xfantazy.com/video/618647d3248b9003ff8116ba
172.64.162.22302 Found 0 B URL HTTP/1.1 xfantazy.com/video/618647d3248b9003ff8116ba
IP 172.64.162.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/618647d3248b9003ff8116ba HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sun, 15 Jan 2023 16:50:19 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/618647d3248b9003ff8116ba
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0f3M836uXUmnE%2BwDoRgYyljqmX35%2F0i5yj454%2BhMB%2B3z4XlkWlRGV4UlV7gtrbLDbclkMtghhlL0gh%2BA6EsG8RnkRetjJw4S7y2ZZcwa7r%2FZ8sSSCfFvDjYOTN1c6sc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78a01c157fbd886b-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2258cd6b877a3aca8f4c84074e65ac4b
4e46c70941f8e497e8afc8d078644e7f81761a1c
faac4e0d123f2112b58953c104ea746cd53047fc1ada0ef5d669feecf78ddfff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAAC4E0D123F2112B58953C104EA746CD53047FC1ADA0EF5D669FEECF78DDFFF"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12978
Expires: Sun, 15 Jan 2023 20:26:37 GMT
Date: Sun, 15 Jan 2023 16:50:19 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0643dc6b6fed33b3537160b6bb77bcbf
aa43bd1fbb30d2219f3285c1ee4991ffb33562c5
f137438e30e0d69cba77ca2eb736687873e4a9c06cf88d23c6d55ea930fde09f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F137438E30E0D69CBA77CA2EB736687873E4A9C06CF88D23C6D55EA930FDE09F"
Last-Modified: Sat, 14 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16744
Expires: Sun, 15 Jan 2023 21:29:23 GMT
Date: Sun, 15 Jan 2023 16:50:19 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 15 Jan 2023 16:49:04 GMT
content-type: application/json
age: 75
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d6e2abd68203014e8e24d4a9e20e980a
5edbbb1a36083d5077b90b82e7aa10049e90c5d6
88cf8dae194a5e92a8c36a4c54ae71a609eaaed6e99d3986b3834c40d2fceeaa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88CF8DAE194A5E92A8C36A4C54AE71A609EAAED6E99D3986B3834C40D2FCEEAA"
Last-Modified: Sun, 15 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9016
Expires: Sun, 15 Jan 2023 19:20:35 GMT
Date: Sun, 15 Jan 2023 16:50:19 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PqzekF+1/3oaRaYeF3EBYTlgIxuDRNUaglvHgPUYNOyQhx7FPJQeQnCAHhG/8tRc0h9znK0YCtg=
x-amz-request-id: 40GKC39741S9TJH3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 15 Jan 2023 16:44:14 GMT
age: 365
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:19 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 15 Jan 2023 16:17:25 GMT
age: 1975
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 83579ff88cab4d4d05d4741599104d9c
fe74c219f8655a4ca36fe397884e55ab63d1288a
a492a770e88739fac8094f7b73f87474cee4ad2ccbf9f1963b935474544ef3f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 38 kB IP 93.184.220.29:0
Hash 322fb3339caf40fdac64a495705fbc4b
342daa641aa0eb5552409d333380b081fd2b1dcd
bdab6f631f77f47c4639037fbb9d2f9f5f90f6d6715eeb84d602f1148cc72b83
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6337
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:20 GMT
Last-Modified: Sun, 15 Jan 2023 15:04:43 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 83579ff88cab4d4d05d4741599104d9c
fe74c219f8655a4ca36fe397884e55ab63d1288a
a492a770e88739fac8094f7b73f87474cee4ad2ccbf9f1963b935474544ef3f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e804586be26c88b95d554afe0ef24d5c
6f99b1fe2330c4661608f17819a4490a92ca296c
38894b7977e8f8e790a71eedf8144799a77ccceb49771e7458392ad7916293db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 9442f1d8864feb84a623305a281e4c56
45250ab44f89bf1a0f665da8b47da06dc1af2af0
2086a32de0797aa6146b8fe1d7422342dbc9f1da0d81093915f42b69a5dcbc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 6fc52c452b4176dabdd1a319c5e3fa51
e00b78bd1c6b5d71f2987fd9cdc8975804b668ae
224beac380dd44474b39343d4138c0e5d8a547523eb06a1c6d6c4a893d511e63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 6fc52c452b4176dabdd1a319c5e3fa51
e00b78bd1c6b5d71f2987fd9cdc8975804b668ae
224beac380dd44474b39343d4138c0e5d8a547523eb06a1c6d6c4a893d511e63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.168200 OK 56 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.168:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1395)
Hash 43ff024cf8bbc2e13217fa7b57f50658
6e70c13ba6da50559574c2a912d61b57d6574a21
f4e829c8577b41cf9336f0b238bc14f06d617982b574279661256248e8e701f4
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 15 Jan 2023 16:50:20 GMT
expires: Sun, 15 Jan 2023 16:50:20 GMT
cache-control: private, max-age=900
last-modified: Sun, 15 Jan 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54908
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 11 Jan 2023 07:51:59 GMT
expires: Thu, 11 Jan 2024 07:51:59 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 377901
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 11 Jan 2023 19:33:54 GMT
expires: Thu, 11 Jan 2024 19:33:54 GMT
cache-control: public, max-age=31536000
age: 335786
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 13 Jan 2023 13:33:13 GMT
expires: Sat, 13 Jan 2024 13:33:13 GMT
cache-control: public, max-age=31536000
age: 184627
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e804586be26c88b95d554afe0ef24d5c
6f99b1fe2330c4661608f17819a4490a92ca296c
38894b7977e8f8e790a71eedf8144799a77ccceb49771e7458392ad7916293db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 6fc52c452b4176dabdd1a319c5e3fa51
e00b78bd1c6b5d71f2987fd9cdc8975804b668ae
224beac380dd44474b39343d4138c0e5d8a547523eb06a1c6d6c4a893d511e63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HcJw8sQczC9mlwM8kalM5Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RYxBl1AmtiykUTVwZXUkl2dORDU=
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
Hash 4321a24185956a93cbe031a3607558b7
d288572a91c7ea749f619dd49a918b61f09b600a
a752ff97e46c52f6eae8d306789fbaa6dec8866fad66322f09f4d7b0622d9ec6
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sun, 15 Jan 2023 16:21:54 GMT
expires: Sun, 15 Jan 2023 18:21:54 GMT
cache-control: public, max-age=7200
age: 1707
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.129.229200 OK 86 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.129.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash dad70fee0d733022f201eb1d0e019097
a89684dc7f9c41239a7438380743b3ea64970444
75929b7b5ec0184b4e41d8838bd67924012010d32562a1791f3b481d4aa4c825
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.256.0
x-jsd-version-type: version
etag: W/"34df3-XhWKv4kzpcRUd663DZfMTIIt72I"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 15 Jan 2023 16:50:21 GMT
age: 37492
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85672
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash 2b467c1d48ffb02b6844bee1fbe503db
cba07c45bf2d8ba776e59a33e10c8d9c5b989e4f
cc39a12bc1476fa18c670ce406ae5509c74338ab4f6d3b4647e443cd2b0fb5d1
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 15 Jan 2023 16:50:21 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "617689DEAE7E20DE2927D7D5EAD4F27F9D57CFA6"
Expires: Mon, 16 Jan 2023 03:00:00 GMT
Last-Modified: Sun, 15 Jan 2023 15:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3433
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a01c2298aefabc-OSL
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 57 kB URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 58c4a71418a86e3c210a316befe92b3b
e8916cf89204f8da4f3267386ecb5741c6e5f9fe
caedbda03434b713c8365c8a5bbe05fc1c387abe392ce54c11dd24e46dcec899
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:21 GMT
content-type: application/javascript
last-modified: Tue, 13 Dec 2022 09:50:49 GMT
etag: W/"63984af9-29f99"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7f7d86a250c539fe4431535882cf4e4e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: WGXAieUCpgMhcjAxTbABAmnaKz2iShEruA4WTGIfwTPupOjTxrHwGw==
age: 1934063
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 109fb487076c77e3333734563a4a970f
1058db465dc521dacc2e02a6729c96868a0eb87e
eeb2650989c875d7abd1a07733f3d16b4ea08030c9787de5be016819fca3f049
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EEB2650989C875D7ABD1A07733F3D16B4EA08030C9787DE5BE016819FCA3F049"
Last-Modified: Sun, 15 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5912
Expires: Sun, 15 Jan 2023 18:28:53 GMT
Date: Sun, 15 Jan 2023 16:50:21 GMT
Connection: keep-alive
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
173.233.137.60200 OK 14 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 173.233.137.60:0
Hash c16d7f21704d07e0c7f25a38d8b0578e
db15eb4e000ac0b09d6c838a0640a0ba791c35f2
90209adf5fd5a939e99de2fdc67977a7dbaee2c73f755ecc91c5495923df2f5d
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 347bb5837a5057b66c458819e16ac6d9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37143), with no line terminators
Hash 1d37d0bf7383fa74f0ecc300b5c0ea9d
ca35956a33a1b80a07b18d9ff01f0473ebba142d
796cd3394c88537fd1e490c728c418d16a83c6256807c618410647ac6ca3b299
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4642ab75ec8e3a53b3383ca700549e12
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash c71eb8c64685b70e5d513c764f0d1e5b
e30e87e57f8d3cfd2de0a8385de2f94ca14f873a
46c26b2a76b6bc29b5ad294fd8092b6650c6fccf1382c690b63e02923ed0d77e
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 15 Jan 2023 16:50:21 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Thu, 19 Jan 2023 14:04:49 GMT
ETag: "e30e87e57f8d3cfd2de0a8385de2f94ca14f873a"
Last-Modified: Sun, 15 Jan 2023 14:04:50 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a01c271c8bfabc-OSL
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f37152869236d1c2a34432a27d90672d
7423529d2caff0cdc49934bbf8dc44664853daf6
7ce566d4db07adc41d7000426e48a99ba7ae92a376b81713e1de2bf06309cbf4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7CE566D4DB07ADC41D7000426E48A99BA7AE92A376B81713E1DE2BF06309CBF4"
Last-Modified: Fri, 13 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7639
Expires: Sun, 15 Jan 2023 18:57:41 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f37152869236d1c2a34432a27d90672d
7423529d2caff0cdc49934bbf8dc44664853daf6
7ce566d4db07adc41d7000426e48a99ba7ae92a376b81713e1de2bf06309cbf4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7CE566D4DB07ADC41D7000426E48A99BA7AE92A376B81713E1DE2BF06309CBF4"
Last-Modified: Fri, 13 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7639
Expires: Sun, 15 Jan 2023 18:57:41 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1400%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801422%3Ac%3A1%3Arn%3A592762977%3Arqn%3A1%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C74%2C407%2C11%2C442%2C0%2C%2C343%2C8%2C%2C%2C%2C1470%3Aco%3A0%3Ans%3A1673801419223%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801422%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
87.250.250.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1400%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801422%3Ac%3A1%3Arn%3A592762977%3Arqn%3A1%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C74%2C407%2C11%2C442%2C0%2C%2C343%2C8%2C%2C%2C%2C1470%3Aco%3A0%3Ans%3A1673801419223%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801422%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 395b8b67eddba4edd1c6bbba8b858339
e22402c596d6d8acd1a3bd8335e1b7e2656c33c4
fb82dd69f63b9eb32d09bb8d26cb965ee980dd84346918026f06f3a5e4728f93
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1400%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801422%3Ac%3A1%3Arn%3A592762977%3Arqn%3A1%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C74%2C407%2C11%2C442%2C0%2C%2C343%2C8%2C%2C%2C%2C1470%3Aco%3A0%3Ans%3A1673801419223%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801422%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Sun, 15 Jan 2023 16:50:22 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 15-Jan-2023 16:50:22 GMT
last-modified: Sun, 15-Jan-2023 16:50:22 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash e077a5e00dc0fbf96e2357886aefa811
9b8233ed9f2c42f364efffb8d5771c5b3a09a303
ddbf3f3d376963f06af6c8e98bef35906b9ffe5f1270f2565815774a31f04f57
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 15 Jan 2023 16:50:22 GMT
Last-Modified: Sun, 15 Jan 2023 15:38:58 GMT
Server: ECS (nyb/1D18)
X-Cache: Miss from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 81iv93lRvQFF7wRwuOluKjOaqbYL1aqX9xELJVqyiH2mdFFSbiBaJA==
Age: 4284
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash e077a5e00dc0fbf96e2357886aefa811
9b8233ed9f2c42f364efffb8d5771c5b3a09a303
ddbf3f3d376963f06af6c8e98bef35906b9ffe5f1270f2565815774a31f04f57
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 15 Jan 2023 16:50:22 GMT
Last-Modified: Sun, 15 Jan 2023 15:22:39 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JI7w5hlBCgCghhjJ8i6kzdxq3gr6KW3MjefT8c4yY8N20TBcMnGYhw==
Age: 5263
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4a13f980344ea3a380574f02c10fc744
a5e39024e8b4f9d77880a9c614491d1649abfb55
ffdc20e201d3c54c27c92851017d0d84959cd9c61ad1d03b7de6916b29ad6c30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FFDC20E201D3C54C27C92851017D0D84959CD9C61AD1D03B7DE6916B29AD6C30"
Last-Modified: Sun, 15 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17988
Expires: Sun, 15 Jan 2023 21:50:10 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4a13f980344ea3a380574f02c10fc744
a5e39024e8b4f9d77880a9c614491d1649abfb55
ffdc20e201d3c54c27c92851017d0d84959cd9c61ad1d03b7de6916b29ad6c30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FFDC20E201D3C54C27C92851017D0D84959CD9C61AD1D03B7DE6916B29AD6C30"
Last-Modified: Sun, 15 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17988
Expires: Sun, 15 Jan 2023 21:50:10 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
simplewebanalysis.com/stats
52.28.184.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.184.54:0
File type ASCII text, with no line terminators
Hash e2d64c634cfdcc34be4e7ae8e36aa308
29dd8bf6e65996889e1f28cb11009577873abc13
d1ad1102a6774f69e265f4622aa29485fc4e0675a7c33e92ee11ded3b77088e0
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:22 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=2ac8846e-2e4e-42cb-8419-890294809321:1:1; expires=Wed, 12 Jan 2033 16:50:22 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.28.184.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.184.54:0
File type ASCII text, with no line terminators
Hash 6f2f0f6a8ad8ba8a1f4b65f4084c76f9
821b0f975bfd81154255d34addb9c450cba168b3
e862847e7dfdc166604ec1fcfb5dce1be46a775b328da2d909ce35a4c7fe62a0
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:22 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=a3af69c4-a843-4a0c-adac-3043959c5b5d:2:1; expires=Wed, 12 Jan 2033 16:50:22 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20137
Expires: Sun, 15 Jan 2023 22:25:59 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20137
Expires: Sun, 15 Jan 2023 22:25:59 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20137
Expires: Sun, 15 Jan 2023 22:25:59 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a23d61d610c7b55d943fcb2636a01b65
82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065
28bf3039cc8c1213e64893c71bc150eda573223feb2cc15ad0814a44960d434a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9539
x-amzn-requestid: 33735807-3403-41ee-a488-a3f25f9b12d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ewX9XFvoIAMFzMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c339ee-65def8747314ecb63b000a4c;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 23:25:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7ds4KRTpC9H3aDH6fAS0S5W8kONOlSxK7bU2Rzr1d_24GytaZLRTsQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 12:46:14 GMT
age: 14648
etag: "82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c678ae9-1df5-47c4-bbe3-ec12e97322d9.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c678ae9-1df5-47c4-bbe3-ec12e97322d9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90fc5463f271bab652af099cb526f189
805c27d8f82a5eb6583814313c36f5e7699408e5
749dca33aa337b494fb113896bf035bc9dcb17068ecffdf30fc5ac85a4ac5185
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c678ae9-1df5-47c4-bbe3-ec12e97322d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5495
x-amzn-requestid: d76b8f1d-37a2-47ac-9acf-1b0a44a4a5fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eqsroF62IAMF-mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0f4b0-67700bfd11f1ad5d0aaab92d;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 06:05:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KrCFIa2Dpbas7vvk8nttLRG7HaQ8bEgVmqZUZtlGhdSeV8igH3FLpg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 14:12:40 GMT
age: 9462
etag: "805c27d8f82a5eb6583814313c36f5e7699408e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d821e79-af3a-4b67-a79e-90cdf9701001.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d821e79-af3a-4b67-a79e-90cdf9701001.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91a664271b9042ab5a34c1259df6ab93
7ce177939ceed31dbe137996cace3f71eaab3cf4
08b872b4c8dc8d4b5e26d7c5e7985c144dcf45623737e6daf7813b2add8ab013
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d821e79-af3a-4b67-a79e-90cdf9701001.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11285
x-amzn-requestid: 46c0b124-5916-4067-99af-2fa9812dfb2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ev-1zHc4oAMFV6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c311be-3ffbee9348f4351459ed0099;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 20:34:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8FcfGYx-mcEZzF4IoADT5iGnf0vTk2cACE4nseVdonXHBXOSno9vQw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 04:27:28 GMT
age: 44574
etag: "7ce177939ceed31dbe137996cace3f71eaab3cf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20137
Expires: Sun, 15 Jan 2023 22:25:59 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77d2ca2b-548c-4f63-b8a5-e55b6e92d5e9.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77d2ca2b-548c-4f63-b8a5-e55b6e92d5e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5c609c89120eef87bbdd0d8ee5ee18f9
be8e369be0ccc707b904546798aacc9afe413cfa
feaa9f41b45aaa71d87008fe3112bc09e41cf6c2c500b4bc1adc125c7c82eee1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77d2ca2b-548c-4f63-b8a5-e55b6e92d5e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4981
