xfantazy.com/video/60e796b1fc8074710cdd5c72
172.64.97.10302 Found 0 B URL HTTP/1.1 xfantazy.com/video/60e796b1fc8074710cdd5c72
IP 172.64.97.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/60e796b1fc8074710cdd5c72 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Mon, 30 Jan 2023 05:57:06 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qUCmbw7hAPSUchsy6hsg%2BvnaleEeGdi27Pgvt1mDIV1eq0tmUoyeWvE0zQVfJQZ6ARUMiVQDi2eHYzmYb1MYlyv%2BDZDDbQwbysBRHvTRlaMr2fWxu%2B32WmmNlLOMi8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7917f7d9195623d5-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5121
Expires: Mon, 30 Jan 2023 07:22:27 GMT
Date: Mon, 30 Jan 2023 05:57:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5729
Expires: Mon, 30 Jan 2023 07:32:35 GMT
Date: Mon, 30 Jan 2023 05:57:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8218
Expires: Mon, 30 Jan 2023 08:14:04 GMT
Date: Mon, 30 Jan 2023 05:57:06 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 05:35:41 GMT
content-type: application/json
age: 1285
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6Xp1JHTCoAbwsYMrh6mvuU3pkMEMEXpxVwt71Cth8vI/daVJsCAE2997f6rpua+hyJ/sOM0gd8A=
x-amz-request-id: QVNT07HY1E3QC383
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 05:50:37 GMT
age: 389
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
IP 142.250.74.131:0
Hash bb588d5a960e74f41b52ec710918e786
2d04647f07ce45dc5f194ab23d056ad87b689623
504cf87c35f48e574b9523e3501e018d548f4e38a5a7f27cb638baae4f798055
POST /s/gts1p5/HHuh0f0kcFg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:06 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:06 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 05:49:04 GMT
age: 482
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3525
Expires: Mon, 30 Jan 2023 06:55:51 GMT
Date: Mon, 30 Jan 2023 05:57:06 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
IP 142.250.74.131:0
Hash bb588d5a960e74f41b52ec710918e786
2d04647f07ce45dc5f194ab23d056ad87b689623
504cf87c35f48e574b9523e3501e018d548f4e38a5a7f27cb638baae4f798055
POST /s/gts1p5/HHuh0f0kcFg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:07 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.200.212.223101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.200.212.223:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wo79U95y4pLp03g4EIRDRw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KG7Y/kfyXPD0mlqm+zjDhYPo/O0=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js
172.64.97.10200 OK 60 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js
IP 172.64.97.10:0
File type ASCII text, with very long lines (12210), with no line terminators
Hash a1cd0e71b3637e57a54043f41ce5c595
65d7d62eaa41148735bc1b0eb0de8e843f189571
a03eab4307bf32254a3d815999a54e244aa6337f46affc1588b47a8aa2243a67
GET /_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-185ecc65266"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 343497
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xBE7a4T4AJusRHvKHxyx%2BdR5oGckvm65u8NLFnFXunJW4F41GLzO0Z724aoN3NWOPquQz5xs0AiyTfl7abd2g%2FwIsf2JrnaqIcTbhCU38BnrVivCyQpbha%2BLd8h7pu8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df89667701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 13:09:06 GMT
expires: Wed, 24 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 492481
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.80405a2d3f491416f5b9.js
172.64.97.10200 OK 416 kB URL HTTP/2 xfantazy.com/_next/static/chunks/commons.80405a2d3f491416f5b9.js
IP 172.64.97.10:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 416 kB (416016 bytes)
Hash 0b3e5a4db98a9352a02e88208682ac92
59e1cf066fdacb60b170c1bc18567da064815e50
91229a779e8e664eb4e465a5607d2d57603bf64609450e33e520734c274b16c7
GET /_next/static/chunks/commons.80405a2d3f491416f5b9.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388393
etag: W/"152f69-185ecc65456"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 343497
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5oSFtxyeH9a2dN2ZN5qE%2Fl%2Fm1Q7m9IWmuDubetd0zrG6KWpofCEMfv2oVVqqNEnYnJk23V9%2FPXLjThJRwfJIJj%2BMC8w6lJxcJD%2B4EyeK3d%2Fd%2BLdtFO%2F1k0sYDkQOdsc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df795e7701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/static/logo-tv-light.svg
172.64.97.10200 OK 17 kB URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.97.10:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1395)
Hash d8b7f8399318a3856341440526bb1971
40afbaf7f3836eaa28d986e05bd15dc857c26af2
662c030a340f3adff08a43494fbacb0df4a906527f48b56ffaf1cc89fd9321a0
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Thu, 26 Jan 2023 06:25:57 GMT
etag: W/"101b-185ecc11f86"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B8CQHMMGwGOthVscpG1biOtfQigxZe4cSPe7NmX8fdeVeqWTlda1WVe7CkBUwwfDaIclGBUhveBRUnchFEAmKOGp6OMtSZcCotTR8dOTdJQ65qF8qT3Jbiea%2FH33Nms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df99797701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 279daa8725e1179a31449be1ea34bd29
2908390d67e416eda70c27ce16e33fdeafa18275
1244549c04b9de8cab146a3baa99f8dff18ebd09182a1ba069c526ec2c8d5139
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 05:57:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 03:14:18 GMT
Expires: Sat, 04 Feb 2023 03:14:17 GMT
Etag: "2908390d67e416eda70c27ce16e33fdeafa18275"
Cache-Control: max-age=421629,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7917f7e02f88b506-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 279daa8725e1179a31449be1ea34bd29
2908390d67e416eda70c27ce16e33fdeafa18275
1244549c04b9de8cab146a3baa99f8dff18ebd09182a1ba069c526ec2c8d5139
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 05:57:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 03:14:18 GMT
Expires: Sat, 04 Feb 2023 03:14:17 GMT
Etag: "2908390d67e416eda70c27ce16e33fdeafa18275"
Cache-Control: max-age=421629,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7917f7e0fd130b51-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/Je6S73Chw6bqrDqf-w/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Je6S73Chw6bqrDqf-w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7fb530ec9e7ad534a164a766bf3a35fc
616b55d5b9b0b0775e8ebcd9a1dddbf517f86e63
a474d895b4d096c2f1e0ebc96b7800c7215c057cb0a5f390a8aec33edcf1748e
GET /thumbnail/Je6S73Chw6bqrDqf-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: image/jpeg
content-length: 11038
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JOjC73PzyazuqjWf9w/w320h240/0.jpeg
188.72.235.186200 OK 9.2 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JOjC73PzyazuqjWf9w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 5961aa37487def5d86d40d32b68acb83
c952a5158a110037f0526f40b74363b0ed117901
6366347e4c54e2ad4dde6a7a983e31336b961c0ed2dff031d8326d8db36925f1
GET /thumbnail/JOjC73PzyazuqjWf9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: image/jpeg
content-length: 9164
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JujB7HOkmKvurjrBqg/w320h240/0.jpeg
188.72.235.186200 OK 16 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JujB7HOkmKvurjrBqg/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7f39dea3969b77b81205b9f10f9beac0
221580333f8fdcc02e3765d3d3d455b23dca8a58
af39e1dcc71ad22cd36dbd5c3909a90dad1856336e5f60e3418a28d45a2c3f2a
GET /thumbnail/JujB7HOkmKvurjrBqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: image/jpeg
content-length: 15793
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 98a7f980a8d95df1ae26524eceab3fe9
95b25d26a9e8ad740c49495ea16cfb8cba2192f3
7d2a740bdfba0834d0144eea48e2b66bf1fc552e21a7ee84caff33bd4ea3c728
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1150
Cache-Control: max-age=129167
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:07 GMT
Etag: "63d6ad44-118"
Expires: Tue, 31 Jan 2023 17:49:54 GMT
Last-Modified: Sun, 29 Jan 2023 17:30:44 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
static-cache.k2s.cc/thumbnail/LOiT7CWumPi_qzuTrg/w320h240/0.jpeg
188.72.235.186200 OK 18 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LOiT7CWumPi_qzuTrg/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 58326f119ce48abfc7ca60d37fce2225
12cf7236cf68b207e9c256c9030bc41c755f9154
ca868a2900cc8b50f054551952ad3969face09e97154b4bb3e2861be3cd9b078
GET /thumbnail/LOiT7CWumPi_qzuTrg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: image/jpeg
content-length: 17571
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
104.16.89.20200 OK 87 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 104.16.89.20:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash ec3c136609d50f248e5a47f85590dec5
fa78e78adbb327cfc74c4c0569b5607dc5f5b954
aa9561a35fd2eff486279d78d0f3ab8d7735d6d4cd6e76b0cf8b6c4056dc909c
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.257.0
x-jsd-version-type: version
etag: W/"34e3a-eIUrj6hD3pmnKAQZCp7YaNtM0Rc"
x-served-by: cache-fra-eddf8230060-FRA, cache-yyz4554-YYZ
x-cache: HIT, MISS
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 14716
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDj1lRxeGu6KjKSOVPo9gfwfCaiyEC7PY8JooxMb87gwu7xHUQ94EAVLNGvSS9YwzRL2KCh3nAeXPfLEmhO9%2FcpW0%2FQ0369bxweawQAdp%2BQYwg44%2F29owji%2B7MAG5SAuAw8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7e26b7b1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/c0d5faf072e06/main/0.jpeg
188.72.235.186200 OK 42 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/c0d5faf072e06/main/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.54.100", baseline, precision 8, 1280x720, components 3\012- data
Hash 18a51796668308b6c05b234fe37b4791
8e10c390eb63b6cb7699be8c77de6b51ebef46c2
e079bfe38090f397934098ee7ec324c12482f7678a797bc4c53c725c60f5d289
GET /thumbnail/c0d5faf072e06/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: image/jpeg
content-length: 41459
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: MISS
X-Firefox-Spdy: h2
xfantazy.com/video/60e796b1fc8074710cdd5c72
172.64.97.10200 OK 24 kB URL HTTP/2 xfantazy.com/video/60e796b1fc8074710cdd5c72
IP 172.64.97.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (18844)
Hash 30222d4b588bdccec27a826d8a9e2206
d835726c14ec69ead6f04cb4c822bc336311ecd8
8a6559c5733b83db8aefc717d28457c7ad8baff0e2ce6fcc5d9d288d8fc2d9b6
GET /video/60e796b1fc8074710cdd5c72 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:06 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; Domain=xfantazy.com; Path=/; Expires=Sun, 30 Jan 2033 05:57:06 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Mon, 06 Feb 2023 05:57:06 GMT
experiment-save-to-button-2=0; Path=/; Expires=Mon, 06 Feb 2023 05:57:06 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C9cv3STw2BwumYoN05BwTXk7eHt2AP%2B5NrorK0BMuCUCuzIA0VSsZnrrpaw5oAWX1t0TAJUDQze8LlEX0sQ%2BY7C%2BcuqQiD7WMx%2F64pl1jHr8OUro8dWfzp%2Bg2SPadGE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7db5eb47701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 279daa8725e1179a31449be1ea34bd29
2908390d67e416eda70c27ce16e33fdeafa18275
1244549c04b9de8cab146a3baa99f8dff18ebd09182a1ba069c526ec2c8d5139
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 05:57:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 03:14:18 GMT
Expires: Sat, 04 Feb 2023 03:14:17 GMT
Etag: "2908390d67e416eda70c27ce16e33fdeafa18275"
Cache-Control: max-age=421629,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7917f7e019ffb4f1-OSL
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.97.10200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.97.10:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 58045103af62684bdb5add054957ac3f
a8b56fded2caa88cea5cb3d0ae970228e069e85f
3ad1a77e3a17826e41a650ebf83e96a6893304fe73874e7c258b6420f5812cb4
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-18350160ab4"
last-modified: Sun, 18 Sep 2022 10:12:45 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9493591
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QmWXJm%2Bt2c%2BYOqSLPGo8CEgttyDB0yzYiFpucd4mR7Nx22lIauMYmvQ5lGD9P3GPe4JkMyJs10RW2pQ%2BRER3ofJpzPPqImtvALTQWmBBV8IMFF22011tHFP1vjTcvPs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df99777701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Mon, 30 Jan 2023 05:46:59 GMT
expires: Mon, 30 Jan 2023 07:46:59 GMT
cache-control: public, max-age=7200
age: 608
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 1.7 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2a3d89352e4c3f9deb3237cc3c34478
6965daf3794866e63831f35d0b5a68ce4622eb28
78a096d0d2516cbfcaf3dd036805a891c643964f2600cb4d44e842c866ed5012
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72BAFB73A5642D281DC6B45CCFBEC5795710D9D4A940B211E7B47F353795BBB5"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=958
Expires: Mon, 30 Jan 2023 06:13:06 GMT
Date: Mon, 30 Jan 2023 05:57:08 GMT
Connection: keep-alive
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash b800e0fc19373a72a3bad022db4ef22c
384fec1d24d5cac21f017845201ee1319ef4c004
af08bf5267abec7ca1d61cf199bb807e4677ebab94606e1b3f99e5e438599642
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 05:57:08 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Fri, 03 Feb 2023 03:02:22 GMT
ETag: "384fec1d24d5cac21f017845201ee1319ef4c004"
Last-Modified: Mon, 30 Jan 2023 03:02:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3204
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7917f7e72942b51b-OSL
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1282%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055718%3Aet%3A1675058239%3Ac%3A1%3Arn%3A246823680%3Arqn%3A1%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C130%2C556%2C7%2C277%2C0%2C%2C192%2C5%2C%2C%2C%2C1282%3Aco%3A0%3Ans%3A1675058236727%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058239%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.251.119302 Found 1.6 kB URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1282%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055718%3Aet%3A1675058239%3Ac%3A1%3Arn%3A246823680%3Arqn%3A1%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C130%2C556%2C7%2C277%2C0%2C%2C192%2C5%2C%2C%2C%2C1282%3Aco%3A0%3Ans%3A1675058236727%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058239%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
Hash d880400913ec56d4a16305ef8769d470
c5d212d6c17622b33a60e27ab28a941773e237a5
8756760f2444b4f8025c2fa6d89ce5dfeeb8eb17dece83c17802191767168b44
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1282%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055718%3Aet%3A1675058239%3Ac%3A1%3Arn%3A246823680%3Arqn%3A1%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C130%2C556%2C7%2C277%2C0%2C%2C192%2C5%2C%2C%2C%2C1282%3Aco%3A0%3Ans%3A1675058236727%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058239%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1282%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055718%3Aet%3A1675058239%3Ac%3A1%3Arn%3A246823680%3Arqn%3A1%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C130%2C556%2C7%2C277%2C0%2C%2C192%2C5%2C%2C%2C%2C1282%3Aco%3A0%3Ans%3A1675058236727%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058239%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Mon, 30 Jan 2023 05:57:08 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=722615711675058228; Path=/; SameSite=None; Secure
i=sPRAikiA67VdaDLS0YqLzsK5KSDTQMiMCU1bANPDEQ4slhV2YAahOsrOr0OhT0tibJwXEip7D93CBrFdWo8Ms7wQmPw=; Expires=Thu, 27-Jan-2033 05:57:07 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=9283713381675058228; Expires=Tue, 30-Jan-2024 05:57:08 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=9283713381675058228; Expires=Tue, 30-Jan-2024 05:57:08 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706594228.yc.1675058228#1706594228.yrts.1675058228#1706594228.yrtsi.1675058228; Expires=Tue, 30-Jan-2024 05:57:08 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:08 GMT
last-modified: Mon, 30-Jan-2023 05:57:08 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8939
Expires: Mon, 30 Jan 2023 08:26:07 GMT
Date: Mon, 30 Jan 2023 05:57:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8939
Expires: Mon, 30 Jan 2023 08:26:07 GMT
Date: Mon, 30 Jan 2023 05:57:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8939
Expires: Mon, 30 Jan 2023 08:26:07 GMT
Date: Mon, 30 Jan 2023 05:57:08 GMT
Connection: keep-alive
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.97.10200 OK 20 kB URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.97.10:0
File type ASCII text, with very long lines (38842), with no line terminators
Hash 1475b943be4180a77725b8b50e00bc0c
d29b42f6b0d216cfa57bec5844adc9c57b8c539b
4f9b9a402ff181c9eff9caac896c0f4104199d2effc5d27d261249df9dc7b1bd
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-1826d2c11c0"
last-modified: Fri, 05 Aug 2022 08:43:00 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 12941451
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZyGXt6eFYiMhwPs0M6PsXb07CwQ1o9XdtyO5qWFqpdFmcOXgyKziE45KmeWbAznJjP7dcBApzM%2F6dXGfxpGdj1g6mFVN61fYNk2D52m2CqujYDWFueC7LvB97NYNnAg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df795f7701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa29141be-cb17-4a1d-a64f-9b3d296461f2.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa29141be-cb17-4a1d-a64f-9b3d296461f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 546f1cb9f94ea553ae884a6f50c6bd3d
fd08d9841bcd8864aaf2e5d93ca61b31246b6db5
5aba48ac6c65e371c6c1aeee43f97670f196d3a3933b9f5812a67be90b7dbdfa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa29141be-cb17-4a1d-a64f-9b3d296461f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5764
x-amzn-requestid: 33ebf979-ba40-451e-bbdb-3ee4a9dc07ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhksyGRVoAMF5UQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7eb-55fcbb4d6d88dbf758409801;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X3lzViVGoynSgoeenp6EIU2E3FMSRlKNGOy73pIOAASV11hOk2B4UA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:11:45 GMT
age: 27923
etag: "fd08d9841bcd8864aaf2e5d93ca61b31246b6db5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe31ee140c2fd62e616c8a1edc9e78bb
7aa5fbdc8156514770ae620e81f1afef1c77890f
799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3qGeboAMFzNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: y6bDvcD7a3-A4DLC3cSdZT-yewV1kkFqcGr7AMuqvUeGA4A0pgF4wQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:59:27 GMT
