xfantazy.com/video/63b1b6a4f1977b2d7f383272
172.64.96.10302 Found 0 B URL HTTP/1.1 xfantazy.com/video/63b1b6a4f1977b2d7f383272
IP 172.64.96.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/63b1b6a4f1977b2d7f383272 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 23 Mar 2023 10:26:36 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/63b1b6a4f1977b2d7f383272
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hegfXfYNFVVKLwmoSe6%2FiydZhRgNX5O2hIbWBlzeOJckUKrcswgQfRj8Cd%2FA%2Bey1B7Xdhagt1Coy%2F2INY8RhelniuG%2FjO%2Bm0TtY9aw4q8kLlDKtPdgorQvfrIfhepS8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ac5fa201fd7385b-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11568
Expires: Thu, 23 Mar 2023 13:39:24 GMT
Date: Thu, 23 Mar 2023 10:26:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 65fc860bc043f3fb83bdc3debdcd322d
418010755deae099ef1284e402813c5837a10f42
d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5918
Expires: Thu, 23 Mar 2023 12:05:14 GMT
Date: Thu, 23 Mar 2023 10:26:36 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 10:15:05 GMT
content-type: application/json
age: 691
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6691
Expires: Thu, 23 Mar 2023 12:18:07 GMT
Date: Thu, 23 Mar 2023 10:26:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +9dWc7Ds7GrrzHHC3yriJ+1ZlFSr1Jb1SFEcO8EjCIFnuelUhS80Ps01ZCnYxtUtPLWutuT7h+A=
x-amz-request-id: RJECDT2QX97VS823
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 09:54:00 GMT
age: 1956
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:36 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 10:14:33 GMT
age: 723
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6874
Expires: Thu, 23 Mar 2023 12:21:11 GMT
Date: Thu, 23 Mar 2023 10:26:37 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 342da587101df62e3e8f03dc4a87f93d
897c40f31b24adf281b804bbca7f0ffba5b86816
f6b8dde2c506c3ec03517324e93c04058e44e345dae5a52e5f49c97d77455aec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 342da587101df62e3e8f03dc4a87f93d
897c40f31b24adf281b804bbca7f0ffba5b86816
f6b8dde2c506c3ec03517324e93c04058e44e345dae5a52e5f49c97d77455aec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 23c054d3aee551b6fdc42a5a472a7040
b1a46c12ac7d65c979fd1998bdb243f3dba8f956
9e8b91ab91da9ea20dfb5f90c1c06239d2872b0eb80785534d0c59c3b51de404
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 097d447e049e3b41f92a4695b1b0c3c7
f39c9ef8d22bee41d940bf719c75b2cfae9291d5
459e0e586fca9a4720e4e25fa59978368c9d373ee86575a7b40d0ef4262043ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.40200 OK 56 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.40:0
File type ASCII text, with very long lines (1568), with no line terminators
Hash d7eb9f92654316e335f3686627bd1540
d5e38f305c4ca1273a18125f12320777888736e4
3be171dbcd441f7a1fddd0ef64f670a2c3f28464a0b8e3c2b3381abb562236d2
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 23 Mar 2023 10:26:37 GMT
expires: Thu, 23 Mar 2023 10:26:37 GMT
cache-control: private, max-age=900
last-modified: Thu, 23 Mar 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 55369
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d05345bc0f42a0c189d2f41fce45418a
e5e137a9e7b01ed45e962c30e1d654e1c957a7a7
26ea5203424bb3fbfa24f8dbb02856baf155d8d140da3822b10a29c4bfbd20a9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 21 Mar 2023 15:14:23 GMT
Expires: Tue, 28 Mar 2023 15:14:22 GMT
Etag: "e5e137a9e7b01ed45e962c30e1d654e1c957a7a7"
Cache-Control: max-age=448664,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac5fa274879b518-OSL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Mar 2023 18:05:11 GMT
expires: Thu, 21 Mar 2024 18:05:11 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 58886
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 20 Mar 2023 14:12:20 GMT
expires: Tue, 19 Mar 2024 14:12:20 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 245657
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.167.94.179101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.167.94.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6W4BZF2WD1N3s76UcIWaCQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TqJzjMlre5th2ouhnGaFWr/1VO0=
static-cache.k2s.cc/thumbnail/IbuV6ySiyfjo-W6U-w/w320h240/0.jpeg
188.72.235.186200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IbuV6ySiyfjo-W6U-w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 142eb07e54e9cf5396dc8a7eee2c4df2
c8bc151322d2653f647515630fa2b10d58f467cb
30ad079ec74c58f532edffd0783f4dec662fa607cb9270d9f525af74ca3e17af