x-amzn-requestid: b38d8240-7f85-4fd6-845b-54ddc6da7521
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ewH9tHxWoAMFTQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c32057-657c5e342a66713b0f5f8f0b;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XFRrdpdDYEyYq9lFI99gf2mrKB2VRbNmAwbMN9c3wJlbBbc9UTTiaQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 21:51:43 GMT
age: 68319
etag: "be8e369be0ccc707b904546798aacc9afe413cfa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bd45fb-ae78-4593-88df-aa9d625197e7.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bd45fb-ae78-4593-88df-aa9d625197e7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6f82c507da28e1b4557ea7f2bdf0f7fc
4be269ad35497a42bf7fce03d711ddf9496abbb4
f51879b87cb99b4883f320fe4abe44032968c42e32b88dc5f788b40ddc6494db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bd45fb-ae78-4593-88df-aa9d625197e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10558
x-amzn-requestid: ff08c622-f06b-45ad-acbe-1f7b99ef4996
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ewdALF9BIAMFX1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c34200-22ce17b369e4542f7dac153d;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 00:00:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cIpnZDNTTM7-pclfJ7OfiBlh3MDEPNLG8-YAO3Rhs2Rb_KrxkFZ8ug==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 07:17:32 GMT
age: 34370
etag: "4be269ad35497a42bf7fce03d711ddf9496abbb4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 74ac30be02dee9dcfeee79a7dc54edff
1368d81de22ea2e4054a3e1a8f01ef337c63e35b
8abc2f276906dfb9ce75c2526d2c2cfa6aea6dbe13f4046de1040cd611cbbc1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9801
x-amzn-requestid: 39d84a20-55f7-4b7c-abc4-9ac1ff100da9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eqSkoGCZoAMF1zA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0caea-4f7a1cf676335cc83018dc51;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 03:07:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUFicgD94yxyZhMtQm-aYS-QpZXn07rLRBhnBLMTIQh6qHKOX_LRFg==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 03:30:55 GMT
age: 47967
etag: "1368d81de22ea2e4054a3e1a8f01ef337c63e35b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
planesknob.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.137.44200 OK 29 kB URL HTTP/1.1 planesknob.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.137.44:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 5708f3d4d0d9d38461d778d2bf967ba7
9ca00edceefb8f23be7b65990fcde5a0a743ca12
2d03ba97135dd3c503894841ec4b8bce3243f8194b9e8fa2065ce2522cbca093
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 55cd89af31dbd0238211251d90f9e1cc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
planesknob.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.137.44200 OK 29 kB URL HTTP/1.1 planesknob.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.137.44:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 2bd516dc6732925636aa06928955531d
01a26185823b49613cc072f8ddbc7b0db50d6308
7f6371e6be3e0593f7003e078c2c939b90c50ae8aff2d12c697d8e4bf667a730
Analyzer Verdict Alert quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1f5aa063a44616044decd52f0f6d4462
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f37152869236d1c2a34432a27d90672d
7423529d2caff0cdc49934bbf8dc44664853daf6
7ce566d4db07adc41d7000426e48a99ba7ae92a376b81713e1de2bf06309cbf4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7CE566D4DB07ADC41D7000426E48A99BA7AE92A376B81713E1DE2BF06309CBF4"
Last-Modified: Fri, 13 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7639
Expires: Sun, 15 Jan 2023 18:57:41 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
simplewebanalysis.com/stats
52.28.184.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.184.54:0
File type ASCII text, with no line terminators
Hash 6f2f0f6a8ad8ba8a1f4b65f4084c76f9
821b0f975bfd81154255d34addb9c450cba168b3
e862847e7dfdc166604ec1fcfb5dce1be46a775b328da2d909ce35a4c7fe62a0
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=a3af69c4-a843-4a0c-adac-3043959c5b5d:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:22 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.28.184.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.184.54:0
File type ASCII text, with no line terminators
Hash 6f2f0f6a8ad8ba8a1f4b65f4084c76f9
821b0f975bfd81154255d34addb9c450cba168b3
e862847e7dfdc166604ec1fcfb5dce1be46a775b328da2d909ce35a4c7fe62a0
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=a3af69c4-a843-4a0c-adac-3043959c5b5d:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:22 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bafe9d352b1e6283d6357cf8d29ffbda
55427ea57f0ee11f10b165eb6d07d4f80ad34ca9
66d2654cb247e74aaf8250b1f5b7dcb741be14607d96adec5a7a8f883881de6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66D2654CB247E74AAF8250B1F5B7DCB741BE14607D96ADEC5A7A8F883881DE6B"
Last-Modified: Fri, 13 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8054
Expires: Sun, 15 Jan 2023 19:04:36 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
planesknob.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
173.233.137.44200 OK 4.5 kB URL HTTP/1.1 planesknob.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
IP 173.233.137.44:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6981), with no line terminators
Hash bcfd323c44cb282e33880d8da6aae0ba
889d86a8d537e922017be3aae8bf82a19bc94261
5411a0876ccac3ebabed02e0e7b34d75fdd21e321257cceed61498777af3fd33
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:22 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Mon, 16 Jan 2023 16:50:22 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 16 Jan 2023 16:50:22 GMT; secure; SameSite=None
uncs=1; expires=Mon, 16 Jan 2023 16:50:22 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 16 Jan 2023 16:50:22 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 16 Jan 2023 16:50:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 29aab220e8cbb07bc3cb78a5840cc076
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e715e841edd8e413f3b38d1ad952604c
9960fd6ea53d64dbdf1dfd9ef664d7270d3ae607
e3ce5054086152303202b9bb60301dd3b3ffa1953fbd39e5f5f30a600920cf57
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3CE5054086152303202B9BB60301DD3B3FFA1953FBD39E5F5F30A600920CF57"
Last-Modified: Fri, 13 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21554
Expires: Sun, 15 Jan 2023 22:49:36 GMT
Date: Sun, 15 Jan 2023 16:50:22 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A393968799%3Arqn%3A2%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A393968799%3Arqn%3A2%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A393968799%3Arqn%3A2%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 15 Jan 2023 16:50:22 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 15-Jan-2023 16:50:22 GMT
last-modified: Sun, 15-Jan-2023 16:50:22 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A107416253%3Arqn%3A3%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A107416253%3Arqn%3A3%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A107416253%3Arqn%3A3%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 15 Jan 2023 16:50:22 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 15-Jan-2023 16:50:22 GMT
last-modified: Sun, 15-Jan-2023 16:50:22 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A924121618%3Arqn%3A4%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A924121618%3Arqn%3A4%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A924121618%3Arqn%3A4%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 15 Jan 2023 16:50:22 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 15-Jan-2023 16:50:22 GMT
last-modified: Sun, 15-Jan-2023 16:50:22 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1400%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801422%3Ac%3A1%3Arn%3A592762977%3Arqn%3A1%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C74%2C407%2C11%2C442%2C0%2C%2C343%2C8%2C%2C%2C%2C1470%3Aco%3A0%3Ans%3A1673801419223%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801422%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.250.119302 Found 962 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1400%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801422%3Ac%3A1%3Arn%3A592762977%3Arqn%3A1%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C74%2C407%2C11%2C442%2C0%2C%2C343%2C8%2C%2C%2C%2C1470%3Aco%3A0%3Ans%3A1673801419223%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801422%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
Hash 5e6f03ed236f4ea9d43f166e0dff54b7
eb8e7adcbca0ca73df81ce6e846be653de3373c9
4cb75c495e32bdf805d826493c189a6c9623067fca906feaee4e64725d4f02e9
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1400%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801422%3Ac%3A1%3Arn%3A592762977%3Arqn%3A1%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C74%2C407%2C11%2C442%2C0%2C%2C343%2C8%2C%2C%2C%2C1470%3Aco%3A0%3Ans%3A1673801419223%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801422%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1400%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801422%3Ac%3A1%3Arn%3A592762977%3Arqn%3A1%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C74%2C407%2C11%2C442%2C0%2C%2C343%2C8%2C%2C%2C%2C1470%3Aco%3A0%3Ans%3A1673801419223%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801422%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sun, 15 Jan 2023 16:50:21 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=2245206651673801421; Path=/; SameSite=None; Secure
i=tgsYQRGw9g9yXy5Qf62QR8onFXeCze3wfvUhz4ljEGqw648PTypEFrLHXMyZpf4OrW48mziY4blgyuXO75SoA8ac76U=; Expires=Wed, 12-Jan-2033 16:50:14 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=2962763161673801421; Expires=Mon, 15-Jan-2024 16:50:21 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=2962763161673801421; Expires=Mon, 15-Jan-2024 16:50:21 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1705337421.yc.1673801421#1705337421.yrts.1673801421#1705337421.yrtsi.1673801421; Expires=Mon, 15-Jan-2024 16:50:21 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 15-Jan-2023 16:50:21 GMT
last-modified: Sun, 15-Jan-2023 16:50:21 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A37136023%3Arqn%3A6%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
87.250.250.119200 OK 884 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A37136023%3Arqn%3A6%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP 87.250.250.119:0
Hash 39206521ac0cf56f868ec5f85a851f27
0833b465ef2bc00248e5a20671ca20ecd9dcd783
0bf8d05e0a7cea363d6f521bd60e30fd17213d77a1de0c5617c7d6e8063c6aad
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A37136023%3Arqn%3A6%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 15 Jan 2023 16:50:22 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 15-Jan-2023 16:50:22 GMT
last-modified: Sun, 15-Jan-2023 16:50:22 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A733622946%3Arqn%3A7%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A733622946%3Arqn%3A7%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165022%3Aet%3A1673801423%3Ac%3A1%3Arn%3A733622946%3Arqn%3A7%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1673801419223%3Ast%3A1673801423&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 15 Jan 2023 16:50:22 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 15-Jan-2023 16:50:22 GMT
last-modified: Sun, 15-Jan-2023 16:50:22 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
planesknob.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
173.233.137.44200 OK 3.9 kB URL HTTP/1.1 planesknob.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
IP 173.233.137.44:0
File type JSON data\012- , ASCII text, with very long lines (5601), with no line terminators
Hash 0a749f0d9bbeb66a6e5f1f1061fe1a16
2ddbefddcdc816a21b56e16b6325b055b8c2a246
04a840991d89bc4ca5a4961d9d99af2d262c92a0aaffc6dcf969f35166971a42
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:22 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Mon, 16 Jan 2023 16:50:22 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 16 Jan 2023 16:50:22 GMT; secure; SameSite=None
uncs=1; expires=Mon, 16 Jan 2023 16:50:22 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 16 Jan 2023 16:50:22 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 16 Jan 2023 16:50:22 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]; expires=Sun, 15 Jan 2023 16:50:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 77e11a5811d1a748df04163229881f08
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
technologycontemplate.com/pixel/purst?dl=0&th=0&sc=0&rs=3430&rd=3430&fd=494&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 technologycontemplate.com/pixel/purst?dl=0&th=0&sc=0&rs=3430&rd=3430&fd=494&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3430&rd=3430&fd=494&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: technologycontemplate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:22 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
blacknesskeepplan.com/pixel/purst?dl=0&th=0&sc=0&rs=3451&rd=3451&fd=549&bv=22.10.v.10&tmpl=136
192.243.59.12200 OK 0 B URL HTTP/1.1 blacknesskeepplan.com/pixel/purst?dl=0&th=0&sc=0&rs=3451&rd=3451&fd=549&bv=22.10.v.10&tmpl=136
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3451&rd=3451&fd=549&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: blacknesskeepplan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 15 Jan 2023 16:50:22 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
planesknob.com/ren.gif?sid=H4sIAAAAAAAC%2F6xTT4gcxReuzi8%2FUIKi4sVDpKEhRpDZ7vmzu5OwLEl2kwzZ7K67K0ERQnVV9Uw51VVNVfX07F4MiUhu2ejFW3rfbLJGgzHgIQeFMJuLDooZQZmDK4gHwYsiepaZXYkeBA8%2B6H7f46sqvq%2Feqzc30h3kQ4oHi2fVGhcCj1UKvnv4HJdUZcadX3EDv%2BAfdc9xOV4%2B6raHP906EviVgv%2B8e4qRphor%2BoHvB37gnuSaRao9NmKBJ7eqQaHqF8rFQlApQ1v%2FvTapAwY7QFs76CngtP%2F%2Fxqd3gJMuyPjDGWaaViUvzMapwFZpaNGtl2RTqkxC%2FBBG2oFIbu2tBmX6CL2zD5Tc2nMAqrU5dAAh7yPnmwBCubUnE8LW9V2loQAmIaQHIGt1gYkucNwFoi4Bpw8QAKEwvwAyvjGvdIZXd1k8ZPto%2F%2B%2B%2FAs%2F6aP%2B3T4OMPzgueNtdViK1XEkD7SgH3u4Cr3chSbfBrjnAs20g9iJwikDGOXCaj1xz3gUedUGwdcDGgXT4cQfSyIE0cSCmAxdXqpHvT0RhVCpNlgkhpRIhlclxWqGl8mTkQ0qGstbBJutAxDoQfQESfQGa%2FGofoYuboNN7YBo5GOqAsX3kvHgBWjSHjCHIDIIMI8g4gswiyFr5dSpM0eQ3qDBpGOzl4l4u5R1l6xv4urJ1JtFGsoOeHF6K89jrz0GTDdxiELFSteJH5aDI%2FOI4KZWiIBwnjI0HJRZiMDwHbvaN%2FK7xPnq2cgAS3kePTN%2BDEG%2BDEdtA%2BBOA04OAs85E0Qfc6JQnfViTdyW2qcaiwbCwDaNSTViBiDQEqnJI7H6wq86G2EHPjBo1sfUjMNKb%2Fv6X%2Bk%2FsEgKic0h0Dq%2Fx%2Bwjq4nJnSWVoc0llBt1ZSCyP%2BRoeNnHZYsvQe2fYaqY0rc2Y9ZvHyJAYwlsrzNg5LCmXdYPeP84pZfqk0oShT2rmHAsXU9M4nmqZJnOLJ07W4kQzY7iSXcD8QfsVILyPHv26NxrPg%2Fhz4HobdDqYaVibHBkbI4KTZiEholmQOGa79bRh2E6Vxqt%2BsXgIU07%2FxHwqzIKJ8kJ7XJqXz%2FsQp73pt39ofHb%2Foy%2BBqy6Q5I3bnjczu3xiqba4UluY97yBu2yxtq5JuBDMujGjbuD7vju%2FcMYNlUzNbc%2BbO7Z0avZ87eyxU7OeNzj9D9psI41Dibn4t%2Fre9bzaiZGIpf%2FqyEM8rtspTpS86XkrtZW5Wc%2F7uOZSXHeZdsVqs8korjPpUi7dn6%2B9dRdM0kN7AUYh0OJhHSYOZGne0cWwN32tvMg3vzsNgvfRkanHQbDedP%2FKq4d%2F614BHOZg2F82PsQb5jLUtQPYXhq99pbOoSVywGIdTPq%2Fjk10b%2Fqr0iggFE4nFNrZDIUWV3dn1vCByyqRHzG%2FyMKoGkYT2KfVqFwNcTVgE2EFB2BNn9wvfPEHAAAA%2F%2F8BAAD%2F%2FyKdmtbPBQAA
173.233.137.44200 OK 7 B URL HTTP/1.1 planesknob.com/ren.gif?sid=H4sIAAAAAAAC%2F6xTT4gcxReuzi8%2FUIKi4sVDpKEhRpDZ7vmzu5OwLEl2kwzZ7K67K0ERQnVV9Uw51VVNVfX07F4MiUhu2ejFW3rfbLJGgzHgIQeFMJuLDooZQZmDK4gHwYsiepaZXYkeBA8%2B6H7f46sqvq%2Feqzc30h3kQ4oHi2fVGhcCj1UKvnv4HJdUZcadX3EDv%2BAfdc9xOV4%2B6raHP906EviVgv%2B8e4qRphor%2BoHvB37gnuSaRao9NmKBJ7eqQaHqF8rFQlApQ1v%2FvTapAwY7QFs76CngtP%2F%2Fxqd3gJMuyPjDGWaaViUvzMapwFZpaNGtl2RTqkxC%2FBBG2oFIbu2tBmX6CL2zD5Tc2nMAqrU5dAAh7yPnmwBCubUnE8LW9V2loQAmIaQHIGt1gYkucNwFoi4Bpw8QAKEwvwAyvjGvdIZXd1k8ZPto%2F%2B%2B%2FAs%2F6aP%2B3T4OMPzgueNtdViK1XEkD7SgH3u4Cr3chSbfBrjnAs20g9iJwikDGOXCaj1xz3gUedUGwdcDGgXT4cQfSyIE0cSCmAxdXqpHvT0RhVCpNlgkhpRIhlclxWqGl8mTkQ0qGstbBJutAxDoQfQESfQGa%2FGofoYuboNN7YBo5GOqAsX3kvHgBWjSHjCHIDIIMI8g4gswiyFr5dSpM0eQ3qDBpGOzl4l4u5R1l6xv4urJ1JtFGsoOeHF6K89jrz0GTDdxiELFSteJH5aDI%2FOI4KZWiIBwnjI0HJRZiMDwHbvaN%2FK7xPnq2cgAS3kePTN%2BDEG%2BDEdtA%2BBOA04OAs85E0Qfc6JQnfViTdyW2qcaiwbCwDaNSTViBiDQEqnJI7H6wq86G2EHPjBo1sfUjMNKb%2Fv6X%2Bk%2FsEgKic0h0Dq%2Fx%2Bwjq4nJnSWVoc0llBt1ZSCyP%2BRoeNnHZYsvQe2fYaqY0rc2Y9ZvHyJAYwlsrzNg5LCmXdYPeP84pZfqk0oShT2rmHAsXU9M4nmqZJnOLJ07W4kQzY7iSXcD8QfsVILyPHv26NxrPg%2Fhz4HobdDqYaVibHBkbI4KTZiEholmQOGa79bRh2E6Vxqt%2BsXgIU07%2FxHwqzIKJ8kJ7XJqXz%2FsQp73pt39ofHb%2Foy%2BBqy6Q5I3bnjczu3xiqba4UluY97yBu2yxtq5JuBDMujGjbuD7vju%2FcMYNlUzNbc%2BbO7Z0avZ87eyxU7OeNzj9D9psI41Dibn4t%2Fre9bzaiZGIpf%2FqyEM8rtspTpS86XkrtZW5Wc%2F7uOZSXHeZdsVqs8korjPpUi7dn6%2B9dRdM0kN7AUYh0OJhHSYOZGne0cWwN32tvMg3vzsNgvfRkanHQbDedP%2FKq4d%2F614BHOZg2F82PsQb5jLUtQPYXhq99pbOoSVywGIdTPq%2Fjk10b%2Fqr0iggFE4nFNrZDIUWV3dn1vCByyqRHzG%2FyMKoGkYT2KfVqFwNcTVgE2EFB2BNn9wvfPEHAAAA%2F%2F8BAAD%2F%2FyKdmtbPBQAA
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F6xTT4gcxReuzi8%2FUIKi4sVDpKEhRpDZ7vmzu5OwLEl2kwzZ7K67K0ERQnVV9Uw51VVNVfX07F4MiUhu2ejFW3rfbLJGgzHgIQeFMJuLDooZQZmDK4gHwYsiepaZXYkeBA8%2B6H7f46sqvq%2Feqzc30h3kQ4oHi2fVGhcCj1UKvnv4HJdUZcadX3EDv%2BAfdc9xOV4%2B6raHP906EviVgv%2B8e4qRphor%2BoHvB37gnuSaRao9NmKBJ7eqQaHqF8rFQlApQ1v%2FvTapAwY7QFs76CngtP%2F%2Fxqd3gJMuyPjDGWaaViUvzMapwFZpaNGtl2RTqkxC%2FBBG2oFIbu2tBmX6CL2zD5Tc2nMAqrU5dAAh7yPnmwBCubUnE8LW9V2loQAmIaQHIGt1gYkucNwFoi4Bpw8QAKEwvwAyvjGvdIZXd1k8ZPto%2F%2B%2B%2FAs%2F6aP%2B3T4OMPzgueNtdViK1XEkD7SgH3u4Cr3chSbfBrjnAs20g9iJwikDGOXCaj1xz3gUedUGwdcDGgXT4cQfSyIE0cSCmAxdXqpHvT0RhVCpNlgkhpRIhlclxWqGl8mTkQ0qGstbBJutAxDoQfQESfQGa%2FGofoYuboNN7YBo5GOqAsX3kvHgBWjSHjCHIDIIMI8g4gswiyFr5dSpM0eQ3qDBpGOzl4l4u5R1l6xv4urJ1JtFGsoOeHF6K89jrz0GTDdxiELFSteJH5aDI%2FOI4KZWiIBwnjI0HJRZiMDwHbvaN%2FK7xPnq2cgAS3kePTN%2BDEG%2BDEdtA%2BBOA04OAs85E0Qfc6JQnfViTdyW2qcaiwbCwDaNSTViBiDQEqnJI7H6wq86G2EHPjBo1sfUjMNKb%2Fv6X%2Bk%2FsEgKic0h0Dq%2Fx%2Bwjq4nJnSWVoc0llBt1ZSCyP%2BRoeNnHZYsvQe2fYaqY0rc2Y9ZvHyJAYwlsrzNg5LCmXdYPeP84pZfqk0oShT2rmHAsXU9M4nmqZJnOLJ07W4kQzY7iSXcD8QfsVILyPHv26NxrPg%2Fhz4HobdDqYaVibHBkbI4KTZiEholmQOGa79bRh2E6Vxqt%2BsXgIU07%2FxHwqzIKJ8kJ7XJqXz%2FsQp73pt39ofHb%2Foy%2BBqy6Q5I3bnjczu3xiqba4UluY97yBu2yxtq5JuBDMujGjbuD7vju%2FcMYNlUzNbc%2BbO7Z0avZ87eyxU7OeNzj9D9psI41Dibn4t%2Fre9bzaiZGIpf%2FqyEM8rtspTpS86XkrtZW5Wc%2F7uOZSXHeZdsVqs8korjPpUi7dn6%2B9dRdM0kN7AUYh0OJhHSYOZGne0cWwN32tvMg3vzsNgvfRkanHQbDedP%2FKq4d%2F614BHOZg2F82PsQb5jLUtQPYXhq99pbOoSVywGIdTPq%2Fjk10b%2Fqr0iggFE4nFNrZDIUWV3dn1vCByyqRHzG%2FyMKoGkYT2KfVqFwNcTVgE2EFB2BNn9wvfPEHAAAA%2F%2F8BAAD%2F%2FyKdmtbPBQAA HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:22 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6b2cc03df2ced5353ce1903c028f0569