age: 28661
etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f71abe615d652a8bc52d269d2da43939
ace153c362685d3c3a2bd554155188a70b2ce3e4
c38dba696db159c3d6e3bd0432a697a4f66345f653ccea49eef78986841fe459
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C38DBA696DB159C3D6E3BD0432A697A4F66345F653CCEA49EEF78986841FE459"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9622
Expires: Mon, 30 Jan 2023 08:37:30 GMT
Date: Mon, 30 Jan 2023 05:57:08 GMT
Connection: keep-alive
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.97.10200 OK 9.9 kB URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.97.10:0
File type ASCII text, with very long lines (1568), with no line terminators
Hash 0d385aa8ddaa469771d963ae8bd946df
87c3333728f0807f8ce3cb8e867e476f13d99ac2
9b0aca99510d9f85e60fd741d8ef372d434a825875ef2f9585635d062975da1c
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-183501608b0"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8260467
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QbFFhAVi8Da53xxCg3OLtEJP8102vw11gysawAZeCO6s5yHP1bH8dZATUDvWSzQuq14hH4wiCpdRjcgeh5JEz0RiECZ%2BFvGd5k29BpLY4kOvEZ68KRAjFRpBOL7aKMM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df79647701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65c02d8a1b0d6a210cb2a649c5c67469
027dbc7a104c922904f067ed15d696c363c11774
89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: skGKI_MWvDwpAbGibUcr8wTlimgoPU9ZYhEHltd3uhdJZ_GoNznVAA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:08:57 GMT
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
age: 28091
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5190c0bdc6abe0ee258e9f8c20ddaf51
d60f280f8a742480527dbc32d08f321f972d4fcf
874b38a04aa3736e65aaef72da2cc2efceb208618267107a495bdfe51ec58e58
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12507
x-amzn-requestid: 85c9adcd-b997-48ca-bbfb-ccdeaf3e8cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhklyFaJoAMFqKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7be-2bcdd8c353d8429d2b1e95f6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XABaoZCqUulmnfZOXx6XTLSUMS5Mie6u0OfkqozmBzCf3Qjzf-fbRA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:54:32 GMT
age: 28956
etag: "d60f280f8a742480527dbc32d08f321f972d4fcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1282%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055718%3Aet%3A1675058239%3Ac%3A1%3Arn%3A246823680%3Arqn%3A1%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C130%2C556%2C7%2C277%2C0%2C%2C192%2C5%2C%2C%2C%2C1282%3Aco%3A0%3Ans%3A1675058236727%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058239%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
87.250.251.119200 OK 4.1 kB URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1282%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055718%3Aet%3A1675058239%3Ac%3A1%3Arn%3A246823680%3Arqn%3A1%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C130%2C556%2C7%2C277%2C0%2C%2C192%2C5%2C%2C%2C%2C1282%3Aco%3A0%3Ans%3A1675058236727%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058239%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 87.250.251.119:0
Hash a0c0e70678090122fbcbc94ec2e3274c
61d0a8d7c13eeb72cff9b4335adebd7226336062
ea7c1c1f9daf70ceae58338ce92c7b28acf54ed0194ba711c0d69edd3299795d
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1282%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055718%3Aet%3A1675058239%3Ac%3A1%3Arn%3A246823680%3Arqn%3A1%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C130%2C556%2C7%2C277%2C0%2C%2C192%2C5%2C%2C%2C%2C1282%3Aco%3A0%3Ans%3A1675058236727%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058239%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Mon, 30 Jan 2023 05:57:08 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:08 GMT
last-modified: Mon, 30-Jan-2023 05:57:08 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.61.225200 OK 27 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash a5eb6ed94b7e30e87d91b591515192cf
55bba832b6f9af36a0ed2b8122d635fc5c3bb0fe
169ab9d7b1d10bd30d90d717ce27f9040ec0cba1d89f8b3f3569038bd50804d5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 589c955854aa3550aec30450ee7ac8d4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 89231e8fe1afd89090e6a09d61430e11
11b471e4821cade1ea075b8835c892d455bfdaa2
8c78cce8f98a69e9c1c2bf45d12879b40c784288b4e79dabb296c24f94025c12
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8C78CCE8F98A69E9C1C2BF45D12879B40C784288B4E79DABB296C24F94025C12"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1881
Expires: Mon, 30 Jan 2023 06:28:29 GMT
Date: Mon, 30 Jan 2023 05:57:08 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 0e90c9d5521358d2754bbad686a2e9c1
013349b8f38535bae1e197d5d96d86d17d5a1ef0
47bb6aa901220aeab3800d1ea88eb456cfe3ea337f12c059d9549fa6bd8064ab
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 30 Jan 2023 05:57:08 GMT
Last-Modified: Mon, 30 Jan 2023 04:35:16 GMT
Server: ECS (nyb/1D29)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YIZUxtVjvyDuJWQbzlwCLVrfMpfn59RGUz2NyvUbFSufPdH9tGy8mg==
Age: 4912
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
173.233.137.52200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 173.233.137.52:0
File type ASCII text, with very long lines (37170), with no line terminators
Hash a93ca76e079a5aec75d41cb890418e93
be17274041f173dcba11a2af159bae1b83f69b12
cdf9c3d515fc389cd960154925aa33bf9c587b8f8c62033d25bc425e9bbdbc36
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0bfe737bdc5f7aaf2fe8b21e3f743ade
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 8b32588c305e1131759ac6ebd942dc0f
2a9bd237e84f331ab80c589774cd05d4235bd0ca
d1262d0ebacfb86d2f3e512571d7d7fcdc26fae5217b9099134add01a3a500f8
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=21c89720-0c3e-4f75-94cb-0331ebbf739e:1:1; expires=Thu, 27 Jan 2033 05:57:08 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.203.23200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 6bd2bdcfcec49c0c524b9bfc4e2337b3
98e90dc60fab725aa794bd68b82710b5e584e7f4
2d4422fff59a7d464e64d2f7b4699a32a60e47163f275a04e6a69aa4d2dc16ad
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:08 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 6a6e33cb6aed5790196da31ea7c3b0a2
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 30 Jan 2023 05:57:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YQed2gvjBuDOfhbJOx9bw7%2FNv5Un1U5wpU%2F4vznS%2B4kaExK1tnopN8zp2gQ3o1YZEddP1NSfeifKg6mWgAH3bvfb8c%2BrDpmqEm1Te4ZMtfD0G4jiFWTsInjJwN1r4ytCY1FVFFs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7e8bef18862-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 49afdf363fa5dabac7498f888644c6a9
f63603a8b241258b9f148c7e575bb5d1f67b2b40
7da694e50ebf4a39a7f42266e257b988fe5280cecc1db5642c7a57f6d45d7d16
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd:3:1; expires=Thu, 27 Jan 2033 05:57:08 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fba2578a219c482ced81e299d0da0061
059d2a565118457c53f655c7c4e3faaa9ac0fc41
e94e09d0cc3d1767f4bfdb420aa7bb2be731d6427cd67980838959de3b2b2648
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E94E09D0CC3D1767F4BFDB420AA7BB2BE731D6427CD67980838959DE3B2B2648"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20765
Expires: Mon, 30 Jan 2023 11:43:13 GMT
Date: Mon, 30 Jan 2023 05:57:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5f59c9a1c91957d6d5e5cffd6beddd92
55399dd9caf65759afacea2328abb26c924c0554
b7bb5e0ea0f386593d1f63c2eb474abcbf20564aabcc6f9d1b5bd8335f2b7379
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7BB5E0EA0F386593D1F63C2EB474ABCBF20564AABCC6F9D1B5BD8335F2B7379"
Last-Modified: Sat, 28 Jan 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13764
Expires: Mon, 30 Jan 2023 09:46:32 GMT
Date: Mon, 30 Jan 2023 05:57:08 GMT
Connection: keep-alive
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 30 Jan 2023 05:57:08 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Mon, 30 Jan 2023 06:57:08 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e9eba61fbe87bc53d60d0fdd1ba6adb4
8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07
9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
feignthat.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.137.44200 OK 29 kB URL HTTP/1.1 feignthat.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.137.44:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 37fdcbf88203a4cd6cd9d8f1e5e2257a
fcd5f124d50c19308ba84d62ae761f142a0952f4
71539367c1a61b88bae5ae8e071927517897007d4114d6ec7d01f2e2864a9443
Analyzer Verdict Alert quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: feignthat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4ece010ce364186c7a3cead1fa384fdb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=416218665.1675058239&jid=1217321570&gjid=723649161&_gid=1811062653.1675058239&_u=YGBAiEABBAAAAEAAI~&z=301095509
173.194.221.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=416218665.1675058239&jid=1217321570&gjid=723649161&_gid=1811062653.1675058239&_u=YGBAiEABBAAAAEAAI~&z=301095509
IP 173.194.221.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=416218665.1675058239&jid=1217321570&gjid=723649161&_gid=1811062653.1675058239&_u=YGBAiEABBAAAAEAAI~&z=301095509 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 30 Jan 2023 05:57:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 49afdf363fa5dabac7498f888644c6a9
f63603a8b241258b9f148c7e575bb5d1f67b2b40
7da694e50ebf4a39a7f42266e257b988fe5280cecc1db5642c7a57f6d45d7d16
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e9eba61fbe87bc53d60d0fdd1ba6adb4
8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07
9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d3t87ooo0697p8.cloudfront.net/?oootd=971975
54.230.245.154200 OK 114 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP 54.230.245.154:0
File type Unicode text, UTF-8 text, with very long lines (15955)
Size 114 kB (113855 bytes)
Hash 569783e25a3929ea4c9beb4c9f118df0
c14ca058645f80292ca9009fe1809c2962796d0b
bfc3860abe8ce8185a3b655dec36cdfe2648952f8a9afce4e45fc0a7619bb98e
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 113855
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uj4fjEsNQTlnawIGGaoYW7phVPoZE1G_a6LKb-tXVuBVmbFeCWIKRg==
X-Firefox-Spdy: h2
prototypewailrubber.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.137.36200 OK 29 kB URL HTTP/1.1 prototypewailrubber.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 6a7f6135c3fca025e1c4426bbf35dedd
7e51dac708cf1bba3c7246fc4008bfbffd95815d
bc9755e58333b922b81d99d5df4e67039845dbd5b5eff7fe582a452c55fdc222
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: prototypewailrubber.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: abda9b27e9ed3d5e4dc62e9adc24af90
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cb05fe72cd5bb1f041e10afad86f98d3
c8a06f10b1c2e41a3bfb20037ee9535cc385c4d4
1b2bf7915ff10a3294887f50f050ef0125fa3e90d3e932322e5bba01c26d03c1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1B2BF7915FF10A3294887F50F050EF0125FA3E90D3E932322E5BBA01C26D03C1"
Last-Modified: Sun, 29 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14074
Expires: Mon, 30 Jan 2023 09:51:43 GMT
Date: Mon, 30 Jan 2023 05:57:09 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 49afdf363fa5dabac7498f888644c6a9
f63603a8b241258b9f148c7e575bb5d1f67b2b40
7da694e50ebf4a39a7f42266e257b988fe5280cecc1db5642c7a57f6d45d7d16
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
feignthat.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
173.233.137.44200 OK 4.1 kB URL HTTP/1.1 feignthat.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
IP 173.233.137.44:0
File type JSON data\012- , ASCII text, with very long lines (5617), with no line terminators
Hash 83c67b5cc6903f877a997759d5fc2c7a
71fb9211008bb28823f654c045b4b214fb9aadbc
e38ee4405a3f6d84d9670696945241d8b9b8a0241e9059805e46338ee60bfda3
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1
Host: feignthat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:09 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Tue, 31 Jan 2023 05:57:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 31 Jan 2023 05:57:09 GMT; secure; SameSite=None
uncs=1; expires=Tue, 31 Jan 2023 05:57:09 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 31 Jan 2023 05:57:09 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 31 Jan 2023 05:57:09 GMT; secure; SameSite=None
slec21fe3950f412e026c33f1b6cee613eba=[3870584]; expires=Mon, 30 Jan 2023 05:57:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 46f0e71e58fec820cdc1b5eaa08f88ed
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
coonandeg.xyz/TEdRRm8tJTIrUC16M2AaPitsY10KYmMAC38zaXEAIyhhcFZ7N2loDCAoJCIJPig/MkEiIiVjXQouMBMpFCQWAyQALToRNyR3PgtffR4JKC05FWAUPwc+ACArNCtpDjwZNgk/XxgMFRMjBykUAyg7dmkcXhUJEgVXOxMEJSIAPQMIOgl/NgsXBiQJEQwmBhByLCoEGCMtHTA/Fgd4AhURDCUCBzEqAC5hHCsdEjYlBAUpCQFWIhEHCDUtFBAcKzt3JA8uAgIGdSp5BRQUDS8QCwc7fSs6HCsGAgZ1KisAAH8JKB8bAiZ8PyscGCQfCRE9Jwo6FA0vFHwTKB4BPgc1JwUEFFwKYmMEORoJCwwFBRMSITUnHQUcOxsfEyg+CgULJScGBAQXVyMNAxMnDi09Pz4lIwglOAYiBBNXfCY6A0kmND4oH3ENBA1ZIAMJEg0n
54.192.99.27200 OK 1.2 kB URL HTTP/2 coonandeg.xyz/TEdRRm8tJTIrUC16M2AaPitsY10KYmMAC38zaXEAIyhhcFZ7N2loDCAoJCIJPig/MkEiIiVjXQouMBMpFCQWAyQALToRNyR3PgtffR4JKC05FWAUPwc+ACArNCtpDjwZNgk/XxgMFRMjBykUAyg7dmkcXhUJEgVXOxMEJSIAPQMIOgl/NgsXBiQJEQwmBhByLCoEGCMtHTA/Fgd4AhURDCUCBzEqAC5hHCsdEjYlBAUpCQFWIhEHCDUtFBAcKzt3JA8uAgIGdSp5BRQUDS8QCwc7fSs6HCsGAgZ1KisAAH8JKB8bAiZ8PyscGCQfCRE9Jwo6FA0vFHwTKB4BPgc1JwUEFFwKYmMEORoJCwwFBRMSITUnHQUcOxsfEyg+CgULJScGBAQXVyMNAxMnDi09Pz4lIwglOAYiBBNXfCY6A0kmND4oH3ENBA1ZIAMJEg0n
IP 54.192.99.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Hash 18b28a526c6518ce54f1491b423d3258
0686f84e6ae014ec0221fe979e31ff58246c0e58
007f86abc2a9cf74c096f4c82f01d73a6df0b7fb593bcef09ee516be82858835
GET /TEdRRm8tJTIrUC16M2AaPitsY10KYmMAC38zaXEAIyhhcFZ7N2loDCAoJCIJPig/MkEiIiVjXQouMBMpFCQWAyQALToRNyR3PgtffR4JKC05FWAUPwc+ACArNCtpDjwZNgk/XxgMFRMjBykUAyg7dmkcXhUJEgVXOxMEJSIAPQMIOgl/NgsXBiQJEQwmBhByLCoEGCMtHTA/Fgd4AhURDCUCBzEqAC5hHCsdEjYlBAUpCQFWIhEHCDUtFBAcKzt3JA8uAgIGdSp5BRQUDS8QCwc7fSs6HCsGAgZ1KisAAH8JKB8bAiZ8PyscGCQfCRE9Jwo6FA0vFHwTKB4BPgc1JwUEFFwKYmMEORoJCwwFBRMSITUnHQUcOxsfEyg+CgULJScGBAQXVyMNAxMnDi09Pz4lIwglOAYiBBNXfCY6A0kmND4oH3ENBA1ZIAMJEg0n HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1187
date: Mon, 30 Jan 2023 05:57:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ffa40c4091d11859ad05cf9748508c58.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: Nb4f4APcOctPNgQLZUFfCl1XjjGTl3lxuLn-6YXV2-YoSNn2ldYN7Q==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
coonandeg.xyz/RzY1MTgmVFZcByYLVxdNNVoIFAoBEwd3XHRCDQZXKFkFBwFwRg0fWytZQFVeNVlbRRYpU0EUCgFXZEtUcm8GXl8RXlZ3ahNSZHlucnJRcEgJYHBdVBJBWnx+A3twcHsgeXBWDQ5gXnhMIloNaXkEVXBibRJhfF1bIm5ZRlURTkVUa3VgbHlpAX5RSQAKd15STRFReHp+Lg9saX4CDlFZXA1kXllCAmcBen4EUmJ1UAVQVmBTH3AECEAEY11lbg97VmJRAVBWYFMIdV1jCQNgTWB3AG95Ymoze1FJQAx/YwhABGdGZ2B0dAFifglmV2BUFmReWUIfXhhGeQJlQlJrPmB8Uk8vfGABTD11c0lqFF9jYHswb1Z9fQFVYGVAPnVgSXYUW2N8agF/E1tLKFhFDEEMQmQGCXIOW3I
54.192.99.27200 OK 1.2 kB URL HTTP/2 coonandeg.xyz/RzY1MTgmVFZcByYLVxdNNVoIFAoBEwd3XHRCDQZXKFkFBwFwRg0fWytZQFVeNVlbRRYpU0EUCgFXZEtUcm8GXl8RXlZ3ahNSZHlucnJRcEgJYHBdVBJBWnx+A3twcHsgeXBWDQ5gXnhMIloNaXkEVXBibRJhfF1bIm5ZRlURTkVUa3VgbHlpAX5RSQAKd15STRFReHp+Lg9saX4CDlFZXA1kXllCAmcBen4EUmJ1UAVQVmBTH3AECEAEY11lbg97VmJRAVBWYFMIdV1jCQNgTWB3AG95Ymoze1FJQAx/YwhABGdGZ2B0dAFifglmV2BUFmReWUIfXhhGeQJlQlJrPmB8Uk8vfGABTD11c0lqFF9jYHswb1Z9fQFVYGVAPnVgSXYUW2N8agF/E1tLKFhFDEEMQmQGCXIOW3I
IP 54.192.99.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3016), with no line terminators
Hash ed0f1d002f6f8363914bc60c10af3cbb
5839fdd713ffcba653e51329b0071797e414abc8
741ff9a1894218392f219783468b181ef25b740574aa4769fc07c674d17bd67a
GET /RzY1MTgmVFZcByYLVxdNNVoIFAoBEwd3XHRCDQZXKFkFBwFwRg0fWytZQFVeNVlbRRYpU0EUCgFXZEtUcm8GXl8RXlZ3ahNSZHlucnJRcEgJYHBdVBJBWnx+A3twcHsgeXBWDQ5gXnhMIloNaXkEVXBibRJhfF1bIm5ZRlURTkVUa3VgbHlpAX5RSQAKd15STRFReHp+Lg9saX4CDlFZXA1kXllCAmcBen4EUmJ1UAVQVmBTH3AECEAEY11lbg97VmJRAVBWYFMIdV1jCQNgTWB3AG95Ymoze1FJQAx/YwhABGdGZ2B0dAFifglmV2BUFmReWUIfXhhGeQJlQlJrPmB8Uk8vfGABTD11c0lqFF9jYHswb1Z9fQFVYGVAPnVgSXYUW2N8agF/E1tLKFhFDEEMQmQGCXIOW3I HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Mon, 30 Jan 2023 05:57:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ffa40c4091d11859ad05cf9748508c58.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: IQtU49FP0ef8pHbWEeXQsYyAVI4NPf7HTrw4lWCfkvwptpuDYvuiNQ==
X-Firefox-Spdy: h2
coonandeg.xyz/Z2VheW0GBwIUUgZYA18YFQlcXF8hQFM/CVQRWU4CCApRT1RQFVlXDgsKFB0LFQoPDUMJABVcXyEhLC0/IwFSET4wHFErP1czBTNdFycjDjcdNwoONT8PICArDCArNjkiNgI/XVIiIgkfNjY0KilWXCAyXCIoMkgvQlcjK1xSATcqXTY3Mx0/KzczPywlLAg8FQgoID44IyYnTAsBAlkpOlZdVjEFFyE0Az81ITc4JysNBjo6IQIXPwFXIQIXNz02IygqBFRZKTohCg8+LF4mJCErLyMKLD8EMAUzLDUVGywGEx8kISsvIVARDAMwLx0sCT8MKzgPLyAXQAM2MkogNQY0GiY1HScOIwwOIzg6Vi00KzwgBhk4CTIJWQo4DBVSOwMpIjI4KCEGUSMJJhIwFSUAFTQsBBA1OSgjHgYKHSMvEjMVLAwwIF8HFAoPCVAdIws4BB0KMyMYAQAWFxkP
54.192.99.27200 OK 1.2 kB URL HTTP/2 coonandeg.xyz/Z2VheW0GBwIUUgZYA18YFQlcXF8hQFM/CVQRWU4CCApRT1RQFVlXDgsKFB0LFQoPDUMJABVcXyEhLC0/IwFSET4wHFErP1czBTNdFycjDjcdNwoONT8PICArDCArNjkiNgI/XVIiIgkfNjY0KilWXCAyXCIoMkgvQlcjK1xSATcqXTY3Mx0/KzczPywlLAg8FQgoID44IyYnTAsBAlkpOlZdVjEFFyE0Az81ITc4JysNBjo6IQIXPwFXIQIXNz02IygqBFRZKTohCg8+LF4mJCErLyMKLD8EMAUzLDUVGywGEx8kISsvIVARDAMwLx0sCT8MKzgPLyAXQAM2MkogNQY0GiY1HScOIwwOIzg6Vi00KzwgBhk4CTIJWQo4DBVSOwMpIjI4KCEGUSMJJhIwFSUAFTQsBBA1OSgjHgYKHSMvEjMVLAwwIF8HFAoPCVAdIws4BB0KMyMYAQAWFxkP
IP 54.192.99.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3051), with no line terminators
Hash 1a97cac12ae849ae85df549d752af56b
b570862f7368a3f68a4d1f6a74031f61bc4746a2
58206dc25363da54cff1858ae20b4390bb9a4b5d248f376d7bc1a7ecee2023aa
GET /Z2VheW0GBwIUUgZYA18YFQlcXF8hQFM/CVQRWU4CCApRT1RQFVlXDgsKFB0LFQoPDUMJABVcXyEhLC0/IwFSET4wHFErP1czBTNdFycjDjcdNwoONT8PICArDCArNjkiNgI/XVIiIgkfNjY0KilWXCAyXCIoMkgvQlcjK1xSATcqXTY3Mx0/KzczPywlLAg8FQgoID44IyYnTAsBAlkpOlZdVjEFFyE0Az81ITc4JysNBjo6IQIXPwFXIQIXNz02IygqBFRZKTohCg8+LF4mJCErLyMKLD8EMAUzLDUVGywGEx8kISsvIVARDAMwLx0sCT8MKzgPLyAXQAM2MkogNQY0GiY1HScOIwwOIzg6Vi00KzwgBhk4CTIJWQo4DBVSOwMpIjI4KCEGUSMJJhIwFSUAFTQsBBA1OSgjHgYKHSMvEjMVLAwwIF8HFAoPCVAdIws4BB0KMyMYAQAWFxkP HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1197
date: Mon, 30 Jan 2023 05:57:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ffa40c4091d11859ad05cf9748508c58.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: KLVPb3zqqxk4CvyOnmXNO9HjoXw95uUJfK6ENh8Hl8Y04WnvrVodVA==