GET /thumbnail/IbuV6ySiyfjo-W6U-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:37 GMT
content-type: image/jpeg
content-length: 10186
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-varnish: 217547155 131301401, 530874807
age: 874245
via: 1.1 varnish (Varnish/6.0), 1.1 varnish (Varnish/6.0)
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d05345bc0f42a0c189d2f41fce45418a
e5e137a9e7b01ed45e962c30e1d654e1c957a7a7
26ea5203424bb3fbfa24f8dbb02856baf155d8d140da3822b10a29c4bfbd20a9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 21 Mar 2023 15:14:23 GMT
Expires: Tue, 28 Mar 2023 15:14:22 GMT
Etag: "e5e137a9e7b01ed45e962c30e1d654e1c957a7a7"
Cache-Control: max-age=448664,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac5fa27a8f7b518-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 097d447e049e3b41f92a4695b1b0c3c7
f39c9ef8d22bee41d940bf719c75b2cfae9291d5
459e0e586fca9a4720e4e25fa59978368c9d373ee86575a7b40d0ef4262043ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d05345bc0f42a0c189d2f41fce45418a
e5e137a9e7b01ed45e962c30e1d654e1c957a7a7
26ea5203424bb3fbfa24f8dbb02856baf155d8d140da3822b10a29c4bfbd20a9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 21 Mar 2023 15:14:23 GMT
Expires: Tue, 28 Mar 2023 15:14:22 GMT
Etag: "e5e137a9e7b01ed45e962c30e1d654e1c957a7a7"
Cache-Control: max-age=448664,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac5fa27493db4eb-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d05345bc0f42a0c189d2f41fce45418a
e5e137a9e7b01ed45e962c30e1d654e1c957a7a7
26ea5203424bb3fbfa24f8dbb02856baf155d8d140da3822b10a29c4bfbd20a9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 21 Mar 2023 15:14:23 GMT
Expires: Tue, 28 Mar 2023 15:14:22 GMT
Etag: "e5e137a9e7b01ed45e962c30e1d654e1c957a7a7"
Cache-Control: max-age=448664,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac5fa2749d4b515-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d05345bc0f42a0c189d2f41fce45418a
e5e137a9e7b01ed45e962c30e1d654e1c957a7a7
26ea5203424bb3fbfa24f8dbb02856baf155d8d140da3822b10a29c4bfbd20a9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 21 Mar 2023 15:14:23 GMT
Expires: Tue, 28 Mar 2023 15:14:22 GMT
Etag: "e5e137a9e7b01ed45e962c30e1d654e1c957a7a7"
Cache-Control: max-age=448664,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac5fa274c25b4fd-OSL
static-cache.k2s.cc/thumbnail/39464cb2f5e66/main/0.jpeg
188.72.235.186200 OK 82 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/39464cb2f5e66/main/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.54.100", baseline, precision 8, 1080x1920, components 3\012- data
Hash 820902be2d414de495527adcb183ced9
046b6dd8fd68dd21d6edaf69f45b54362893eb6d
b5a6ad82793f23aa5ff0be4e0a45c8f518dafcc294df00dcd5ad23b80b58f46a
GET /thumbnail/39464cb2f5e66/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:37 GMT
content-type: image/jpeg
content-length: 81907
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-varnish: 520814746 214927479, 438305127
age: 520584
via: 1.1 varnish (Varnish/6.0), 1.1 varnish (Varnish/6.0)
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cumauCSkya-6rW-eqQ/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cumauCSkya-6rW-eqQ/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash f8b933625e6c2dbeb7f91b40a9b3eaf0
fb218cf18215f8bf39f1fe4b632138cd4e6573b1
30a0079c68e76656f23cdc29613c787523e75bf32f58a6ddb03e2d57afe76ca3
GET /thumbnail/cumauCSkya-6rW-eqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:37 GMT
content-type: image/jpeg
content-length: 11188
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-varnish: 414286182 2818053, 514230176
age: 39035
via: 1.1 varnish (Varnish/6.0), 1.1 varnish (Varnish/6.0)
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/durHvHb0yqrs8W3FqQ/w320h240/0.jpeg
188.72.235.186200 OK 9.1 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/durHvHb0yqrs8W3FqQ/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash aa7d73a55ce31d46bf71cdfe46532ae3
665167a9ea4e8a0910e0784cdc3f15c139a8038c
474a2a8a475bc1074165b05de49b97f68d9301c20b4d48675120a12bcf761dd8
GET /thumbnail/durHvHb0yqrs8W3FqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:37 GMT
content-type: image/jpeg
content-length: 9117
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-varnish: 343497650 917511
age: 39035
via: 1.1 varnish (Varnish/6.0)
accept-ranges: bytes
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LeuVtHL0w__t_TWUrA/w320h240/0.jpeg