Strict-Transport-Security: max-age=0; includeSubdomains
planesknob.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREfuoIJPq%2BZHJmMNiXCPBNRt3V4LeqquqJ2Wqu5qq7unJgBB2QfY4e%2FPY%2BUyyQTeIizdhQSZ7kYBge5A5mIN%2FgBfBqzKTgdEHVe%2B9%2Bjyoz%2Be998VhfkEocjbZ%2FtAMlNZsuVWj%2Fhs7KhGmcP7WXT%2BgNbrm76hkpbnm96eX7b0d0FaNvum%2FL%2FmeWa7TgNKABv6GsjIy%2FeUZCpWedoJah9aa9VrQaqJv%2F5u73INjHkTvgrwMJar%2F7f74BIqPkcTf3pBuLzPpW%2B%2FFuWaZseiJk4%2BTvcQUCeJFGFkPUXIyr4ZxFSFfXoFJTuYKYHpHUwUIVUW8XwOEycmcJsLe8SXTUEMmCMVzKHpjSD2GYmNwcx9K%2FEwALrB1C0n8aMvYgu1fomyKVmTprz%2Bhioos%2FXYNSfzNulZ9%2F47ReaZM4tCPSqj%2BGKo7RpqfIRt4UMUZeHYPShAkcQklyplqpcZQ0RhaDsGch3x6lIc88pCnHmIx8VmrE1HajsKo0Vhtcs4bDc5bqyuiJRrN1Ygi51NaQ2TpEFwPwe0BUnuAPfWwIuTeEWz%2BA9xuCSc8uKwi3kcH6IkShSQoHEHBCApFUGQERa88FtrVXflIaJeHwdzX575RjkzWPWTHJuvKhBymF%2BSlWVP%2BeP577MmJz%2BpRp0OjgDbbK3Ql4O2gIwIeMNZgdclFHU6VUO7KTO9AVeTaq78jnU7q878RsjM4fQauXgTLXwMrRu06BdsdNVcpBslpP2JJxgb7NW5iCFMizZaQ7XuH%2BoK8MuOx9kIfkp9f%2F64xM3BbIrUlPlPPCLr6wei2KcjRbVM48uRWmqlYDdh0cHcylsmrX38g9wtjxeYNN%2FzqHT4FpuHpXemymywRKuk68nhdCSHthrFckqebbkeG27nbXc9tkqc3t9%2Fd2IxTK51TJhmDqYqQySa4qsj%2Fn346W8rXH38CZceweYk4PydzgzJn4OkBXLrg7wyB1YuaMPVQ5OXI1sPFo1YEWi5yFpZw%2F8rDRXzoHqBrPbDs%2FmwVe7ZET5dgegiXXx1lqT2%2F%2Fsv881B7o1Bb7yjUVj%2B8bK5TE1%2B2IhpJWpdh1AmjNqOiEzU7IesEsh22WIDMVfxZ7ad%2FAAAA%2F%2F8BAAD%2F%2F%2BobLBFsBAAA
173.233.137.44200 OK 7 B URL HTTP/1.1 planesknob.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREfuoIJPq%2BZHJmMNiXCPBNRt3V4LeqquqJ2Wqu5qq7unJgBB2QfY4e%2FPY%2BUyyQTeIizdhQSZ7kYBge5A5mIN%2FgBfBqzKTgdEHVe%2B9%2Bjyoz%2Be998VhfkEocjbZ%2FtAMlNZsuVWj%2Fhs7KhGmcP7WXT%2BgNbrm76hkpbnm96eX7b0d0FaNvum%2FL%2FmeWa7TgNKABv6GsjIy%2FeUZCpWedoJah9aa9VrQaqJv%2F5u73INjHkTvgrwMJar%2F7f74BIqPkcTf3pBuLzPpW%2B%2FFuWaZseiJk4%2BTvcQUCeJFGFkPUXIyr4ZxFSFfXoFJTuYKYHpHUwUIVUW8XwOEycmcJsLe8SXTUEMmCMVzKHpjSD2GYmNwcx9K%2FEwALrB1C0n8aMvYgu1fomyKVmTprz%2Bhioos%2FXYNSfzNulZ9%2F47ReaZM4tCPSqj%2BGKo7RpqfIRt4UMUZeHYPShAkcQklyplqpcZQ0RhaDsGch3x6lIc88pCnHmIx8VmrE1HajsKo0Vhtcs4bDc5bqyuiJRrN1Ygi51NaQ2TpEFwPwe0BUnuAPfWwIuTeEWz%2BA9xuCSc8uKwi3kcH6IkShSQoHEHBCApFUGQERa88FtrVXflIaJeHwdzX575RjkzWPWTHJuvKhBymF%2BSlWVP%2BeP577MmJz%2BpRp0OjgDbbK3Ql4O2gIwIeMNZgdclFHU6VUO7KTO9AVeTaq78jnU7q878RsjM4fQauXgTLXwMrRu06BdsdNVcpBslpP2JJxgb7NW5iCFMizZaQ7XuH%2BoK8MuOx9kIfkp9f%2F64xM3BbIrUlPlPPCLr6wei2KcjRbVM48uRWmqlYDdh0cHcylsmrX38g9wtjxeYNN%2FzqHT4FpuHpXemymywRKuk68nhdCSHthrFckqebbkeG27nbXc9tkqc3t9%2Fd2IxTK51TJhmDqYqQySa4qsj%2Fn346W8rXH38CZceweYk4PydzgzJn4OkBXLrg7wyB1YuaMPVQ5OXI1sPFo1YEWi5yFpZw%2F8rDRXzoHqBrPbDs%2FmwVe7ZET5dgegiXXx1lqT2%2F%2Fsv881B7o1Bb7yjUVj%2B8bK5TE1%2B2IhpJWpdh1AmjNqOiEzU7IesEsh22WIDMVfxZ7ad%2FAAAA%2F%2F8BAAD%2F%2F%2BobLBFsBAAA
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREfuoIJPq%2BZHJmMNiXCPBNRt3V4LeqquqJ2Wqu5qq7unJgBB2QfY4e%2FPY%2BUyyQTeIizdhQSZ7kYBge5A5mIN%2FgBfBqzKTgdEHVe%2B9%2Bjyoz%2Be998VhfkEocjbZ%2FtAMlNZsuVWj%2Fhs7KhGmcP7WXT%2BgNbrm76hkpbnm96eX7b0d0FaNvum%2FL%2FmeWa7TgNKABv6GsjIy%2FeUZCpWedoJah9aa9VrQaqJv%2F5u73INjHkTvgrwMJar%2F7f74BIqPkcTf3pBuLzPpW%2B%2FFuWaZseiJk4%2BTvcQUCeJFGFkPUXIyr4ZxFSFfXoFJTuYKYHpHUwUIVUW8XwOEycmcJsLe8SXTUEMmCMVzKHpjSD2GYmNwcx9K%2FEwALrB1C0n8aMvYgu1fomyKVmTprz%2Bhioos%2FXYNSfzNulZ9%2F47ReaZM4tCPSqj%2BGKo7RpqfIRt4UMUZeHYPShAkcQklyplqpcZQ0RhaDsGch3x6lIc88pCnHmIx8VmrE1HajsKo0Vhtcs4bDc5bqyuiJRrN1Ygi51NaQ2TpEFwPwe0BUnuAPfWwIuTeEWz%2BA9xuCSc8uKwi3kcH6IkShSQoHEHBCApFUGQERa88FtrVXflIaJeHwdzX575RjkzWPWTHJuvKhBymF%2BSlWVP%2BeP577MmJz%2BpRp0OjgDbbK3Ql4O2gIwIeMNZgdclFHU6VUO7KTO9AVeTaq78jnU7q878RsjM4fQauXgTLXwMrRu06BdsdNVcpBslpP2JJxgb7NW5iCFMizZaQ7XuH%2BoK8MuOx9kIfkp9f%2F64xM3BbIrUlPlPPCLr6wei2KcjRbVM48uRWmqlYDdh0cHcylsmrX38g9wtjxeYNN%2FzqHT4FpuHpXemymywRKuk68nhdCSHthrFckqebbkeG27nbXc9tkqc3t9%2Fd2IxTK51TJhmDqYqQySa4qsj%2Fn346W8rXH38CZceweYk4PydzgzJn4OkBXLrg7wyB1YuaMPVQ5OXI1sPFo1YEWi5yFpZw%2F8rDRXzoHqBrPbDs%2FmwVe7ZET5dgegiXXx1lqT2%2F%2Fsv881B7o1Bb7yjUVj%2B8bK5TE1%2B2IhpJWpdh1AmjNqOiEzU7IesEsh22WIDMVfxZ7ad%2FAAAA%2F%2F8BAAD%2F%2F%2BobLBFsBAAA HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:22 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0bb9f511dc2eaaea97fee0e4d8ab7496
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8d21c11d27d426a1a36bd21372633a93
27ef15e0c5d22b1cb82676f8f59269e421fb670b
11cca01c4774096fd0daa67e7ad634a41d0566eba6c4c00fa955684c2823706a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11CCA01C4774096FD0DAA67E7AD634A41D0566EBA6C4C00FA955684C2823706A"
Last-Modified: Sat, 14 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5355
Expires: Sun, 15 Jan 2023 18:19:38 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8d21c11d27d426a1a36bd21372633a93
27ef15e0c5d22b1cb82676f8f59269e421fb670b
11cca01c4774096fd0daa67e7ad634a41d0566eba6c4c00fa955684c2823706a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11CCA01C4774096FD0DAA67E7AD634A41D0566EBA6C4C00FA955684C2823706A"
Last-Modified: Sat, 14 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5355
Expires: Sun, 15 Jan 2023 18:19:38 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
cdn.barscreative1.com//sb/notifications/rtb/social/facebook/1-1/index.html
45.133.44.3200 OK 485 B URL HTTP/2 cdn.barscreative1.com//sb/notifications/rtb/social/facebook/1-1/index.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash f13a80695c1c84f82150467be7e82a6a
4c3c924eac4269b81d78e4e57bba37e336364bec
242c70519215a4d5495261e1411e43a2610e3656668b85dcbd329804bdff2400
GET //sb/notifications/rtb/social/facebook/1-1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Tue, 24 May 2022 12:11:15 GMT
etag: W/"628ccb63-4c6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 15 Jan 2023 17:50:23 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 15 Jan 2023 16:50:23 GMT
access-control-allow-origin: *
etag: "63bfb9f8-2b"
expires: Sun, 15 Jan 2023 17:50:23 GMT
accept-ranges: bytes
last-modified: Thu, 12 Jan 2023 10:42:48 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 2f8ae4ab9ee17e2598e9299bdc0f44c0
ab4c7d1750edf513359218ab6d0b81cdd4dcb90c
75e680ab62ee77f0811fdb770d1c913dd41a911e7efb4ca99bc4cfe7fcb432c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1187149223.1673801422&jid=377324034&gjid=1924749215&_gid=1589053741.1673801422&_u=YGBAiEABBAAAAEAAI~&z=1580568369
173.194.222.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1187149223.1673801422&jid=377324034&gjid=1924749215&_gid=1589053741.1673801422&_u=YGBAiEABBAAAAEAAI~&z=1580568369
IP 173.194.222.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1187149223.1673801422&jid=377324034&gjid=1924749215&_gid=1589053741.1673801422&_u=YGBAiEABBAAAAEAAI~&z=1580568369 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 15 Jan 2023 16:50:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
planesknob.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=136
173.233.137.44200 OK 0 B URL HTTP/1.1 planesknob.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=136
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=136 HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
95.101.11.115200 OK 1.5 kB IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0269a5fe35d8f6c92eb9c71f075f279b
f4465f652c1ad4424d3101a146db7e2eac675233
34095365c178125a78269b0df1f110bf4ed6ae4d9bc4c9f9ace9bcdd3c180dd2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "895C7B52CC877D0AB3A48B8ECD92E83181A27CA0779EA3AF8AEA5B72E5F95838"
Last-Modified: Sat, 14 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16647
Expires: Sun, 15 Jan 2023 21:27:50 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 2f8ae4ab9ee17e2598e9299bdc0f44c0
ab4c7d1750edf513359218ab6d0b81cdd4dcb90c
75e680ab62ee77f0811fdb770d1c913dd41a911e7efb4ca99bc4cfe7fcb432c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d98b661f46911acb1b5f2eeca93b4e9d
98ca11f653615616bdaf32d9132b73be349fa077
895c7b52cc877d0ab3a48b8ecd92e83181a27ca0779ea3af8aea5b72e5f95838
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "895C7B52CC877D0AB3A48B8ECD92E83181A27CA0779EA3AF8AEA5B72E5F95838"
Last-Modified: Sat, 14 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16647
Expires: Sun, 15 Jan 2023 21:27:50 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d98b661f46911acb1b5f2eeca93b4e9d
98ca11f653615616bdaf32d9132b73be349fa077
895c7b52cc877d0ab3a48b8ecd92e83181a27ca0779ea3af8aea5b72e5f95838
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "895C7B52CC877D0AB3A48B8ECD92E83181A27CA0779EA3AF8AEA5B72E5F95838"
Last-Modified: Sat, 14 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16647
Expires: Sun, 15 Jan 2023 21:27:50 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d98b661f46911acb1b5f2eeca93b4e9d
98ca11f653615616bdaf32d9132b73be349fa077
895c7b52cc877d0ab3a48b8ecd92e83181a27ca0779ea3af8aea5b72e5f95838
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "895C7B52CC877D0AB3A48B8ECD92E83181A27CA0779EA3AF8AEA5B72E5F95838"
Last-Modified: Sat, 14 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16647
Expires: Sun, 15 Jan 2023 21:27:50 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
planesknob.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2F%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Findex.html&l=1222&fd=145
173.233.137.44200 OK 0 B URL HTTP/1.1 planesknob.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2F%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Findex.html&l=1222&fd=145
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2F%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Findex.html&l=1222&fd=145 HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b885586b0ac42d5fbceaf518a2f17262
fdea290c2e6d1284cdee71548ba3dc32e80be35c
f9a854b088e9b674f8d24c5f24db28f83751532506cfa464b81b01ff75f9a23b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F9A854B088E9B674F8D24C5F24DB28F83751532506CFA464B81B01FF75F9A23B"
Last-Modified: Sat, 14 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6279
Expires: Sun, 15 Jan 2023 18:35:02 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d98b661f46911acb1b5f2eeca93b4e9d
98ca11f653615616bdaf32d9132b73be349fa077
895c7b52cc877d0ab3a48b8ecd92e83181a27ca0779ea3af8aea5b72e5f95838
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "895C7B52CC877D0AB3A48B8ECD92E83181A27CA0779EA3AF8AEA5B72E5F95838"
Last-Modified: Sat, 14 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16647
Expires: Sun, 15 Jan 2023 21:27:50 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
172.64.167.9200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
IP 172.64.167.9:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5281140
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yAoVMc8O8DQZ5BN8mM3QxiakHqSRzEO%2Fs1vQSpFezgV4NwQ9t%2BFuAdY8kjisVxPAVy4yMwMBmK6hMmrOxpZ9kwJ8w1szWt3YpdmnVXGTiafyr0nvkX6kBWiHlD3s2x00XdvVpbIecw1Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c2fcbe471e1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png
45.133.44.10200 OK 80 kB URL HTTP/2 cdn.cloudimagesb.com/si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 422ab27df20d8765e0fcd3aa74306f6b
3b69a90b3d1a5bd964280b7bad97c2a5baaa6951
9f2c6b29335b1545ddfa2f7e84286472468f737e1d73f6f0562babac6e3afa5a
GET /si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: image/png
content-length: 79704
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:41 GMT
etag: "63a12955-13758"
expires: Tue, 17 Jan 2023 16:50:23 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/js/script.js
172.64.167.9200 OK 322 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/js/script.js
IP 172.64.167.9:0
Hash a4d3eb992070312910755e522bc3882a
c3d783a43dfb4424225f4a266d6af86450644ced
bb91467c8b11fa5dd1e19d4cfb00f4dddbd54fedac0c03be0dd1ec6ab8338aa8
GET /sb/notifications/rtb/social/facebook/1-1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 12:11:21 GMT
etag: W/"628ccb69-322"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 794366
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tqKjdxu0Yp8Lf0vH3%2BrJ31R%2BdMZQfkaAjZjApexFzahVdMzKGdbZb287SAtoXMFM92pAyLDrq89E7WCFG4yHitFdm%2FLVuo6g%2F1PUO6qa3yfVWzaIR0wMaOe4SDxa%2F3EeH5c1fcdYZtDG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c306c897719-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
click.pclk.name/thumbnail?seat=369022&adid=369022&i=bw174Ox6nsY_0&imgt=icon
173.239.53.24302 Found 0 B URL HTTP/1.1 click.pclk.name/thumbnail?seat=369022&adid=369022&i=bw174Ox6nsY_0&imgt=icon
IP 173.239.53.24:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?seat=369022&adid=369022&i=bw174Ox6nsY_0&imgt=icon HTTP/1.1
Host: click.pclk.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1673801422511-7-8077-1178228-a8333c34-87cb-22c3-f0b0-f19db4c16653&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DcgFu8dtEn2soSN4rbJbgp7cHK2-BFQk6pGpXUdljlt_4Wi7kZcvHeR-OGptGbawgmnOs-IGpcQbUHDvbPFRCR4Gw1dD-W91xNkZOSV3CTxhOjOjQaQVE7F7zcwFdSsR0SSG_tmJHUtazzK6tPdDdRyW2-3ymxcN674PGOXZ_TQmLv1vInIEi9GmX4HeY4_sy4aU5C1SsKN1K7Pb6ccmbvcfA7Ru6r3Pp-O4BqhgAVKijMtVydQ7lrTZbm4zMN-v0WxtMyJTqYSaCeSlJYbgaxwX24Sh7VsGY5j_X9zpSokbB9uX3hgqAyOcduOUGEKgULa1z60zfVUblHvkVPnsmpM4ViZK1pJjktX6XlgBcyfMjCI4w_6Vu8oS3ayLyoNfHa19R32M6NUCe2wsyqyCWB2y32CJOkxSAXXLsbfiO_Xepzbjcs9m1g9u4W8UcvOYIJjJ9xOnkcAAXNodxhgF4ftQElSMgNUjT_MKFCR02BJlvey0ere8_Nq_RB_ZUDczxqHJNrwyiMqRAIw8eRV-aWO0BAh3srtMnfveAro1VTc3I2AROUF8v9knRUIUobZ3NNdU_qkv67WFOyyPxlKV3b639f-L-4UFZWD4ve0NVB5RRriKc
Pragma: no-cache
d3t87ooo0697p8.cloudfront.net/?oootd=971975
143.204.42.94200 OK 113 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP 143.204.42.94:0
File type Unicode text, UTF-8 text, with very long lines (15955)
Size 113 kB (113171 bytes)
Hash f424292aef56884deb84baff06fc6f81
a48234f3fe3a2755b973212770a3ba29dceaaf70
540c252449de7e6c127965f721e55a9c5e9a564025b25a9d67b023597762a4f6
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 113171
date: Sun, 15 Jan 2023 16:50:23 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qM8AB7ZcbVXneU3xSmuJdZVq3ljCxIzRinpzYlyQQ-nZoOVqwvtGcA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2e384cea1da0241d28cddb481b1367d4
276918f50533c9a2010fca060cd8d9a6608a2499
ca8b44e32d597b4c4c5a97860fb445605ba35f2f36e8efe548f4f8ee6f0404bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA8B44E32D597B4C4C5A97860FB445605BA35F2F36E8EFE548F4F8EE6F0404BB"
Last-Modified: Sat, 14 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8168
Expires: Sun, 15 Jan 2023 19:06:31 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/js/jquery-3.2.1.min.js
172.64.167.9200 OK 38 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/js/jquery-3.2.1.min.js
IP 172.64.167.9:0
File type ASCII text, with very long lines (745)
Hash 57f2db7c4fb1d1b8b429f15c210d7fa4
f3386b2bb087f2630e32c6d17dfffc3696b5bd1b
be33f1c9e2af1c9c622ca1a0c0530080304b17c714bc6a4cc22db438edb2b44f
GET /sb/notifications/rtb/social/facebook/1-1/js/jquery-3.2.1.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 12:11:21 GMT
etag: W/"628ccb69-1fa27"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 849485
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pEvmtM%2FBHcHuJv2zss65AxdKSbRbwGzvU5BnVI0qZabGRf7heQ0zWfKC2tjEIAHGJVWk65X2ZxjYx4F7pg7YZZ5ErZrAwVTdzk%2FyMzQxiXYYo8C3FOppBoEgBnquG65acwWEuCLpxHLM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c2fcbff71e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 739 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b5d8d0e9445a37fa95e7c55404cbe329
018092f8c03520fc89e21ab63512390b6edaa655
72d4aff3d8cf658ef8591bdc721ab44b8b04ce3df1a8e2cce7ae586f42e8afeb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12FF2D916B26B3BD1F50C317F0E4BD6E762220E92C3E7600E68408723AED4F25"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2469
Expires: Sun, 15 Jan 2023 17:31:32 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.106200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.106:0
Hash c3cc8fca62acfdd4280ce865ddbe2faf
735cfa48caca0c5abc7df513d4b8cdc069219834
7707ac9cad3c370fc34917b8c7edb52d180e181aebc9997fd3083f3131422615
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 15 Jan 2023 16:50:20 GMT
date: Sun, 15 Jan 2023 16:50:20 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a7a41b6730d32253158e0e6d7b4a247d
d2226f6d30657bf502c6d81b180181f0da817245
ccc7702368b8cf967e41986b92b79489d4b9e5b985360a94048e546d9fe64f25
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "CCC7702368B8CF967E41986B92B79489D4B9E5B985360A94048E546D9FE64F25"
Last-Modified: Fri, 13 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8779
Expires: Sun, 15 Jan 2023 19:16:42 GMT
Date: Sun, 15 Jan 2023 16:50:23 GMT
Connection: keep-alive
onandeggsiswe.com.ua/WHVaalA5FzkHbzlIOEwlKhlnT2IeUGgsNGsBYl0/NxpqXGlvBWJEMzQaLw42Kho0Hn42EC5PYh4cFC84KxA2IAgSAhMJMg00MikVPAcbWTwOIQ0JAxEdYjwAHSdrJQQzQDkDHWw4HgI9Oh09Kx4/GW45OAEPDQNpCi0eDjETRBwmNB4gKS47PBgfACc7Mw4BGggkEw8eaTwyKzhgRx8AYBYnIFMyFRIPPQA0Iy4yOiAbHQQ4EiYdIzMIAg8/HjQGf1gWEERjDRIbLAMyYhkwPzwoDSwyLGcUGWMNEhxNHCwXCTQ4PGhsES0wZB4wIgcVAAYvMmIZMBUCfSgTAzIGbS0fU2gaMhwgAx8/DiYBYCcKOBZuPjECORotMgkDajwcCAZtPhQsYG42CB1pDDJrDwAfOB8MBRI+Pi8WaS0LTDorGjQabQ02MSw7DD8wOA
54.230.111.43200 OK 1.2 kB URL HTTP/2 onandeggsiswe.com.ua/WHVaalA5FzkHbzlIOEwlKhlnT2IeUGgsNGsBYl0/NxpqXGlvBWJEMzQaLw42Kho0Hn42EC5PYh4cFC84KxA2IAgSAhMJMg00MikVPAcbWTwOIQ0JAxEdYjwAHSdrJQQzQDkDHWw4HgI9Oh09Kx4/GW45OAEPDQNpCi0eDjETRBwmNB4gKS47PBgfACc7Mw4BGggkEw8eaTwyKzhgRx8AYBYnIFMyFRIPPQA0Iy4yOiAbHQQ4EiYdIzMIAg8/HjQGf1gWEERjDRIbLAMyYhkwPzwoDSwyLGcUGWMNEhxNHCwXCTQ4PGhsES0wZB4wIgcVAAYvMmIZMBUCfSgTAzIGbS0fU2gaMhwgAx8/DiYBYCcKOBZuPjECORotMgkDajwcCAZtPhQsYG42CB1pDDJrDwAfOB8MBRI+Pi8WaS0LTDorGjQabQ02MSw7DD8wOA
IP 54.230.111.43:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3034), with no line terminators
Hash 9e32c832b01b1f189225fadaf52e6bb2
95af569d87f6b0e377d36cdfa1bb71a0c757191b
a558dbf4508912ae049a83acc29458c6dee324537c6b7e23f3db7707a261ebba
GET /WHVaalA5FzkHbzlIOEwlKhlnT2IeUGgsNGsBYl0/NxpqXGlvBWJEMzQaLw42Kho0Hn42EC5PYh4cFC84KxA2IAgSAhMJMg00MikVPAcbWTwOIQ0JAxEdYjwAHSdrJQQzQDkDHWw4HgI9Oh09Kx4/GW45OAEPDQNpCi0eDjETRBwmNB4gKS47PBgfACc7Mw4BGggkEw8eaTwyKzhgRx8AYBYnIFMyFRIPPQA0Iy4yOiAbHQQ4EiYdIzMIAg8/HjQGf1gWEERjDRIbLAMyYhkwPzwoDSwyLGcUGWMNEhxNHCwXCTQ4PGhsES0wZB4wIgcVAAYvMmIZMBUCfSgTAzIGbS0fU2gaMhwgAx8/DiYBYCcKOBZuPjECORotMgkDajwcCAZtPhQsYG42CB1pDDJrDwAfOB8MBRI+Pi8WaS0LTDorGjQabQ02MSw7DD8wOA HTTP/1.1