X-Firefox-Spdy: h2
tragicbeyond.com/pixel/purst?dl=0&th=0&sc=0&rs=2974&rd=2974&fd=490&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 tragicbeyond.com/pixel/purst?dl=0&th=0&sc=0&rs=2974&rd=2974&fd=490&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2974&rd=2974&fd=490&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: tragicbeyond.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reerfdfgourgo.xyz/VjI2MWh5DVVCVTcCBwQKAXRSVwMuVGNdBGNhYEU/DgEHfDAAaxBFATIPDwZZbwUDFxg/VgsCWnBBQlAcI0ELA1hmBRBYBjBdCwBOIA8GH1F4AxgBTiMPBxccJlNRDFlwQkJFBGsDAAZdZgcOA1tvCg8I
188.114.97.1204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/VjI2MWh5DVVCVTcCBwQKAXRSVwMuVGNdBGNhYEU/DgEHfDAAaxBFATIPDwZZbwUDFxg/VgsCWnBBQlAcI0ELA1hmBRBYBjBdCwBOIA8GH1F4AxgBTiMPBxccJlNRDFlwQkJFBGsDAAZdZgcOA1tvCg8I
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VjI2MWh5DVVCVTcCBwQKAXRSVwMuVGNdBGNhYEU/DgEHfDAAaxBFATIPDwZZbwUDFxg/VgsCWnBBQlAcI0ELA1hmBRBYBjBdCwBOIA8GH1F4AxgBTiMPBxccJlNRDFlwQkJFBGsDAAZdZgcOA1tvCg8I HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WiRTY%2BQ53lMTRpWM7umMk9Xnem6z2XIPEOES699SFPDf79hVS1Z%2FDojEQKe28JX7sKgbaQBh0IZJXLj4H6DpQ%2FMKjWx5tzA4oDcIcEjG6XVRsh9TLr00WOHKoNOi8T9Gt23n%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7ed1a9afab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
feignthat.com/pixel/purst?dl=0&th=0&sc=0&rs=3145&rd=3145&fd=481&bv=22.10.v.10&tmpl=136
173.233.137.44200 OK 0 B URL HTTP/1.1 feignthat.com/pixel/purst?dl=0&th=0&sc=0&rs=3145&rd=3145&fd=481&bv=22.10.v.10&tmpl=136
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3145&rd=3145&fd=481&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: feignthat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A1055649896%3Arqn%3A2%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A1055649896%3Arqn%3A2%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A1055649896%3Arqn%3A2%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:09 GMT
last-modified: Mon, 30-Jan-2023 05:57:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
reerfdfgourgo.xyz/T1pOcENgZS0DfisxLQoaGTYBFjQBDRc1EWpoDDJyHTUfQwoJDRkHZTszKk16eWh+QXdpKicUfn58PQQiOy89TXJpMyAWLHJ8OE1yYWl6XnB+dHxWNnJraAQzLj1zQWU/Ljocfn5seUVzemJ8Q3p2aXs
188.114.97.1204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/T1pOcENgZS0DfisxLQoaGTYBFjQBDRc1EWpoDDJyHTUfQwoJDRkHZTszKk16eWh+QXdpKicUfn58PQQiOy89TXJpMyAWLHJ8OE1yYWl6XnB+dHxWNnJraAQzLj1zQWU/Ljocfn5seUVzemJ8Q3p2aXs
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /T1pOcENgZS0DfisxLQoaGTYBFjQBDRc1EWpoDDJyHTUfQwoJDRkHZTszKk16eWh+QXdpKicUfn58PQQiOy89TXJpMyAWLHJ8OE1yYWl6XnB+dHxWNnJraAQzLj1zQWU/Ljocfn5seUVzemJ8Q3p2aXs HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=piJwYJY5dqG8zFoodbZnc7%2FdCGy%2Fk7NQOCnPmFPEJVXHODX81mUckqkm6l%2B7i0GvBW9gHfXWu3RVFrFtVXkL9Xd6OFQ1vjLTyVL02NMTfm8uSbU%2BcXq9RNf6WXmjDwyYG%2FyDUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7ed6ab4fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A626926841%3Arqn%3A3%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A626926841%3Arqn%3A3%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A626926841%3Arqn%3A3%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:09 GMT
last-modified: Mon, 30-Jan-2023 05:57:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A1036742643%3Arqn%3A4%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(4)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A1036742643%3Arqn%3A4%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A1036742643%3Arqn%3A4%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:09 GMT
last-modified: Mon, 30-Jan-2023 05:57:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A757997826%3Arqn%3A5%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A757997826%3Arqn%3A5%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A757997826%3Arqn%3A5%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:09 GMT
last-modified: Mon, 30-Jan-2023 05:57:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A52999291%3Arqn%3A6%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A52999291%3Arqn%3A6%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A52999291%3Arqn%3A6%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:09 GMT
last-modified: Mon, 30-Jan-2023 05:57:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A274200569%3Arqn%3A9%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A274200569%3Arqn%3A9%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A274200569%3Arqn%3A9%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:09 GMT
last-modified: Mon, 30-Jan-2023 05:57:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A103339578%3Arqn%3A7%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A103339578%3Arqn%3A7%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A103339578%3Arqn%3A7%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Ast%3A1675058240&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:09 GMT
last-modified: Mon, 30-Jan-2023 05:57:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
reerfdfgourgo.xyz/Zlp0N0hJZRdEdQcOIn0cMDISdSYef0ZxKVcpNlIQEiwsZh5ePCMPbhIzEApxUWtNAH1AKh1TdVVoUkQ8By4BRHVXfB1ZLglnUkF1VnRNGXlIalJCdVd8AEcpAWdFETgSLhgKeVBtQQd9XmhHDnBfbA
188.114.97.1204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/Zlp0N0hJZRdEdQcOIn0cMDISdSYef0ZxKVcpNlIQEiwsZh5ePCMPbhIzEApxUWtNAH1AKh1TdVVoUkQ8By4BRHVXfB1ZLglnUkF1VnRNGXlIalJCdVd8AEcpAWdFETgSLhgKeVBtQQd9XmhHDnBfbA
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Zlp0N0hJZRdEdQcOIn0cMDISdSYef0ZxKVcpNlIQEiwsZh5ePCMPbhIzEApxUWtNAH1AKh1TdVVoUkQ8By4BRHVXfB1ZLglnUkF1VnRNGXlIalJCdVd8AEcpAWdFETgSLhgKeVBtQQd9XmhHDnBfbA HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DVR3inCQdPnQgTj40EZWNyisFq94kMnJfOctHqHRYQnKADvaGlJ%2BFjlVl1EFIDPFF%2BkanGb6JTSN1TAx%2FuvFhDBa6Y2%2FFjaFJaFFBiU%2FN9YXYKKJfHWRrdxsTb3QVOlD0IOXng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7edaaccfab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reerfdfgourgo.xyz/amJlZTRFXQYWCQg1ARduBiQAMHIkNT9UZjg1I1xZPSRQP2wHM0MRXQ5fXFIHXlVWQ0QDBlhUDEwREQRAHxFYVBIDDAMKCUwUWFQaWkxXSwZMF1hUEh4SBAIJW0QVEUAGX1RTA19SUF0GWVtcVQw
188.114.97.1204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/amJlZTRFXQYWCQg1ARduBiQAMHIkNT9UZjg1I1xZPSRQP2wHM0MRXQ5fXFIHXlVWQ0QDBlhUDEwREQRAHxFYVBIDDAMKCUwUWFQaWkxXSwZMF1hUEh4SBAIJW0QVEUAGX1RTA19SUF0GWVtcVQw
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /amJlZTRFXQYWCQg1ARduBiQAMHIkNT9UZjg1I1xZPSRQP2wHM0MRXQ5fXFIHXlVWQ0QDBlhUDEwREQRAHxFYVBIDDAMKCUwUWFQaWkxXSwZMF1hUEh4SBAIJW0QVEUAGX1RTA19SUF0GWVtcVQw HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AiBVxbgzICThJyeLmHcTggYYsWPIpgbdnv3vsSwmYpMiMZUrIh9m4lUfYrnMfHka7FGcH93YaF22JyTYRp6xVTr2v1QJOj9wX9I%2BVC806b5Bmzq9zl2IgdWaJTBQg7FX4fw3bA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7edaacffab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A278681828%3Arqn%3A8%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058240%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A278681828%3Arqn%3A8%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058240%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A278681828%3Arqn%3A8%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058240%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:09 GMT
last-modified: Mon, 30-Jan-2023 05:57:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
prototypewailrubber.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
173.233.137.36200 OK 3.9 kB URL HTTP/1.1 prototypewailrubber.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
IP 173.233.137.36:0
File type JSON data\012- , ASCII text, with very long lines (5611), with no line terminators
Hash b8b90ab8f9d32a99cc510f022607db1d
951afb4ae50f1e388cd90c0e2f8c24036947236a
8d7526c661f86211f7a2eafd303be89a2f631f41927a5e9496789af9c53c805a
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1
Host: prototypewailrubber.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:09 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Tue, 31 Jan 2023 05:57:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 31 Jan 2023 05:57:09 GMT; secure; SameSite=None
uncs=1; expires=Tue, 31 Jan 2023 05:57:09 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 31 Jan 2023 05:57:09 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 31 Jan 2023 05:57:09 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3870583]; expires=Mon, 30 Jan 2023 05:57:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cc53c84de9b3dc927406d0fedf74f371
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
feignthat.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s0XvriIP%2FDiQZ2bCjLpnplOMuYQjGskuGbj7kpQvNSvnilT09VUdU1PcjHsguxx9uax85lkg%2B4iLl68LCwTL5KT7WHJwfwTgmeZycDog6r3Xn0e1Ofz3vv20F%2BQEJ6eb39q9pXWdDGuh7V3dlQqTOFqW3dqUVgPV2s7Kl1qrdYGk8v234%2FCuB6%2BW%2FtY8l2z2AijMIzCqLahrEzMYHGKQmWP21G9HdZbjXoUtzCw%2F82dD%2BBoANG%2FIK9Ciep%2F3d%2BeQPEx0t5P16XbzU323kc9r2luLPri5PN0NzVFit48TGyAJD2ZVcO4ipDvrsCkJzMFMP2jiQIwVZHgeQSWnsxogvWPL5kyDZmCiWso%2BmNIPYaiY3BzD0r8TgAusHUTae%2FhlrEF3btE6QStyMLff0EVFVn48zWkvR%2FXtRrUbhvtc2VSh0FSQg3GUJ0xMn%2BKfD%2BAKk7B87tQgiDtlVCinKpWagyVjKHlENQF8JOjAvgkgM8C9MR5jcbtJAyXE5Y0mystznmzyXm8siRi0WytJCE8n9AaIs%2BG4HoIbg%2BQ2QPsqgcVIXePYP0zuG4JJwK4vCLBZwfoixKFJCgcQUEJCkVQ5ARFvzwW2jVc%2BVBo51k0842Zb5Yjk3cO6bHJOzIlh9kFeWXSlODFb97GrjyvNaJENttxmLSihgwbS7zZTCK2xKVcipqSUThVQrkrU737qiJvxteQqYr8f%2B0ZGD2F06fg6mVQ%2FwZoMVpuhKDdUWslxH76S0pzb6nuSqrzrjPeclnn2jMIUyLLF5DvBYf6grw%2BHdTqSwNIfrb2c3Nq4LZEZkt8rX4l6Oj7o1umIEe3TOHIk5tZrnpqn06GeDunubz6wydyrzBWbF53w%2B8%2F4BNgEj6%2BI11%2Bg6ZCpR1HHq0rIaTdMJZL8nTT7Ui27V133dvUZze2P9zY7GVWOqdMOgZVFSHnm%2BCqIi88%2FXK6oG89%2BgLKjmF9iZ4%2FIzODMqfg2QFcNufvDIHV8xqWBSh8ObINNn%2FUikDLeU5ZCfevnM3jQ3cfHRuA5vema9m3Jfq6BNVDOH91lGf2bO2P2edMByOmbXDEtNUPLpvr1HlNxkmYyLAhWdJmyTINRTtptRltR3KZxTRC7ir%2B%2FKv4HwAAAP%2F%2FAQAA%2F%2F9b4KhreAQAAA%3D%3D
173.233.137.44200 OK 7 B URL HTTP/1.1 feignthat.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s0XvriIP%2FDiQZ2bCjLpnplOMuYQjGskuGbj7kpQvNSvnilT09VUdU1PcjHsguxx9uax85lkg%2B4iLl68LCwTL5KT7WHJwfwTgmeZycDog6r3Xn0e1Ofz3vv20F%2BQEJ6eb39q9pXWdDGuh7V3dlQqTOFqW3dqUVgPV2s7Kl1qrdYGk8v234%2FCuB6%2BW%2FtY8l2z2AijMIzCqLahrEzMYHGKQmWP21G9HdZbjXoUtzCw%2F82dD%2BBoANG%2FIK9Ciep%2F3d%2BeQPEx0t5P16XbzU323kc9r2luLPri5PN0NzVFit48TGyAJD2ZVcO4ipDvrsCkJzMFMP2jiQIwVZHgeQSWnsxogvWPL5kyDZmCiWso%2BmNIPYaiY3BzD0r8TgAusHUTae%2FhlrEF3btE6QStyMLff0EVFVn48zWkvR%2FXtRrUbhvtc2VSh0FSQg3GUJ0xMn%2BKfD%2BAKk7B87tQgiDtlVCinKpWagyVjKHlENQF8JOjAvgkgM8C9MR5jcbtJAyXE5Y0mystznmzyXm8siRi0WytJCE8n9AaIs%2BG4HoIbg%2BQ2QPsqgcVIXePYP0zuG4JJwK4vCLBZwfoixKFJCgcQUEJCkVQ5ARFvzwW2jVc%2BVBo51k0842Zb5Yjk3cO6bHJOzIlh9kFeWXSlODFb97GrjyvNaJENttxmLSihgwbS7zZTCK2xKVcipqSUThVQrkrU737qiJvxteQqYr8f%2B0ZGD2F06fg6mVQ%2FwZoMVpuhKDdUWslxH76S0pzb6nuSqrzrjPeclnn2jMIUyLLF5DvBYf6grw%2BHdTqSwNIfrb2c3Nq4LZEZkt8rX4l6Oj7o1umIEe3TOHIk5tZrnpqn06GeDunubz6wydyrzBWbF53w%2B8%2F4BNgEj6%2BI11%2Bg6ZCpR1HHq0rIaTdMJZL8nTT7Ui27V133dvUZze2P9zY7GVWOqdMOgZVFSHnm%2BCqIi88%2FXK6oG89%2BgLKjmF9iZ4%2FIzODMqfg2QFcNufvDIHV8xqWBSh8ObINNn%2FUikDLeU5ZCfevnM3jQ3cfHRuA5vema9m3Jfq6BNVDOH91lGf2bO2P2edMByOmbXDEtNUPLpvr1HlNxkmYyLAhWdJmyTINRTtptRltR3KZxTRC7ir%2B%2FKv4HwAAAP%2F%2FAQAA%2F%2F9b4KhreAQAAA%3D%3D
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s0XvriIP%2FDiQZ2bCjLpnplOMuYQjGskuGbj7kpQvNSvnilT09VUdU1PcjHsguxx9uax85lkg%2B4iLl68LCwTL5KT7WHJwfwTgmeZycDog6r3Xn0e1Ofz3vv20F%2BQEJ6eb39q9pXWdDGuh7V3dlQqTOFqW3dqUVgPV2s7Kl1qrdYGk8v234%2FCuB6%2BW%2FtY8l2z2AijMIzCqLahrEzMYHGKQmWP21G9HdZbjXoUtzCw%2F82dD%2BBoANG%2FIK9Ciep%2F3d%2BeQPEx0t5P16XbzU323kc9r2luLPri5PN0NzVFit48TGyAJD2ZVcO4ipDvrsCkJzMFMP2jiQIwVZHgeQSWnsxogvWPL5kyDZmCiWso%2BmNIPYaiY3BzD0r8TgAusHUTae%2FhlrEF3btE6QStyMLff0EVFVn48zWkvR%2FXtRrUbhvtc2VSh0FSQg3GUJ0xMn%2BKfD%2BAKk7B87tQgiDtlVCinKpWagyVjKHlENQF8JOjAvgkgM8C9MR5jcbtJAyXE5Y0mystznmzyXm8siRi0WytJCE8n9AaIs%2BG4HoIbg%2BQ2QPsqgcVIXePYP0zuG4JJwK4vCLBZwfoixKFJCgcQUEJCkVQ5ARFvzwW2jVc%2BVBo51k0842Zb5Yjk3cO6bHJOzIlh9kFeWXSlODFb97GrjyvNaJENttxmLSihgwbS7zZTCK2xKVcipqSUThVQrkrU737qiJvxteQqYr8f%2B0ZGD2F06fg6mVQ%2FwZoMVpuhKDdUWslxH76S0pzb6nuSqrzrjPeclnn2jMIUyLLF5DvBYf6grw%2BHdTqSwNIfrb2c3Nq4LZEZkt8rX4l6Oj7o1umIEe3TOHIk5tZrnpqn06GeDunubz6wydyrzBWbF53w%2B8%2F4BNgEj6%2BI11%2Bg6ZCpR1HHq0rIaTdMJZL8nTT7Ui27V133dvUZze2P9zY7GVWOqdMOgZVFSHnm%2BCqIi88%2FXK6oG89%2BgLKjmF9iZ4%2FIzODMqfg2QFcNufvDIHV8xqWBSh8ObINNn%2FUikDLeU5ZCfevnM3jQ3cfHRuA5vema9m3Jfq6BNVDOH91lGf2bO2P2edMByOmbXDEtNUPLpvr1HlNxkmYyLAhWdJmyTINRTtptRltR3KZxTRC7ir%2B%2FKv4HwAAAP%2F%2FAQAA%2F%2F9b4KhreAQAAA%3D%3D HTTP/1.1
Host: feignthat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: db18c3dc489936eda6b553c9ea4c311b
Strict-Transport-Security: max-age=0; includeSubdomains
d3t87ooo0697p8.cloudfront.net/DMTRDd3hSWy0RR0VdJ0pBBwZzRkwXXjAYFkEJOTEScF05GCprQSUSD19AK1EMS1B+R15dVS0QRRdRLRRFABIiExoMAGUDCF5ffg8PW187HhpDUzRRDVAJLhgCWFgvFl0DcnZZSBQGc18PWFonGA9CEXFHFkURcUdJARpzUktzEXFHD1hadUNdAnZmRUhJAn-dSS3MRcUcKRxFwNkkBAW1HURQGcxAdUl8sUkp3BnNGSAEFc0ZdAwQlHgpUUiwPXQNyckdNHwRlAkUA
54.230.245.154200 OK 574 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/DMTRDd3hSWy0RR0VdJ0pBBwZzRkwXXjAYFkEJOTEScF05GCprQSUSD19AK1EMS1B+R15dVS0QRRdRLRRFABIiExoMAGUDCF5ffg8PW187HhpDUzRRDVAJLhgCWFgvFl0DcnZZSBQGc18PWFonGA9CEXFHFkURcUdJARpzUktzEXFHD1hadUNdAnZmRUhJAn-dSS3MRcUcKRxFwNkkBAW1HURQGcxAdUl8sUkp3BnNGSAEFc0ZdAwQlHgpUUiwPXQNyckdNHwRlAkUA
IP 54.230.245.154:0
File type ASCII text, with very long lines (820), with no line terminators
Hash cb46fb64c495f85d2749d536c2d2711a
402cc857aea964b4f30f034b04a8e0b5675a5eac
6ad53d50475441b8ae515c33808c40f6637fac5d8f5bd43ee49c8f49fa71bf2d
GET /DMTRDd3hSWy0RR0VdJ0pBBwZzRkwXXjAYFkEJOTEScF05GCprQSUSD19AK1EMS1B+R15dVS0QRRdRLRRFABIiExoMAGUDCF5ffg8PW187HhpDUzRRDVAJLhgCWFgvFl0DcnZZSBQGc18PWFonGA9CEXFHFkURcUdJARpzUktzEXFHD1hadUNdAnZmRUhJAn-dSS3MRcUcKRxFwNkkBAW1HURQGcxAdUl8sUkp3BnNGSAEFc0ZdAwQlHgpUUiwPXQNyckdNHwRlAkUA HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coonandeg.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 574
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FcAi-k2UkRVroM6l_ZG-Hu2LfKpG5fnAwLdhO7SRBlGZiC4FYrn_bw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5a8c7d643345c758c0a3783247673240
1e1a992fd5791306b0c08c374c1183f1dd4bc014
b39ebd5c6d18a8c27756a62119d34ed6f0269751c89ed7a9ba9069ed11f10b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B39EBD5C6D18A8C27756A62119D34ED6F0269751C89ED7A9BA9069ED11F10B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2816
Expires: Mon, 30 Jan 2023 06:44:05 GMT
Date: Mon, 30 Jan 2023 05:57:09 GMT
Connection: keep-alive
d3t87ooo0697p8.cloudfront.net/aQzl5Y3ogVhcFRTdQHV5DdApNVEllUwoMFDMEACgOEg5IVkItel8XACcESUUWIlceXlwmVxpeS2VYHQFHdx8MAkcuVgMKFi9YXFE8dhdJRkhzEQ4KFCdWDhBfcQkXF19xCUhTVHMcSiFfcQkOChR1DVxQOGYLSRtMdxxKIV9xCQsVX3B4SFNPbQlQRkhzXh-wAESwcSyVIcwhJU0tzCFxRSiVQCwYcLEFcUTxyCUxNSmVMRFI
54.230.245.154200 OK 187 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/aQzl5Y3ogVhcFRTdQHV5DdApNVEllUwoMFDMEACgOEg5IVkItel8XACcESUUWIlceXlwmVxpeS2VYHQFHdx8MAkcuVgMKFi9YXFE8dhdJRkhzEQ4KFCdWDhBfcQkXF19xCUhTVHMcSiFfcQkOChR1DVxQOGYLSRtMdxxKIV9xCQsVX3B4SFNPbQlQRkhzXh-wAESwcSyVIcwhJU0tzCFxRSiVQCwYcLEFcUTxyCUxNSmVMRFI
IP 54.230.245.154:0
File type ASCII text, with no line terminators
Hash 639f7481e7160eb3a01b315c82c6bcc9
80429dc7501277753a82d5bf96a95ae31ed94236
0546c161ae0d19b9da192ce44541e8a90e5af67ddcd14bed07a4d05b269f6cfb
GET /aQzl5Y3ogVhcFRTdQHV5DdApNVEllUwoMFDMEACgOEg5IVkItel8XACcESUUWIlceXlwmVxpeS2VYHQFHdx8MAkcuVgMKFi9YXFE8dhdJRkhzEQ4KFCdWDhBfcQkXF19xCUhTVHMcSiFfcQkOChR1DVxQOGYLSRtMdxxKIV9xCQsVX3B4SFNPbQlQRkhzXh-wAESwcSyVIcwhJU0tzCFxRSiVQCwYcLEFcUTxyCUxNSmVMRFI HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coonandeg.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 187
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3BciTdWR39_LfEBqpEqbvXbM4nOdjmjP-IXbShFICd3tGAnCVjEyxQ==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/iaUFXcGEKLjkWXh0oM01YXnBuR1RPKyQfDxl8HSUqXy0TKDULKnEEGw18Z1YNCC8wTUcMLzRNUE8gMxJcXWcjAA4CfCIeBQwnPh4EDWciEVwELi0ZDQUgckInXG9nVVNZaSAZDw0uIANEW3E5BERbcWZAT1lkZDJEW3EgGQ9fdXJDI0xzZwhXXWRkMkRbcS-UGRFoAZkBUR3F+VVNZJjITCgZkZTZTWXBnQFBZcHJCUQ8oJRUHBjlyQidYcWJeUU80akE
54.230.245.154200 OK 323 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/iaUFXcGEKLjkWXh0oM01YXnBuR1RPKyQfDxl8HSUqXy0TKDULKnEEGw18Z1YNCC8wTUcMLzRNUE8gMxJcXWcjAA4CfCIeBQwnPh4EDWciEVwELi0ZDQUgckInXG9nVVNZaSAZDw0uIANEW3E5BERbcWZAT1lkZDJEW3EgGQ9fdXJDI0xzZwhXXWRkMkRbcS-UGRFoAZkBUR3F+VVNZJjITCgZkZTZTWXBnQFBZcHJCUQ8oJRUHBjlyQidYcWJeUU80akE
IP 54.230.245.154:0
File type ASCII text, with very long lines (410), with no line terminators
Hash 59698628f6d48eda06b63e83033ced6e
9c24139394e6d260b327535a109c0ebd6f4b0bd4
056eed79f09851a8f227480d558e43555c1c67181133568f9bc966447f9fcb78
GET /iaUFXcGEKLjkWXh0oM01YXnBuR1RPKyQfDxl8HSUqXy0TKDULKnEEGw18Z1YNCC8wTUcMLzRNUE8gMxJcXWcjAA4CfCIeBQwnPh4EDWciEVwELi0ZDQUgckInXG9nVVNZaSAZDw0uIANEW3E5BERbcWZAT1lkZDJEW3EgGQ9fdXJDI0xzZwhXXWRkMkRbcS-UGRFoAZkBUR3F+VVNZJjITCgZkZTZTWXBnQFBZcHJCUQ8oJRUHBjlyQidYcWJeUU80akE HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coonandeg.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 323
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lZaXtVCDW-ABzbxNnvt6SkM0g8YCv0SwRVrNAZh0pZRFvLy8vQ52cA==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c239475b53a2314c43c5922ef55e73f8
e30168fe4daa7e6ebe19591863e7175bf9ad784d
2f985a21771f800b54258c8b1e70a38c9249ef7b9bf2ec61e01d5717c2e204d4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1139
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:09 GMT
Last-Modified: Mon, 30 Jan 2023 05:38:10 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4832b523537a23be2360a60f80b19115
67c7281621269de7f8c1b6c4aecef7eb19f04bfe
8282b65e611998c30f7a9fbace9effbd192d3792dcdd1ade71f1f23032d7a434
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4832b523537a23be2360a60f80b19115
67c7281621269de7f8c1b6c4aecef7eb19f04bfe
8282b65e611998c30f7a9fbace9effbd192d3792dcdd1ade71f1f23032d7a434
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5204
Expires: Mon, 30 Jan 2023 07:23:53 GMT
Date: Mon, 30 Jan 2023 05:57:09 GMT
Connection: keep-alive
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.97.10200 OK 1.9 kB URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.97.10:0
File type ASCII text, with very long lines (3211), with no line terminators
Hash 965e7b1c5e3a77a101db19527445f5e8
4ff89b5074e4bc760466a8bbcdb9fadb9cf0c13c
63813fc187d1f2eba0aae36d15e81f0575bf1e6dcf00aeb45c055540d5ad9468
