast: 3.0
x-request-id: 17b89a8b4afcba1c
set-cookie: ts_uid=d791a0af-538a-4cd0-8164-a6723c3495d1; expires=Wed, 09 Aug 2023 19:50:48 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMmTcmAEDRxcWIsYU3BLjoYgyE2PYuGEDRg0cNmg47KMg; expires=Fri, 10 Feb 2023 19:50:48 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JJTxySvUFOpKOq6Li6xd8Ss5PWlFdKFrsPR1eUQYHQry8rOM1fzYkh2Z2JR4uZm%2Bx8jB63VaffzuFLi9%2FnExqWHXwFObVdYGnGQKOKXnMpnGP8tXos9esaKVtDW1U%2Fkb296wKgQcbDk9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22dada7774a9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
crjpgate.com/pu/?psid=ed_trronintdtno&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=postrttr&utm_medium=network&subaffid=10565_xxxfiles.com
93.93.51.223200 OK 0 B URL HTTP/2 crjpgate.com/pu/?psid=ed_trronintdtno&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=postrttr&utm_medium=network&subaffid=10565_xxxfiles.com
IP 93.93.51.223:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /pu/?psid=ed_trronintdtno&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=postrttr&utm_medium=network&subaffid=10565_xxxfiles.com HTTP/1.1
Host: crjpgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdsrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-target-pstool: 400_31
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 11-Mar-23 19:50:49 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 09 Feb 2023 20:50:48 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.133.29200 OK 0 B IP 172.64.133.29:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.xxxfiles.tv/
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:47 GMT
content-type: text/plain
set-cookie: csu=679714005394389@1@1675972247; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www.xxxfiles.tv
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SJaQPM8BdDY%2BbE%2BUw3wKjKcI4tod95hhXVG0uzWk6fyzRvY9ocdH438t07GBaC2L8VFl9ogG3yNINqb2Rb5%2BLH5k3cODeW8hQFENexGV7wY1B8jWylhdM3wcWvhxL5PY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f22d19c5023ad-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=b1d8c7daf6a59fb399d72f07926edef5ef148a9a77194ce9741b2132d9790c03&iterationId=402449&masterSmartpopId=1914&memberId=05e0c8f2-6b23-4456-b954-eef67ea0a83f&p1=Promo_Banners_Straight_T1_Desk&p2=49657&quality=optimal&ruleId=17&smartpopId=1807&sortBy=stripRanking&sourceId=xxxfiles.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=30283
104.18.51.106200 OK 0 B URL HTTP/2 creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=b1d8c7daf6a59fb399d72f07926edef5ef148a9a77194ce9741b2132d9790c03&iterationId=402449&masterSmartpopId=1914&memberId=05e0c8f2-6b23-4456-b954-eef67ea0a83f&p1=Promo_Banners_Straight_T1_Desk&p2=49657&quality=optimal&ruleId=17&smartpopId=1807&sortBy=stripRanking&sourceId=xxxfiles.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=30283
IP 104.18.51.106:0
GET /widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=b1d8c7daf6a59fb399d72f07926edef5ef148a9a77194ce9741b2132d9790c03&iterationId=402449&masterSmartpopId=1914&memberId=05e0c8f2-6b23-4456-b954-eef67ea0a83f&p1=Promo_Banners_Straight_T1_Desk&p2=49657&quality=optimal&ruleId=17&smartpopId=1807&sortBy=stripRanking&sourceId=xxxfiles.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=30283 HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://twinrdsrv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: text/html
last-modified: Tue, 07 Feb 2023 13:04:45 GMT
expires: Thu, 09 Feb 2023 19:50:47 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 4
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d64c69b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=ca6624202b11763d71416a8ead72efb72b6393c2d3c8dd0c6eab3c1996806e05&iterationId=402449&masterSmartpopId=1914&memberId=30126a95-be4a-4ed9-9147-3b496e1501f7&p1=Promo_Banners_Straight_T1_Desk&p2=49657&quality=optimal&ruleId=17&smartpopId=1807&sourceId=xxxfiles.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=30282
104.18.51.106200 OK 0 B URL HTTP/2 creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=ca6624202b11763d71416a8ead72efb72b6393c2d3c8dd0c6eab3c1996806e05&iterationId=402449&masterSmartpopId=1914&memberId=30126a95-be4a-4ed9-9147-3b496e1501f7&p1=Promo_Banners_Straight_T1_Desk&p2=49657&quality=optimal&ruleId=17&smartpopId=1807&sourceId=xxxfiles.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=30282
IP 104.18.51.106:0
GET /widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=ca6624202b11763d71416a8ead72efb72b6393c2d3c8dd0c6eab3c1996806e05&iterationId=402449&masterSmartpopId=1914&memberId=30126a95-be4a-4ed9-9147-3b496e1501f7&p1=Promo_Banners_Straight_T1_Desk&p2=49657&quality=optimal&ruleId=17&smartpopId=1807&sourceId=xxxfiles.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=30282 HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://twinrdsrv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:48 GMT
content-type: text/html
last-modified: Tue, 07 Feb 2023 13:04:45 GMT
expires: Thu, 09 Feb 2023 19:50:47 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 4
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22d64c67b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P8bwDI5brVVLJERbOttfzDaVsowuUGbFQ6Svk2kg%2BNEGRus7DH4kOIVFbqriB7BoTp9BmggzfLW2wlk9LlRTIKpelwDqtkfnj%2FsUqM0wOQ0i91NtbDkcS3NxDGolg%2BAIEVNlmqmaOs2a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22dbcb9674a9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxxfiles.tv
Connection: keep-alive
Referer: http://www.xxxfiles.tv/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 19:50:49 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2BktrVJxpCX6McRHclgFU75hxTpz3m2dOmhljDR8mKsz%2BXuBYmpmUpsJaf2qs%2FPGRlySTFRVWdQeBK%2BTAIio9RYx8AvGcLRxqo%2BVufdenNfqzppIbIwHowQeQK3BWceTHkU%2FFh8oRV67"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f22daea8374a9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2