Host: onandeggsiswe.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1188
date: Sun, 15 Jan 2023 16:50:23 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -oOxeS4RzV6ZKNRm2cG73N7B4cigZPrT4t6f8ryvPr8Cc1Ybv2-DwQ==
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165024%3Aet%3A1673801424%3Ac%3A1%3Arn%3A425725118%3Arqn%3A9%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1673801419223%3Aadb%3A2%3Ast%3A1673801424&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165024%3Aet%3A1673801424%3Ac%3A1%3Arn%3A425725118%3Arqn%3A9%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1673801419223%3Aadb%3A2%3Ast%3A1673801424&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165024%3Aet%3A1673801424%3Ac%3A1%3Arn%3A425725118%3Arqn%3A9%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1673801419223%3Aadb%3A2%3Ast%3A1673801424&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 15 Jan 2023 16:50:24 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 15-Jan-2023 16:50:24 GMT
last-modified: Sun, 15-Jan-2023 16:50:24 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:24 GMT
content-length: 0
set-cookie: nauid=9hgxTlePqs2ZQiMbm62b; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.167.9200 OK 4.9 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.167.9:0
Hash 3674a1cb86daab116b5846fd66b927bd
67879f775f61d0ee60c4e603e1c26c356e50fa30
110f259337068c4c1543bdf6c90cc8f59f3cd9895a83c3c4171f988af2d3e070
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5281075
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=km%2BQtTp9C3oXbkMPWma5WHjITE6cyqVQLVy5n2KeRZqG%2FZ8DD4Ad7nArMUzRw6dLDVFnZFx7NpQTYIPWm%2FIhQU5YxBleSWfsAVvyCguuGdLCRLa0icSm3R5wHdwP9z2usJK2MVAuTJWg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c2f6a917719-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:24 GMT
content-length: 0
set-cookie: nauid=c7ujFdpACGOcxH1Py1iu; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:24 GMT
content-length: 0
set-cookie: nauid=tdXXH7XPaidiOsNBwbh7; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
onandeggsiswe.com.ua/VVNWczA0MTUeDzRuNFVFJz9rVgITdmQ1VGYnbkRfOjxmRQliI25dUzk8IxdWJzw4Bx47NiJWAhMADx5UGQA7Q3IWEAMAZT0KGT8DMQYAJWJwYRAVZmAWEidXORIuOVEfNGIrZgYkHRVjHCQaBFhsHAcqeREUISl3FB1kFlsmHBQaZSEGEyJzHwA6ImVlFic/V2w1A0EAcGEQN3ZtGBw3cRAXMQBBN2JuGGU4BWAgdhcLDwkAEBcXPlsFAWM7Zg0gPTRlMQUzQEQxBxAXRTAAbztmDSBvMXEtATBBCTAaEzkFMDsAJmVnZmM/ADEFMwlXNwFnInswYmcrYw1+IhljExEOP3NtHBUiWCA2FQdhA2AmRWgDHQ4WXWw1AxR1PBwXFHUWFxgFaCwBARYDbBcDGHVwYRQXASJ1PABfOyNrHnQvZB0yBxoBHjAHATc5NA
54.230.111.43200 OK 1.2 kB URL HTTP/2 onandeggsiswe.com.ua/VVNWczA0MTUeDzRuNFVFJz9rVgITdmQ1VGYnbkRfOjxmRQliI25dUzk8IxdWJzw4Bx47NiJWAhMADx5UGQA7Q3IWEAMAZT0KGT8DMQYAJWJwYRAVZmAWEidXORIuOVEfNGIrZgYkHRVjHCQaBFhsHAcqeREUISl3FB1kFlsmHBQaZSEGEyJzHwA6ImVlFic/V2w1A0EAcGEQN3ZtGBw3cRAXMQBBN2JuGGU4BWAgdhcLDwkAEBcXPlsFAWM7Zg0gPTRlMQUzQEQxBxAXRTAAbztmDSBvMXEtATBBCTAaEzkFMDsAJmVnZmM/ADEFMwlXNwFnInswYmcrYw1+IhljExEOP3NtHBUiWCA2FQdhA2AmRWgDHQ4WXWw1AxR1PBwXFHUWFxgFaCwBARYDbBcDGHVwYRQXASJ1PABfOyNrHnQvZB0yBxoBHjAHATc5NA
IP 54.230.111.43:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash 2d24cab420cd30009346e8211307af59
0ed931528caac95cca873edd8a05152cebaa979f
115af04488d9f7292656aaf6d0223bac631a4f56ea66a8fb8bb227d3ce5895a4
GET /VVNWczA0MTUeDzRuNFVFJz9rVgITdmQ1VGYnbkRfOjxmRQliI25dUzk8IxdWJzw4Bx47NiJWAhMADx5UGQA7Q3IWEAMAZT0KGT8DMQYAJWJwYRAVZmAWEidXORIuOVEfNGIrZgYkHRVjHCQaBFhsHAcqeREUISl3FB1kFlsmHBQaZSEGEyJzHwA6ImVlFic/V2w1A0EAcGEQN3ZtGBw3cRAXMQBBN2JuGGU4BWAgdhcLDwkAEBcXPlsFAWM7Zg0gPTRlMQUzQEQxBxAXRTAAbztmDSBvMXEtATBBCTAaEzkFMDsAJmVnZmM/ADEFMwlXNwFnInswYmcrYw1+IhljExEOP3NtHBUiWCA2FQdhA2AmRWgDHQ4WXWw1AxR1PBwXFHUWFxgFaCwBARYDbBcDGHVwYRQXASJ1PABfOyNrHnQvZB0yBxoBHjAHATc5NA HTTP/1.1
Host: onandeggsiswe.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1184
date: Sun, 15 Jan 2023 16:50:24 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: O1jsvyUzdVLOvQ6r0NwrNTDQCEf0GA2ONPrKR_a9kDoc7i7aoyZvBg==
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/css/style.css
172.64.167.9200 OK 2.7 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/css/style.css
IP 172.64.167.9:0
Hash 0d784dc3b6b84d96b69211520f26d06a
81f7dd436b0185d4e15324f977da06c0e0ae4848
490cf0c4110cffe03c02987cbe2fc19ce68215472bf3fca6a67a07e719c24707
GET /sb/notifications/rtb/social/facebook/1-1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: text/css
last-modified: Mon, 06 Jun 2022 09:53:30 GMT
etag: W/"629dce9a-1a2a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 794366
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wv%2BCP9tXwgwRri9nntrWqy38MZZTcqKrzQ9PpH2HfPcQFmpKgybBLVFWyNcL5VBklWpPD5xgH3iYiTAR4ByuAVlw4bY0rZ34g5%2BeiZz7ELM1zJQWiV0h0egUim1t9rZmJQ%2BPBedqZZ1j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c2f6a887719-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165024%3Aet%3A1673801424%3Ac%3A1%3Arn%3A670147865%3Arqn%3A8%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1673801419223%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801424%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165024%3Aet%3A1673801424%3Ac%3A1%3Arn%3A670147865%3Arqn%3A8%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1673801419223%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801424%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165024%3Aet%3A1673801424%3Ac%3A1%3Arn%3A670147865%3Arqn%3A8%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1673801419223%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801424%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 15 Jan 2023 16:50:24 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 15-Jan-2023 16:50:24 GMT
last-modified: Sun, 15-Jan-2023 16:50:24 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
planesknob.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=190
173.233.137.44200 OK 0 B URL HTTP/1.1 planesknob.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=190
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=190 HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
planesknob.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Fcss%2Fstyle.css&l=6698&fd=148
173.233.137.44200 OK 0 B URL HTTP/1.1 planesknob.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Fcss%2Fstyle.css&l=6698&fd=148
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Fcss%2Fstyle.css&l=6698&fd=148 HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
dgemanowhot.com.ua/TGNDaktjXCAZdhZQGSYpfCkQOwN1OicGLw4FBRJ4GSYJXxx/EGUeIiheel16dVR2TDslB35ZeWoQNws/ORB+W20lDSUFdmoVflpldE1yX2V8RTZXemoXMwsscVJlGj84D35bfXtQe1p6eFF3WnN4
104.21.56.72204 No Content 0 B URL HTTP/2 dgemanowhot.com.ua/TGNDaktjXCAZdhZQGSYpfCkQOwN1OicGLw4FBRJ4GSYJXxx/EGUeIiheel16dVR2TDslB35ZeWoQNws/ORB+W20lDSUFdmoVflpldE1yX2V8RTZXemoXMwsscVJlGj84D35bfXtQe1p6eFF3WnN4
IP 104.21.56.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TGNDaktjXCAZdhZQGSYpfCkQOwN1OicGLw4FBRJ4GSYJXxx/EGUeIiheel16dVR2TDslB35ZeWoQNws/ORB+W20lDSUFdmoVflpldE1yX2V8RTZXemoXMwsscVJlGj84D35bfXtQe1p6eFF3WnN4 HTTP/1.1
Host: dgemanowhot.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 15 Jan 2023 16:50:24 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GDqdmETIOgqWtS%2B4umOPlXEagRs7z%2FvEza46qAPjS9%2BEmQXPzUrEAfSnedXm85vxPm2iJ%2BDXTwlFAHnhLHj%2B5MznyANzRQ1YkShFR%2BKyrsMd4%2B8QJJCFe%2FGmBJsxSiD73TiIrkI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c33da1c0af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dgemanowhot.com.ua/UmoxRkt9VVI1dgY8dHUfOTwGHzwAXFJ1PzgrXxx7Nz14Di88CRcyIjZXCHB5YlsFYDs7Dgx3bSEeUDI+IVcAYCI8DF57bSRXAGh4ZkQCd2VgTER7enQeQScsb1sXNj8mBgx3fWVZCXZ6ZlgFd39r
104.21.56.72204 No Content 0 B URL HTTP/2 dgemanowhot.com.ua/UmoxRkt9VVI1dgY8dHUfOTwGHzwAXFJ1PzgrXxx7Nz14Di88CRcyIjZXCHB5YlsFYDs7Dgx3bSEeUDI+IVcAYCI8DF57bSRXAGh4ZkQCd2VgTER7enQeQScsb1sXNj8mBgx3fWVZCXZ6ZlgFd39r
IP 104.21.56.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UmoxRkt9VVI1dgY8dHUfOTwGHzwAXFJ1PzgrXxx7Nz14Di88CRcyIjZXCHB5YlsFYDs7Dgx3bSEeUDI+IVcAYCI8DF57bSRXAGh4ZkQCd2VgTER7enQeQScsb1sXNj8mBgx3fWVZCXZ6ZlgFd39r HTTP/1.1
Host: dgemanowhot.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 15 Jan 2023 16:50:24 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hxs1FgtNpCafQxoOcbX0s9D0QTXR6G%2BqNbZrJium1D09kJNXNURJe0qqcSIPUAZ0Ykyl6GSyB4m%2FJB6h0EghrY%2Fy1nnNB9ZYCndoey9%2BiqlrBFGhQ1iKqJnfrFW9D5w4BOZHMe0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c33da270af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1673801422511-7-8077-1178228-a8333c34-87cb-22c3-f0b0-f19db4c16653&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DcgFu8dtEn2soSN4rbJbgp7cHK2-BFQk6pGpXUdljlt_4Wi7kZcvHeR-OGptGbawgmnOs-IGpcQbUHDvbPFRCR4Gw1dD-W91xNkZOSV3CTxhOjOjQaQVE7F7zcwFdSsR0SSG_tmJHUtazzK6tPdDdRyW2-3ymxcN674PGOXZ_TQmLv1vInIEi9GmX4HeY4_sy4aU5C1SsKN1K7Pb6ccmbvcfA7Ru6r3Pp-O4BqhgAVKijMtVydQ7lrTZbm4zMN-v0WxtMyJTqYSaCeSlJYbgaxwX24Sh7VsGY5j_X9zpSokbB9uX3hgqAyOcduOUGEKgULa1z60zfVUblHvkVPnsmpM4ViZK1pJjktX6XlgBcyfMjCI4w_6Vu8oS3ayLyoNfHa19R32M6NUCe2wsyqyCWB2y32CJOkxSAXXLsbfiO_Xepzbjcs9m1g9u4W8UcvOYIJjJ9xOnkcAAXNodxhgF4ftQElSMgNUjT_MKFCR02BJlvey0ere8_Nq_RB_ZUDczxqHJNrwyiMqRAIw8eRV-aWO0BAh3srtMnfveAro1VTc3I2AROUF8v9knRUIUobZ3NNdU_qkv67WFOyyPxlKV3b639f-L-4UFZWD4ve0NVB5RRriKc
38.100.129.10302 Found 0 B URL HTTP/2 us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1673801422511-7-8077-1178228-a8333c34-87cb-22c3-f0b0-f19db4c16653&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DcgFu8dtEn2soSN4rbJbgp7cHK2-BFQk6pGpXUdljlt_4Wi7kZcvHeR-OGptGbawgmnOs-IGpcQbUHDvbPFRCR4Gw1dD-W91xNkZOSV3CTxhOjOjQaQVE7F7zcwFdSsR0SSG_tmJHUtazzK6tPdDdRyW2-3ymxcN674PGOXZ_TQmLv1vInIEi9GmX4HeY4_sy4aU5C1SsKN1K7Pb6ccmbvcfA7Ru6r3Pp-O4BqhgAVKijMtVydQ7lrTZbm4zMN-v0WxtMyJTqYSaCeSlJYbgaxwX24Sh7VsGY5j_X9zpSokbB9uX3hgqAyOcduOUGEKgULa1z60zfVUblHvkVPnsmpM4ViZK1pJjktX6XlgBcyfMjCI4w_6Vu8oS3ayLyoNfHa19R32M6NUCe2wsyqyCWB2y32CJOkxSAXXLsbfiO_Xepzbjcs9m1g9u4W8UcvOYIJjJ9xOnkcAAXNodxhgF4ftQElSMgNUjT_MKFCR02BJlvey0ere8_Nq_RB_ZUDczxqHJNrwyiMqRAIw8eRV-aWO0BAh3srtMnfveAro1VTc3I2AROUF8v9knRUIUobZ3NNdU_qkv67WFOyyPxlKV3b639f-L-4UFZWD4ve0NVB5RRriKc
IP 38.100.129.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /metrics/save.img?event=impressions&bid-id=v2-1673801422511-7-8077-1178228-a8333c34-87cb-22c3-f0b0-f19db4c16653&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DcgFu8dtEn2soSN4rbJbgp7cHK2-BFQk6pGpXUdljlt_4Wi7kZcvHeR-OGptGbawgmnOs-IGpcQbUHDvbPFRCR4Gw1dD-W91xNkZOSV3CTxhOjOjQaQVE7F7zcwFdSsR0SSG_tmJHUtazzK6tPdDdRyW2-3ymxcN674PGOXZ_TQmLv1vInIEi9GmX4HeY4_sy4aU5C1SsKN1K7Pb6ccmbvcfA7Ru6r3Pp-O4BqhgAVKijMtVydQ7lrTZbm4zMN-v0WxtMyJTqYSaCeSlJYbgaxwX24Sh7VsGY5j_X9zpSokbB9uX3hgqAyOcduOUGEKgULa1z60zfVUblHvkVPnsmpM4ViZK1pJjktX6XlgBcyfMjCI4w_6Vu8oS3ayLyoNfHa19R32M6NUCe2wsyqyCWB2y32CJOkxSAXXLsbfiO_Xepzbjcs9m1g9u4W8UcvOYIJjJ9xOnkcAAXNodxhgF4ftQElSMgNUjT_MKFCR02BJlvey0ere8_Nq_RB_ZUDczxqHJNrwyiMqRAIw8eRV-aWO0BAh3srtMnfveAro1VTc3I2AROUF8v9knRUIUobZ3NNdU_qkv67WFOyyPxlKV3b639f-L-4UFZWD4ve0NVB5RRriKc HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Sun, 15 Jan 2023 16:50:24 GMT
content-length: 0
location: https://track.trackingtraffo.com/push/ic?auth=pz6u78&c=cgFu8dtEn2soSN4rbJbgp7cHK2-BFQk6pGpXUdljlt_4Wi7kZcvHeR-OGptGbawgmnOs-IGpcQbUHDvbPFRCR4Gw1dD-W91xNkZOSV3CTxhOjOjQaQVE7F7zcwFdSsR0SSG_tmJHUtazzK6tPdDdRyW2-3ymxcN674PGOXZ_TQmLv1vInIEi9GmX4HeY4_sy4aU5C1SsKN1K7Pb6ccmbvcfA7Ru6r3Pp-O4BqhgAVKijMtVydQ7lrTZbm4zMN-v0WxtMyJTqYSaCeSlJYbgaxwX24Sh7VsGY5j_X9zpSokbB9uX3hgqAyOcduOUGEKgULa1z60zfVUblHvkVPnsmpM4ViZK1pJjktX6XlgBcyfMjCI4w_6Vu8oS3ayLyoNfHa19R32M6NUCe2wsyqyCWB2y32CJOkxSAXXLsbfiO_Xepzbjcs9m1g9u4W8UcvOYIJjJ9xOnkcAAXNodxhgF4ftQElSMgNUjT_MKFCR02BJlvey0ere8_Nq_RB_ZUDczxqHJNrwyiMqRAIw8eRV-aWO0BAh3srtMnfveAro1VTc3I2AROUF8v9knRUIUobZ3NNdU_qkv67WFOyyPxlKV3b639f-L-4UFZWD4ve0NVB5RRriKc
X-Firefox-Spdy: h2
dgemanowhot.com.ua/UjJta059DQ4YczZ2ASgbGmgjKAYEWT8+fhNROiEBA0VUWxQXZ0sfJzYPVFx9ZgVeTT47VlBadnRBGQo6J0FQWmg7XAsEc3REUFpgYhxfRXx0R1BaaCZCDAxzYxQdHzo+D1xdeWEKXVp6YAZdUnk
104.21.56.72204 No Content 0 B URL HTTP/2 dgemanowhot.com.ua/UjJta059DQ4YczZ2ASgbGmgjKAYEWT8+fhNROiEBA0VUWxQXZ0sfJzYPVFx9ZgVeTT47VlBadnRBGQo6J0FQWmg7XAsEc3REUFpgYhxfRXx0R1BaaCZCDAxzYxQdHzo+D1xdeWEKXVp6YAZdUnk
IP 104.21.56.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UjJta059DQ4YczZ2ASgbGmgjKAYEWT8+fhNROiEBA0VUWxQXZ0sfJzYPVFx9ZgVeTT47VlBadnRBGQo6J0FQWmg7XAsEc3REUFpgYhxfRXx0R1BaaCZCDAxzYxQdHzo+D1xdeWEKXVp6YAZdUnk HTTP/1.1
Host: dgemanowhot.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 15 Jan 2023 16:50:24 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mV5rN1rn69IBqjxvNY8cetAa8Tp4zNQtew9dysB%2Fim3st6EvechYI1T79zcP7DAOESx5L1sSLQIO1qwqIifrseBLqqyM64oJUOeRCEwzLyVcH9MrHM%2FvrgQFqA1phEhgQ31x%2Bw0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c33fa3f0af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dgemanowhot.com.ua/d0JPUTlYfSwiBDgHemFcHSUBNHw1DAsQUUITfzp3M3E/Fm0QB2klUBN/dmYITnV6d0keJnJiC1ExOzBNAjFyYwlHdWk4VxEtcmAfAX9/fwFZc3p/CVE3cmAfAzIuNgRGZD8lTRt/fmcORHp/YA1Fdn9pDg
104.21.56.72204 No Content 0 B URL HTTP/2 dgemanowhot.com.ua/d0JPUTlYfSwiBDgHemFcHSUBNHw1DAsQUUITfzp3M3E/Fm0QB2klUBN/dmYITnV6d0keJnJiC1ExOzBNAjFyYwlHdWk4VxEtcmAfAX9/fwFZc3p/CVE3cmAfAzIuNgRGZD8lTRt/fmcORHp/YA1Fdn9pDg
IP 104.21.56.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d0JPUTlYfSwiBDgHemFcHSUBNHw1DAsQUUITfzp3M3E/Fm0QB2klUBN/dmYITnV6d0keJnJiC1ExOzBNAjFyYwlHdWk4VxEtcmAfAX9/fwFZc3p/CVE3cmAfAzIuNgRGZD8lTRt/fmcORHp/YA1Fdn9pDg HTTP/1.1
Host: dgemanowhot.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 15 Jan 2023 16:50:24 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AaDEnVdObI7E1Bhaou%2F1ghTp3aObQuMKRKi%2BBzKQW4eh0VE8e0JTttqlc5G7yft5yCo7rV445%2FLZYnh6%2BuhyBubtMutGS0CWyUfR49%2FLVEsNIBNFEELk2r%2B6ygvM2lQmeTUtaqM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c33fa490af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a7a41b6730d32253158e0e6d7b4a247d
d2226f6d30657bf502c6d81b180181f0da817245
ccc7702368b8cf967e41986b92b79489d4b9e5b985360a94048e546d9fe64f25
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "CCC7702368B8CF967E41986B92B79489D4B9E5B985360A94048E546D9FE64F25"
Last-Modified: Fri, 13 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8778
Expires: Sun, 15 Jan 2023 19:16:42 GMT
Date: Sun, 15 Jan 2023 16:50:24 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b1105baf9ac700479648683a5dd34d93
e8e641ceeeda6a35d17e8cf9208e6a38820e4bd1
12ff2d916b26b3bd1f50c317f0e4bd6e762220e92c3e7600e68408723aed4f25
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12FF2D916B26B3BD1F50C317F0E4BD6E762220E92C3E7600E68408723AED4F25"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2468
Expires: Sun, 15 Jan 2023 17:31:32 GMT
Date: Sun, 15 Jan 2023 16:50:24 GMT
Connection: keep-alive
planesknob.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=209
173.233.137.44200 OK 0 B URL HTTP/1.1 planesknob.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=209
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=209 HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165024%3Aet%3A1673801424%3Ac%3A1%3Arn%3A670147865%3Arqn%3A8%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1673801419223%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801424%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
87.250.250.119302 Found 325 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165024%3Aet%3A1673801424%3Ac%3A1%3Arn%3A670147865%3Arqn%3A8%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1673801419223%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801424%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
File type gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Hash c86d9968421ea8ad2072db652a0c1a15
dbe22519d5e170be2013b4544e09b2d18692355f
d36c8fc19bce320b5817465878ba63e102ce774c71de2f33173402b2e540e04d
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165024%3Aet%3A1673801424%3Ac%3A1%3Arn%3A670147865%3Arqn%3A8%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1673801419223%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801424%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&charset=utf-8&hittoken=1673801422_56e8ac3528bb4c3a2e397275939d5a764e9710955ccccb974f497478379f4e07&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A953%3Acn%3A1%3Adp%3A0%3Als%3A756836210234%3Ahid%3A636075366%3Az%3A0%3Ai%3A20230115165024%3Aet%3A1673801424%3Ac%3A1%3Arn%3A670147865%3Arqn%3A8%3Au%3A1673801422198054536%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1673801419223%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1673801424%3At%3AKcupqueen%20Bj%20Supreme%20With%20Extra%20Titty%20Dangle%20Angle%20-%20FullHD%201080%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
date: Sun, 15 Jan 2023 16:50:24 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=38945971673801424; Path=/; SameSite=None; Secure
i=Ci07nxLpI/NikpHtdiPO52scDBfX6dWPadp9k1ARyfp0/5s2dPXcCLyE3a7n1He8NjwTlTLRA2t9PgGdnERCscJWbqw=; Expires=Wed, 12-Jan-2033 16:50:21 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=3498047421673801424; Expires=Mon, 15-Jan-2024 16:50:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3498047421673801424; Expires=Mon, 15-Jan-2024 16:50:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1705337424.yc.1673801424#1705337424.yrts.1673801424#1705337424.yrtsi.1673801424; Expires=Mon, 15-Jan-2024 16:50:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 15-Jan-2023 16:50:24 GMT
last-modified: Sun, 15-Jan-2023 16:50:24 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.133.29200 OK 28 B IP 172.64.133.29:0
File type ASCII text, with no line terminators
Hash b5b91fa877fa9a788f18bbb30db18eb7
8f3a0a050b2f71d27f7d0eea4855bef333fd5d60
00dbad8831e128c1bc033a803e882464f2726d5762737043cd9a0b38bc1b62f1
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: text/plain
set-cookie: csu=529265698939553@1@1673801424; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KEAT6QFcG9J%2Bxl8t4LKbGEKWyd6Uy0BoxFHpVix0KYTlGvJC3E9mgTbjp4mdIovqKa5AsPakhl9bZ6tjFmastrJeMHLjWcqmKTngInRu1BeCLiHzcAwdMV6NyTx6WGAH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c341afc88bf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.133.29200 OK 102 kB IP 172.64.133.29:0
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2038
last-modified: Sun, 15 Jan 2023 16:16:26 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bzkabi68P5I7psL2KM4OX7xfGRcanLbzJ9u%2FRbnq2yNkTQDGoJPF%2FGSwGX3asDz8K6W9IMniHPRPkOl0B7kan%2FtAuuhqVHSXntm6Mx1rAYOpGqxwj0KOgZtFSBiRdLq8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c340af588bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