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-183501608b0"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8260446
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZY%2FycgN1cgLjIsWXOrQ%2Fsg71cV1dPeV%2BFnURvhhsW7gAnwnaTy0So60RD9y6tfm7mxK2rg2elDQFjZggv8EkraMuDzEnCUvTtx7gSqxRdv0lxXiU31SMZlb6fyyhpRQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df79637701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
coonandeg.xyz/utx?cb=iCIUVVB2Dhs1&top=xfantazy.com&tid=971975
54.192.99.27204 No Content 0 B URL HTTP/2 coonandeg.xyz/utx?cb=iCIUVVB2Dhs1&top=xfantazy.com&tid=971975
IP 54.192.99.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=iCIUVVB2Dhs1&top=xfantazy.com&tid=971975 HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 05:57:09 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 30 Jan 2023 05:58:09 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ffa40c4091d11859ad05cf9748508c58.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: Il_D5i3XmKp0EdbdXObCvi8Bw9b2az4KcZhGWB6EDs9HRPjm4lgEkw==
X-Firefox-Spdy: h2
coonandeg.xyz/utx?cb=rjdavoiCwQs3&top=xfantazy.com&tid=962014
54.192.99.27204 No Content 0 B URL HTTP/2 coonandeg.xyz/utx?cb=rjdavoiCwQs3&top=xfantazy.com&tid=962014
IP 54.192.99.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=rjdavoiCwQs3&top=xfantazy.com&tid=962014 HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 05:57:09 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 30 Jan 2023 05:58:09 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ffa40c4091d11859ad05cf9748508c58.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: L4np5lBXprbgk_xUUkEKpNqWbklk3CSSdLkoJXB8eVBY_l0_4B7DbQ==
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.4200 OK 798 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 38e243410eeaa59d307aacbb89ffe442
d9505eb877f4dfabf9e47ed1c12577aa7bb2f290
352ed1d9b03a4b0a02975a9c49177f94d5c11ca74d848120dca59b322569f49b
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:09 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 30 Jan 2023 06:57:09 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash ba8003d2680fe6ce73a28bbd8b771fb4
7e023c9c215844c3a1f15f96839e916b6849c52b
3a0fea2ac54011aeaec53a1eb3a9d33bb06f421ca9bb4888bde539355bf75334
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Jan 2023 05:57:09 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1896196805%3A1675058229791816&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHc9GhGK7QzNgLiticVswJvZogIjj2njIVpnjGvKv-fnyhwKVHbB_Uhv3rM2g5ANtrpttvyyIQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-kHYJOTPAyE6KVfDDL4Oh9w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:BH1SrPzdmEBkNNGwZrEx09_9juo2iw:lGi4ZGp_qi4mNy4H;Path=/;Expires=Wed, 29-Jan-2025 05:57:09 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-284248349%3A1675058229790210&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdDPKg4Q-MEoISmwtVwa4pior4JlWDfNeOsAly3ho_0HFXvkR-WHCBUJ0UdhWdRAD2GUz_m6g
142.250.74.109403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-284248349%3A1675058229790210&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdDPKg4Q-MEoISmwtVwa4pior4JlWDfNeOsAly3ho_0HFXvkR-WHCBUJ0UdhWdRAD2GUz_m6g
IP 142.250.74.109:0
Hash 04f9230eaf31078bd39bc6414ed602c1
847734986d3b82ef7c68c000106eec6fed624e27
35105f4e859bca617122067a53294331ef83c47a12d23e826c0549d237034987
GET /v3/signin/identifier?dsh=S-284248349%3A1675058229790210&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdDPKg4Q-MEoISmwtVwa4pior4JlWDfNeOsAly3ho_0HFXvkR-WHCBUJ0UdhWdRAD2GUz_m6g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Jan 2023 05:57:09 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-dlCLnpvaMccqd-42EyvNqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1141ae65ad448fb3438690d5042af728
aa8b236bb1099c9440bfe3e98530939623250c03
e55eeaf5cd454042706c3e2d7d2b0211e91087b430cb5bae6b9e030392f57b4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5204
Expires: Mon, 30 Jan 2023 07:23:53 GMT
Date: Mon, 30 Jan 2023 05:57:09 GMT
Connection: keep-alive
static-cache.k2s.cc/thumbnail/IuuS7nDzmPvu-TqUrA/w320h240/0.jpeg
188.72.235.186200 OK 57 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IuuS7nDzmPvu-TqUrA/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=3, software=paint.net 4.3.11], baseline, precision 8, 950x150, components 3\012- data
Hash 84ff9617d23cbe52b5c4029e3f4c6cfd
71b3f5444f540dcf07251895e3d45fe4c2de0a04
41ec9a03d6ccdb86e5b36efbdeafe00e56a5c3985718edb792bf48d3b6dfd802
GET /thumbnail/IuuS7nDzmPvu-TqUrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/jpeg
content-length: 13695
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cOXAvSWunqvvqmiW-w/w320h240/0.jpeg
188.72.235.186200 OK 8.8 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cOXAvSWunqvvqmiW-w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 6d191179ccdd889d55bc1fe3fd416223
9f8f18c1c882e36552defc12443ab646ae5fe460
500fa301c4bf8119dc99f58ebaf4a83d2feaab8d2d20407afc37d8c84d28826a
GET /thumbnail/cOXAvSWunqvvqmiW-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/jpeg
content-length: 8794
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LOrHu3T0m_zq-GnE-A/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LOrHu3T0m_zq-GnE-A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 937d0d8e86addb48fc65b0546959ce10
715ea167816f5c3f6605920cdffaaa82e47c2df6
150eba7c9339c5fdf17d7948ac0276f4c9e423e85d67d149c45b3e5446c11cc0
GET /thumbnail/LOrHu3T0m_zq-GnE-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/jpeg
content-length: 11252
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d7_AuyKhzK7rrD_C9w/w320h240/0.jpeg
188.72.235.186200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d7_AuyKhzK7rrD_C9w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 218ead8eaaecc671b7b48a812d7ccf7c
eae485e61ffc60aa2cfc4d888b03481e641c7f85
654d982e96615c06724eb42c286b9d25d771d0edd2ee1e03fb78e1df7645587b
GET /thumbnail/d7_AuyKhzK7rrD_C9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/jpeg
content-length: 13407
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LO-TuCD0wvu-8TnF_g/w320h240/0.jpeg
188.72.235.186200 OK 9.9 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LO-TuCD0wvu-8TnF_g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash feab7bc5b8d5993e5cf1b6d54c2f7838
3a2a926ea4b70488d41cb586e0128e1f66b0c26f
479888351159ada147f1436e1076b90b8cb6ef122618b2e4f5bbedb5fc22df66
GET /thumbnail/LO-TuCD0wvu-8TnF_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/jpeg
content-length: 9860
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ceyQtCevyai--T7G_A/w320h240/0.jpeg
188.72.235.186200 OK 9.6 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ceyQtCevyai--T7G_A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 126dd320709676d52e8559ff54d8caf9
a2837569f4a5868c6793396f9a7dd2d5e954e5ee
e81b4ed709c152743e7621860424df4eca3b4dcc4871d1cd7664717c01a010dc
GET /thumbnail/ceyQtCevyai--T7G_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/jpeg
content-length: 9592
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IOiT6Sf0mPu5rmqfqg/w320h240/0.jpeg
188.72.235.186200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IOiT6Sf0mPu5rmqfqg/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 6db99c576ce7995e284cb31eca70a176
ee892c9c8b9ca9248f551364b18a9904c8038887
c0f99abddc2422729c3d7237ea7a7794fd278818c2be279084f7362da697d09a
GET /thumbnail/IOiT6Sf0mPu5rmqfqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/jpeg
content-length: 12578
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IL7B7yX3zKu_qj_D-g/w320h240/0.jpeg
188.72.235.186200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IL7B7yX3zKu_qj_D-g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 471387d7fe869397cb6ecf9308d4a3bb
d4c5c49bfd22d9e4f17e6cf205d2998ebc852898
e4879add626268bc7de88a287548cd294968e3218b78bf23068a1880cc0a7cd2
GET /thumbnail/IL7B7yX3zKu_qj_D-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/jpeg
content-length: 12494
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cO_B6SCjzq24-j_FrQ/w320h240/0.jpeg
188.72.235.186200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cO_B6SCjzq24-j_FrQ/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 88fad70b899ebf041c1dba38e423cdaf
bfa9d23cae6a8d5e767b5b1d7dc69e04f67154f9
bf861075b41972199b3b21cd26d78d2b5f352be46a0a6a981f696ef046a2106a
GET /thumbnail/cO_B6SCjzq24-j_FrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/jpeg
content-length: 11730
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tXGeGbjTZhNs6sxqupY7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-length: 0
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tXGeGbjTZhNs6sxqupY7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-length: 0
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tXGeGbjTZhNs6sxqupY7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-length: 0
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=tXGeGbjTZhNs6sxqupY7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-length: 0
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b41889a40c2434e798ead100af7f479c
31a230fb16c1d5e68f98dcd2bc3511f512b7062d
eade5dcbf67a429ddb4860226d57b68f630ec5e3b3ffe5fc610c63000a67a895
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EADE5DCBF67A429DDB4860226D57B68F630EC5E3B3FFE5FC610C63000A67A895"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7497
Expires: Mon, 30 Jan 2023 08:02:07 GMT
Date: Mon, 30 Jan 2023 05:57:10 GMT
Connection: keep-alive
prototypewailrubber.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREfuoIJPq%2BZHJmMNiXCPBNRt3VyLipbqqelKmuqup6p6eDAhhF2SPszePnc8kG3SDuHgTFmTiRXKyPSxzMAf%2FAC%2BCV2UmA6MPqt579XlQn89778vD%2FIJQ5Gyy%2FaEZKK3ZcqtG%2FTd2VCJM4fytu35Aa3TN31HJSnPN708v23s7oK0afdN%2FX%2FI9s1ynAaUBDfwNZWVk%2BsszFCo97QS1Dq0167Wg1UTf%2Fjd3uQfHPIjeBXkZSlT%2F2%2F35CRQfI4m%2FuyHdXmbSt96Lc80yY9ETJx8ne4kpEsSLMLIeouRkXg3jKkK%2BugKTnMwVwPSOpgoQqop4zwKEycmcJsLe8SXTUEMmCMVzKHpjSD2GYmNwcx9K%2FEIALrB1C0n8aMvYgu1fomyKVmTprz%2Bhioos%2FXYNSfztulZ9%2F47ReaZM4tCPSqj%2BGKo7RpqfIRt4UMUZeHYPShAkcQklyplqpcZQ0RhaDsGch3x6lIc88pCnHmIx8VmrE1HajsKo0Vhtcs4bDc5bqyuiJRrN1Ygi51NaQ2TpEFwPwe0BUnuAPfWwIuTeEWz%2BI9xuCSc8uKwi3kcH6IkShSQoHEHBCApFUGQERa88FtrVXflIaJeHwdzX575RjkzWPWTHJuvKhBymF%2BSlWVP%2BeP4H7MmJz%2BpRp0OjgDbbK3Ql4O2gIwIeMNZgdclFHU6VUO7KTO9AVeTaq78jnU7qi78RsjM4fQauXgTLXwMrRu06BdsdNVcpBslpP2JJxgb7NW5iCFMizZaQ7XuH%2BoK8MuOx9kIByc%2Bvf9%2BYGbgtkdoSn6ufCLr6wei2KcjRbVM48uRWmqlYDdh0cHcylsmr33wg9wtjxeYNN%2Fz6HT4FpuHpXemymywRKuk68nhdCSHthrFckqebbkeG27nbXc9tkqc3t9%2Fd2IxTK51TJhmDqYqQySa4qsj%2Fn346W8rXH38CZceweYk4PydzgzJn4OkBXLrg7wyB1YuaMPVQ5OXI1sPFo1YEWi5yFpZw%2F8rDRXzoHqBrPbDs%2FmwVe7ZET5dgegiXXx1lqT2%2F%2Fuv881B7o1Bb7yjUVj%2B8bK5TE1%2B2IhpJWpdh1AmjNqOiEzU7IesEsh22WIDMVfzZZ61%2FAAAA%2F%2F8BAAD%2F%2F5zdjQtsBAAA
173.233.137.36200 OK 7 B URL HTTP/1.1 prototypewailrubber.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREfuoIJPq%2BZHJmMNiXCPBNRt3VyLipbqqelKmuqup6p6eDAhhF2SPszePnc8kG3SDuHgTFmTiRXKyPSxzMAf%2FAC%2BCV2UmA6MPqt579XlQn89778vD%2FIJQ5Gyy%2FaEZKK3ZcqtG%2FTd2VCJM4fytu35Aa3TN31HJSnPN708v23s7oK0afdN%2FX%2FI9s1ynAaUBDfwNZWVk%2BsszFCo97QS1Dq0167Wg1UTf%2Fjd3uQfHPIjeBXkZSlT%2F2%2F35CRQfI4m%2FuyHdXmbSt96Lc80yY9ETJx8ne4kpEsSLMLIeouRkXg3jKkK%2BugKTnMwVwPSOpgoQqop4zwKEycmcJsLe8SXTUEMmCMVzKHpjSD2GYmNwcx9K%2FEIALrB1C0n8aMvYgu1fomyKVmTprz%2Bhioos%2FXYNSfztulZ9%2F47ReaZM4tCPSqj%2BGKo7RpqfIRt4UMUZeHYPShAkcQklyplqpcZQ0RhaDsGch3x6lIc88pCnHmIx8VmrE1HajsKo0Vhtcs4bDc5bqyuiJRrN1Ygi51NaQ2TpEFwPwe0BUnuAPfWwIuTeEWz%2BI9xuCSc8uKwi3kcH6IkShSQoHEHBCApFUGQERa88FtrVXflIaJeHwdzX575RjkzWPWTHJuvKhBymF%2BSlWVP%2BeP4H7MmJz%2BpRp0OjgDbbK3Ql4O2gIwIeMNZgdclFHU6VUO7KTO9AVeTaq78jnU7qi78RsjM4fQauXgTLXwMrRu06BdsdNVcpBslpP2JJxgb7NW5iCFMizZaQ7XuH%2BoK8MuOx9kIByc%2Bvf9%2BYGbgtkdoSn6ufCLr6wei2KcjRbVM48uRWmqlYDdh0cHcylsmr33wg9wtjxeYNN%2Fz6HT4FpuHpXemymywRKuk68nhdCSHthrFckqebbkeG27nbXc9tkqc3t9%2Fd2IxTK51TJhmDqYqQySa4qsj%2Fn346W8rXH38CZceweYk4PydzgzJn4OkBXLrg7wyB1YuaMPVQ5OXI1sPFo1YEWi5yFpZw%2F8rDRXzoHqBrPbDs%2FmwVe7ZET5dgegiXXx1lqT2%2F%2Fuv881B7o1Bb7yjUVj%2B8bK5TE1%2B2IhpJWpdh1AmjNqOiEzU7IesEsh22WIDMVfzZZ61%2FAAAA%2F%2F8BAAD%2F%2F5zdjQtsBAAA
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREfuoIJPq%2BZHJmMNiXCPBNRt3VyLipbqqelKmuqup6p6eDAhhF2SPszePnc8kG3SDuHgTFmTiRXKyPSxzMAf%2FAC%2BCV2UmA6MPqt579XlQn89778vD%2FIJQ5Gyy%2FaEZKK3ZcqtG%2FTd2VCJM4fytu35Aa3TN31HJSnPN708v23s7oK0afdN%2FX%2FI9s1ynAaUBDfwNZWVk%2BsszFCo97QS1Dq0167Wg1UTf%2Fjd3uQfHPIjeBXkZSlT%2F2%2F35CRQfI4m%2FuyHdXmbSt96Lc80yY9ETJx8ne4kpEsSLMLIeouRkXg3jKkK%2BugKTnMwVwPSOpgoQqop4zwKEycmcJsLe8SXTUEMmCMVzKHpjSD2GYmNwcx9K%2FEIALrB1C0n8aMvYgu1fomyKVmTprz%2Bhioos%2FXYNSfztulZ9%2F47ReaZM4tCPSqj%2BGKo7RpqfIRt4UMUZeHYPShAkcQklyplqpcZQ0RhaDsGch3x6lIc88pCnHmIx8VmrE1HajsKo0Vhtcs4bDc5bqyuiJRrN1Ygi51NaQ2TpEFwPwe0BUnuAPfWwIuTeEWz%2BI9xuCSc8uKwi3kcH6IkShSQoHEHBCApFUGQERa88FtrVXflIaJeHwdzX575RjkzWPWTHJuvKhBymF%2BSlWVP%2BeP4H7MmJz%2BpRp0OjgDbbK3Ql4O2gIwIeMNZgdclFHU6VUO7KTO9AVeTaq78jnU7qi78RsjM4fQauXgTLXwMrRu06BdsdNVcpBslpP2JJxgb7NW5iCFMizZaQ7XuH%2BoK8MuOx9kIByc%2Bvf9%2BYGbgtkdoSn6ufCLr6wei2KcjRbVM48uRWmqlYDdh0cHcylsmr33wg9wtjxeYNN%2Fz6HT4FpuHpXemymywRKuk68nhdCSHthrFckqebbkeG27nbXc9tkqc3t9%2Fd2IxTK51TJhmDqYqQySa4qsj%2Fn346W8rXH38CZceweYk4PydzgzJn4OkBXLrg7wyB1YuaMPVQ5OXI1sPFo1YEWi5yFpZw%2F8rDRXzoHqBrPbDs%2FmwVe7ZET5dgegiXXx1lqT2%2F%2Fuv881B7o1Bb7yjUVj%2B8bK5TE1%2B2IhpJWpdh1AmjNqOiEzU7IesEsh22WIDMVfzZZ61%2FAAAA%2F%2F8BAAD%2F%2F5zdjQtsBAAA HTTP/1.1
Host: prototypewailrubber.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 32d9d15de61c4175ac5c50611ef70150
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4182
Expires: Mon, 30 Jan 2023 07:06:52 GMT
Date: Mon, 30 Jan 2023 05:57:10 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4182
Expires: Mon, 30 Jan 2023 07:06:52 GMT
Date: Mon, 30 Jan 2023 05:57:10 GMT
Connection: keep-alive
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 1.6 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (579)
Hash 83ac1016c0127f68679dacabc549e345
1398f2cae196a59e8a54ea26ca058017bf635278
de25ccf45fd497c82f492f7818a43b8065a4189be85464d34b8e1509b6932ff3
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/html; charset=utf-8
content-length: 1631
cache-control: no-cache
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash efec58c8c8c050c8711b62a3726c7185
3bc15ff73fdf5805e95592017a165400d13300b3
82701b72f919d09e8ee859d28376fc4e2e99596d2b18f3933c544f4f764e7bac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "82701B72F919D09E8EE859D28376FC4E2E99596D2B18F3933C544F4F764E7BAC"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4748
Expires: Mon, 30 Jan 2023 07:16:18 GMT
Date: Mon, 30 Jan 2023 05:57:10 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.166.9200 OK 1.4 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.166.9:0
Hash 6cdd789b90c1c5ce8c9fc4fa96ef5514
7d7a38394050d8373d151623588160ad69871d2f
c3b1b33cab5420a47084ddeb26cb51928a3b987b1cc9ba90a2eabc26dd14aae3
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 531150
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=257Od%2BkBz54DFPGm4SDDBv%2BG2mE7b9ApjO1GRhBY468nmNsVmJhBbQeT66Ets1xwk78d0X55Z6VuhRAG4vLveZWOQipx8IsmQCmWBJxdFUFGrcWjJqm%2BUzJ8%2BbbMF7PTRszKkPWqRfXM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7f2cd00777d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/nativeads-v2.js
185.76.9.21200 OK 16 kB URL HTTP/2 a.realsrv.com/nativeads-v2.js
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type C source, ASCII text, with very long lines (63125), with no line terminators
Hash 022493cb05ba6394011b9fc7680b9904
af1c8d196bafe2c3eb90fdd7fdb4063be4c12583
8106eabdbd83626383751632abcf6dc514fed908f3702a48862941568aa944dd
GET /nativeads-v2.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: application/javascript
etag: W/"21b43fd9d304f2027f605b8ad4d"
expires: Tue, 24 Jan 2023 13:18:50 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675063227
server: CDN77-Turbo
x-77-nzt: AblMCRSoDG7/qxYAAA
x-77-nzt-ray: af585630a1107e70365cd7636df1530e
x-cache: HIT
x-age: 5803
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891828&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
95.211.229.248200 OK 2.0 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891828&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3639), with no line terminators
Hash 3f3f40c32ad6150a7732829e78aee534
1c814183ee817ca0adef17a7dda211f37a87ba44
a0ea7da712d346f087236aabc2c317a15506a35b90996457484574b744bea6db
GET /splash.php?native-settings=1&idzone=4891828&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263d75c3668bd63.99245761607807902%22%3B%7D; expires=Wed, 29 Jan 2025 05:57:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrescroogeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcce; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891828%7C74337952%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891820&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
95.211.229.248200 OK 1.9 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891820&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3501), with no line terminators
Hash 410e304e7ccc093106bcb2e64e36df44
570f0fdf9a300c7353340c63db60a09bf8399e07
59e03706917035d429425a8fae85260744a32b97caf29bb11179f77a5723ced3
GET /splash.php?native-settings=1&idzone=4891820&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c36692a15.922369733190848960%22%3B%7D; expires=Wed, 29 Jan 2025 05:57:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrescroogeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimbsblroanxgxamrerbosegcbe; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891820%7C78389526%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.realsrv.com/iframe.js?idzone=4891806&size=300x250
185.76.9.21200 OK 1.3 kB URL HTTP/2 a.realsrv.com/iframe.js?idzone=4891806&size=300x250
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
Hash 25fcaa1fa3ec9098fdb95944398c1bcb
e7ee47b9d07feaf0c5a304aad62f8ebefe4137d9
ee7f294bae2cc19685512d12702c7480a151abd031dac8a8eb210db50bf406ab
GET /iframe.js?idzone=4891806&size=300x250 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891806&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: application/javascript
etag: W/"30db3f5c5fd6c4f4677e8a4efaa"
expires: Tue, 24 Jan 2023 13:19:24 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675067607
server: CDN77-Turbo
x-77-nzt: AblMCRQdLnv/jwUAAA
x-77-nzt-ray: af585630a1107e70365cd763e792321b
x-cache: HIT
x-age: 1423