planesknob.com/pixel/sbs?c=1
173.233.137.44200 OK 0 B URL HTTP/1.1 planesknob.com/pixel/sbs?c=1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
d3t87ooo0697p8.cloudfront.net/SYmdLSm0BCCUsUhYOL3dUVVR/fV5EDTglAxJaJg4XVSwKfSIwLwh9OQYIDGwZGAN2eksOBiUtUEQCJSlQU0EqLg9fU20/DF8KJDAEDgsqb18kUmV6SFBXYz0EDAMkPR5HVXskGUdVe3tdTFdueS9HVXs9BAxRf29eIEJ5ehVUU255L0dVezgbR1QKe11XSX-tjSFBXLC8OCQhueCtQV3p6XVNXem9fUgEiOAgECDNvXyRWe39DUkE+d1w
143.204.42.94200 OK 191 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/SYmdLSm0BCCUsUhYOL3dUVVR/fV5EDTglAxJaJg4XVSwKfSIwLwh9OQYIDGwZGAN2eksOBiUtUEQCJSlQU0EqLg9fU20/DF8KJDAEDgsqb18kUmV6SFBXYz0EDAMkPR5HVXskGUdVe3tdTFdueS9HVXs9BAxRf29eIEJ5ehVUU255L0dVezgbR1QKe11XSX-tjSFBXLC8OCQhueCtQV3p6XVNXem9fUgEiOAgECDNvXyRWe39DUkE+d1w
IP 143.204.42.94:0
File type ASCII text, with no line terminators
Hash dbd441408ee6acad1282449bad3189c8
7d616613150d616595933205996237d80a49eb05
6c4608a14d32c617eee0dcd0abba61d0fcd5e3c42cb50ce8bda17592e274283d
GET /SYmdLSm0BCCUsUhYOL3dUVVR/fV5EDTglAxJaJg4XVSwKfSIwLwh9OQYIDGwZGAN2eksOBiUtUEQCJSlQU0EqLg9fU20/DF8KJDAEDgsqb18kUmV6SFBXYz0EDAMkPR5HVXskGUdVe3tdTFdueS9HVXs9BAxRf29eIEJ5ehVUU255L0dVezgbR1QKe11XSX-tjSFBXLC8OCQhueCtQV3p6XVNXem9fUgEiOAgECDNvXyRWe39DUkE+d1w HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://onandeggsiswe.com.ua/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 191
date: Sun, 15 Jan 2023 16:50:24 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nFu0KRL8Mg3Gc0h1f2Z_HLoHzsQOQ0dOe0t-83UQLs2iov8J_VQmuQ==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/lSFdVNmErODtQXjw+MQtYfmVlB1VuPSZZDzhqIVMIHwQHZVkMHjNBMwBxIUwFdWdzWgAmMGgQBCY0aAdHKTM3C1VuIyVZCnUuN1QVOT44UgQmcSBXXCU4L18NJDZwBCd9eWUTU3h/Il8PLDgiRUR6ZztCRHpnZAZPeHJmdER6ZyJfD35jcAUjbWVlTld8cm-Z0RHpnJ0BEexZkBlRmZ3wTU3gwMFUKJ3JncFN4ZmUGUHhmcARRLj4nUwcnL3AEJ3lnYBhRbiJoBw
143.204.42.94200 OK 593 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/lSFdVNmErODtQXjw+MQtYfmVlB1VuPSZZDzhqIVMIHwQHZVkMHjNBMwBxIUwFdWdzWgAmMGgQBCY0aAdHKTM3C1VuIyVZCnUuN1QVOT44UgQmcSBXXCU4L18NJDZwBCd9eWUTU3h/Il8PLDgiRUR6ZztCRHpnZAZPeHJmdER6ZyJfD35jcAUjbWVlTld8cm-Z0RHpnJ0BEexZkBlRmZ3wTU3gwMFUKJ3JncFN4ZmUGUHhmcARRLj4nUwcnL3AEJ3lnYBhRbiJoBw
IP 143.204.42.94:0
File type ASCII text, with very long lines (834), with no line terminators
Hash 2490ee5df2d422d5bdd146e256b9b74c
d66003a0e64c5a69df3234442401f9ab0f9ce6a8
2e9ed6eda99af6b1185ea42adc3698278f015d7edcabae82ab56816cd4496f52
GET /lSFdVNmErODtQXjw+MQtYfmVlB1VuPSZZDzhqIVMIHwQHZVkMHjNBMwBxIUwFdWdzWgAmMGgQBCY0aAdHKTM3C1VuIyVZCnUuN1QVOT44UgQmcSBXXCU4L18NJDZwBCd9eWUTU3h/Il8PLDgiRUR6ZztCRHpnZAZPeHJmdER6ZyJfD35jcAUjbWVlTld8cm-Z0RHpnJ0BEexZkBlRmZ3wTU3gwMFUKJ3JncFN4ZmUGUHhmcARRLj4nUwcnL3AEJ3lnYBhRbiJoBw HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://onandeggsiswe.com.ua/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 593
date: Sun, 15 Jan 2023 16:50:24 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dSzVbw6Gbs6TGoBOiFxnAlZWjaIjZEfu_uv5MZ7IxaSSNHfL-Skwfg==
X-Firefox-Spdy: h2
planesknob.com/impr.gif?sid=H4sIAAAAAAAC%2F6xTT4gcxReuzi8%2FUIKi4sVDpKEhRpDZ7un5m7AMSXaTDNnsrrsrQRFCdVXNTDnV1U1V9fTsXgyJSG7Z6MVbet9sskaDMeAhB4Uwm4sOihlBmYMriAfBiyJ6lpldiR4EDz7oft%2Fj6%2BZ9X71Xb24kO8iFBI8Wz0ZrXAg8Vcy59uFzXNIo1fb8iu25OfeofY7LUuGo3R2%2FVOeI5xZz7vP2KUba0VTe9VzXcz37JFesEXWnJizw%2BFbVy1XdXCGf84oF6Kq%2F1zqxQGMLaGcHPQWcDv%2Ff%2BvQOcNIHGX44w3TbRPELs2EisIkUdOjWS7Ito1RC%2BBA2lAUNubX3NUR6iNA7%2ByCSW3sOIOpsjh1AwIfI%2BsaDQG7tyYSgc31XaSCASQjoAUg7fWCiDxz3gUSXgNMHCIBQmF8AGd6Yj1SKV3dZPGaHaP%2FvvwJPh2j%2Ft0%2BDDD84LnjXXo5EYngkNXQbGfBuH3izD3GyDWbNAp5uAzEXgVMEMsyA02zimvM%2B8EYfBFsHrC1Ixg%2B3IGlYkMQWhHRk42K14brlRtDw%2FUqBEOL7hBQrJVqkfqHScCEhY1nrYOJ1IGIdiLoAsboAbX51iNDFTVDJPdCtDDS1QJshsl68AB2aQcoQpBpBihGkHEFqEKSd7DoVOq%2BzG1ToJPD2cn4v%2B1kvMs0NfD0yTSbRRryDnhwfivXY689Bm43svNdgfrXoNgpenrn5EvH9hheUCGMlz2cBBs0z4HrfxO8aH6Jniwcg5kP0SO0eBHgbtNgGwp8AnBwEnPbKeRdwq1eouLAm70psEoVFi2FhWjpKFGE5IpIAaJRBbPaDWbU2xA56ZjKo8taPwMig9v0vzZ%2FYJQREZRCrDF7j9xE0xeXeUpSizaUo1ejOQmx4yNfweIjLBhuG3jvDVtNI0fqMXr95jIyJMby1wrSZw5Jy2dTo%2FeOcUqZORoow9Eldn2PBYqJbxxMlk3hu8cTJehgrpjWPZB8wf9B9BQgfoke%2FHkzW8yD%2BHLjaBpWMZlrGxEempojgpJ2LiWjnJA7Zbl3TDJtpv1R18%2FlDmHL6J%2BbTQeqVCwvdktQvn3chTAa1t39ofXb%2Foy%2BBR30g8RvvOk79xMK844yW%2FqGFaSVhIDEX%2F7bNIR42zTQnkbzpOCv1lblZx%2Fm4blPctJmyxWq7zShuMmlTLu2fr71197bjzMwun1iqL67UJ1LsZYOVsXXMhWDGDhm1Pdd17fmFM3YQyUTfdpy5Y0unZs%2FXzx47Nes4o9P%2FlXjQ8QDtBegIgRIP6yC2IE2ynsoHg9q1wiLf%2FO40CD5ER6YfB8EGteGVVw%2F%2F1r8COMhAs7%2F8%2BBBv6MvQVBZgc2ly2zsqg47IAIt10Mn%2FeiZWg9pX%2FiQgEFYvEMraDIQSV3d3VvORXfQKrBJUyoTSgBHqlfN%2BxXfdPKWFcpV5VTB6SO7nvvgDAAD%2F%2FwEAAP%2F%2FN%2FiLTs8FAAA%3D
173.233.137.44200 OK 7 B URL HTTP/1.1 planesknob.com/impr.gif?sid=H4sIAAAAAAAC%2F6xTT4gcxReuzi8%2FUIKi4sVDpKEhRpDZ7un5m7AMSXaTDNnsrrsrQRFCdVXNTDnV1U1V9fTsXgyJSG7Z6MVbet9sskaDMeAhB4Uwm4sOihlBmYMriAfBiyJ6lpldiR4EDz7oft%2Fj6%2BZ9X71Xb24kO8iFBI8Wz0ZrXAg8Vcy59uFzXNIo1fb8iu25OfeofY7LUuGo3R2%2FVOeI5xZz7vP2KUba0VTe9VzXcz37JFesEXWnJizw%2BFbVy1XdXCGf84oF6Kq%2F1zqxQGMLaGcHPQWcDv%2Ff%2BvQOcNIHGX44w3TbRPELs2EisIkUdOjWS7Ito1RC%2BBA2lAUNubX3NUR6iNA7%2ByCSW3sOIOpsjh1AwIfI%2BsaDQG7tyYSgc31XaSCASQjoAUg7fWCiDxz3gUSXgNMHCIBQmF8AGd6Yj1SKV3dZPGaHaP%2FvvwJPh2j%2Ft0%2BDDD84LnjXXo5EYngkNXQbGfBuH3izD3GyDWbNAp5uAzEXgVMEMsyA02zimvM%2B8EYfBFsHrC1Ixg%2B3IGlYkMQWhHRk42K14brlRtDw%2FUqBEOL7hBQrJVqkfqHScCEhY1nrYOJ1IGIdiLoAsboAbX51iNDFTVDJPdCtDDS1QJshsl68AB2aQcoQpBpBihGkHEFqEKSd7DoVOq%2BzG1ToJPD2cn4v%2B1kvMs0NfD0yTSbRRryDnhwfivXY689Bm43svNdgfrXoNgpenrn5EvH9hheUCGMlz2cBBs0z4HrfxO8aH6Jniwcg5kP0SO0eBHgbtNgGwp8AnBwEnPbKeRdwq1eouLAm70psEoVFi2FhWjpKFGE5IpIAaJRBbPaDWbU2xA56ZjKo8taPwMig9v0vzZ%2FYJQREZRCrDF7j9xE0xeXeUpSizaUo1ejOQmx4yNfweIjLBhuG3jvDVtNI0fqMXr95jIyJMby1wrSZw5Jy2dTo%2FeOcUqZORoow9Eldn2PBYqJbxxMlk3hu8cTJehgrpjWPZB8wf9B9BQgfoke%2FHkzW8yD%2BHLjaBpWMZlrGxEempojgpJ2LiWjnJA7Zbl3TDJtpv1R18%2FlDmHL6J%2BbTQeqVCwvdktQvn3chTAa1t39ofXb%2Foy%2BBR30g8RvvOk79xMK844yW%2FqGFaSVhIDEX%2F7bNIR42zTQnkbzpOCv1lblZx%2Fm4blPctJmyxWq7zShuMmlTLu2fr71197bjzMwun1iqL67UJ1LsZYOVsXXMhWDGDhm1Pdd17fmFM3YQyUTfdpy5Y0unZs%2FXzx47Nes4o9P%2FlXjQ8QDtBegIgRIP6yC2IE2ynsoHg9q1wiLf%2FO40CD5ER6YfB8EGteGVVw%2F%2F1r8COMhAs7%2F8%2BBBv6MvQVBZgc2ly2zsqg47IAIt10Mn%2FeiZWg9pX%2FiQgEFYvEMraDIQSV3d3VvORXfQKrBJUyoTSgBHqlfN%2BxXfdPKWFcpV5VTB6SO7nvvgDAAD%2F%2FwEAAP%2F%2FN%2FiLTs8FAAA%3D
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F6xTT4gcxReuzi8%2FUIKi4sVDpKEhRpDZ7un5m7AMSXaTDNnsrrsrQRFCdVXNTDnV1U1V9fTsXgyJSG7Z6MVbet9sskaDMeAhB4Uwm4sOihlBmYMriAfBiyJ6lpldiR4EDz7oft%2Fj6%2BZ9X71Xb24kO8iFBI8Wz0ZrXAg8Vcy59uFzXNIo1fb8iu25OfeofY7LUuGo3R2%2FVOeI5xZz7vP2KUba0VTe9VzXcz37JFesEXWnJizw%2BFbVy1XdXCGf84oF6Kq%2F1zqxQGMLaGcHPQWcDv%2Ff%2BvQOcNIHGX44w3TbRPELs2EisIkUdOjWS7Ito1RC%2BBA2lAUNubX3NUR6iNA7%2ByCSW3sOIOpsjh1AwIfI%2BsaDQG7tyYSgc31XaSCASQjoAUg7fWCiDxz3gUSXgNMHCIBQmF8AGd6Yj1SKV3dZPGaHaP%2FvvwJPh2j%2Ft0%2BDDD84LnjXXo5EYngkNXQbGfBuH3izD3GyDWbNAp5uAzEXgVMEMsyA02zimvM%2B8EYfBFsHrC1Ixg%2B3IGlYkMQWhHRk42K14brlRtDw%2FUqBEOL7hBQrJVqkfqHScCEhY1nrYOJ1IGIdiLoAsboAbX51iNDFTVDJPdCtDDS1QJshsl68AB2aQcoQpBpBihGkHEFqEKSd7DoVOq%2BzG1ToJPD2cn4v%2B1kvMs0NfD0yTSbRRryDnhwfivXY689Bm43svNdgfrXoNgpenrn5EvH9hheUCGMlz2cBBs0z4HrfxO8aH6Jniwcg5kP0SO0eBHgbtNgGwp8AnBwEnPbKeRdwq1eouLAm70psEoVFi2FhWjpKFGE5IpIAaJRBbPaDWbU2xA56ZjKo8taPwMig9v0vzZ%2FYJQREZRCrDF7j9xE0xeXeUpSizaUo1ejOQmx4yNfweIjLBhuG3jvDVtNI0fqMXr95jIyJMby1wrSZw5Jy2dTo%2FeOcUqZORoow9Eldn2PBYqJbxxMlk3hu8cTJehgrpjWPZB8wf9B9BQgfoke%2FHkzW8yD%2BHLjaBpWMZlrGxEempojgpJ2LiWjnJA7Zbl3TDJtpv1R18%2FlDmHL6J%2BbTQeqVCwvdktQvn3chTAa1t39ofXb%2Foy%2BBR30g8RvvOk79xMK844yW%2FqGFaSVhIDEX%2F7bNIR42zTQnkbzpOCv1lblZx%2Fm4blPctJmyxWq7zShuMmlTLu2fr71197bjzMwun1iqL67UJ1LsZYOVsXXMhWDGDhm1Pdd17fmFM3YQyUTfdpy5Y0unZs%2FXzx47Nes4o9P%2FlXjQ8QDtBegIgRIP6yC2IE2ynsoHg9q1wiLf%2FO40CD5ER6YfB8EGteGVVw%2F%2F1r8COMhAs7%2F8%2BBBv6MvQVBZgc2ly2zsqg47IAIt10Mn%2FeiZWg9pX%2FiQgEFYvEMraDIQSV3d3VvORXfQKrBJUyoTSgBHqlfN%2BxXfdPKWFcpV5VTB6SO7nvvgDAAD%2F%2FwEAAP%2F%2FN%2FiLTs8FAAA%3D HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d09bd74c504993936dabac4d0c9cf1af
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5fc38856297a28cd362a2b0421acf8e7
6f83afbac6052fe285eacd2b69e92fd5b81ed7d9
710ed74bf69a62793e46c7a8557a3a133ad240beadfa3ecc6061b815f24fe9c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4391
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:24 GMT
Last-Modified: Sun, 15 Jan 2023 15:37:13 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash a0323bca87228ca600ad58555e1b2d3e
a82132958ff2952767ff6b6b4c97ce81f899e226
ca54fbb1176415af368fc1d7d0711ba6a08c48124c3b33ce3ef2c77029568bae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 1.6 kB IP 216.58.211.3:0
Hash c4ddd774b9f7b99d418d8f0410434cc5
0b94549d9d4641d11fd5de5afde43c028f8b1e2c
071c99e8cba6f9507968a567f6c1f86df9f0d83e0aae29e924ac71ab19e346b0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
onandeggsiswe.com.ua/utx?cb=Cciv1Gf33dKt&top=xfantazy.com&tid=971975
54.230.111.43204 No Content 0 B URL HTTP/2 onandeggsiswe.com.ua/utx?cb=Cciv1Gf33dKt&top=xfantazy.com&tid=971975
IP 54.230.111.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Cciv1Gf33dKt&top=xfantazy.com&tid=971975 HTTP/1.1
Host: onandeggsiswe.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 15 Jan 2023 16:50:24 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 15 Jan 2023 16:51:24 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: In2ZpePEbAICGN4ngY8C0V0nwgEeFR2a4wPjmGgBmlP8uHUbndqp0A==
X-Firefox-Spdy: h2
onandeggsiswe.com.ua/utx?cb=mMkNTeSyj7up&top=xfantazy.com&tid=962014
54.230.111.43204 No Content 0 B URL HTTP/2 onandeggsiswe.com.ua/utx?cb=mMkNTeSyj7up&top=xfantazy.com&tid=962014
IP 54.230.111.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=mMkNTeSyj7up&top=xfantazy.com&tid=962014 HTTP/1.1
Host: onandeggsiswe.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 15 Jan 2023 16:50:24 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 15 Jan 2023 16:51:24 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LgNtekGWdaw1n5SXb6oS2_sceLOc8AsZnZkIg636eiUmieGZS-M0Dg==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 968d48a16f0c37059760d6e667cd3891
48106457e9581aa91b2ce4b09e604c2f7f198680
056e2ebc1166ce785f591bc80c687b18c48c1510399e6ab9995326b5d8101af4
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 15 Jan 2023 16:50:24 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-234386863%3A1673801424437369&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh42KbQCAW5edKk6iz1-_CATVAC2hko9u6tqHQjyTf9G5Hz6jm-03EyUkU-mP30YvXo5cWUloA
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-oRAvEw8xrHn7AX-CX5CSVQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:h3AYMkdVcMdAvOf0Vy5QNPh5S0oAiw:cfK7wjhpLATD-AYp;Path=/;Expires=Tue, 14-Jan-2025 16:50:24 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 3d633e9e8e7495dc46a8493267654e99
4b76112c0d49b757fe0584dd177363380e1b6d85
08718cb11d1699b812bc382009b34fb4b2d0640a0aa21b9041b5b4c44fa68bdb
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 15 Jan 2023 16:50:24 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S838904091%3A1673801424448195&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6qQLNB3qhZK1HxGSmDImZs4xRx-Mc5xEEHGsFrtew1e0aXG0wCeVYu7eQUnT6Q0euN1LdyZw
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-rylXGQjzVVxY0uOPfjw4Yg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:v9V3jEbPpLVyvKLHxaauzvb8tq8AgA:DWVYzG3s0MiaVzAK;Path=/;Expires=Tue, 14-Jan-2025 16:50:24 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 507 B IP 216.58.211.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c8a42b3f7f7e1847d70cd4772703fde0
2d52f9f1d5f57f66837542da365849c7e2b2b682
799fdc5e3233c17618440ae88e5865036f15325f8372d2fff6d91126f6027720
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5fc38856297a28cd362a2b0421acf8e7
6f83afbac6052fe285eacd2b69e92fd5b81ed7d9
710ed74bf69a62793e46c7a8557a3a133ad240beadfa3ecc6061b815f24fe9c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4391
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 15 Jan 2023 16:50:24 GMT
Last-Modified: Sun, 15 Jan 2023 15:37:13 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 7.4 kB IP 104.18.32.68:0
Hash 67a1e47fc4c0c299cd222a3051881f7e
69e4423f878bc0ff6aebe395039c4dff7baa9f14
815bf6104844259eb23a1eeeeb418f6710d51c198ce3bff39abe0d04e083c108
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 14 Jan 2023 18:28:18 GMT
Expires: Sat, 21 Jan 2023 18:28:17 GMT
Etag: "063e3d21d2ae3a1f17b265ce662ed229aff2401e"
Cache-Control: max-age=523672,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78a01c36ab3bb521-OSL
track.trackingtraffo.com/push/ic?auth=pz6u78&c=cgFu8dtEn2soSN4rbJbgp7cHK2-BFQk6pGpXUdljlt_4Wi7kZcvHeR-OGptGbawgmnOs-IGpcQbUHDvbPFRCR4Gw1dD-W91xNkZOSV3CTxhOjOjQaQVE7F7zcwFdSsR0SSG_tmJHUtazzK6tPdDdRyW2-3ymxcN674PGOXZ_TQmLv1vInIEi9GmX4HeY4_sy4aU5C1SsKN1K7Pb6ccmbvcfA7Ru6r3Pp-O4BqhgAVKijMtVydQ7lrTZbm4zMN-v0WxtMyJTqYSaCeSlJYbgaxwX24Sh7VsGY5j_X9zpSokbB9uX3hgqAyOcduOUGEKgULa1z60zfVUblHvkVPnsmpM4ViZK1pJjktX6XlgBcyfMjCI4w_6Vu8oS3ayLyoNfHa19R32M6NUCe2wsyqyCWB2y32CJOkxSAXXLsbfiO_Xepzbjcs9m1g9u4W8UcvOYIJjJ9xOnkcAAXNodxhgF4ftQElSMgNUjT_MKFCR02BJlvey0ere8_Nq_RB_ZUDczxqHJNrwyiMqRAIw8eRV-aWO0BAh3srtMnfveAro1VTc3I2AROUF8v9knRUIUobZ3NNdU_qkv67WFOyyPxlKV3b639f-L-4UFZWD4ve0NVB5RRriKc
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=pz6u78&c=cgFu8dtEn2soSN4rbJbgp7cHK2-BFQk6pGpXUdljlt_4Wi7kZcvHeR-OGptGbawgmnOs-IGpcQbUHDvbPFRCR4Gw1dD-W91xNkZOSV3CTxhOjOjQaQVE7F7zcwFdSsR0SSG_tmJHUtazzK6tPdDdRyW2-3ymxcN674PGOXZ_TQmLv1vInIEi9GmX4HeY4_sy4aU5C1SsKN1K7Pb6ccmbvcfA7Ru6r3Pp-O4BqhgAVKijMtVydQ7lrTZbm4zMN-v0WxtMyJTqYSaCeSlJYbgaxwX24Sh7VsGY5j_X9zpSokbB9uX3hgqAyOcduOUGEKgULa1z60zfVUblHvkVPnsmpM4ViZK1pJjktX6XlgBcyfMjCI4w_6Vu8oS3ayLyoNfHa19R32M6NUCe2wsyqyCWB2y32CJOkxSAXXLsbfiO_Xepzbjcs9m1g9u4W8UcvOYIJjJ9xOnkcAAXNodxhgF4ftQElSMgNUjT_MKFCR02BJlvey0ere8_Nq_RB_ZUDczxqHJNrwyiMqRAIw8eRV-aWO0BAh3srtMnfveAro1VTc3I2AROUF8v9knRUIUobZ3NNdU_qkv67WFOyyPxlKV3b639f-L-4UFZWD4ve0NVB5RRriKc
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=pz6u78&c=cgFu8dtEn2soSN4rbJbgp7cHK2-BFQk6pGpXUdljlt_4Wi7kZcvHeR-OGptGbawgmnOs-IGpcQbUHDvbPFRCR4Gw1dD-W91xNkZOSV3CTxhOjOjQaQVE7F7zcwFdSsR0SSG_tmJHUtazzK6tPdDdRyW2-3ymxcN674PGOXZ_TQmLv1vInIEi9GmX4HeY4_sy4aU5C1SsKN1K7Pb6ccmbvcfA7Ru6r3Pp-O4BqhgAVKijMtVydQ7lrTZbm4zMN-v0WxtMyJTqYSaCeSlJYbgaxwX24Sh7VsGY5j_X9zpSokbB9uX3hgqAyOcduOUGEKgULa1z60zfVUblHvkVPnsmpM4ViZK1pJjktX6XlgBcyfMjCI4w_6Vu8oS3ayLyoNfHa19R32M6NUCe2wsyqyCWB2y32CJOkxSAXXLsbfiO_Xepzbjcs9m1g9u4W8UcvOYIJjJ9xOnkcAAXNodxhgF4ftQElSMgNUjT_MKFCR02BJlvey0ere8_Nq_RB_ZUDczxqHJNrwyiMqRAIw8eRV-aWO0BAh3srtMnfveAro1VTc3I2AROUF8v9knRUIUobZ3NNdU_qkv67WFOyyPxlKV3b639f-L-4UFZWD4ve0NVB5RRriKc HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National Casino black.png
onandeggsiswe.com.ua/floater?cs=MVhrd0oEbl9AfgFvXER%2FBmxZQ3M&abt=0&red=1&sm=83&k=xfantazy%201080%20kcupqueen%20supreme%20with%20extra%20titty%20dangle%20angle%20fullhd&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=529265698939553&agec=1673801424&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=192.3076923076923&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_n9XC=1673801424694&crc=1
54.230.111.43200 OK 2.5 kB URL HTTP/2 onandeggsiswe.com.ua/floater?cs=MVhrd0oEbl9AfgFvXER%2FBmxZQ3M&abt=0&red=1&sm=83&k=xfantazy%201080%20kcupqueen%20supreme%20with%20extra%20titty%20dangle%20angle%20fullhd&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=529265698939553&agec=1673801424&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=192.3076923076923&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_n9XC=1673801424694&crc=1
IP 54.230.111.43:0
File type ASCII text, with very long lines (3479), with no line terminators
Hash 81b09dc0a3ad6f8f0b75a7592238412a
1906a5fa99a353f80e70c5ca6e425ac5afedaff9
9558fd7f9f9eb69554865a14a3cfe6e8eb900579f0cc3eec0586762f4aba54af
GET /floater?cs=MVhrd0oEbl9AfgFvXER%2FBmxZQ3M&abt=0&red=1&sm=83&k=xfantazy%201080%20kcupqueen%20supreme%20with%20extra%20titty%20dangle%20angle%20fullhd&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=529265698939553&agec=1673801424&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=192.3076923076923&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F618647d3248b9003ff8116ba&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_n9XC=1673801424694&crc=1 HTTP/1.1
Host: onandeggsiswe.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2459
date: Sun, 15 Jan 2023 16:50:24 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=741c48ee-2c66-4073-a801-e32070198f95
csu=529265698939553
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 91lBUXyNXuBajTyPCCljaK-ML7vboo9SdUWthpCrdvfTKxOCuyQhyQ==
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-234386863%3A1673801424437369&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh42KbQCAW5edKk6iz1-_CATVAC2hko9u6tqHQjyTf9G5Hz6jm-03EyUkU-mP30YvXo5cWUloA
142.250.74.109403 Forbidden 4.8 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-234386863%3A1673801424437369&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh42KbQCAW5edKk6iz1-_CATVAC2hko9u6tqHQjyTf9G5Hz6jm-03EyUkU-mP30YvXo5cWUloA
IP 142.250.74.109:0
Hash 14bc51a35884d803216bb66388c318a7
18316c30bf23e7dac5b7c351430c86e65bab01ed
86f423bb7c35907619f1af03809fc4bbea31c43b95107481d5a42587a0361804
GET /v3/signin/identifier?dsh=S-234386863%3A1673801424437369&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh42KbQCAW5edKk6iz1-_CATVAC2hko9u6tqHQjyTf9G5Hz6jm-03EyUkU-mP30YvXo5cWUloA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 15 Jan 2023 16:50:24 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-IL-GQGwk4IoH8XZh87Zx3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 7dc980d17287ae9ee7025c2e4a7c9860
eadd9bb57d54645eb7d28d8c119347d401e6b380
6d06805d66137aa2e5d36809704cc9b704b318f75574bc084763ff1055b28210
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 14 Jan 2023 03:14:18 GMT
Expires: Sat, 21 Jan 2023 03:14:17 GMT
Etag: "eadd9bb57d54645eb7d28d8c119347d401e6b380"
Cache-Control: max-age=468832,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78a01c390e6ab50c-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 7dc980d17287ae9ee7025c2e4a7c9860
eadd9bb57d54645eb7d28d8c119347d401e6b380
6d06805d66137aa2e5d36809704cc9b704b318f75574bc084763ff1055b28210
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 14 Jan 2023 03:14:18 GMT
Expires: Sat, 21 Jan 2023 03:14:17 GMT
Etag: "eadd9bb57d54645eb7d28d8c119347d401e6b380"
Cache-Control: max-age=468832,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78a01c38ee40b521-OSL
planesknob.com/pixel/sbs?c=1
173.233.137.44200 OK 0 B URL HTTP/1.1 planesknob.com/pixel/sbs?c=1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
planesknob.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREeeoIJPunpnMjDksxjUSXLNxdyXorbqqelKmuqqp6p6eDAhhF2SPszePnc8kG3SDuHgTFmSyFwkItgfJwRz8A7wIXpWZDIw%2BqHrv1edBfT7vvS8O8gviI6fnWx%2BaoVSKLrfqfu2Nbam5KVxt824t8Ov%2Bam1b6pXmam0wvWz%2F7cBv1f03a%2B8LtmuWQz%2Fw%2FcAPauvSitgMlmcoZHrSDepdv94M60GriYH9b%2B5yD4564P0L8jIkr%2F638%2BMTSDaBTr69IdxuZtK33ktyRTNj0efHH%2BtdbQqNZBHG1kOsj%2BfVMK4i5MsrMPp4rgCmfzhVgEhWxPs1QKSP5zQR9Y8umUYKQiPiz6HoTyDUBJJOwMx9SP4zARjH5i3o5NGmsQXdu0TpFK3I0l9%2FQhYVWfrtGnTyzZqSg9odo%2FJMGu0wiEvIwQSyN0GanyIbepDFKVh2D5IT6KSE5OVMtZQTyHgCJUagzkM%2BPdJDHnvIUw8JP6%2FRVjf2%2FXYcxY1Gp8kYazQYa3VWeIs3mp3YR86mtEbI0hGYGoHZfaR2H7vyYUXIvUPY%2FAe4nRKOe3BZRbyP9tHnJQpBUDiCghIUkqDICIp%2BecSVC135iCuXR8Hch3PfKMcm6x3QI5P1hCYH6QV5adaUP57%2FHrvivEbDuNv148Bvtlf8lYC1gy4PWEBpg4aC8RBOlpDuykzvUFbk2qu%2FI51O6vO%2FEdFTOHUKJl8EzV8DLcbt0AfdGTc7Pob6ZBBTndHhXp2ZBNyUSLMlZHvegbogr8x4rL4wgGBn179rzAzMlkhtic%2FkM4KeejC%2BbQpyeNsUjjy5lWYykUM6HdydjGbi6tcfiL3CWL5xw42%2BeodNgWl4cle47CbVXOqeI4%2FXJOfCrhvLBHm64bZFtJW7nbXc6jy9ufXu%2BkaSWuGcNHoCKitCzjfAZEX%2B%2F%2FTT2VK%2B%2FvgTSDuBzUsk%2BRmZG6Q5BUv34dIFf2cIrFrURKmHIi%2FHNowWj0oSKLHIaVTC%2FSuPFvGBe4Ce9UCz%2B7NV7NsSfVWCqhFcfnWcpfbs%2Bi%2FzzyPljSNlvcNIWfXwsrlOntdaQVN0ok6bcR4JxoN22Og0fD%2FkvNnuiqCLzFXsWf2nfwAAAP%2F%2FAQAA%2F%2F%2F%2BE6L3bAQAAA%3D%3D
173.233.137.44200 OK 7 B URL HTTP/1.1 planesknob.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREeeoIJPunpnMjDksxjUSXLNxdyXorbqqelKmuqqp6p6eDAhhF2SPszePnc8kG3SDuHgTFmSyFwkItgfJwRz8A7wIXpWZDIw%2BqHrv1edBfT7vvS8O8gviI6fnWx%2BaoVSKLrfqfu2Nbam5KVxt824t8Ov%2Bam1b6pXmam0wvWz%2F7cBv1f03a%2B8LtmuWQz%2Fw%2FcAPauvSitgMlmcoZHrSDepdv94M60GriYH9b%2B5yD4564P0L8jIkr%2F638%2BMTSDaBTr69IdxuZtK33ktyRTNj0efHH%2BtdbQqNZBHG1kOsj%2BfVMK4i5MsrMPp4rgCmfzhVgEhWxPs1QKSP5zQR9Y8umUYKQiPiz6HoTyDUBJJOwMx9SP4zARjH5i3o5NGmsQXdu0TpFK3I0l9%2FQhYVWfrtGnTyzZqSg9odo%2FJMGu0wiEvIwQSyN0GanyIbepDFKVh2D5IT6KSE5OVMtZQTyHgCJUagzkM%2BPdJDHnvIUw8JP6%2FRVjf2%2FXYcxY1Gp8kYazQYa3VWeIs3mp3YR86mtEbI0hGYGoHZfaR2H7vyYUXIvUPY%2FAe4nRKOe3BZRbyP9tHnJQpBUDiCghIUkqDICIp%2BecSVC135iCuXR8Hch3PfKMcm6x3QI5P1hCYH6QV5adaUP57%2FHrvivEbDuNv148Bvtlf8lYC1gy4PWEBpg4aC8RBOlpDuykzvUFbk2qu%2FI51O6vO%2FEdFTOHUKJl8EzV8DLcbt0AfdGTc7Pob6ZBBTndHhXp2ZBNyUSLMlZHvegbogr8x4rL4wgGBn179rzAzMlkhtic%2FkM4KeejC%2BbQpyeNsUjjy5lWYykUM6HdydjGbi6tcfiL3CWL5xw42%2BeodNgWl4cle47CbVXOqeI4%2FXJOfCrhvLBHm64bZFtJW7nbXc6jy9ufXu%2BkaSWuGcNHoCKitCzjfAZEX%2B%2F%2FTT2VK%2B%2FvgTSDuBzUsk%2BRmZG6Q5BUv34dIFf2cIrFrURKmHIi%2FHNowWj0oSKLHIaVTC%2FSuPFvGBe4Ce9UCz%2B7NV7NsSfVWCqhFcfnWcpfbs%2Bi%2FzzyPljSNlvcNIWfXwsrlOntdaQVN0ok6bcR4JxoN22Og0fD%2FkvNnuiqCLzFXsWf2nfwAAAP%2F%2FAQAA%2F%2F%2F%2BE6L3bAQAAA%3D%3D
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREeeoIJPunpnMjDksxjUSXLNxdyXorbqqelKmuqqp6p6eDAhhF2SPszePnc8kG3SDuHgTFmSyFwkItgfJwRz8A7wIXpWZDIw%2BqHrv1edBfT7vvS8O8gviI6fnWx%2BaoVSKLrfqfu2Nbam5KVxt824t8Ov%2Bam1b6pXmam0wvWz%2F7cBv1f03a%2B8LtmuWQz%2Fw%2FcAPauvSitgMlmcoZHrSDepdv94M60GriYH9b%2B5yD4564P0L8jIkr%2F638%2BMTSDaBTr69IdxuZtK33ktyRTNj0efHH%2BtdbQqNZBHG1kOsj%2BfVMK4i5MsrMPp4rgCmfzhVgEhWxPs1QKSP5zQR9Y8umUYKQiPiz6HoTyDUBJJOwMx9SP4zARjH5i3o5NGmsQXdu0TpFK3I0l9%2FQhYVWfrtGnTyzZqSg9odo%2FJMGu0wiEvIwQSyN0GanyIbepDFKVh2D5IT6KSE5OVMtZQTyHgCJUagzkM%2BPdJDHnvIUw8JP6%2FRVjf2%2FXYcxY1Gp8kYazQYa3VWeIs3mp3YR86mtEbI0hGYGoHZfaR2H7vyYUXIvUPY%2FAe4nRKOe3BZRbyP9tHnJQpBUDiCghIUkqDICIp%2BecSVC135iCuXR8Hch3PfKMcm6x3QI5P1hCYH6QV5adaUP57%2FHrvivEbDuNv148Bvtlf8lYC1gy4PWEBpg4aC8RBOlpDuykzvUFbk2qu%2FI51O6vO%2FEdFTOHUKJl8EzV8DLcbt0AfdGTc7Pob6ZBBTndHhXp2ZBNyUSLMlZHvegbogr8x4rL4wgGBn179rzAzMlkhtic%2FkM4KeejC%2BbQpyeNsUjjy5lWYykUM6HdydjGbi6tcfiL3CWL5xw42%2BeodNgWl4cle47CbVXOqeI4%2FXJOfCrhvLBHm64bZFtJW7nbXc6jy9ufXu%2BkaSWuGcNHoCKitCzjfAZEX%2B%2F%2FTT2VK%2B%2FvgTSDuBzUsk%2BRmZG6Q5BUv34dIFf2cIrFrURKmHIi%2FHNowWj0oSKLHIaVTC%2FSuPFvGBe4Ce9UCz%2B7NV7NsSfVWCqhFcfnWcpfbs%2Bi%2FzzyPljSNlvcNIWfXwsrlOntdaQVN0ok6bcR4JxoN22Og0fD%2FkvNnuiqCLzFXsWf2nfwAAAP%2F%2FAQAA%2F%2F%2F%2BE6L3bAQAAA%3D%3D HTTP/1.1
Host: planesknob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3870584]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:24 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3ebf18386982303fbe91a56c6d6f1021
Strict-Transport-Security: max-age=0; includeSubdomains
static-cache.k2s.cc/thumbnail/JOyXtHeky_ju8G2Urg/w320h240/0.jpeg
188.72.235.184200 OK 9.6 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JOyXtHeky_ju8G2Urg/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash cfb49214fc6ef2f2c42a111f4ddee844
8a4e1a32ea52ddd0148f0af10d2f0cd99c75676b
6cd592ebfde1978b3dd86cbb092f288f06a343343ce7dfaddb05351a98a8dd4e
GET /thumbnail/JOyXtHeky_ju8G2Urg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: image/jpeg
content-length: 9609
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LbiUuCWgy6nu8T7F9w/w320h240/0.jpeg
188.72.235.184200 OK 9.6 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LbiUuCWgy6nu8T7F9w/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d3bb08f66c9c2b4ebfc9a151961b8dc8
dec5ac1c518c7794b9eeb43a6ef72e1f53b09960
37bcf165c25d9df93a3b836dc9550f3e05638bda1d7fa875ff941372da987f3c
GET /thumbnail/LbiUuCWgy6nu8T7F9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: image/jpeg
content-length: 9605
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cbiTuHH0w_vorGrE_Q/w320h240/0.jpeg
188.72.235.184200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cbiTuHH0w_vorGrE_Q/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 1b88f7da0767a1ee5a597beaef242e7d
8afd2124c9f9f4b93ed51855ee3de9ea7dc7430f
23ea10d0e3d8e2cbf3fb774572d1ac9a12d009429095ec3610119deea7fbf64f
GET /thumbnail/cbiTuHH0w_vorGrE_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: image/jpeg
content-length: 12353
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d-nFuH6jnKzp_2_F-Q/w320h240/0.jpeg
188.72.235.184200 OK 16 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d-nFuH6jnKzp_2_F-Q/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 90d6ade7d40af4f7832fadf972452af0
a9d70dd8f7dad6af75612fc5ac7c322ab56ebc79
6f02510f41a1c2d9cd1f981509839e26e95eb97cb1b2f7d0301a2f7db51c9962
GET /thumbnail/d-nFuH6jnKzp_2_F-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: image/jpeg
content-length: 15881
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d7iT63Wlz67uq2iX_A/w320h240/0.jpeg
188.72.235.184200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d7iT63Wlz67uq2iX_A/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 9465c49b82f038135962404569cab98a
0c554ca749c537a38f9225f96142c96786287420
7f4c008c5fe3cc25e379894641750269e001bc02dece1cfca0e3efb88ce7c1cf
GET /thumbnail/d7iT63Wlz67uq2iX_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: image/jpeg
content-length: 14887
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I-yXtHenzqq-rjmS_w/w320h240/0.jpeg
188.72.235.184200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I-yXtHenzqq-rjmS_w/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 70fd7299e79997ccad18e394a704e5bc
a2eafbef5ed23b1a5c321347c2ac03f7767d2cc1
43ca3b4f57768f100aaaf6355564071235d745062203a47d210e213b4d6db4d1
GET /thumbnail/I-yXtHenzqq-rjmS_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: image/jpeg
content-length: 11745
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LejBvSL3zqq_rj2Xqw/w320h240/0.jpeg
188.72.235.184200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LejBvSL3zqq_rj2Xqw/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 3c995d3b03c8cf83803a80d6a7200be0
d578b2a5f8f8ecb21c1ba2db7acf9b4d6eeee81e
425f58bb45c82cb21eb1102bcb3b6b41edd729708562e0438655443cc84b08ac
GET /thumbnail/LejBvSL3zqq_rj2Xqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: image/jpeg
content-length: 15192
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5ce8a2441c6252fcc9e87b7d45d6f233
59fb1dce4103e40c74f9ac04fee11ac4becdf8f9
1d6370ad47d8cf1cc4343ceefad7487cd217f08bafad5cef3d965ab1d313dc4c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D6370AD47D8CF1CC4343CEEFAD7487CD217F08BAFAD5CEF3D965AB1D313DC4C"
Last-Modified: Sun, 15 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 15 Jan 2023 22:50:25 GMT
Date: Sun, 15 Jan 2023 16:50:25 GMT
Connection: keep-alive
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 1.7 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (579)
Hash 35c2da82e5cf8a4fa3768254d8846ea7
5343232eb59aea689d99a1174cbe062045c990e7
db58442de2ab514878db2c0dd41cac481929e4c13c63e901ce2fa8ae45d41d36
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: text/html; charset=utf-8
content-length: 1721
cache-control: no-cache
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 103 kB IP 104.18.32.68:0
Size 103 kB (102872 bytes)
Hash dab6b3c37aa1dc45dafdb8e81fea1228
aed404c057546724df5a3cd1832b98b4f107ffcc
564d68da108c7a2f2108fbb673f45a5a929803487352dc4c4b07e0692373e0ff
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 14 Jan 2023 03:14:18 GMT
Expires: Sat, 21 Jan 2023 03:14:17 GMT
Etag: "eadd9bb57d54645eb7d28d8c119347d401e6b380"
Cache-Control: max-age=468831,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78a01c390f30b4ff-OSL
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 40677e0a6b2f90d07536fa6810277b29
8f10bc615fb947fd367cd64c2d1438d2ac01ab9a
e9930e5fa6a66dafe6227437d5a06e8b56450892320b2358daa8906d14ab74ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9930E5FA6A66DAFE6227437D5A06E8B56450892320B2358DAA8906D14AB74BA"
Last-Modified: Sat, 14 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5402
Expires: Sun, 15 Jan 2023 18:20:27 GMT
Date: Sun, 15 Jan 2023 16:50:25 GMT
Connection: keep-alive
static-cache.k2s.cc/thumbnail/Lb6U6HH0m_vq-m6Qqw/w320h240/0.jpeg
188.72.235.184200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Lb6U6HH0m_vq-m6Qqw/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d84283d8ffa9358c777259f32155d50d
8e91ea5d7e6af378455508371dd9ccaade9f5d27
7264c1e127c159791b2d38d1c2b65dfb340e9ae1822961ce8168c9f001f24ebb
GET /thumbnail/Lb6U6HH0m_vq-m6Qqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: image/jpeg
content-length: 12966
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 7dc980d17287ae9ee7025c2e4a7c9860
eadd9bb57d54645eb7d28d8c119347d401e6b380
6d06805d66137aa2e5d36809704cc9b704b318f75574bc084763ff1055b28210
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 14 Jan 2023 03:14:18 GMT
Expires: Sat, 21 Jan 2023 03:14:17 GMT
Etag: "eadd9bb57d54645eb7d28d8c119347d401e6b380"
Cache-Control: max-age=468831,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78a01c3909e2b4eb-OSL
static-cache.k2s.cc/thumbnail/LOvC73OvzK-5rDnEqw/w320h240/0.jpeg
188.72.235.184200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LOvC73OvzK-5rDnEqw/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 539fcf39d3592eca30a1b21ec543414f
820b86ebfd3d46602412924d8e6a1904fd363777
7356dc46e0b6c2fd7e399abe772af9bc2c84430d54d451adc344adb6a99abf03
GET /thumbnail/LOvC73OvzK-5rDnEqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: image/jpeg
content-length: 10091
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png
142.132.194.196200 OK 4.5 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png
IP 142.132.194.196:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 58be17b22d6e1178a54c92cf862c817e
b821bc2f016751647df49e49863077e927a70322
9cc4f3f40313b08baf54c956685ac7a21ac8a3573908b9763865c6f613ce1b5f
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: image/png
Content-Length: 4456
Last-Modified: Wed, 03 Aug 2022 08:24:07 GMT
Connection: keep-alive
ETag: "62ea30a7-1168"
Accept-Ranges: bytes
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 3.0 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (6747), with no line terminators
Hash 59bfe41ee6cef9ca244ce2ccc440461c
b17092c025adaec6dfefc32436cd49186ce68248
a29909184fd3de5692bc18aaaa321f489945f10f2f995ececda8ad4a141d0671
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c42ed12ed188.951072042755203678%22%3B%7D; expires=Tue, 14-Jan-2025 16:50:25 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5571), with no line terminators
Hash de76af1aa155bb38cee2019bcb026a16
7a9c62ed2deca6fc4e38c27dce8f2a9a42318278
995f7d2c7c1312d4bebd30327e9e7977254752394bbc37884262e7533796d5f5
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c42ed124da46.007995351826887210%22%3B%7D; expires=Tue, 14-Jan-2025 16:50:25 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 3.0 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (6714), with no line terminators
Hash dfd31de9efbf32e6be6c265fec8f6d3c
5968e561eeb6adfe080718a003f6935e03c3a333
2a59fcaf5bca5ee392b71159c66cf25b5afa487c92203d2f7cfa1f2619cfc2ff
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c42ed14447d1.277598082350998527%22%3B%7D; expires=Tue, 14-Jan-2025 16:50:25 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDMQz8lf5AzMiSvHbuvbYQ6AfYG4ccQgpJFlqYj693Q3urBqGRGL0iou4gO/EXkb1jH51FQkGwGMSNb+8HmvBaH8utXs69Xh7n++dym3uYL0ujxQQv9JSsJJYJ0ESbcvJidOTBi2gBJ5/EUxwFUImB6Gq2sgBEz1D1CTp6CjP4+nHYXCgByZwRHMl6zzrCBsfXOqa23Mqpn2ZvfiypijbNSEevYl21rkLW8O8HeCIIZOxi/C0M7GQLw8CN1fv3dSb/BPYMvnUZbdwtZPJ6Mjumni13qZKzK3rr2gVNgR8SyGuUdQEAAA==
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDMQz8lf5AzMiSvHbuvbYQ6AfYG4ccQgpJFlqYj693Q3urBqGRGL0iou4gO/EXkb1jH51FQkGwGMSNb+8HmvBaH8utXs69Xh7n++dym3uYL0ujxQQv9JSsJJYJ0ESbcvJidOTBi2gBJ5/EUxwFUImB6Gq2sgBEz1D1CTp6CjP4+nHYXCgByZwRHMl6zzrCBsfXOqa23Mqpn2ZvfiypijbNSEevYl21rkLW8O8HeCIIZOxi/C0M7GQLw8CN1fv3dSb/BPYMvnUZbdwtZPJ6Mjumni13qZKzK3rr2gVNgR8SyGuUdQEAAA==
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPy2oDMQz8lf5AzMiSvHbuvbYQ6AfYG4ccQgpJFlqYj693Q3urBqGRGL0iou4gO/EXkb1jH51FQkGwGMSNb+8HmvBaH8utXs69Xh7n++dym3uYL0ujxQQv9JSsJJYJ0ESbcvJidOTBi2gBJ5/EUxwFUImB6Gq2sgBEz1D1CTp6CjP4+nHYXCgByZwRHMl6zzrCBsfXOqa23Mqpn2ZvfiypijbNSEevYl21rkLW8O8HeCIIZOxi/C0M7GQLw8CN1fv3dSb/BPYMvnUZbdwtZPJ6Mjumni13qZKzK3rr2gVNgR8SyGuUdQEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c42ed124da46.007995351826887210%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Tue, 14 Jan 2025 16:50:25 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.bestcontentfood.top/warp/4787912?r=29994
172.64.175.26200 OK 1.8 kB URL HTTP/2 a.bestcontentfood.top/warp/4787912?r=29994
IP 172.64.175.26:0
File type ASCII text, with very long lines (4178), with no line terminators
Hash 209a1cc4e5100f0dedce307347fb03d7
5d93b1d4570c04fae3fa3cf9399f862494e3823f
4054653f670cb78367c610d39ff8e16cbe5909776106432d4669de61b5278ea4
GET /warp/4787912?r=29994 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fGdlj0Y7M3NLr77ABT9iohkvL%2BvDLLnD9MKQ%2B6w2CnFCAfSBrS%2FFYiYWKfSy%2FcsXQxwXdB0z6g2eQViCIY87izmpjenLU1mYirmIAAEC9%2FwtF1BG8kQN1NsLklM9TeVCa%2FIFsLx0j1E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c3bab0475e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0d9ddff4e33dde5402a3fb8384eef010
d30a5e3e69282e81de270768cc92eab223f66142
80116b528703c57e02fb15a4acf399ab2f6dfc7dbc7a7681ea619c22db995dfd
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "80116B528703C57E02FB15A4ACF399AB2F6DFC7DBC7A7681EA619C22DB995DFD"
Last-Modified: Fri, 13 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15673
Expires: Sun, 15 Jan 2023 21:11:38 GMT
Date: Sun, 15 Jan 2023 16:50:25 GMT
Connection: keep-alive
s3t3d2y8.afcdn.net/library/623611/149fb0f87041aabe2ff8dab2e20b4d61023420a1.jpg
185.76.9.14200 OK 11 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/149fb0f87041aabe2ff8dab2e20b4d61023420a1.jpg
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "Resized on https://ezgif.com/resize", baseline, precision 8, 300x300, components 3\012- data
Hash 30fc1bea5bc68388706ef924d7513aee
149fb0f87041aabe2ff8dab2e20b4d61023420a1
de9c0ed48ef00244aa5cd5384c12f61a24f0dd2d1027b7e19e1e4cfd0c414320
GET /library/623611/149fb0f87041aabe2ff8dab2e20b4d61023420a1.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: image/jpeg
content-length: 11427
last-modified: Mon, 25 May 2020 13:34:44 GMT
etag: "5ecbc974-2ca3"
expires: Tue, 24 Oct 2023 16:35:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1702150580
server: CDN77-Turbo
x-77-nzt: AblMCQ2Vs6T/naAwAA
x-77-nzt-ray: c0a4cc28c985f140d12ec463fe08e21b
x-cache: HIT
x-age: 3186845
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 2.7 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5688), with no line terminators
Hash fdf428c27db620a265bc4be9a5334262
4234f4ee027e6c2b2f3e1175e89a3dec68fd061a
75a8b2407eb563bdd3c3a7c853f6378b337e1d477ab190ff3ea1984b109e347b
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c42ed124da46.007995351826887210%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VQQWoDMQz8Sj+wZiRLsp17ry0E+gB71yGHkEKShRb0+Ho3tLdqEBqJGRjE4DiBJtIXooPiwOqFQkEQDqTib+9HF/Jrfay3ejn3enmc75/rbe5hvqzNhQ1aXM2kmJcERHNJ2XSsijx4oVjgSROp8TjAo2OANYpsLADkGf76cdybnAJM1Bk+li3C5pLB8bU5SztxP1lqaJ2tZ54jt1YyRY0dumxCr+Hf0HgioFgcWv49DEy0j1HwndX793V2/xPIc+juEpeRm9xTLn2p0ZTigmqp5KUu4zFkaDMT/wCPWLJuaAEAAA==
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VQQWoDMQz8Sj+wZiRLsp17ry0E+gB71yGHkEKShRb0+Ho3tLdqEBqJGRjE4DiBJtIXooPiwOqFQkEQDqTib+9HF/Jrfay3ejn3enmc75/rbe5hvqzNhQ1aXM2kmJcERHNJ2XSsijx4oVjgSROp8TjAo2OANYpsLADkGf76cdybnAJM1Bk+li3C5pLB8bU5SztxP1lqaJ2tZ54jt1YyRY0dumxCr+Hf0HgioFgcWv49DEy0j1HwndX793V2/xPIc+juEpeRm9xTLn2p0ZTigmqp5KUu4zFkaDMT/wCPWLJuaAEAAA==
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VQQWoDMQz8Sj+wZiRLsp17ry0E+gB71yGHkEKShRb0+Ho3tLdqEBqJGRjE4DiBJtIXooPiwOqFQkEQDqTib+9HF/Jrfay3ejn3enmc75/rbe5hvqzNhQ1aXM2kmJcERHNJ2XSsijx4oVjgSROp8TjAo2OANYpsLADkGf76cdybnAJM1Bk+li3C5pLB8bU5SztxP1lqaJ2tZ54jt1YyRY0dumxCr+Hf0HgioFgcWv49DEy0j1HwndX793V2/xPIc+juEpeRm9xTLn2p0ZTigmqp5KUu4zFkaDMT/wCPWLJuaAEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c42ed14447d1.277598082350998527%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Tue, 14 Jan 2025 16:50:25 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/426059/3eefbe7d1308e9819ce22e32b9e96a101978f980.jpg
185.76.9.14200 OK 25 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/3eefbe7d1308e9819ce22e32b9e96a101978f980.jpg
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 07c4c3475e63e0356d7e483b2a2eaeab
3eefbe7d1308e9819ce22e32b9e96a101978f980
feec79cd582dc5e63732bf73a2b043e9375cc8c2ce80ad35b71b9eb6e9be9c43
GET /library/426059/3eefbe7d1308e9819ce22e32b9e96a101978f980.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: image/jpeg
content-length: 24886
last-modified: Wed, 07 Sep 2022 14:52:34 GMT