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 8.8 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (3652)
Hash ad836838592ae428e44bfb360603fa9d
97963c384f4e49737cb677250b8417e1e5c65cb0
e5710b0f0b0d601df1a069e680880a96ba31c3ed4668cdaca4e9a626b331ae56
GET /api/spots/420556?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=3azJcc9j8HembanVmdaC; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 5.4 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (3648)
Hash c83a6b510b65d3b5176c7437114dfb1b
06284ee885c5402dfda2df70d50f1529b161f33a
c3fbfe430c38114f8be26882b2bbd2e31ce29028038c4ae6d94c1902490b25ba
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=s0XvyQmeJDFw6n2aDgYG; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420557?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 5.3 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/420557?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (3651)
Hash 679fe60c93e308a6b441a690e2eb1a86
a387f47cb58d2aa3510b3aab07e76d2ef9683809
f569e3c71a02af884e46f57740c50f200888a8b209641f173b371dfe8945044a
GET /api/spots/420557?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=ojHeYuVBJAqAMvlxhtsC; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.21200 OK 24 kB URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
Hash bd7e11b4ad0055cd84eadffa417e723a
999492df68c698cbe72d3c1e1d1ee918b6eee6dc
ae21555f8ed32091af959fec3853855b45aee511f618de2227103c166480407a
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891806&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: application/javascript
etag: W/"c86623937323852b5fe82a29fcb"
expires: Tue, 24 Jan 2023 13:18:38 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675063226
server: CDN77-Turbo
x-77-nzt: AblMCRQ+5dr/rBYAAA
x-77-nzt-ray: af585630a1107e70365cd763e1fe0f1b
x-cache: HIT
x-age: 5804
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 62452129bb8dec065bf82af1cd2325a0
9b32f067ac26364f2cd578bcdd40c50d18fd03d7
0d2f762553a22b9679301179d107a4a8f2e01efd82c6f432a806d4810481a08c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D2F762553A22B9679301179D107A4A8F2E01EFD82C6F432A806D4810481A08C"
Last-Modified: Sun, 29 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14908
Expires: Mon, 30 Jan 2023 10:05:38 GMT
Date: Mon, 30 Jan 2023 05:57:10 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png
45.133.44.9200 OK 80 kB URL HTTP/2 cdn.cloudimagesb.com/si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 422ab27df20d8765e0fcd3aa74306f6b
3b69a90b3d1a5bd964280b7bad97c2a5baaa6951
9f2c6b29335b1545ddfa2f7e84286472468f737e1d73f6f0562babac6e3afa5a
GET /si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/png
content-length: 79704
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:41 GMT
etag: "63a12955-13758"
expires: Wed, 01 Feb 2023 05:57:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
95.211.229.248200 OK 3.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (6857), with no line terminators
Hash 70251c734777d53232e12b2e0e4b2a03
709d02a9b69ad9bda3366e8304e138429a4ff0a6
96cfac0066e3130342b5a1113f18037287b6f16e1ab98f98be395230006d929e
GET /splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263d75c3668bd63.99245761607807902%22%3B%7D; impressions=oslmrxbrnxgxamrescroogeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891828%7C74337952%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263d75c3668bd63.99245761607807902%22%3B%7D; expires=Wed, 29 Jan 2025 05:57:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrerbosegeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamrerbosegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrerbosegeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcceimxxerreonxgxamrerbosegxcce; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d75c3668bd63.99245761607807902%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C74493138%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d75c3668bd63.99245761607807902%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C74493142%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d75c3668bd63.99245761607807902%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891828&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1
95.211.229.248200 OK 1.3 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891828&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (2791), with no line terminators
Hash 65515f494ad6e4057f569556844a5704
f106edb3ce3f309611d12cf8e70a9b4e8a8a9e51
03784764c249ce5cf729d53088ae56949ba8f65a88ec99e506a40db0eb1c5f13
GET /splash.php?native-settings=1&idzone=4891828&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c366941c6.257692743929865527%22%3B%7D; impressions=oslmrxbrnxgxamrescroogeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C74337952%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c366941c6.257692743929865527%22%3B%7D; expires=Wed, 29 Jan 2025 05:57:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrescroogeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbensgxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcceimxxerreonxgxamrerbosegxcce; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891828%7C71105502%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d75c366941c6.257692743929865527%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
45.133.44.9200 OK 78 kB URL HTTP/2 cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash da6e8937f3fcec61da25fb1ea7f619e8
c1f12b107da32a253a8cd69ded672148eeda5743
29b3dcf70160206a05807816cf001886c4715a0fa27bf39170909041a50a2c6e
GET /si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/png
content-length: 78410
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:11 GMT
etag: "63a12937-1324a"
expires: Wed, 01 Feb 2023 05:57:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
coonandeg.xyz/floater?cs=YVM1WFdXYABqZFNnBW5gVWMAaGA&abt=0&red=1&sm=83&k=xfantazy%20sadie%20hartz%20tiny%20patricks&v=0.9.1.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=1925628033511155&agec=1675058229&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=111.60714285714286&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_3pnj=1675058241008&crc=1
54.192.99.27200 OK 1.2 kB URL HTTP/2 coonandeg.xyz/floater?cs=YVM1WFdXYABqZFNnBW5gVWMAaGA&abt=0&red=1&sm=83&k=xfantazy%20sadie%20hartz%20tiny%20patricks&v=0.9.1.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=1925628033511155&agec=1675058229&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=111.60714285714286&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_3pnj=1675058241008&crc=1
IP 54.192.99.27:0
File type ASCII text, with very long lines (1746), with no line terminators
Hash bd350c85718206dcdf2a143061b52e62
8db9706178a9b26a2b1a39eba15c756c3bd10914
07ce9ebd5a3683ff3596a759ba8c87cc66a54a50bf888ea7ba53f1f8dfb7904a
GET /floater?cs=YVM1WFdXYABqZFNnBW5gVWMAaGA&abt=0&red=1&sm=83&k=xfantazy%20sadie%20hartz%20tiny%20patricks&v=0.9.1.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=1925628033511155&agec=1675058229&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=111.60714285714286&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_3pnj=1675058241008&crc=1 HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1161
date: Mon, 30 Jan 2023 05:57:10 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=b5c0ca69-8511-4d48-8bea-2cdb6b0600be
csu=1925628033511155
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ffa40c4091d11859ad05cf9748508c58.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: UEOJLw5ZXLH_ZCuBhF6fUcF3DXeJKjxshYSX_RAdB_jKfd3PegQovQ==
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891824&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1
95.211.229.248200 OK 2.0 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891824&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3660), with no line terminators
Hash 82357ea4a529b7942fc290c673de2cab
75bf2b27749c681e317878e87b6e7577dc2b56ff
eebd69deeefab0698026084c2ca8ce4531146e8059ff559bac8a6e36e3ced642
GET /splash.php?native-settings=1&idzone=4891824&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c366941c6.257692743929865527%22%3B%7D; impressions=oslmrxbrnxgxamrescroogeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C74337952%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c366941c6.257692743929865527%22%3B%7D; expires=Wed, 29 Jan 2025 05:57:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrerbosegeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcceimxxerreonxgxamrerbosegxcce; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891824%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d75c366941c6.257692743929865527%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
95.211.229.248200 OK 3.0 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5725), with no line terminators
Hash 58b35a02b3491fa097787350aa6b6300
b10874e7fadec7861cb366ee814e061fab295dab
fe44d8c54cdc70fc6213a58944b4d7bd1862b4a1595a880df96ad48ba17f67fc
GET /splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c366941c6.257692743929865527%22%3B%7D; impressions=oslmrxbrnxgxamrescroogeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C74337952%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c366941c6.257692743929865527%22%3B%7D; expires=Wed, 29 Jan 2025 05:57:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrerbosegeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrerbosegeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrerbosegeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcceimxxerreonxgxamrerbosegxcce; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C71105502%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d75c366941c6.257692743929865527%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C41873814%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d75c366941c6.257692743929865527%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C74493138%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d75c366941c6.257692743929865527%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891820&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1
95.211.229.248200 OK 1.3 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891820&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (2781), with no line terminators
Hash bf8c67cc3ec8ed8c1869aba3d6e135ed
80dd37a0c8b0ff02818f0b5a554a51e0072306f0
6a91860965f722769ff97c51b1486122d2f8eb756f939eb8082c6042a48aa819
GET /splash.php?native-settings=1&idzone=4891820&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c366941c6.257692743929865527%22%3B%7D; impressions=oslmrxbrnxgxamrescroogeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C74337952%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c366941c6.257692743929865527%22%3B%7D; expires=Wed, 29 Jan 2025 05:57:10 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrescroogeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrerbosegeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcceimxxerreonxgxamrerbosegxcce; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891820%7C71105502%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d75c366941c6.257692743929865527%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 31 Jan 2023 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.166.9200 OK 4.3 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.166.9:0
Hash 9328cffe38de4819e6847e347e41c271
b55daca4a32a379650c54e958e74208fc836177d
e7107de3fa30f0afeb54751c7d2c057cd9aefe9525073e604021d835d0f8370f
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 531150
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UEvzMM5Op0fXwhH9tppk2XhXWIFdEhcOGXRBxlURirQSu6sGZHhxwFsmun84KEdPXED%2Bz3ADWD1mnFklROnhzRHQedUqaxCY9507JdFSaD2NywsrzFTl2SEQm6hk6XQra8A4L5JnMLGy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7f29c8d777d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 117 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Size 117 kB (117011 bytes)
Hash e9db616f1425141d7b17345c13068ffd
c99be629703ef72b39e5d6d72f74e6b354481be2
ebd325eb1ddbb00e1a5b518dfa9129c4d88180280c8fce089efc8974aa0cebbe
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=saMm1P9Tq5q7h48bDQhZ; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.2 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1600), with no line terminators
Hash e784770b88da73e4e0a76a992e5b6ce3
5bf1c6d8b19de47c33131fb7148ae0b10d85db55
0fa9607b59d8d77e58c9f1aca53ea8a4bfc69832408c0ef29b05c8c3f86b60f6
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c366941c6.257692743929865527%22%3B%7D; impressions=oslmrxbrnxgxamrescroogeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronxgxamrerbosegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C74337952%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.227200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 00:48:39 GMT
expires: Tue, 30 Jan 2024 00:48:39 GMT
cache-control: public, max-age=31536000
age: 18511
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/802444/829cd26ee8f73baca4dedfe762897593489bff22.webp
185.76.9.18200 OK 6.8 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/802444/829cd26ee8f73baca4dedfe762897593489bff22.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f019913fa1bcdd5dfe98af59ac49bbb2
829cd26ee8f73baca4dedfe762897593489bff22
66d870e5558d185796bbfb5dd24d4a3ad46a4042933e49e98567659746c230cf
GET /library/802444/829cd26ee8f73baca4dedfe762897593489bff22.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/webp
content-length: 6768
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-1a70"
expires: Sat, 15 Jul 2023 11:44:54 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689721389
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1y3wL/iXUBAQ
x-77-nzt-ray: c0a4cc28fa3e415e365cd7632b10c231
x-cache: HIT
x-age: 16872841
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02QQW4DMQhFr9ILxPpgMHbX7baVUuUAHnuiVEobaZJUWXD4emZRlb/gCyF4wOC4A+0inoBntWeCFwoFQTiQir+9713Iv+vtvtTzaa7n2+l6uS9tDu18n1wki5JrSlKSFwNicsmFMpIrsiuZZcAtZ4FxdoFHxxBrFFldALiweoa/HvZ++HgZtcJUnJw9Ag9WDL+yOMNleDzgKXbTFlMqQi0FVkuFTWLhkpMqm2vvaVKe6zx1PuZSOhNV5JZmU0FfB3kNyzjruvyEdvnayDamBNv240872tII+OY+j0v9mt3/9ayybeygFFmxvdJR1GxOTTulyJgQJ6HxsW4lNvsFFOwu/YUBAAA=
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02QQW4DMQhFr9ILxPpgMHbX7baVUuUAHnuiVEobaZJUWXD4emZRlb/gCyF4wOC4A+0inoBntWeCFwoFQTiQir+9713Iv+vtvtTzaa7n2+l6uS9tDu18n1wki5JrSlKSFwNicsmFMpIrsiuZZcAtZ4FxdoFHxxBrFFldALiweoa/HvZ++HgZtcJUnJw9Ag9WDL+yOMNleDzgKXbTFlMqQi0FVkuFTWLhkpMqm2vvaVKe6zx1PuZSOhNV5JZmU0FfB3kNyzjruvyEdvnayDamBNv240872tII+OY+j0v9mt3/9ayybeygFFmxvdJR1GxOTTulyJgQJ6HxsW4lNvsFFOwu/YUBAAA=
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA02QQW4DMQhFr9ILxPpgMHbX7baVUuUAHnuiVEobaZJUWXD4emZRlb/gCyF4wOC4A+0inoBntWeCFwoFQTiQir+9713Iv+vtvtTzaa7n2+l6uS9tDu18n1wki5JrSlKSFwNicsmFMpIrsiuZZcAtZ4FxdoFHxxBrFFldALiweoa/HvZ++HgZtcJUnJw9Ag9WDL+yOMNleDzgKXbTFlMqQi0FVkuFTWLhkpMqm2vvaVKe6zx1PuZSOhNV5JZmU0FfB3kNyzjruvyEdvnayDamBNv240872tII+OY+j0v9mt3/9ayybeygFFmxvdJR1GxOTTulyJgQJ6HxsW4lNvsFFOwu/YUBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d75c366941c6.257692743929865527%22%3B%7D; impressions=oslmrxbrnxgxamrerbosegeicxbmsbcenxgxamreseallgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrescroogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrerbosegeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimxeoxsbenogxamreollxsgxcceimcclosscnxgxamreollxsgeimrxccosanxgxamreollxsgxcceimemlxbocnxgxamresecrcgxcceimxxerrebnxgxamresecrcgxcceialaroxrcnxgxamresecragxcceimxeoxsacnxgxamreseallgxcceimboslabcnxgxamreseallgxcceimxlbalscnogxamrescroogxcceislmbesllnxgxamrescroogxoaeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimmooobrbnxgxamrecexbegxcceimaoobbebnxgxamrecaxssgxcceimrbleaebnxgxamrerbxlcgxcceimcssmlronogxamrerbosegxcceimxxerreonxgxamrerbosegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C74493202%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d75c366941c6.257692743929865527%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263d75c366941c6.257692743929865527%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Wed, 29 Jan 2025 05:57:10 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/426059/ca3c36473024303ff73194dba002fe4549b397a0.webp
185.76.9.18200 OK 13 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/ca3c36473024303ff73194dba002fe4549b397a0.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1d262ebff5c05a42d0eb7e45836eb3bc
ca3c36473024303ff73194dba002fe4549b397a0
d489c2b443812337fb4246e719c92c8a576979786af6531f22c92e45402d20f9
GET /library/426059/ca3c36473024303ff73194dba002fe4549b397a0.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/webp
content-length: 13160
last-modified: Thu, 15 Sep 2022 15:28:27 GMT
etag: "6323449b-3368"
expires: Tue, 31 Oct 2023 21:29:31 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1704989530
server: CDN77-Turbo
x-77-nzt: AblMCQ2u4IX/XHwYAA
x-77-nzt-ray: c0a4cc28fa3e415e365cd7635442f131
x-cache: HIT
x-age: 1604700
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/759202/0684f0dde69af3df398a3daaf97b1d424226d6eb.webp
185.76.9.18200 OK 7.1 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/759202/0684f0dde69af3df398a3daaf97b1d424226d6eb.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a15c055949c94796180daec2eb91e754
0684f0dde69af3df398a3daaf97b1d424226d6eb
c6fd3c5f7ab2f75e5eac8105631ba9688133ee9054cf9d857857c016fec1f8a7
GET /library/759202/0684f0dde69af3df398a3daaf97b1d424226d6eb.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/webp
content-length: 7112
last-modified: Thu, 04 Nov 2021 11:46:24 GMT
etag: "6183c810-1bc8"
expires: Tue, 24 Oct 2023 17:35:50 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1699449909
server: CDN77-Turbo
x-77-nzt: AblMCQ08Unj/gQNtAA
x-77-nzt-ray: c0a4cc28fa3e415e365cd7637ddcf331
x-cache: HIT
x-age: 7144321
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp
185.76.9.18200 OK 7.2 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type gzip compressed data, max compression\012- data
Hash 7a0c56a6b861182f31897962a5710741
601a7b5fe30771d023be89dea996d7637d2625fb
13fbf46ad2da8e8102e37157dd53534108924ce610daf4cd4e2d645622619847
GET /library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/webp
content-length: 6782
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-1a7e"
expires: Tue, 24 Oct 2023 13:31:49 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1702161140
server: CDN77-Turbo
x-77-nzt: AblMCQ2DCXX/wqRDAA
x-77-nzt-ray: c0a4cc28fa3e415e365cd763028d3f32
x-cache: HIT
x-age: 4433090
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/448451/0823ddfbbed3b0112ae4193bff0044adfaef5759.gif
185.76.9.18200 OK 72 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/448451/0823ddfbbed3b0112ae4193bff0044adfaef5759.gif
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type GIF image data, version 89a, 300 x 250\012- data
Hash cf340b46c32f856a3d3682fa07bc7ad1
0823ddfbbed3b0112ae4193bff0044adfaef5759
1c2bacc7a287a9e6dee066c2bdb857cb42c2f1ea92130312c7e61e5db3950da3
GET /library/448451/0823ddfbbed3b0112ae4193bff0044adfaef5759.gif HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/gif
content-length: 71800
last-modified: Sat, 28 Jan 2023 20:21:35 GMT
etag: "63d583cf-11878"
expires: Sun, 28 Jan 2024 20:35:41 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1706474463
server: CDN77-Turbo
x-77-nzt: AblMCQ33znH/19MBAA
x-77-nzt-ray: c0a4cc28fa3e415e365cd763d108c831
x-cache: HIT
x-age: 119767
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/475567/69b2303da4a8f93b7196a0a654761b88c1046277.webp
185.76.9.18200 OK 5.1 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/69b2303da4a8f93b7196a0a654761b88c1046277.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3dd9401b6e3a4397dd4ceeef43f38526
69b2303da4a8f93b7196a0a654761b88c1046277
31592e858cd88332175200810163e596ece171f3be0177da15a0b8d5e6bd9190
GET /library/475567/69b2303da4a8f93b7196a0a654761b88c1046277.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/webp
content-length: 5112
last-modified: Wed, 03 Nov 2021 16:02:32 GMT
etag: "6182b298-13f8"
expires: Fri, 30 Jun 2023 14:34:48 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195242
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ2KYjL/DL8YAQ
x-77-nzt-ray: c0a4cc28fa3e415e365cd763f32dac32
x-cache: HIT
x-age: 18398988
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.22200 OK 9.7 kB URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.22:0
ASN #60068 Datacamp Limited
Hash e05c7164e6285e082d514d5635db7522
15eee67508a08838c127596ee2cc87564dc0161a
6a957515e7639d6af686ec27a9eb4fff6a9ee4a67d57224d2b4a431e94996ab7
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1676019710
server: CDN77-Turbo
x-77-nzt: AblMCRTdmi3/OCYBAA
x-77-nzt-ray: af585630fa167d73365cd763bb039022
x-cache: HIT
x-age: 75320
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/140058/e57cf07a049e49b51c156d752ea761aa0dcd4bda.webp
185.76.9.18200 OK 9.2 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/140058/e57cf07a049e49b51c156d752ea761aa0dcd4bda.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65c256aae6dc21765215f9a9b0792c23
e57cf07a049e49b51c156d752ea761aa0dcd4bda
de75f84d56e9a91f819ea220a66a911a37ea5cfb226d9c8576265fdcb281a62b
GET /library/140058/e57cf07a049e49b51c156d752ea761aa0dcd4bda.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/webp
content-length: 9202
last-modified: Wed, 03 Nov 2021 11:53:07 GMT
etag: "61827823-23f2"
expires: Fri, 30 Jun 2023 11:10:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195276
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3vOqT/6r4YAQ
x-77-nzt-ray: c0a4cc28fa3e415e365cd76373559532
x-cache: HIT
x-age: 18398954
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ba712b809d1107138674cd304e041068
cb7ed5692720084e2b66e724712685d1d56dbe94
1624708856cbcf339b6acc2d31268b693af742aa1b0c699391dddbb09c493347
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1624708856CBCF339B6ACC2D31268B693AF742AA1B0C699391DDDBB09C493347"
Last-Modified: Sat, 28 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16406
Expires: Mon, 30 Jan 2023 10:30:36 GMT
Date: Mon, 30 Jan 2023 05:57:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ba712b809d1107138674cd304e041068
cb7ed5692720084e2b66e724712685d1d56dbe94
1624708856cbcf339b6acc2d31268b693af742aa1b0c699391dddbb09c493347
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1624708856CBCF339B6ACC2D31268B693AF742AA1B0C699391DDDBB09C493347"
Last-Modified: Sat, 28 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16406
Expires: Mon, 30 Jan 2023 10:30:36 GMT
Date: Mon, 30 Jan 2023 05:57:10 GMT
Connection: keep-alive
cams.gratis/banner/300x250.php?site=xfanta
172.64.164.31200 OK 1.2 kB URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.164.31:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (739), with CRLF line terminators
Hash 32eb94e8bb33b2d1a0ae8b5b02ebd49a
e81ea3dd5c845f8b8d335b6dc4be11a3e141fc0f
3df03deabe2da5f7114cc8b2ec75ce3a3af29bc1c2844624f7cdd0a731a425b6
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQ01Q%2BiKAbHZVekuk62mhMAoHN9UBkLqa1lNzvUakuEvREnvzXuX6q3kfwkvIgBKLwxY04ojuZtteFJ3xcHmz%2FQeZIk%2FurlsHjyCECcKB0bqIDtcv5vA%2BUzZ3dxuog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7f71af77315-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 1ae6eb9d2450bf5335323f16b122e8a4
8bbf7dde59f3be4efb52737f7fe8ffbf8ca59cde
1bb3b7271f5f63abb4ae58b516d3721dc43e29e527492882b71dfcbe7ded7f47
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4719
Cache-Control: max-age=156842
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:10 GMT
Etag: "63d70b71-139"
Expires: Wed, 01 Feb 2023 01:31:12 GMT
Last-Modified: Mon, 30 Jan 2023 00:12:33 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 313
cams.gratis/banner/bg6.jpg
172.64.164.31200 OK 37 kB URL HTTP/2 cams.gratis/banner/bg6.jpg
IP 172.64.164.31:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 405x252, components 3\012- data
Hash 7ee983f81d742869a176e874651c7231
3072b7ce2833a2611d679374493a5533bd1bd32e
ab168995f8ac84c48b20c8850d35aa43723211710953253ce75c1811bbb0ecbc
GET /banner/bg6.jpg HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/banner/300x250.php?site=xfanta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: image/jpeg
content-length: 37209
last-modified: Tue, 18 Oct 2022 10:44:50 GMT
cache-control: max-age=2592000
expires: Sat, 25 Feb 2023 15:17:24 GMT
cf-cache-status: HIT
age: 311986
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSv3GoJ613hH8Fd9jsjGz55onElNEldfqfZNavs18HEGH7yxd1ArDusVEnYu0KJ84q%2BVIXy1d%2B0EZFUOULy2aIKtgMOJ4El0gk64zhJBP6Ph7dpMYdNavGFK0dWvLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7f79b307315-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 30 Jan 2023 05:57:10 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:41 GMT
ETag: "5f6dbe9d-12fee"
Expires: Mon, 30 Jan 2023 08:34:07 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgHAcYn/tywBAA
X-77-NZT-Ray: 382b0f192260c5df365cd7635f23db37
X-Cache: HIT
X-Age: 76983
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 30 Jan 2023 05:57:11 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=04dToQvE4FPLng5Mz6amGAT9NT3YTLXHwPQFeT23DW; SameSite=None; Secure; path=/; expires=Tue, 31-Jan-23 04:57:11 GMT; HttpOnly
server: cloudflare
cf-ray: 7917f7f7f81ab506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675058241069&t_i=1675058241480&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=9c76c508-8e97-4d45-bfd4-e466a29446b4&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=ef5deed5-a062-11ed-8703-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1675058241480&fpid=&feid_sa=1675058241480&sid_sa=1675058241480&feid=a1c8bba9813beb98c1765beb2c7a18f5&sid=a95656f7d07c435fe7666c62a3d5c311&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.312
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675058241069&t_i=1675058241480&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=9c76c508-8e97-4d45-bfd4-e466a29446b4&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=ef5deed5-a062-11ed-8703-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1675058241480&fpid=&feid_sa=1675058241480&sid_sa=1675058241480&feid=a1c8bba9813beb98c1765beb2c7a18f5&sid=a95656f7d07c435fe7666c62a3d5c311&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.312
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675058241069&t_i=1675058241480&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=9c76c508-8e97-4d45-bfd4-e466a29446b4&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=ef5deed5-a062-11ed-8703-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1675058241480&fpid=&feid_sa=1675058241480&sid_sa=1675058241480&feid=a1c8bba9813beb98c1765beb2c7a18f5&sid=a95656f7d07c435fe7666c62a3d5c311&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.312 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 30 Jan 2023 05:57:11 GMT
Content-Length: 0
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 30 Jan 2023 05:57:11 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a5f4635649a203f3fdeb0767974a016
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 30 Jan 2023 05:57:11 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f5969db29fa385c729dfe2f471da802
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 30 Jan 2023 05:57:11 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3b00c572edc0f13d0a19c024cc58e459
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 1ae6eb9d2450bf5335323f16b122e8a4
8bbf7dde59f3be4efb52737f7fe8ffbf8ca59cde
1bb3b7271f5f63abb4ae58b516d3721dc43e29e527492882b71dfcbe7ded7f47
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4720
Cache-Control: max-age=156842
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:11 GMT
Etag: "63d70b71-139"
Expires: Wed, 01 Feb 2023 01:31:13 GMT
Last-Modified: Mon, 30 Jan 2023 00:12:33 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 313
unseenreport.com/pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9442e0ab-de7c-4c8c-9b5b-28a46ad0e8cd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 30 Jan 2023 05:57:11 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 158213515899f3a03d74a36a1078af7b
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
172.64.166.9200 OK 183 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP 172.64.166.9:0
Hash ebb57b91d3c26defb07d8667074cc559
d583650fc9da4671ca6aac8ce31933945f60ee2f
c932991a0eb48241843d089e42218e3ef19efb174615504d3cbab7f348153f02
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6537882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VOF3icNG0x68rMeL57q19dsgZi6%2BpmOquWv6RKSe7LG09n36oPAXh%2BQeFrZbg%2F7HDVujpMP8UIasSNLVXa%2FHgcudRLtc4GTTp7ScfGk4Pi3WCXZU8V8wsbHFFQ0tQYX%2BILvF5FfZf7Ul"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7f56eda777d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
prototypewailrubber.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREeeoIJPunpnMjDksxjUSXLNxdyUiXqqrqidlqquaqu7pyYAQdkH2OHvz2PlMskE3iIs3YUEmXiQn28OSgzn4B3gRvCozGRh9UPXeq8%2BD%2Bnzee18e5BfER07Ptz40Q6kUXW7V%2Fdob21JzU7ja5t1a4Nf91dq21CvN1dpgetn%2B24Hfqvtv1t4XbNcsh37g%2B4Ef1NalFbEZLM9QyPSkG9S7fr0Z1oNWEwP739zlHhz1wPsX5GVIXv1v5%2BcnkGwCnXx3Q7jdzKRvvZfkimbGos%2BPP9a72hQaySKMrYdYH8%2BrYVxFyFdXYPTxXAFM%2F3CqAJGsiPcsQKSP5zQR9Y8umUYKQiPiz6HoTyDUBJJOwMx9SP4LARjH5i3o5NGmsQXdu0TpFK3I0l9%2FQhYVWfrtGnTy7ZqSg9odo%2FJMGu0wiEvIwQSyN0GanyIbepDFKVh2D5IT6KSE5OVMtZQTyHgCJUagzkM%2BPdJDHnvIUw8JP6%2FRVjf2%2FXYcxY1Gp8kYazQYa3VWeIs3mp3YR86mtEbI0hGYGoHZfaR2H7vyYUXIvUPY%2FEe4nRKOe3BZRbyP9tHnJQpBUDiCghIUkqDICIp%2BecSVC135iCuXR8Hch3PfKMcm6x3QI5P1hCYH6QV5adaUP57%2FAbvivEbDuNv148Bvtlf8lYC1gy4PWEBpg4aC8RBOlpDuykzvUFbk2qu%2FI51O6ou%2FEdFTOHUKJl8EzV8DLcbt0AfdGTc7Pob6ZBBTndHhXp2ZBNyUSLMlZHvegbogr8x4rL5QQLCz6983ZgZmS6S2xOfyJ4KeejC%2BbQpyeNsUjjy5lWYykUM6HdydjGbi6jcfiL3CWL5xw42%2BfodNgWl4cle47CbVXOqeI4%2FXJOfCrhvLBHm64bZFtJW7nbXc6jy9ufXu%2BkaSWuGcNHoCKitCzjfAZEX%2B%2F%2FTT2VK%2B%2FvgTSDuBzUsk%2BRmZG6Q5BUv34dIFf2cIrFrURKmHIi%2FHNowWj0oSKLHIaVTC%2FSuPFvGBe4Ce9UCz%2B7NV7NsSfVWCqhFcfnWcpfbs%2Bq%2FzzyPljSNlvcNIWfXwsrlOntdaQVN0ok6bcR4JxoN22Og0fD%2FkvNnuiqCLzFXs2WetfwAAAP%2F%2FAQAA%2F%2F%2BI1QPtbAQAAA%3D%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 prototypewailrubber.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREeeoIJPunpnMjDksxjUSXLNxdyUiXqqrqidlqquaqu7pyYAQdkH2OHvz2PlMskE3iIs3YUEmXiQn28OSgzn4B3gRvCozGRh9UPXeq8%2BD%2Bnzee18e5BfER07Ptz40Q6kUXW7V%2Fdob21JzU7ja5t1a4Nf91dq21CvN1dpgetn%2B24Hfqvtv1t4XbNcsh37g%2B4Ef1NalFbEZLM9QyPSkG9S7fr0Z1oNWEwP739zlHhz1wPsX5GVIXv1v5%2BcnkGwCnXx3Q7jdzKRvvZfkimbGos%2BPP9a72hQaySKMrYdYH8%2BrYVxFyFdXYPTxXAFM%2F3CqAJGsiPcsQKSP5zQR9Y8umUYKQiPiz6HoTyDUBJJOwMx9SP4LARjH5i3o5NGmsQXdu0TpFK3I0l9%2FQhYVWfrtGnTy7ZqSg9odo%2FJMGu0wiEvIwQSyN0GanyIbepDFKVh2D5IT6KSE5OVMtZQTyHgCJUagzkM%2BPdJDHnvIUw8JP6%2FRVjf2%2FXYcxY1Gp8kYazQYa3VWeIs3mp3YR86mtEbI0hGYGoHZfaR2H7vyYUXIvUPY%2FEe4nRKOe3BZRbyP9tHnJQpBUDiCghIUkqDICIp%2BecSVC135iCuXR8Hch3PfKMcm6x3QI5P1hCYH6QV5adaUP57%2FAbvivEbDuNv148Bvtlf8lYC1gy4PWEBpg4aC8RBOlpDuykzvUFbk2qu%2FI51O6ou%2FEdFTOHUKJl8EzV8DLcbt0AfdGTc7Pob6ZBBTndHhXp2ZBNyUSLMlZHvegbogr8x4rL5QQLCz6983ZgZmS6S2xOfyJ4KeejC%2BbQpyeNsUjjy5lWYykUM6HdydjGbi6jcfiL3CWL5xw42%2BfodNgWl4cle47CbVXOqeI4%2FXJOfCrhvLBHm64bZFtJW7nbXc6jy9ufXu%2BkaSWuGcNHoCKitCzjfAZEX%2B%2F%2FTT2VK%2B%2FvgTSDuBzUsk%2BRmZG6Q5BUv34dIFf2cIrFrURKmHIi%2FHNowWj0oSKLHIaVTC%2FSuPFvGBe4Ce9UCz%2B7NV7NsSfVWCqhFcfnWcpfbs%2Bq%2FzzyPljSNlvcNIWfXwsrlOntdaQVN0ok6bcR4JxoN22Og0fD%2FkvNnuiqCLzFXs2WetfwAAAP%2F%2FAQAA%2F%2F%2BI1QPtbAQAAA%3D%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREeeoIJPunpnMjDksxjUSXLNxdyUiXqqrqidlqquaqu7pyYAQdkH2OHvz2PlMskE3iIs3YUEmXiQn28OSgzn4B3gRvCozGRh9UPXeq8%2BD%2Bnzee18e5BfER07Ptz40Q6kUXW7V%2Fdob21JzU7ja5t1a4Nf91dq21CvN1dpgetn%2B24Hfqvtv1t4XbNcsh37g%2B4Ef1NalFbEZLM9QyPSkG9S7fr0Z1oNWEwP739zlHhz1wPsX5GVIXv1v5%2BcnkGwCnXx3Q7jdzKRvvZfkimbGos%2BPP9a72hQaySKMrYdYH8%2BrYVxFyFdXYPTxXAFM%2F3CqAJGsiPcsQKSP5zQR9Y8umUYKQiPiz6HoTyDUBJJOwMx9SP4LARjH5i3o5NGmsQXdu0TpFK3I0l9%2FQhYVWfrtGnTy7ZqSg9odo%2FJMGu0wiEvIwQSyN0GanyIbepDFKVh2D5IT6KSE5OVMtZQTyHgCJUagzkM%2BPdJDHnvIUw8JP6%2FRVjf2%2FXYcxY1Gp8kYazQYa3VWeIs3mp3YR86mtEbI0hGYGoHZfaR2H7vyYUXIvUPY%2FEe4nRKOe3BZRbyP9tHnJQpBUDiCghIUkqDICIp%2BecSVC135iCuXR8Hch3PfKMcm6x3QI5P1hCYH6QV5adaUP57%2FAbvivEbDuNv148Bvtlf8lYC1gy4PWEBpg4aC8RBOlpDuykzvUFbk2qu%2FI51O6ou%2FEdFTOHUKJl8EzV8DLcbt0AfdGTc7Pob6ZBBTndHhXp2ZBNyUSLMlZHvegbogr8x4rL5QQLCz6983ZgZmS6S2xOfyJ4KeejC%2BbQpyeNsUjjy5lWYykUM6HdydjGbi6jcfiL3CWL5xw42%2BfodNgWl4cle47CbVXOqeI4%2FXJOfCrhvLBHm64bZFtJW7nbXc6jy9ufXu%2BkaSWuGcNHoCKitCzjfAZEX%2B%2F%2FTT2VK%2B%2FvgTSDuBzUsk%2BRmZG6Q5BUv34dIFf2cIrFrURKmHIi%2FHNowWj0oSKLHIaVTC%2FSuPFvGBe4Ce9UCz%2B7NV7NsSfVWCqhFcfnWcpfbs%2Bq%2FzzyPljSNlvcNIWfXwsrlOntdaQVN0ok6bcR4JxoN22Og0fD%2FkvNnuiqCLzFXs2WetfwAAAP%2F%2FAQAA%2F%2F%2BI1QPtbAQAAA%3D%3D HTTP/1.1
Host: prototypewailrubber.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:11 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 726e0fc32ada156bed393d389e4a86c7
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
172.64.166.9200 OK 190 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP 172.64.166.9:0
Hash fb5cc649a2e92a32ba701e45d31c4bf1
3a24dc531f6ff5ac1f09481b0254a593522d273e
2d592fd3ad5b0d0d6a5ca389394b56594198c93e51003ae3cd2da8e889db3dd6
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6537882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IWlB3dRZMQOVM8j4wI6tcaM7eZAI4VIPtoGANyh1f8ND3ZFIoOXEAfNFn%2BA%2BglUuUzJ6NDR0hykE6nkIM2GXE4slNxJH4WFMYdOLCIJRaRP2hOs6EUoJrolYWhDKYrijA7JWvWgym3Fd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7f55ed2777d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
prototypewailrubber.com/pixel/sbs?c=1
173.233.137.36200 OK 0 B URL HTTP/1.1 prototypewailrubber.com/pixel/sbs?c=1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: prototypewailrubber.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 30 Jan 2023 05:57:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash d49f7aed2f183ad87462ebe20fb06c10
1b991d8e1b675f80711a2ed3197edfe609582aa3
7e9be1379810720ae61ba19e91df55f470e364ef5ab71495bc2acb7228142c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1890
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:11 GMT
Last-Modified: Mon, 30 Jan 2023 05:25:41 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
video.ktkjmp.com/adsbygoogle.js
104.18.48.21200 OK 4.2 kB URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.48.21:0
Hash 09a7f31f27985420b77e81c2dc6c3eb3
4082488ce21590dfad251bf70fcecd9d66443960
ede2019b6a0073ac7c9ba053444b2944f881821deeeda31e9941b3499bcfb12a
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 4792
expires: Mon, 30 Jan 2023 09:57:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7fa1996b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 1.9 kB IP 93.184.220.29:0
Hash 9b78478badb9d50ee7fdc772e2a7f6be
3dcfdcdf9c25334dfc583f72320aba99e088dec8
e5f5bdc92d74668c53dffa945058d76f72eeb187924499cb8df81588a7b7d478
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1890
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:11 GMT
Last-Modified: Mon, 30 Jan 2023 05:25:41 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 3c53b5859419b042329e9ec5ab53d5ef
18a16a7f99e717fb8568da4e4bf074903f4d948d
08c80a3899bb7df04e90dcdb170e7f963b969f33f84d98e77a64e47d0b0368a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5613
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:11 GMT
Last-Modified: Mon, 30 Jan 2023 04:23:38 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 3c53b5859419b042329e9ec5ab53d5ef
18a16a7f99e717fb8568da4e4bf074903f4d948d
08c80a3899bb7df04e90dcdb170e7f963b969f33f84d98e77a64e47d0b0368a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5613
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:11 GMT
Last-Modified: Mon, 30 Jan 2023 04:23:38 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 1.6 kB IP 93.184.220.29:0
Hash 04540b885c0baf7e6d6f70e88ed0c17b
ad844e02b9d7e6a1a96ebe1f82ad70721900e8c6
36d2734e3dd179c1cf0797fc46d9fe3fcdd66c731564654b26f5a8303c541b05
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5909
Cache-Control: max-age=148344
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:11 GMT
Etag: "63d6e59a-139"
Expires: Tue, 31 Jan 2023 23:09:35 GMT
Last-Modified: Sun, 29 Jan 2023 21:31:06 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 313
static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
104.16.93.42200 OK 549 B URL HTTP/2 static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
IP 104.16.93.42:0
File type PNG image data, 13 x 15, 8-bit colormap, non-interlaced\012- data
Hash 4437b02e2efeaa0eb69858a7eb957af6
2dfa9c3fa2fc56c7504c043876eaad9526abed62
52dc5730b7afd3f35531dcca2bd7b9984f0271d15c8b449c4b1d425dddf12a33
GET /images/ico-cams.png?829027f88094 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.86af60575b63.css