etag: "6318b032-6136"
expires: Thu, 11 Jan 2024 16:00:08 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1704988923
server: CDN77-Turbo
x-77-nzt: AblMCQ31Xxv/VlEFAA
x-77-nzt-ray: c0a4cc28c985f140d12ec463fb1a411e
x-cache: HIT
x-age: 348502
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WPTWoDMQyFr9ILjJGsH9tZt9sWUnIA2+Mhi5BCkoEWdPhqEppd/Yz9IfSEXoRIE+CE8oK4E9hFsYKhQOAYUNjeP/bGaOd6Wy/1dBz1dDtev9ZLH6Gf1mYaSRFNVLmolQRAapyyKoAJZKOCUjT7kJwoM5hfMnBFIeaNAgBEy2Bvh70dPl+9UtxmaBHM322HDdkZvsGUOscxY+S5sro7lSIkmKPmnCKCzToIE3IZ2lovqWrTOaVauS3OtA2yGv5NBQ8FJJVtjb+Ca8L75wfsTvX6c+5mz4ZHJpOnC80zjzbion3psHAVGNy7R1yWJtRx/ALLMl1lhwEAAA==
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WPTWoDMQyFr9ILjJGsH9tZt9sWUnIA2+Mhi5BCkoEWdPhqEppd/Yz9IfSEXoRIE+CE8oK4E9hFsYKhQOAYUNjeP/bGaOd6Wy/1dBz1dDtev9ZLH6Gf1mYaSRFNVLmolQRAapyyKoAJZKOCUjT7kJwoM5hfMnBFIeaNAgBEy2Bvh70dPl+9UtxmaBHM322HDdkZvsGUOscxY+S5sro7lSIkmKPmnCKCzToIE3IZ2lovqWrTOaVauS3OtA2yGv5NBQ8FJJVtjb+Ca8L75wfsTvX6c+5mz4ZHJpOnC80zjzbion3psHAVGNy7R1yWJtRx/ALLMl1lhwEAAA==
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3WPTWoDMQyFr9ILjJGsH9tZt9sWUnIA2+Mhi5BCkoEWdPhqEppd/Yz9IfSEXoRIE+CE8oK4E9hFsYKhQOAYUNjeP/bGaOd6Wy/1dBz1dDtev9ZLH6Gf1mYaSRFNVLmolQRAapyyKoAJZKOCUjT7kJwoM5hfMnBFIeaNAgBEy2Bvh70dPl+9UtxmaBHM322HDdkZvsGUOscxY+S5sro7lSIkmKPmnCKCzToIE3IZ2lovqWrTOaVauS3OtA2yGv5NBQ8FJJVtjb+Ca8L75wfsTvX6c+5mz4ZHJpOnC80zjzbion3psHAVGNy7R1yWJtRx/ALLMl1lhwEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c42ed14447d1.277598082350998527%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263c42ed124da46.007995351826887210%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Tue, 14 Jan 2025 16:50:25 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.246200 OK 3.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (6825), with no line terminators
Hash b7d076c702384fe7ca07a7c4bea68e0a
11e15c9f0d93c57c7f241378c34829102011d10b
2c79e2a4d775c810ab2a40268e00758e50fb62f191bacfe1ea4545ffc87ef352
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c42ed124da46.007995351826887210%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/426059/b2f223ae2e7060b221ee7e48e3365c2abc6ad9ac.jpg
185.76.9.14200 OK 15 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/b2f223ae2e7060b221ee7e48e3365c2abc6ad9ac.jpg
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 2332b328c5758fc2ab0ecda8869060eb
b2f223ae2e7060b221ee7e48e3365c2abc6ad9ac
8f1f97f68cd516feaed45d9ee276cd80a5604ebcdb2f44920c458b86d6a9bc0f
GET /library/426059/b2f223ae2e7060b221ee7e48e3365c2abc6ad9ac.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: image/jpeg
content-length: 15221
last-modified: Wed, 07 Sep 2022 14:52:36 GMT
etag: "6318b034-3b75"
expires: Fri, 27 Oct 2023 11:14:04 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1704988868
server: CDN77-Turbo
x-77-nzt: AblMCQ1+VbL/jVEFAA
x-77-nzt-ray: c0a4cc28c985f140d12ec46304994824
x-cache: HIT
x-age: 348557
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPQWoDMQz8Sj8QI8mSbOXeawuBPsBxNuSwpJBkoYV5fL0b2ls1CI2ERoyEJO+Id2wvzHujvRiCU1BSSWyKt/cDlHFtj+XW5svU5sfl/rnc+pT6vByh4mQBc9dwRCHKDi3VLQRGdfDgHIRihc1FoIQMGhDLqitLRIxKeP04bMngRK4GIYxmtbCqdHD6InjuKtOJRU9NfYhLhGXjKl5rESacuEbL02gmyeq1nYv3qKyUq9VW1kNo6d+n6IlEQT525XcwsOOtjCBsrN2/rx34W9BnsU2l0PEXAyXrRKu5cyPNpbt4aXW49s5d4vgDzyw4VogBAAA=
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPQWoDMQz8Sj8QI8mSbOXeawuBPsBxNuSwpJBkoYV5fL0b2ls1CI2ERoyEJO+Id2wvzHujvRiCU1BSSWyKt/cDlHFtj+XW5svU5sfl/rnc+pT6vByh4mQBc9dwRCHKDi3VLQRGdfDgHIRihc1FoIQMGhDLqitLRIxKeP04bMngRK4GIYxmtbCqdHD6InjuKtOJRU9NfYhLhGXjKl5rESacuEbL02gmyeq1nYv3qKyUq9VW1kNo6d+n6IlEQT525XcwsOOtjCBsrN2/rx34W9BnsU2l0PEXAyXrRKu5cyPNpbt4aXW49s5d4vgDzyw4VogBAAA=
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPQWoDMQz8Sj8QI8mSbOXeawuBPsBxNuSwpJBkoYV5fL0b2ls1CI2ERoyEJO+Id2wvzHujvRiCU1BSSWyKt/cDlHFtj+XW5svU5sfl/rnc+pT6vByh4mQBc9dwRCHKDi3VLQRGdfDgHIRihc1FoIQMGhDLqitLRIxKeP04bMngRK4GIYxmtbCqdHD6InjuKtOJRU9NfYhLhGXjKl5rESacuEbL02gmyeq1nYv3qKyUq9VW1kNo6d+n6IlEQT525XcwsOOtjCBsrN2/rx34W9BnsU2l0PEXAyXrRKu5cyPNpbt4aXW49s5d4vgDzyw4VogBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c42ed14447d1.277598082350998527%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263c42ed124da46.007995351826887210%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263c42ed124da46.007995351826887210%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0490099501%22%7D; expires=Tue, 14 Jan 2025 16:50:25 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0d9ddff4e33dde5402a3fb8384eef010
d30a5e3e69282e81de270768cc92eab223f66142
80116b528703c57e02fb15a4acf399ab2f6dfc7dbc7a7681ea619c22db995dfd
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "80116B528703C57E02FB15A4ACF399AB2F6DFC7DBC7A7681EA619C22DB995DFD"
Last-Modified: Fri, 13 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15673
Expires: Sun, 15 Jan 2023 21:11:38 GMT
Date: Sun, 15 Jan 2023 16:50:25 GMT
Connection: keep-alive
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.227200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 13 Jan 2023 13:33:12 GMT
expires: Sat, 13 Jan 2024 13:33:12 GMT
cache-control: public, max-age=31536000
age: 184633
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ffa4176a77544b2eb9550ee2bafbd578
a2473bfa84349de504b4784106d96dd065aea5bc
0c4cc932462aacd445d8e0a4990693095a92d3664de856339697d6cdaf4b93a2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C4CC932462AACD445D8E0A4990693095A92D3664DE856339697D6CDAF4B93A2"
Last-Modified: Sat, 14 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4243
Expires: Sun, 15 Jan 2023 18:01:08 GMT
Date: Sun, 15 Jan 2023 16:50:25 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ffa4176a77544b2eb9550ee2bafbd578
a2473bfa84349de504b4784106d96dd065aea5bc
0c4cc932462aacd445d8e0a4990693095a92d3664de856339697d6cdaf4b93a2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C4CC932462AACD445D8E0A4990693095A92D3664DE856339697D6CDAF4B93A2"
Last-Modified: Sat, 14 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4243
Expires: Sun, 15 Jan 2023 18:01:08 GMT
Date: Sun, 15 Jan 2023 16:50:25 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ffa4176a77544b2eb9550ee2bafbd578
a2473bfa84349de504b4784106d96dd065aea5bc
0c4cc932462aacd445d8e0a4990693095a92d3664de856339697d6cdaf4b93a2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C4CC932462AACD445D8E0A4990693095A92D3664DE856339697D6CDAF4B93A2"
Last-Modified: Sat, 14 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4243
Expires: Sun, 15 Jan 2023 18:01:08 GMT
Date: Sun, 15 Jan 2023 16:50:25 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ffa4176a77544b2eb9550ee2bafbd578
a2473bfa84349de504b4784106d96dd065aea5bc
0c4cc932462aacd445d8e0a4990693095a92d3664de856339697d6cdaf4b93a2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C4CC932462AACD445D8E0A4990693095A92D3664DE856339697D6CDAF4B93A2"
Last-Modified: Sat, 14 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4243
Expires: Sun, 15 Jan 2023 18:01:08 GMT
Date: Sun, 15 Jan 2023 16:50:25 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7af9a54c82583043d886c78ee815c9d2
25dfc9caf5112336de6c4e10cf5853c2ba9b6ff9
c750f34af5f71d63ee73b7648e97bd53acbe3dd15824a8974ccef8b7b0b80230
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C750F34AF5F71D63EE73B7648E97BD53ACBE3DD15824A8974CCEF8B7B0B80230"
Last-Modified: Sun, 15 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5516
Expires: Sun, 15 Jan 2023 18:22:21 GMT
Date: Sun, 15 Jan 2023 16:50:25 GMT
Connection: keep-alive
a.medfoodsafety.com/loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true
172.64.139.21200 OK 1.1 kB URL HTTP/2 a.medfoodsafety.com/loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true
IP 172.64.139.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 66687f248133e6ce47a5038ce437021b
714cc7759a5439ee9cdf0a5aa792890d754dafab
884f0d32bb6df11607bdc4f9c2d8e53a25fb1972ab2bdbe12ea22ed7c1caafe3
GET /loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O8e1jJ%2FWNCJ09Fe7WKj%2BH5tepROl1jNW%2BFZoZb52IuuGdlJyF%2B7raTZjU%2BC7hM0Z0wiC6C8T32IQIiFmfmAFXg5%2FS44PqAB3SdVbvwjirvbXXxvd5l038RLeWGy9ZqVhlmD3GL1D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c3d6a0223ea-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.medfoodsafety.com/i?tid=2f8fbc12-07a4-4e9d-8e07-4f5e414bdd35&cf=afgch0adbe
172.64.139.21200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=2f8fbc12-07a4-4e9d-8e07-4f5e414bdd35&cf=afgch0adbe
IP 172.64.139.21:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=2f8fbc12-07a4-4e9d-8e07-4f5e414bdd35&cf=afgch0adbe HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvkyiOyKBFYP%2BjLVLRygfXuI4gss%2F5b3jYHQ%2BAqf6PC1l0K1h3kj2esqFcXvxsRAsm7avLo0XY6nKwnWc4qKg%2BpgoVQn5bRdEua3T7I1SUDrI0CzjIlJPBz6tnqz7HBfTE0u0QMR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c3efccf23ea-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d6411127434a647f0e65750ae8c595f2
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4e515f257510d4d61744464c2c4823e2
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 03fbf68a6d8a1006e31b64db398fa7c5
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a3af69c4-a843-4a0c-adac-3043959c5b5d&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 39c42d781bad557f921e7f407a67a3db
Strict-Transport-Security: max-age=0; includeSubdomains
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 15 Jan 2023 16:50:25 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: "5f6dbe8d-12fee"
Expires: Mon, 16 Jan 2023 08:33:53 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgFU0yv/YHQAAA
X-77-NZT-Ray: 382b0f197dedc32fd12ec463ae994437
X-Cache: HIT
X-Age: 29792
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 427e4c67bc40de254940a5c409cab416
4df8812a4e6f04b5c70534693005051ced92eb3e
faf26732fd12c80ace44c92e17786c06688d75c91d59c59a9a3afa59fa402d9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAF26732FD12C80ACE44C92E17786C06688D75C91D59C59A9A3AFA59FA402D9B"
Last-Modified: Sat, 14 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13205
Expires: Sun, 15 Jan 2023 20:30:31 GMT
Date: Sun, 15 Jan 2023 16:50:26 GMT
Connection: keep-alive
track.trackingtraffo.com/push/ic?auth=pz6u78&c=9PQVFv6MvxpbZwkvTDNxnp_IQwg3X3Otgqy0CGOivEFvEGFhEP-w8EIFtgMbpktmEAl2GKITTl2RtX1zz7MiLvWS9x1B1rCxZOuIjWEenBRYPmaUw8dUqTsTUjz0VI--5RWaBMQeSzKQLYpRsnKYe1JKgeF_RxsrwUEBR2mjFeU-O5u8XYMLdFK9m6gopJ9uGyIz5pqgxECidrR-kLUSyoaHozWAqUpRNflJ2rd4N7ir7F2MVGLG_mXTNNVdeDQ2EKarcd0cxowMgAb0s5PJoE3pCXdLfgl05F-yE-1bG0Pp9XH4Y56AOcssXARZE1bQ1xInALLpIC-BGBAclQfPBeFpZy6fFSNUM0zjv7M0vdSLUvMNz3367rH9JSYJAhOly1ArsfSM12gOocQKkDUMW6SXVL6k0XvZuTGjo2mr3VzIQ2vPwHXxD43ZuHsDZWvAAjZOqgRTBcDhmO6hCDkNS9PqMpQ_k_9Pj2xMQ-6x33E4-OG8rt4U5aEBLmUMVwJlO_iSOgIbfSycIpMoWF8AgfnvnvVmnB9ftJUrAiOe_4I_cd6DRm5rPvtbFBgKebTm46z-JhI2DFhHTlik6I8Motsnmfy3XFOrhwypyq3zW7n3_R0X
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=pz6u78&c=9PQVFv6MvxpbZwkvTDNxnp_IQwg3X3Otgqy0CGOivEFvEGFhEP-w8EIFtgMbpktmEAl2GKITTl2RtX1zz7MiLvWS9x1B1rCxZOuIjWEenBRYPmaUw8dUqTsTUjz0VI--5RWaBMQeSzKQLYpRsnKYe1JKgeF_RxsrwUEBR2mjFeU-O5u8XYMLdFK9m6gopJ9uGyIz5pqgxECidrR-kLUSyoaHozWAqUpRNflJ2rd4N7ir7F2MVGLG_mXTNNVdeDQ2EKarcd0cxowMgAb0s5PJoE3pCXdLfgl05F-yE-1bG0Pp9XH4Y56AOcssXARZE1bQ1xInALLpIC-BGBAclQfPBeFpZy6fFSNUM0zjv7M0vdSLUvMNz3367rH9JSYJAhOly1ArsfSM12gOocQKkDUMW6SXVL6k0XvZuTGjo2mr3VzIQ2vPwHXxD43ZuHsDZWvAAjZOqgRTBcDhmO6hCDkNS9PqMpQ_k_9Pj2xMQ-6x33E4-OG8rt4U5aEBLmUMVwJlO_iSOgIbfSycIpMoWF8AgfnvnvVmnB9ftJUrAiOe_4I_cd6DRm5rPvtbFBgKebTm46z-JhI2DFhHTlik6I8Motsnmfy3XFOrhwypyq3zW7n3_R0X
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=pz6u78&c=9PQVFv6MvxpbZwkvTDNxnp_IQwg3X3Otgqy0CGOivEFvEGFhEP-w8EIFtgMbpktmEAl2GKITTl2RtX1zz7MiLvWS9x1B1rCxZOuIjWEenBRYPmaUw8dUqTsTUjz0VI--5RWaBMQeSzKQLYpRsnKYe1JKgeF_RxsrwUEBR2mjFeU-O5u8XYMLdFK9m6gopJ9uGyIz5pqgxECidrR-kLUSyoaHozWAqUpRNflJ2rd4N7ir7F2MVGLG_mXTNNVdeDQ2EKarcd0cxowMgAb0s5PJoE3pCXdLfgl05F-yE-1bG0Pp9XH4Y56AOcssXARZE1bQ1xInALLpIC-BGBAclQfPBeFpZy6fFSNUM0zjv7M0vdSLUvMNz3367rH9JSYJAhOly1ArsfSM12gOocQKkDUMW6SXVL6k0XvZuTGjo2mr3VzIQ2vPwHXxD43ZuHsDZWvAAjZOqgRTBcDhmO6hCDkNS9PqMpQ_k_9Pj2xMQ-6x33E4-OG8rt4U5aEBLmUMVwJlO_iSOgIbfSycIpMoWF8AgfnvnvVmnB9ftJUrAiOe_4I_cd6DRm5rPvtbFBgKebTm46z-JhI2DFhHTlik6I8Motsnmfy3XFOrhwypyq3zW7n3_R0X HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 15 Jan 2023 16:50:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National Casino black.png
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1673801425612&t_i=1673801425937&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=23a13500-65c2-4813-a018-0c98e7ffcc94&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=b528b3b0-94f4-11ed-bfd4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1673801425937&fpid=&feid_sa=1673801425937&sid_sa=1673801425937&feid=8f9850f950b2688ed95def7171a97ec1&sid=bd3617768e0e3ffb5b5ae896f9933b08&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.437
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1673801425612&t_i=1673801425937&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=23a13500-65c2-4813-a018-0c98e7ffcc94&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=b528b3b0-94f4-11ed-bfd4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1673801425937&fpid=&feid_sa=1673801425937&sid_sa=1673801425937&feid=8f9850f950b2688ed95def7171a97ec1&sid=bd3617768e0e3ffb5b5ae896f9933b08&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.437
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1673801425612&t_i=1673801425937&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=23a13500-65c2-4813-a018-0c98e7ffcc94&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=b528b3b0-94f4-11ed-bfd4-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1673801425937&fpid=&feid_sa=1673801425937&sid_sa=1673801425937&feid=8f9850f950b2688ed95def7171a97ec1&sid=bd3617768e0e3ffb5b5ae896f9933b08&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.437 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 15 Jan 2023 16:50:26 GMT
Content-Length: 0
Connection: keep-alive
static.javhd.com/h5/files/overlay/1142-overlay-preview.png
185.76.9.18200 OK 731 B URL HTTP/2 static.javhd.com/h5/files/overlay/1142-overlay-preview.png
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash cf636f543f2dde28b2343dcaf6d8e658
de9f6ab0500c3503be5df3404b7a144c033da904
204ebde2ec395135f92bf5c7dac63ef66bacab9eecb38c406d26027f450b5c8f
GET /h5/files/overlay/1142-overlay-preview.png HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26cv9%3D636bc5d561d6e27071201a23%26externalId%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:26 GMT
content-type: image/png
content-length: 731
last-modified: Tue, 07 May 2019 11:52:14 GMT
etag: "5cd1716e-2db"
expires: Tue, 23 May 2023 11:05:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839934
server: CDN77-Turbo
x-77-nzt: AblMCQ3CRiP/VMQ4AQ
x-77-nzt-ray: c0a4cc28c68e5e47d22ec46352ecb40c
x-cache: HIT
x-age: 20497492
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.javhd.com/h5/files/overlay/1142-overlay.png
185.76.9.18200 OK 2.3 kB URL HTTP/2 static.javhd.com/h5/files/overlay/1142-overlay.png
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash c94604cd6e0f48b99f838935401390da
e31e1114a05ab87d88402038f4423354c66356ca
182fcef8cb4c0c0aaf6253a6fff930613b850c4867043169e98087cd6c3388d9
GET /h5/files/overlay/1142-overlay.png HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26cv9%3D636bc5d561d6e27071201a23%26externalId%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:26 GMT
content-type: image/png
content-length: 2331
last-modified: Tue, 07 May 2019 11:52:13 GMT
etag: "5cd1716d-91b"
expires: Tue, 23 May 2023 11:05:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839934
server: CDN77-Turbo
x-77-nzt: AblMCQ2y/qr/VMQ4AQ
x-77-nzt-ray: c0a4cc28c68e5e47d22ec463ae15b80c
x-cache: HIT
x-age: 20497492
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.javhd.com/h5/files/button/29-button.png
185.76.9.18200 OK 733 B URL HTTP/2 static.javhd.com/h5/files/button/29-button.png
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 82a66a2d222379716ca9a03ff50d8f42
ae43d917ff791f9172edc527baa6266416182aaa
cc5da7b40e498d30bf5eaae43e59cae32202737076422676489dd8d3030803de
GET /h5/files/button/29-button.png HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26cv9%3D636bc5d561d6e27071201a23%26externalId%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:26 GMT
content-type: image/png
content-length: 733
last-modified: Tue, 22 Dec 2015 18:41:22 GMT
etag: "56799952-2dd"
expires: Tue, 23 May 2023 11:04:47 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839887
server: CDN77-Turbo
x-77-nzt: AblMCQ1KFb3/g8Q4AQ
x-77-nzt-ray: c0a4cc28c68e5e47d22ec463a5d3ba0c
x-cache: HIT
x-age: 20497539
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
track.trackingtraffo.com/push/ic?auth=pz6u78&c=9PQVFv6MvxpbZwkvTDNxnp_IQwg3X3Otgqy0CGOivEFvEGFhEP-w8EIFtgMbpktmEAl2GKITTl2RtX1zz7MiLvWS9x1B1rCxZOuIjWEenBRYPmaUw8dUqTsTUjz0VI--5RWaBMQeSzKQLYpRsnKYe1JKgeF_RxsrwUEBR2mjFeU-O5u8XYMLdFK9m6gopJ9uGyIz5pqgxECidrR-kLUSyoaHozWAqUpRNflJ2rd4N7ir7F2MVGLG_mXTNNVdeDQ2EKarcd0cxowMgAb0s5PJoE3pCXdLfgl05F-yE-1bG0Pp9XH4Y56AOcssXARZE1bQ1xInALLpIC-BGBAclQfPBeFpZy6fFSNUM0zjv7M0vdSLUvMNz3367rH9JSYJAhOly1ArsfSM12gOocQKkDUMW6SXVL6k0XvZuTGjo2mr3VzIQ2vPwHXxD43ZuHsDZWvAAjZOqgRTBcDhmO6hCDkNS9PqMpQ_k_9Pj2xMQ-6x33E4-OG8rt4U5aEBLmUMVwJlO_iSOgIbfSycIpMoWF8AgfnvnvVmnB9ftJUrAiOe_4I_cd6DRm5rPvtbFBgKebTm46z-JhI2DFhHTlik6I8Motsnmfy3XFOrhwypyq3zW7n3_R0X
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=pz6u78&c=9PQVFv6MvxpbZwkvTDNxnp_IQwg3X3Otgqy0CGOivEFvEGFhEP-w8EIFtgMbpktmEAl2GKITTl2RtX1zz7MiLvWS9x1B1rCxZOuIjWEenBRYPmaUw8dUqTsTUjz0VI--5RWaBMQeSzKQLYpRsnKYe1JKgeF_RxsrwUEBR2mjFeU-O5u8XYMLdFK9m6gopJ9uGyIz5pqgxECidrR-kLUSyoaHozWAqUpRNflJ2rd4N7ir7F2MVGLG_mXTNNVdeDQ2EKarcd0cxowMgAb0s5PJoE3pCXdLfgl05F-yE-1bG0Pp9XH4Y56AOcssXARZE1bQ1xInALLpIC-BGBAclQfPBeFpZy6fFSNUM0zjv7M0vdSLUvMNz3367rH9JSYJAhOly1ArsfSM12gOocQKkDUMW6SXVL6k0XvZuTGjo2mr3VzIQ2vPwHXxD43ZuHsDZWvAAjZOqgRTBcDhmO6hCDkNS9PqMpQ_k_9Pj2xMQ-6x33E4-OG8rt4U5aEBLmUMVwJlO_iSOgIbfSycIpMoWF8AgfnvnvVmnB9ftJUrAiOe_4I_cd6DRm5rPvtbFBgKebTm46z-JhI2DFhHTlik6I8Motsnmfy3XFOrhwypyq3zW7n3_R0X