Cookie: _cfuvid=oS1QP9dWCyGAZ0AqWW1HPF8Ek4T4ra4qewhs_.IGc7Y-1675058231472-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: image/png
content-length: 549
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri,csam-hash
cf-polished: origSize=1457
etag: "58ecd9d7af4908cce84eccd4cbd6f0d0"
last-modified: Tue, 19 Jan 2021 22:03:22 GMT
x-amz-id-2: uk+Y+mMt51OLA32rfvOrwKQRVhebnzwVD7WNGN89HYS/N/FIKgMltVMzadOcg1MyUuhiPycAlHk=
x-amz-meta-s3cmd-attrs: md5:58ecd9d7af4908cce84eccd4cbd6f0d0
x-amz-request-id: 2BDHEK7PHQPF17BP
cf-cache-status: HIT
age: 1473008
expires: Wed, 01 Mar 2023 05:57:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lki0ps%2FScNBiQp8JbRYGZQYKM1ry%2Fm4ah0y1pUyjyrJxfXmj7Irdjky6kH9aKa3Y3mmA6yFTE8AuBHIYPe0ji62qOpKgTdyYlaf5PZwHUXSu50fjrgMa6RKR0Um8WiNDhlpZ742E9gyI5Hr5%2BtHyzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7fadd920b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/fonts/ubuntur-webfont.woff?896a82003cd1
104.16.93.42200 OK 33 kB URL HTTP/2 static-assets.highwebmedia.com/fonts/ubuntur-webfont.woff?896a82003cd1
IP 104.16.93.42:0
File type Web Open Font Format, TrueType, length 32960, version 1.0\012- data
Hash 30556905d926944a6ada140546bcf5ce
b9346ce355c8259d71707ab65c13e0629d01a48e
896a82003cd1a9134b0404c129bb7b8292e1d8a91298e275141b21086baa8a9d
GET /fonts/ubuntur-webfont.woff?896a82003cd1 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://chaturbate.com
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: application/font-woff
content-length: 32960
x-amz-id-2: oQRN32iQRWNI2tD7F2N8drq+SpOONefvkFBuj6xfuUwNrtUzFxjUH3DLm/7IAXKOFQJxrDF3NDU=
x-amz-request-id: MA2EZ9YMX1DP219W
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:07:55 GMT
etag: "30556905d926944a6ada140546bcf5ce"
x-amz-meta-s3cmd-attrs: md5:30556905d926944a6ada140546bcf5ce
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 1473008
expires: Wed, 01 Mar 2023 05:57:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XkmRgFQ9mio9VY3gNFKFeptpMcsOH%2FiyKe1R9KBqkPsksqwxnRWft%2BWWdZtLhJkynhroV92qBsKsc1fl8QXpCcO0ffFm8D%2FQypCypkrrwM3Zmam81zsf4IX%2BB8QWx6XCc73oIs%2BO5G9IRORMmRIbWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=Z7k0TVHC3VQ4..nHERMlWf_w5dzc5x2Odsfv6PQtCro-1675058231503-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7917f7fadd960b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/heatherbby.jpg?1675058220
104.19.241.83200 OK 13 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/heatherbby.jpg?1675058220
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash b1b3f01b961a072e690098b8ff01d5a4
cbdadbc39bcdbd80901d5dccbbf3ebd8568cb2b6
fa0e52a53ebb87b88b9c397952fb72866fb3220216f66dd07c649a063e9cbedc
GET /riw/heatherbby.jpg?1675058220 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: image/jpeg
content-length: 12840
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=12863
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 8
last-modified: Mon, 30 Jan 2023 05:57:03 GMT
expires: Mon, 30 Jan 2023 05:57:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E7%2F%2F%2FlZi3j%2BK78rQnTY3GEXJhFSApUhgH%2FpmLhSptVGl9%2F1NSl7Y7pQOmPXRbwIWq2O6G1fVJRbNp0HDIIqGWvVgOhmnCfylUmVlivh3eFTQ6%2FS%2BXzlEEpNEbry4ODaWDb5IpOBkJA5a85DWgatC3dg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=12xr629r9HRLETatE_BxD.vKd_spclXcdbvG3jmq7aM-1675058231520-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7917f7fafe7eb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/alicepreuoston.jpg?1675058220
104.19.241.83200 OK 11 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/alicepreuoston.jpg?1675058220
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash 637fbeffe0189f38850b1ab370fad131
f52fd24c1465e839926298d305391b86a1d73fd9
3a157486b9dc96b9b8fc83f5885ac36718fca9dbbfd3f75d753c13b14748d67e
GET /riw/alicepreuoston.jpg?1675058220 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: image/jpeg
content-length: 11224
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=11297
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1
last-modified: Mon, 30 Jan 2023 05:57:10 GMT
expires: Mon, 30 Jan 2023 05:57:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DowqiztN7hnp3kwQ8Jat6j1DbnX3oR301bpOZkm2s5DCqd0wtjn19jNleqGgjl8qcPdjN2hsv6Zx3F7vfPJryguJC3SWUojsM4kZuQ6aoAhrXtXBelk7lKGyBdBWVGZQ8rAibl4iHDEbVynohU9spp0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=U.PRaF1R7soKIvGC1_xh8YnpXf6PBFp9exsKzegZfSQ-1675058231521-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7917f7fafe7cb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/x_lily_x.jpg?1675058220
104.19.241.83200 OK 12 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/x_lily_x.jpg?1675058220
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash a40d03822393635674b46037e0595cb2
3b7dc06fc9a165cb90e22f9ba2c699694c272cb0
bac8f6c185eed52566a82e82fee6ac70b728c8ce3b954be41456fdc14e1216da
GET /riw/x_lily_x.jpg?1675058220 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: image/jpeg
content-length: 12447
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=12497
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 17
last-modified: Mon, 30 Jan 2023 05:56:54 GMT
expires: Mon, 30 Jan 2023 05:57:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2F9ryOH%2FfUpqVQr8I9GcwoMoWk0uthGb0ebNKbBVbGMJrm7sI4bGfqOqFSagnZvLIr%2FD%2BK7Dgu3%2B5UEwUZ5bZ5jj9EQJ9lN%2F2gWwqU2K2lCU0bE2bYeOeFFfows33yU34ZhYWg2NyQgIvIWm758%2Ff04%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=stHFrUkE.8lBrCrHj9E.7FgmFPPTt8rGxr3qwEx4vGI-1675058231524-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7917f7fafe7fb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/fonts/ubuntum-webfont.woff?a7fc63c36394
104.16.93.42200 OK 32 kB URL HTTP/2 static-assets.highwebmedia.com/fonts/ubuntum-webfont.woff?a7fc63c36394
IP 104.16.93.42:0
File type Web Open Font Format, TrueType, length 31680, version 1.0\012- data
Hash 9968f3d2a16c9ae20a54d0e44ee83d3a
dfd651a49017147b8e8078d530f0930020bfb846
a7fc63c363948d7add8e1dade66045376e2bad22da6697f84d175e5f9a76166e
GET /fonts/ubuntum-webfont.woff?a7fc63c36394 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://chaturbate.com
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: application/font-woff
content-length: 31680
x-amz-id-2: nfVY/SXLIWDmPJZ5GmgfBoxL7C0eYluMh9Gz/lOVcMdPSy3UDaee2Sh9y//M++yROjWmGq/s9HI=
x-amz-request-id: MKNWGP9HW7APRRGE
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:07:54 GMT
etag: "9968f3d2a16c9ae20a54d0e44ee83d3a"
x-amz-meta-s3cmd-attrs: md5:9968f3d2a16c9ae20a54d0e44ee83d3a
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 2363715
expires: Wed, 01 Mar 2023 05:57:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ia0HdiL8e5LufYFVqLehOrwa9z9IoVO8JqA3%2FRuaSbF7yraObN5YjQS4TAG4PFaRjy2cj%2FdRf6NrI8FFpi93NIAANUXaUdCHfQ58es%2B93ftLKXAnQVkUkRIKq0SOMM7%2BTttDsnzo%2B%2FRLjBcQOtoJFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=OcmToHoGtWV.3bC3KZv3NjC6qZoXd1Mdsk6CXPaZESg-1675058231537-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7917f7fb0a3eb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 3c53b5859419b042329e9ec5ab53d5ef
18a16a7f99e717fb8568da4e4bf074903f4d948d
08c80a3899bb7df04e90dcdb170e7f963b969f33f84d98e77a64e47d0b0368a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5613
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:11 GMT
Last-Modified: Mon, 30 Jan 2023 04:23:38 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 313
img.strpst.com/thumbs/1675058161/86188148
104.18.63.124200 OK 68 kB URL HTTP/2 img.strpst.com/thumbs/1675058161/86188148
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 1d2a4eac8d5dddec16f358df21044daa
9ce62b501d3343167a85f5002e09c39f770094ae
3f7bbb5834eeed7ad5a0eb2e4c83a992276b5f690b4906a406652d941824326a
GET /thumbs/1675058161/86188148 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: image/jpeg
content-length: 67978
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=70107, status=webp_bigger
etag: "34a1e86b96e4f0b4ce2e43911a16b939"
last-modified: Mon, 30 Jan 2023 05:55:42 GMT
cf-cache-status: HIT
age: 42
expires: Mon, 30 Jan 2023 06:27:11 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7fbcf150b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js-agent.newrelic.com/859.95d4308d-1222.js
151.101.2.137200 OK 3.0 kB URL HTTP/2 js-agent.newrelic.com/859.95d4308d-1222.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (6657), with no line terminators
Hash 364ac85aef21ab784eeec8f55116dff7
82089547d57defc88e114832b7eb9919a8876e31
255295be519de9a2d1040b1c547c25756b63310e2d7234bcf252ed41d5278c0b
GET /859.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PAOkWJ6WiOdnSUVZHZQv79Edy7uPwU81uM9fUJQx6T8UpQupKV3O9whnAR+3HGoYTBPmehtRe7k=
x-amz-request-id: WFN4FJZ1XN6DZ8EG
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "b087387593417c0b63259918da3584e3"
x-amz-version-id: GtNmis6Y3zB4SbtciuRtabFzp3T7wBIy
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 05:57:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 1490
x-timer: S1675058232.673427,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2975
X-Firefox-Spdy: h2
js-agent.newrelic.com/620.95d4308d-1222.js
151.101.2.137200 OK 1.3 kB URL HTTP/2 js-agent.newrelic.com/620.95d4308d-1222.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (2989), with no line terminators
Hash 7094c3f93699a846fe91edd766391f01
25e8c79409acc2bb73a728c0768e1eda66019255
85eb01219e8aaa7c7968aa175c2421454f99615ae66350b15c60465f4616826f
GET /620.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: QggJtv+14rx8wEd4C6ZTDmmxUSe6+8jiYhTGnWcIRu6DC5pRiaL5fPRx8/lgChduQ7GqRSlO6xY=
x-amz-request-id: WFN5FXFSJTZYM7K6
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "ca9b029ff66dd9146273984d16e20abc"
x-amz-version-id: HYguQMwVKEHCmodKuQRUzW1qxlElK9Xr
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 05:57:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 1468
x-timer: S1675058232.699446,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1342
X-Firefox-Spdy: h2
js-agent.newrelic.com/885.95d4308d-1222.js
151.101.2.137200 OK 5.9 kB URL HTTP/2 js-agent.newrelic.com/885.95d4308d-1222.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (16348), with no line terminators
Hash 2414f7dbfd0e2cb3d826fc02a8b608dc
550db9b7abbcd2e5a0d4ab9c414933e1a0bd36fc
8239519b8bff793ad186f4ab9017f8a6ed34edc1df3361958075077ee7677b3d
GET /885.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: iuZsFv406u1sMvs0ma20vGvuMApZWTFFZj+faC5P7Ry157RP7v+m+H8/pYueXH7fkGpYpHbtGFk=
x-amz-request-id: 99ZMGE3ZKMAWH9CW
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "fb9bb822463bccec4200657d3ae33dc0"
x-amz-version-id: PKmhKUoshrjILDxYc6QEKM_sGJ.F4FNB
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 05:57:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 546
x-timer: S1675058232.712130,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5930
X-Firefox-Spdy: h2
js-agent.newrelic.com/569.95d4308d-1222.js
151.101.2.137200 OK 3.2 kB URL HTTP/2 js-agent.newrelic.com/569.95d4308d-1222.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (7513), with no line terminators
Hash 8d0953404ce6fdf0926ef6bf37d7e041
8cec9d9883f8b7720721bb33bffb4afe45193b1d
83966eef1899edd421692b78cda8df58dfb9b0b2b27a7485183c5b4cb44a336d
GET /569.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: v+E2uK5EOShfz1aeDzYcwNWitGv9mKnF6hMwgfWjfoR/qfIZPK6AF+v3z+by8JUQg3fSUYcltK4=
x-amz-request-id: WFNFJ5TESSHD3FE6
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "e97726ab932639fed09971b1d682788c"
x-amz-version-id: umZj.yHws5JPiBHG1j096ELWHEKx7rh0
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 05:57:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 329007
x-timer: S1675058232.712102,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3173
X-Firefox-Spdy: h2
js-agent.newrelic.com/457.95d4308d-1222.js
151.101.2.137200 OK 2.0 kB URL HTTP/2 js-agent.newrelic.com/457.95d4308d-1222.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (4809), with no line terminators
Hash 09c0cca8d2a9fd69f1892a1c2d1319b9
b46f4fe3b0adc98785d22a092818b74145a91cc0
593022809e272793157f8280bae176bfa74a02f9f9a6d3269384e2dd434be046
GET /457.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 6YLQBRWWkaavoi6QR5dS+9cRhXVrpaQK5v3G9/iqQ5oKPUxxFI0Uv2tN9ar51sQUG2xwVmTWBnY=
x-amz-request-id: WFN1Z9NXJZGF8XE5
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "c16abc7fa2e34cbb7baf3e290120ad5a"
x-amz-version-id: qROfxBD9CF8WXmbywdhvCmImuu9HvRNA
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 05:57:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 1468
x-timer: S1675058232.712069,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1953
X-Firefox-Spdy: h2
js-agent.newrelic.com/41.95d4308d-1222.js
151.101.2.137200 OK 439 B URL HTTP/2 js-agent.newrelic.com/41.95d4308d-1222.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (828), with no line terminators
Hash 46946da829a2257cd8bdeb75bc6f8ff9
bfb81d0ebb2c5a2c0fe666f6a9c4c09cc5a545b3
50e164f0b5274f88ecc28c833729663593b3380aed5a4ac3a06d29106332a544
GET /41.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2TG7kVMnt5x5EwbcjDgF/pAaH/jmgGXStlMFEbvOUPNYaRTe14pFRmwb0VQGFJQN7uXfEncHoqkNLs4TYWl92Q==
x-amz-request-id: MFEHG5GPGK6ZYQVP
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "29dd8aef66100e4c69e07fd60fc88b12"
x-amz-version-id: 6FOFyXAonMoqJqLGEMhx7HWIp32cv4MT
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 05:57:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 1467
x-timer: S1675058232.712041,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 439
X-Firefox-Spdy: h2
js-agent.newrelic.com/244.95d4308d-1222.js
151.101.2.137200 OK 2.6 kB URL HTTP/2 js-agent.newrelic.com/244.95d4308d-1222.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (6871), with no line terminators
Hash f3fa38d9e10cf246f158644ebd64b342
c2730a8b130475b903b30148ea5cf79eb7de1873
6aea0ff08f0ed145b42d52f81d167df30a300f3da22b687fa2de3be48df1badb
GET /244.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: HqAuLbtc4kLXjp/HM/sZyPqsDbRk1eMZXQl1gAv0l9/yRrGf//JiuVcahDTT5bis4NqiPxfG4OQ=
x-amz-request-id: D866GB1QGPTYVJ4R
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "a24fd7e602a6b44ab4c03cab69c843c6"
x-amz-version-id: wm7C04ehQ1WMJgMW5R_.Vg0x6NJINoji
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 05:57:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 849
x-timer: S1675058232.712017,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2607
X-Firefox-Spdy: h2
js-agent.newrelic.com/466.95d4308d-1222.js
151.101.2.137200 OK 2.8 kB URL HTTP/2 js-agent.newrelic.com/466.95d4308d-1222.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (6842), with no line terminators
Hash 0545743760ba9995e8efbe879105162f
889887ac56edaf2cfe41752ec0893a9ac5d23db0
91a431e85d69e797b8a8817bb15aee94a9fbe38355a6890f75e8947a55386ee0
GET /466.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Y3xfvlvSw36CE9GOKklvJeG0iBkCsl/ss+e4vNwZhrKvjIdjtQLayCw3yQPVxbIyEllIzLdCgUw=
x-amz-request-id: MFEHC9QF926X2AZG
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "2b339e4b3b0435de10496ee00de8446a"
x-amz-version-id: joCLqMlafBXUuB094SKQ5Jhlrbz7F.ON
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 05:57:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 846
x-timer: S1675058232.713029,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2760
X-Firefox-Spdy: h2
js-agent.newrelic.com/142.95d4308d-1222.js
151.101.2.137200 OK 880 B URL HTTP/2 js-agent.newrelic.com/142.95d4308d-1222.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (2014), with no line terminators
Hash c962fb555005bf74b5010cd5c748c721
5c7c22b348a994aad18e8162bb1f78b9fd49c491
077c18d946bf505b4efe75b1b3c3d9c6b3ad6af3e5b5d08a41fedf7aceb84233
GET /142.95d4308d-1222.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: /ZtX43ynOvSaYlrJ/LhlDymHqsr4/Ext49IQ1RQZxLK2MPDMHv59yC5Li6+9oNRuTnKxUqkvJhI=
x-amz-request-id: MFEMFHWSJ1CY7RPR
last-modified: Wed, 18 Jan 2023 20:22:30 GMT
etag: "082c9f0a95ce6870ed4d9266fa0e41e5"
x-amz-version-id: ed_.QNbbUDaLQJRSZtC0TghsoJcp2gVk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 30 Jan 2023 05:57:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 842
x-timer: S1675058232.713055,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 880
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.86af60575b63.css
104.16.93.42200 OK 8.0 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.86af60575b63.css
IP 104.16.93.42:0
File type ASCII text, with very long lines (24512), with no line terminators
Hash ddc018ca06ccfcef95d6d88c0003142d
6ca6361db13aec603ebf3cd02ea4341f9d616509
eb8ab1c2c67548fcbd764b5aae99559042be1d2a2eb6b11d86aac9f9fcf897c6
GET /CACHE/css/output.86af60575b63.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29633
etag: W/"a8afa6db6e602567cf4bc61349cc04f9"
last-modified: Fri, 27 Jan 2023 00:08:58 GMT
x-amz-id-2: OLI4HYRcmYFzq5aXGV2Ict6iYPHWmgq3P2ReCRB9kH5NULrf/69TdCRei6i2pG3JGoa3uytE+Os=
x-amz-meta-s3cmd-attrs: md5:a8afa6db6e602567cf4bc61349cc04f9
x-amz-request-id: ARKQGQ1WNC88THKA
cf-cache-status: HIT
age: 279905
expires: Wed, 01 Mar 2023 05:57:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZqHZ1HxsD%2FpQs6AvL3i7OF%2FKMEeCpWBNulh7pvzR8545y1%2FsM5UAK6eDpzwkiGuUyJjPa3q0et1GjFsADtH5t%2FVHhZSM8j8kvdsU2v38AQWKNdtrf5r4HD2V3l%2FfamVs1k%2Br4NIrfuqBfFxDLZ6MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=eXe0zgBJd1HoUg8uEav9VhMDdhrRT_78cYrVXIYIxoM-1675058231459-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7917f7fa8d740b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cf109322ef7fde96caf40f6195ee071b
d7f5dd63a402c4fe3c483274a893f44b6b76befb
56fa47af9f2b40d219c9944ecf12984cefbc26bbd8f77d95f8fd4580bf8e606f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4880
Cache-Control: max-age=152336
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 05:57:11 GMT
Etag: "63d6f937-1d7"
Expires: Wed, 01 Feb 2023 00:16:07 GMT