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=pz6u78&c=9PQVFv6MvxpbZwkvTDNxnp_IQwg3X3Otgqy0CGOivEFvEGFhEP-w8EIFtgMbpktmEAl2GKITTl2RtX1zz7MiLvWS9x1B1rCxZOuIjWEenBRYPmaUw8dUqTsTUjz0VI--5RWaBMQeSzKQLYpRsnKYe1JKgeF_RxsrwUEBR2mjFeU-O5u8XYMLdFK9m6gopJ9uGyIz5pqgxECidrR-kLUSyoaHozWAqUpRNflJ2rd4N7ir7F2MVGLG_mXTNNVdeDQ2EKarcd0cxowMgAb0s5PJoE3pCXdLfgl05F-yE-1bG0Pp9XH4Y56AOcssXARZE1bQ1xInALLpIC-BGBAclQfPBeFpZy6fFSNUM0zjv7M0vdSLUvMNz3367rH9JSYJAhOly1ArsfSM12gOocQKkDUMW6SXVL6k0XvZuTGjo2mr3VzIQ2vPwHXxD43ZuHsDZWvAAjZOqgRTBcDhmO6hCDkNS9PqMpQ_k_9Pj2xMQ-6x33E4-OG8rt4U5aEBLmUMVwJlO_iSOgIbfSycIpMoWF8AgfnvnvVmnB9ftJUrAiOe_4I_cd6DRm5rPvtbFBgKebTm46z-JhI2DFhHTlik6I8Motsnmfy3XFOrhwypyq3zW7n3_R0X HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 15 Jan 2023 16:50:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National Casino black.png
static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26cv9%3D636bc5d561d6e27071201a23%26externalId%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
185.76.9.18200 OK 6.3 kB URL HTTP/2 static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26cv9%3D636bc5d561d6e27071201a23%26externalId%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
Hash df78cba9987340267e08455a81fd3ebb
4c2dc60195b58b27c0e22cfe3699d79f1c5c521c
5e86ab827fe2aaed51295eed8360daaf266d94c2733f5081eb9f2744665f8afe
GET /h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26cv9%3D636bc5d561d6e27071201a23%26externalId%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://r.trwl1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:26 GMT
content-type: text/html
last-modified: Tue, 07 May 2019 11:54:04 GMT
etag: W/"5cd171dc-11e4"
expires: Tue, 14 Feb 2023 16:50:25 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-accel-expires: @1676393426
server: CDN77-Turbo
x-77-nzt: AblMCQ1OA2uh
x-77-nzt-ray: c0a4cc28c68e5e47d12ec463dfc5803a
x-cache: MISS
x-77-pop: stockholmSE
x-77-cache: MISS
content-encoding: gzip
X-Firefox-Spdy: h2
static.javhd.com/h5/files/css/style.css
185.76.9.18200 OK 544 B URL HTTP/2 static.javhd.com/h5/files/css/style.css
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
Hash 6f973f864887a4827bfa84f6b6fcf746
48c42d07480298969541dde4e730ac6a869294a7
2c3279c5d96f254fe5af06d00aaa8403419ffafefe6676d0374cd85de61e1db8
GET /h5/files/css/style.css HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26cv9%3D636bc5d561d6e27071201a23%26externalId%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:26 GMT
content-type: text/css
last-modified: Wed, 25 May 2016 08:29:12 GMT
etag: W/"57456258-7bd"
expires: Tue, 23 May 2023 11:04:47 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839887
server: CDN77-Turbo
x-77-nzt: AblMCQ11diL/g8Q4AQ
x-77-nzt-ray: c0a4cc28c68e5e47d22ec463861ae90b
x-cache: HIT
x-age: 20497539
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e70b6ce817434d11de5c684098549e3f
c82cb322f6b525720527d1eb0f75809c67e07818
fb2eeb68ae507af37210963954fdd0763d2f93427d3ff642d03ae55bc35bc74f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FB2EEB68AE507AF37210963954FDD0763D2F93427D3FF642D03AE55BC35BC74F"
Last-Modified: Sat, 14 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11993
Expires: Sun, 15 Jan 2023 20:10:19 GMT
Date: Sun, 15 Jan 2023 16:50:26 GMT
Connection: keep-alive
btds.zog.link/in/912/?sid=0&source=562949385&idzone=3830819&w=300&h=250&mo=&ve=&site_id=4692&utm1=tcban_i&utm2=4692&utm3=19775&utm4=&ad_tags=&spot_id=0&p=https%3A%2F%2Fa.naturalhealthsource.club%2F&katds_labels=&btype=0&score=1&bf=0.0001
109.206.175.85302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=562949385&idzone=3830819&w=300&h=250&mo=&ve=&site_id=4692&utm1=tcban_i&utm2=4692&utm3=19775&utm4=&ad_tags=&spot_id=0&p=https%3A%2F%2Fa.naturalhealthsource.club%2F&katds_labels=&btype=0&score=1&bf=0.0001
IP 109.206.175.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=562949385&idzone=3830819&w=300&h=250&mo=&ve=&site_id=4692&utm1=tcban_i&utm2=4692&utm3=19775&utm4=&ad_tags=&spot_id=0&p=https%3A%2F%2Fa.naturalhealthsource.club%2F&katds_labels=&btype=0&score=1&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Sun, 15 Jan 2023 16:50:26 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=562949385&categories={{ad_tags}}
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Mon, 16 Jan 2023 16:50:26 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
static.javhd.com/h5/files/js/video.js
185.76.9.18200 OK 37 kB URL HTTP/2 static.javhd.com/h5/files/js/video.js
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
Hash 3810aa6092f663269f6779a2ed1f3e0c
b0e9de48e86ab520bbeb1b0da5d8c79ebeb3f366
05c30e2747caa56d4244c476801890cfd36b6a1c029f10b5f2f8225ac413c90a
GET /h5/files/js/video.js HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26cv9%3D636bc5d561d6e27071201a23%26externalId%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:26 GMT
content-type: application/x-javascript
last-modified: Tue, 10 Nov 2015 10:24:20 GMT
etag: W/"5641c5d4-1cf02"
expires: Tue, 23 May 2023 11:05:24 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839924
server: CDN77-Turbo
x-77-nzt: AblMCQ0avUj/XsQ4AQ
x-77-nzt-ray: c0a4cc28c68e5e47d22ec4634b36860c
x-cache: HIT
x-age: 20497502
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=562949385&categories={{ad_tags}}
94.130.164.161200 OK 5.6 kB URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=562949385&categories={{ad_tags}}
IP 94.130.164.161:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4400)
Hash e1b5a93222e8e3d619858d5d5504e261
88b90e6cd77efdffb0290e4574d1b68b771aff41
260ac92139123548d36551525e91722b6f0afa69a437162d5b6c57b13d639d61
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=562949385&categories={{ad_tags}} HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:26 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 278d6696f3302498
set-cookie: ts_uid=b89a637c-fe0c-4f85-97a6-41e77d4d1fc3; expires=Sat, 15 Jul 2023 16:50:26 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=xFtXKWHaVH-RcN_Cv0kM7uj2SRXLGPZth_g6fKUHXjhV0FqVBs_rJJxHyvjbXKGej2vx8gWY1msTuOI6GKu6L2lLt9xKlealCzNvru6T5j_Bbwk_gUIDRUi&p1=3761372&buttonColor=%23930606&liveBadgeColor=%23ff0707
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=xFtXKWHaVH-RcN_Cv0kM7uj2SRXLGPZth_g6fKUHXjhV0FqVBs_rJJxHyvjbXKGej2vx8gWY1msTuOI6GKu6L2lLt9xKlealCzNvru6T5j_Bbwk_gUIDRUi&p1=3761372&buttonColor=%23930606&liveBadgeColor=%23ff0707
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=xFtXKWHaVH-RcN_Cv0kM7uj2SRXLGPZth_g6fKUHXjhV0FqVBs_rJJxHyvjbXKGej2vx8gWY1msTuOI6GKu6L2lLt9xKlealCzNvru6T5j_Bbwk_gUIDRUi&p1=3761372&buttonColor=%23930606&liveBadgeColor=%23ff0707 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 15 Jan 2023 16:50:27 GMT
content-length: 0
location: https://creative.xliirdr.com/widgets/v4/Universal?actionButtonPlacement=bottom&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&iterationId=30231&liveBadgeColor=%23ff0707&masterSmartpopId=0&memberId=xFtXKWHaVH-RcN_Cv0kM7uj2SRXLGPZth_g6fKUHXjhV0FqVBs_rJJxHyvjbXKGej2vx8gWY1msTuOI6GKu6L2lLt9xKlealCzNvru6T5j_Bbwk_gUIDRUi&p1=3761372&ruleId=0&showButton=1&showModelName=1&showTitle=&smartpopId=1548&sourceId=271333&thumbSizeKey=big&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=22460
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=808614.22460; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbrr8pJequ8qdmE; SameSite=None; Secure; path=/; expires=Mon, 16-Jan-23 15:50:27 GMT; HttpOnly
server: cloudflare
cf-ray: 78a01c491d101c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4787912?r=50929
172.64.175.26200 OK 0 B URL HTTP/2 a.bestcontentfood.top/warp/4787912?r=50929
IP 172.64.175.26:0
GET /warp/4787912?r=50929 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPZhZ14XRPh9Pq6ybXB8yXg0tDHvc4%2BRNVGOLuAWJT0n2sOfy8Y9t6sdfGRD3JG3nEd47v%2FifP%2Bhvd25HEongHkbMv12cMhJwi8lIO0qHCkXUhAGhL5ABisxxHUN%2FUAKxZqbVtvJHAA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c3a898575e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xliirdr.com/widgets/v4/Universal?actionButtonPlacement=bottom&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&iterationId=30231&liveBadgeColor=%23ff0707&masterSmartpopId=0&memberId=xFtXKWHaVH-RcN_Cv0kM7uj2SRXLGPZth_g6fKUHXjhV0FqVBs_rJJxHyvjbXKGej2vx8gWY1msTuOI6GKu6L2lLt9xKlealCzNvru6T5j_Bbwk_gUIDRUi&p1=3761372&ruleId=0&showButton=1&showModelName=1&showTitle=&smartpopId=1548&sourceId=271333&thumbSizeKey=big&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=22460
104.18.59.150200 OK 0 B URL HTTP/2 creative.xliirdr.com/widgets/v4/Universal?actionButtonPlacement=bottom&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&iterationId=30231&liveBadgeColor=%23ff0707&masterSmartpopId=0&memberId=xFtXKWHaVH-RcN_Cv0kM7uj2SRXLGPZth_g6fKUHXjhV0FqVBs_rJJxHyvjbXKGej2vx8gWY1msTuOI6GKu6L2lLt9xKlealCzNvru6T5j_Bbwk_gUIDRUi&p1=3761372&ruleId=0&showButton=1&showModelName=1&showTitle=&smartpopId=1548&sourceId=271333&thumbSizeKey=big&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=22460
IP 104.18.59.150:0
GET /widgets/v4/Universal?actionButtonPlacement=bottom&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&iterationId=30231&liveBadgeColor=%23ff0707&masterSmartpopId=0&memberId=xFtXKWHaVH-RcN_Cv0kM7uj2SRXLGPZth_g6fKUHXjhV0FqVBs_rJJxHyvjbXKGej2vx8gWY1msTuOI6GKu6L2lLt9xKlealCzNvru6T5j_Bbwk_gUIDRUi&p1=3761372&ruleId=0&showButton=1&showModelName=1&showTitle=&smartpopId=1548&sourceId=271333&thumbSizeKey=big&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=22460 HTTP/1.1
Host: creative.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:27 GMT
content-type: text/html
last-modified: Fri, 23 Dec 2022 13:20:07 GMT
expires: Sun, 15 Jan 2023 16:50:27 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 5
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c4a6c23b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.141.24200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.141.24:0
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:22 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 6b32449e608361ed6808bce775e6c0eb
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 15 Jan 2023 16:50:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXwU9Q9mpkNk4bUHUG92yaWBV1MAEhg0%2BUOYN7FPAmtuzNevLiOYfMrw5sE80NSMscn1ilXAo1BDK2b6%2Fftb5ziW%2BhHqQOFhrlOsxLmQLamGuT08hyBhLO1RWjEy1D1qVyx7f3I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c27e9f676d1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tdXXH7XPaidiOsNBwbh7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tdXXH7XPaidiOsNBwbh7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tdXXH7XPaidiOsNBwbh7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static.javhd.com/h5/files/js/mobile_video_player.min.js
185.76.9.18200 OK 0 B URL HTTP/2 static.javhd.com/h5/files/js/mobile_video_player.min.js
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
GET /h5/files/js/mobile_video_player.min.js HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhd.com/h5/files/10592/300x250.html?targetUrl=http%3A%2F%2Fr.trwl1.com%2Fc1%2F7dd524f6-5653-4001-b2c7-bd4477af0f42%3Fcv1%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26cv9%3D636bc5d561d6e27071201a23%26externalId%3Db528b3b0-94f4-11ed-bfd4-e25a5bb9767f%26p%3DeyJiIjoyNzIyNTIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIxNDIwfQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:26 GMT
content-type: application/x-javascript
last-modified: Tue, 12 Jan 2016 11:55:17 GMT
etag: W/"5694e9a5-7636"
expires: Tue, 23 May 2023 11:05:24 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839924
server: CDN77-Turbo
x-77-nzt: AblMCQ11b8n/XsQ4AQ
x-77-nzt-ray: c0a4cc28c68e5e47d22ec463db33420c
x-cache: HIT
x-age: 20497502
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.tubecorp.com/i/b.html?spot=4692&src=562949385&pid=19775&width=300&height=250&spaceid=859
45.133.44.24200 OK 0 B URL HTTP/2 cdn.tubecorp.com/i/b.html?spot=4692&src=562949385&pid=19775&width=300&height=250&spaceid=859
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /i/b.html?spot=4692&src=562949385&pid=19775&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.20.1
last-modified: Sat, 20 Nov 2021 06:50:54 GMT
etag: W/"df-5d132d021cf80"
x-request-id: 617c4b8bc2ac822d22847e919b29eff1
content-encoding: gzip
expires: Sun, 15 Jan 2023 17:50:25 GMT
cache-control: max-age=3600
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: DP9rHmk9dHXHZHTwlRxhau6OziBtlyUSdlOK5DS+e9VqxKVGG+oBvZSEtxep8X+6DiQe7+grVL84VAZRctuciA==
date: Sun, 15 Jan 2023 16:50:24 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tdXXH7XPaidiOsNBwbh7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tdXXH7XPaidiOsNBwbh7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tdXXH7XPaidiOsNBwbh7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:58 GMT
etag: W/"62ceb706-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5281140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K6RSDnalGpLaHvkV0nNbshHOpWRsr3bL2B5GztUx8AV4f5%2BbkbNe7ymYfcnyXnbpDig1RPjSXya3mGG82pm%2Bv5qmViQOKi1jnpYDEx4IA%2F5k35cWUVjKqrm4F1NRaWecuR6yCgjlBL6Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c2fbbd571e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true
172.64.139.21200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true
IP 172.64.139.21:0
GET /loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yh5oK3IKG5OrKI4pjIkKZzPuA8yUvwjGP4eF0Oy3YLwYlMGfVuH7QmegGFXwfFhonrPJ5QCsUiDwMau3iCmIuV3hsvH54sV4gpF%2Bw%2Fr9N%2BhM85wKuxFFj0PRD2v9jhUoeFPqVPFi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c3e5bbd23ea-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S838904091%3A1673801424448195&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6qQLNB3qhZK1HxGSmDImZs4xRx-Mc5xEEHGsFrtew1e0aXG0wCeVYu7eQUnT6Q0euN1LdyZw
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S838904091%3A1673801424448195&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6qQLNB3qhZK1HxGSmDImZs4xRx-Mc5xEEHGsFrtew1e0aXG0wCeVYu7eQUnT6Q0euN1LdyZw
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S838904091%3A1673801424448195&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6qQLNB3qhZK1HxGSmDImZs4xRx-Mc5xEEHGsFrtew1e0aXG0wCeVYu7eQUnT6Q0euN1LdyZw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 15 Jan 2023 16:50:24 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-pFLC1qapdhUvZJA_pVJ1fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/img/close.svg
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/img/close.svg
IP 172.64.167.9:0
GET /sb/notifications/rtb/social/facebook/1-1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: image/svg+xml
last-modified: Tue, 24 May 2022 12:11:20 GMT
etag: W/"628ccb68-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 794899
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJilltyCSqDCyuVOEktG23Silwnv0rHjLyH7rsL05lVAVJvDbZbojjlXlhLmMEg%2BPyLoDnhU2M7gXRm8s1zJpJgXS1XCkpaSLorMFPb7EJErpWYQ%2FsxNsLU3isPE2b%2FoGLgCnWarwWA7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c2fbbd671e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5281075
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yb4Di2PFF03nKUFErwKc25cJbOGi12V4T4T69eylEPnME%2FBWGJPDLYPz1WDcyN5Q0%2F%2FOlctsh3MMGr40NWyBcaWtZVXQ9CULT%2FLZTvx6jbn0ciJChwrhp7QcApAnWH35y2RKk5AvAbzf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c305c4a7719-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tdXXH7XPaidiOsNBwbh7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/video/618647d3248b9003ff8116ba
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/video/618647d3248b9003ff8116ba
IP 172.64.162.22:0
GET /video/618647d3248b9003ff8116ba HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:19 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=tlo4zl79rdoqtu64rvpb7; Domain=xfantazy.com; Path=/; Expires=Sat, 15 Jan 2033 16:50:19 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Sun, 22 Jan 2023 16:50:19 GMT
experiment-save-to-button-2=0; Path=/; Expires=Sun, 22 Jan 2023 16:50:19 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wr8d1lH%2Be8T0lfg17X2pRZm3WWaWsRuL8d%2BCMfHGAwLjyLj%2FyGBW9%2ByNXsXK0lNSRHxgdD5zA476uAj%2BwA6ed0m39qQT6nZuQWwaMouUMMMX4TWEUHPpN3O9DjtoDmU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a01c180dcd23db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/settings/289411
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/settings/289411
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/settings/289411 HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 15 Jan 2023 16:50:21 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 15 Jan 2023 17:50:23 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:23 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5281075
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pmvEGv6p2gdCKzUTurX4Fgg7ptpqr9G1QLa7Bu0OswQKTOwrY30JbYtztKeqRzgtLvl6%2F39K8iszXrfndrQWHcci%2BH1cTFhrRGoY5WEGdrMHELwKL3Rtc2ZGaR3dvS4NFe%2FAhkgafQ30"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a01c2f4a4b7719-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.18200 OK 0 B URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 15 Jan 2023 16:50:25 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1673946084
server: CDN77-Turbo
x-77-nzt: AblMCQ3D5yX/7ZwNAA
x-77-nzt-ray: c0a4cc2821862742d12ec463c8f37321
x-cache: HIT
x-age: 892141
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ2OTIsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ2OTIsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI1NjI5NDkzODUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NjkyIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NjkyIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImExMzE4NDI2NWJkZDMxMDgwZDUyMGFkZDIyMjhiNWNjIn0sImV4dCI6eyJkdCI6MTY3MzgwMTQyNTk3OX19
116.202.60.158200 OK 0 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ2OTIsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ2OTIsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI1NjI5NDkzODUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NjkyIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NjkyIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImExMzE4NDI2NWJkZDMxMDgwZDUyMGFkZDIyMjhiNWNjIn0sImV4dCI6eyJkdCI6MTY3MzgwMTQyNTk3OX19
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ2OTIsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ2OTIsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI1NjI5NDkzODUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NjkyIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NjkyIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImExMzE4NDI2NWJkZDMxMDgwZDUyMGFkZDIyMjhiNWNjIn0sImV4dCI6eyJkdCI6MTY3MzgwMTQyNTk3OX19 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 15 Jan 2023 16:50:26 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2