Last-Modified: Sun, 29 Jan 2023 22:54:47 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=798&ck=0&s=7ebb809e409e4d3e&ref=https://chaturbate.com/tours/3/&ap=23&be=461&fe=209&dc=139&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1675058241659,%22n%22:0,%22r%22:0,%22re%22:212,%22f%22:212,%22dn%22:212,%22dne%22:212,%22c%22:212,%22s%22:212,%22ce%22:212,%22rq%22:215,%22rp%22:411,%22rpe%22:413,%22dl%22:416,%22di%22:590,%22ds%22:599,%22de%22:605,%22dc%22:669,%22l%22:669,%22le%22:672%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=571&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8IAl8GBwlaWVcABlZWCRh2Yi0TFUMhJTshCU0XAwdYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwtWUwcFWgBcGA4JB1MUVVdbUk4HC1cAHFQFC1hbV1JQVQEMABNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtTDAlVAlgDUwVWWlYbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZYEpDIl5WCgciJUNEFRdcXQhWUAMOBjsQFlVcTW4VVEoVETwKEEQDFxlEElRLPg0ROwAJVl5QVD5QWEFAHhk%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=798&ck=0&s=7ebb809e409e4d3e&ref=https://chaturbate.com/tours/3/&ap=23&be=461&fe=209&dc=139&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1675058241659,%22n%22:0,%22r%22:0,%22re%22:212,%22f%22:212,%22dn%22:212,%22dne%22:212,%22c%22:212,%22s%22:212,%22ce%22:212,%22rq%22:215,%22rp%22:411,%22rpe%22:413,%22dl%22:416,%22di%22:590,%22ds%22:599,%22de%22:605,%22dc%22:669,%22l%22:669,%22le%22:672%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=571&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8IAl8GBwlaWVcABlZWCRh2Yi0TFUMhJTshCU0XAwdYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwtWUwcFWgBcGA4JB1MUVVdbUk4HC1cAHFQFC1hbV1JQVQEMABNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtTDAlVAlgDUwVWWlYbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZYEpDIl5WCgciJUNEFRdcXQhWUAMOBjsQFlVcTW4VVEoVETwKEEQDFxlEElRLPg0ROwAJVl5QVD5QWEFAHhk%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=798&ck=0&s=7ebb809e409e4d3e&ref=https://chaturbate.com/tours/3/&ap=23&be=461&fe=209&dc=139&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1675058241659,%22n%22:0,%22r%22:0,%22re%22:212,%22f%22:212,%22dn%22:212,%22dne%22:212,%22c%22:212,%22s%22:212,%22ce%22:212,%22rq%22:215,%22rp%22:411,%22rpe%22:413,%22dl%22:416,%22di%22:590,%22ds%22:599,%22de%22:605,%22dc%22:669,%22l%22:669,%22le%22:672%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=571&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8IAl8GBwlaWVcABlZWCRh2Yi0TFUMhJTshCU0XAwdYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwtWUwcFWgBcGA4JB1MUVVdbUk4HC1cAHFQFC1hbV1JQVQEMABNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBtTDAlVAlgDUwVWWlYbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZYEpDIl5WCgciJUNEFRdcXQhWUAMOBjsQFlVcTW4VVEoVETwKEEQDFxlEElRLPg0ROwAJVl5QVD5QWEFAHhk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 05:57:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7917f7fd0c44b50c-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1057&ck=0&s=7ebb809e409e4d3e&ref=https://chaturbate.com/tours/3/
162.247.241.14429 Too Many Requests 2 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1057&ck=0&s=7ebb809e409e4d3e&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /events/1/6f524845d1?a=24279235&v=1222.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1057&ck=0&s=7ebb809e409e4d3e&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1796
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 429 Too Many Requests
Date: Mon, 30 Jan 2023 05:57:12 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2
Connection: keep-alive
CF-Ray: 7917f7fe1cf9b50c-OSL
Access-Control-Allow-Origin: https://chaturbate.com
Retry-After: 11
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 19aa2b7ef2b6097c2663053a2406a236
fb3fc75fab7e65095a6182df6ddcf3dedf937cb6
9ce992e3264a8063196895fa9c8b201a449e1b8a202b234733e1e2eebd36e515
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 30 Jan 2023 05:57:12 GMT
Etag: "63d6bf9a-1d7"
Last-Modified: Mon, 30 Jan 2023 05:40:17 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: emvTq2lsvPza2UNk-jbR9WUGHz6YJDRDYB8SSiDIEmCXy_etRXgUhg==
Age: 1015
webpick-cdn.s3-us-west-2.amazonaws.com/getlaid.jpeg
52.92.165.138200 OK 9.3 kB URL HTTP/1.1 webpick-cdn.s3-us-west-2.amazonaws.com/getlaid.jpeg
IP 52.92.165.138:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash e73bda30c82b74c32e5f03e4ed4e4bb1
e2b381468138921e418865ca53fd7b91ab8febb8
e6a18e81d67bc6cfadbe2c86c78b99c0e01644cdeafb48144663121b629ea227
GET /getlaid.jpeg HTTP/1.1
Host: webpick-cdn.s3-us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 4J8tPJ0F5ANe5hNpdu3y6Nt/DVf2blCpT/bQnmqT0GsgBn+b1Z9enn5I9xUQGh7TkLT6bAXF0Mc=
x-amz-request-id: BD690SWJ368KYD1Z
Date: Mon, 30 Jan 2023 05:57:13 GMT
Last-Modified: Thu, 25 Jun 2020 08:18:14 GMT
ETag: "e73bda30c82b74c32e5f03e4ed4e4bb1"
x-amz-meta-s3b-last-modified: 20200625T081632Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 9313
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc895bb6-fa1f-4972-a2f8-5ce71b0c72c0.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc895bb6-fa1f-4972-a2f8-5ce71b0c72c0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d200552d23c85c199558b79cc24348f
8cc20b9ce98eeacd5b826268da24955a82e78a01
09b05ae6f75b5141401ddc49014e0eb2eac0856ba3b5020bc85f4a9a64d3d2a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc895bb6-fa1f-4972-a2f8-5ce71b0c72c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9700
x-amzn-requestid: 9f944a46-7e39-44c3-a640-3c7e9b778bca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkoEEkJIAMFs0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7cd-4b29196f5bd1b2fb04e6363f;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WdAuArY0X2z4d6i17ZJ0521rzGRJS8FtaN-Kqvzg0fqW3F-HptEvNA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:10:01 GMT
age: 28034
etag: "8cc20b9ce98eeacd5b826268da24955a82e78a01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.166.9:0
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6537882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fkj%2Bt6PyoadDHhN3m20HN9Jftuz3IAyfWyTvrb%2FzNZnyaRcKimETtqkZXmJF8BCWaB2Liox96lCLmndObHMUH%2BqsBPBcGDAWG5nw4tqfqau%2FFllFSnanCUiixzb6lb78BdcRW2sncyn4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7f2ccfc777d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4788035&s=4776911&t=1&p=8575
172.64.139.21200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4788035&s=4776911&t=1&p=8575
IP 172.64.139.21:0
GET /loader?a=4788035&s=4776911&t=1&p=8575 HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0hOvYLpbVTx%2BrGx3Qdb75E6B%2F2YMwd9wRpLtP2CXR06CJGTmS%2FE4NDp5eGwGscOiHPkXtnzaiT80eRnUjM65lw4Yqiyx1nBOOkIUCBC6iljfXWshMtiPpyLVin7JVdXP7Yp0A%2Bfu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7f34d9371da-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.199.35200 OK 0 B IP 172.64.199.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:09 GMT
content-type: text/plain
set-cookie: csu=1925628033511155@1@1675058229; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bv5Iqv2lDhbb1z9IfcL1brNFT46yJem0O8YWSHNccGxIq4wY4hLYSm8tn9foPJ7BPbuDbdZ2mFFsEfU%2F5dyiaeY7yEKCojCadWR0noyA27Z9Bp0MXg9iUwz%2FT0Wl%2FCmv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7f02de27786-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.106:0
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 30 Jan 2023 05:57:07 GMT
date: Mon, 30 Jan 2023 05:57:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=27jMTE7IJfPX2KnHIuvH; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.93.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: 8ewmTI2jy/M5oxfm1Zo8bv1SqrieGnfrMfmtZmR336jUoc4rRdbotq/wectU+HY8mdvt156QxDvmJAhJfohIWQ==
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: CHGKMTPSKZ4AFT0N
cf-cache-status: HIT
age: 956986
expires: Wed, 01 Mar 2023 05:57:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QhMte0%2B3ZOJop6%2F998gpQTA%2Bz7Ea1nKw7F9jp6A%2BGklb64TkH%2FWWtqXeZHRi77mQVLamNRcZmOssTKrKvsYVsChmqDehj8iaspsUuZhG8f%2Br57tZ2nvKE12wtP0HtLWDwqvOGWJiPm8XyC64fPI8%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=oS1QP9dWCyGAZ0AqWW1HPF8Ek4T4ra4qewhs_.IGc7Y-1675058231472-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7917f7faad7a0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.166.9:0
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6537882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DoyBlbOZcTREgsBjzPuSHUxYcfPF%2FkMMW%2FMeC24RxR3uMtIh%2FKGvlD8SWSFJv496lLtN3zqKhQHjNAwOd8KJSInLNRE3rbrPQX5TgfeOEPHEMdK2N%2FKJBcMvI9ihDt4Mm3JDRkQUgm6m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7f29c8b777d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
172.64.97.10200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 172.64.97.10:0
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-183501634e2"
last-modified: Sun, 18 Sep 2022 10:12:56 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8260445
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MRwZUPd2p9KOU1sdOHKx6ydbvnQfHi1vLpj%2B5gO1WEKXNZ%2FyPb94E3KhJ0o%2BfR%2F3bX6iRi0L7S6oiOpztP3wwdBrVQAuZOm%2FApiU8VEfB7LKiMaJKZ%2BNH50%2F%2B6OEM5M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df79617701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:09 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2769
last-modified: Mon, 30 Jan 2023 05:11:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dFUV0dG5i41CdQ40TeXTwE5etRO7AvNrkRkQO0Kygcwh3VMxt08RXaS6ZsHceV%2FZjb8aYlSU8ZjB4Ok1beMhI3C%2FFMSqAPgJ7uTql5VCc36dL9QHHtbQfopOV4lbQkI6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7f02dde7786-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: qcuPy7xTu4Cc/PI+JSygjwORfdEVd8GZiWmS6I7xNGLOse+wo1Ka2VrX16e/QjLYI/i6ilaRYSBkDhtatPrHUA==
date: Mon, 30 Jan 2023 05:57:09 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
172.64.97.10200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 172.64.97.10:0
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"61c-18350165707"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8260445
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g9x2MS8xbBn0NZS46vVHmEnxu%2FkGqNtDbmRYLGvYkisQ2dA%2B5EfeerCwvPAjwVCTWMaoHY0rB1SMFkbcu38N0SskzShZCA0IHb%2FnbOnGNwcb0PrPzG35aR%2FYDTupt6c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df89657701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.101.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.101.40:0
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Sat, 04 Feb 2023 05:57:11 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Wed, 01 Mar 2023 05:57:11 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Mon, 30 Jan 2023 11:57:11 GMT; Max-Age=21600; Path=/
stcki="R2oKO-=0"; expires=Wed, 01 Mar 2023 05:57:11 GMT; HttpOnly; Max-Age=2592000; Path=/
sbr=sec:sbra5500afe-46fe-4730-a2fb-c5a2cfdad493:1pMNAF:5mOj3_clTAVlOGV6kIOo3T8ptzE; Domain=.chaturbate.com; expires=Sat, 25 Oct 2025 05:57:11 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=N.rIOu8ju715hEyVHxyBohvmNbFSuKdsNbnwoXzaZvQ-1675058231-0-ATbv0NbmmIYwYekOD3oHAsKxfXZ/VVtCCaS0tLQNMYHKSdZ3YsqYForWgIdco6zWPxSdXRFBNKO6aXVA3zKXdoU=; path=/; expires=Mon, 30-Jan-23 06:27:11 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7917f7f7bf9cb500-OSL
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/images/ico-female.svg?818c9c4c368f
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/images/ico-female.svg?818c9c4c368f
IP 104.16.93.42:0
GET /images/ico-female.svg?818c9c4c368f HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.86af60575b63.css
Cookie: _cfuvid=oS1QP9dWCyGAZ0AqWW1HPF8Ek4T4ra4qewhs_.IGc7Y-1675058231472-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: image/svg+xml
x-amz-id-2: SJJrNwVRov8N2XC88Y79re1WW5F9HPkqgb23MKyJYfSKA/6A8G8zqZPx3mPabUpoYiIi2DaJyOo=
x-amz-request-id: B65B7C33MY399T80
last-modified: Tue, 09 Mar 2021 22:37:01 GMT
etag: W/"304b64c8f4b6c7e0c36c86b419151c45"
x-amz-meta-s3cmd-attrs: md5:304b64c8f4b6c7e0c36c86b419151c45
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 272540
expires: Wed, 01 Mar 2023 05:57:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3LBMdNBPv3%2FjWPdEySHnv5GviQIuHSGGX56g1S79dhLsyUOnygWjWPMygl3knNFKqb1whvyuUP27M0vcu8FBaFftz6KKBNu48gFuF1ea3kcRZ28BMKrctfHndEpI6gf1SAe18nNlRNdwKQJMx2F7eA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7facd8e0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Malware
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript
last-modified: Tue, 13 Dec 2022 09:50:49 GMT
etag: W/"63984af9-29f99"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d661c8f821b4dd0011bb1bb50baf07c2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: IizjVucMUM7PluQ4ZUFXPQDA42t2N5xwTgOLlzxZV3nP1p8eFuBQZg==
age: 2768487
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:09 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2769
last-modified: Mon, 30 Jan 2023 05:11:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aXMLizVvw%2BoHFU%2BjQwy9%2FHdK8YiS%2BsfiqSHdWHzuk91xzYZk%2FcjBsP7Ku94%2F4F5LHrxer9pKhrtYsWifmTH%2BsdxxeMeex3E%2FPwK%2FygyBa4jsguht7p67fn6Fo9BNL%2BFf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7917f7f02de07786-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1896196805%3A1675058229791816&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHc9GhGK7QzNgLiticVswJvZogIjj2njIVpnjGvKv-fnyhwKVHbB_Uhv3rM2g5ANtrpttvyyIQ
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1896196805%3A1675058229791816&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHc9GhGK7QzNgLiticVswJvZogIjj2njIVpnjGvKv-fnyhwKVHbB_Uhv3rM2g5ANtrpttvyyIQ
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S1896196805%3A1675058229791816&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHc9GhGK7QzNgLiticVswJvZogIjj2njIVpnjGvKv-fnyhwKVHbB_Uhv3rM2g5ANtrpttvyyIQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Jan 2023 05:57:09 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-kjQ1x7T11igHuUaEuqTSdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A278681828%3Arqn%3A8%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058240%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
87.250.251.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A278681828%3Arqn%3A8%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058240%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A278681828%3Arqn%3A8%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058240%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e796b1fc8074710cdd5c72&charset=utf-8&hittoken=1675058228_6e786439dbda45c3813d30d024178baa4c62241a5e46ab7fd915496b4149a017&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1663568474079%3Ahid%3A996941919%3Az%3A0%3Ai%3A20230130055720%3Aet%3A1675058240%3Ac%3A1%3Arn%3A278681828%3Arqn%3A8%3Au%3A167505823952392834%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675058236727%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675058240%3At%3ASadie%20Hartz%20-%20Tiny%20St%20Patricks%20Day%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
date: Mon, 30 Jan 2023 05:57:09 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=1233715281675058229; Path=/; SameSite=None; Secure
i=pGKkRCj/mGYrPrvZCPmqMas51IDkGPuH/bLdu+3ll0LbVRvTWZBS9sR9EwErgifBlQ6NyX2i4biABSUq0xtjKHfj754=; Expires=Thu, 27-Jan-2033 05:57:09 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=4034923751675058229; Expires=Tue, 30-Jan-2024 05:57:09 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=4034923751675058229; Expires=Tue, 30-Jan-2024 05:57:09 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706594229.yc.1675058229#1706594229.yrts.1675058229#1706594229.yrtsi.1675058229; Expires=Tue, 30-Jan-2024 05:57:09 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 30-Jan-2023 05:57:09 GMT
last-modified: Mon, 30-Jan-2023 05:57:09 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/420556?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=K40eFt27MxyDuF8RYBqb; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=1nJv5FfSv3s3FBllJ7ck; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=Et6uug5l41uaXdmYOij6; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.97.10200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.97.10:0
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-183501656f3"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8260446
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5pNKikAkyWVO2P43GfJII872QebR6PT0GGdNT1qnRCNCnPogn2i7%2BqqlsABeCBN%2FAq99pDrORQSngMC%2FYOthrwfcROepFpSaknt%2FN5NtZfbAk%2FKM85qfu2V0%2FTodUUA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df79627701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js
172.64.97.10200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js
IP 172.64.97.10:0
GET /_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-185ecc65286"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 343491
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jjs0Ku%2B0%2FEjN5ic14TRnwMzA3jkmwwe%2FKxNngvI5oT%2FhjomzW6nJDkcOOaVUTDbqZPAhJDWvBEIwCuSx575WymgXWs4tmksETyBFW95LBer3%2B5YK2vhFpJ7HVFgny74%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df795c7701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
104.18.101.40200 OK 0 B URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP 104.18.101.40:0
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=N.rIOu8ju715hEyVHxyBohvmNbFSuKdsNbnwoXzaZvQ-1675058231-0-ATbv0NbmmIYwYekOD3oHAsKxfXZ/VVtCCaS0tLQNMYHKSdZ3YsqYForWgIdco6zWPxSdXRFBNKO6aXVA3zKXdoU=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:11 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
set-cookie: stcki="R2oKO-=0"; expires=Wed, 01 Mar 2023 05:57:11 GMT; HttpOnly; Max-Age=2592000; Path=/
affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Wed, 01 Mar 2023 05:57:11 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr271da9fe-78fb-4586-a2b9-542994633899:1pMNAF:Jme7JFjwa2MJRh2q_ENu2wWrSqQ; Domain=.chaturbate.com; expires=Sat, 25 Oct 2025 05:57:11 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7917f7f8c85cb500-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js
172.64.97.10200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js
IP 172.64.97.10:0
GET /_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e796b1fc8074710cdd5c72
Cookie: visitorId=2ocm1o94cgq0rkh5xitdgyq; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 05:57:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-185ecc6528a"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 343491
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yYDHWhibHSbwyJZlllMErZ5vPtpIiaB3sHR9RL3tX0xCnJpFFU2XIRoTiK0BCJIGGYyFmmFzf66FVYYIcpOmlbaMRnXMtGGb1vQA9Czwnnj100dKrBA%2BaEtbYUmsU1s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7917f7df79587701-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/settings/289411
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/settings/289411
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Malware
GET /api/settings/289411 HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 05:57:08 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2