188.72.235.186200 OK 8.0 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LeuVtHL0w__t_TWUrA/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 9f94b58f3655d5afa5fbcf33f2eac882
8e7c83b21de9de75874d6059e30aab7370f07ad0
1d88d5a76cc7a3cee4908389a50bddbfa1dce7b71b4f5019203f309ba4014304
GET /thumbnail/LeuVtHL0w__t_TWUrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:37 GMT
content-type: image/jpeg
content-length: 7998
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-varnish: 382048260 819205, 213287257
age: 39035
via: 1.1 varnish (Varnish/6.0), 1.1 varnish (Varnish/6.0)
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.78200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 23 Mar 2023 10:05:11 GMT
expires: Thu, 23 Mar 2023 12:05:11 GMT
cache-control: public, max-age=7200
age: 1286
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5cd8c9b1a21861daf74c130682cea34e
32ceecbbe8fdfc999e4169771cf7633fdaa1f083
328369b9dcb3b3b19b031dd350a02c7cbe5fb250ba4748bf8d055da5342f0837
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1621298378.1679567205&jid=2112298345&gjid=768161964&_gid=558125583.1679567205&_u=YGBAiEABBAAAAEAAI~&z=356845371
209.85.233.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1621298378.1679567205&jid=2112298345&gjid=768161964&_gid=558125583.1679567205&_u=YGBAiEABBAAAAEAAI~&z=356845371
IP 209.85.233.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1621298378.1679567205&jid=2112298345&gjid=768161964&_gid=558125583.1679567205&_u=YGBAiEABBAAAAEAAI~&z=356845371 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 23 Mar 2023 10:26:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5cd8c9b1a21861daf74c130682cea34e
32ceecbbe8fdfc999e4169771cf7633fdaa1f083
328369b9dcb3b3b19b031dd350a02c7cbe5fb250ba4748bf8d055da5342f0837
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 12 kB URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash df991f0aacc99db7ae4bf0d68a1d7414
21b05797247b7f4392022c292a1ab7a9fb162a34
86a4287863b0255e82b57a62f687c85ebfcf6a4e74ef11817568431c40fbed0b
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:38 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Mon, 27 Mar 2023 08:36:01 GMT
ETag: "0155968f25a8419569c95568425ce2836c92597c"
Last-Modified: Thu, 23 Mar 2023 08:36:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2962
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ac5fa2dae2db512-OSL
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 54 kB URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash cf4cff1ef6100619ac63d2bf20ebaced
a37732126f728cb8bed5e917962db21ff8e47c6e
a0a184982adbf4ad55165c2138b16d200a8723cf2c5c3733f28a788adb979bb7
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:38 GMT
content-type: application/javascript
last-modified: Fri, 10 Mar 2023 13:42:03 GMT
etag: W/"640b33ab-2af50"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4b3b9541fe386ba754a368a9d0694d7a.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: CTHUi9O0dgdGakXbduAWkp_1oB4UlqZRfZHZ_vOcUCm0BHhSI7c3Kg==
age: 171
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 04f0f84f65f5654fb6b95a190e24c76c
c6b7ca0f2809657ede982b7b1e2a143cbaa6332f
a1c1a8375f26e6ca16ae63f326cc2d15a334da5bae401d592c6e05b8077ce217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1C1A8375F26E6CA16AE63F326CC2D15A334DA5BAE401D592C6E05B8077CE217"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9372
Expires: Thu, 23 Mar 2023 13:02:50 GMT
Date: Thu, 23 Mar 2023 10:26:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 1.4 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f9f44a877f01949dc244229aa2f7c06c
5396276dad844679bfe9a1fc29deca86879eb9a4
8dad5555f984663118a18fc341e4f7ff32bab8b91b35767c2c09ae9e47035f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2B848604B58C3DE27E4D678DBB2BDA16FC70431A9BDE9510A667B5F6B075954B"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13858
Expires: Thu, 23 Mar 2023 14:17:36 GMT
Date: Thu, 23 Mar 2023 10:26:38 GMT
Connection: keep-alive
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37161), with no line terminators
Hash ad0bb47efc4949cfc193ddf233ef21dc
3e611acf6bec44316f57343743e9dc7aa3a8dba4
2943f68b90cfabf191e0ca3fca9021d4b342529d17d3fdc40a3784867903be98
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e09555057a5a9acc7e8581fed959cd65
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mayhemsixtydeserves.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
173.233.137.52200 OK 30 kB URL HTTP/1.1 mayhemsixtydeserves.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 173.233.137.52:0
Hash 1654e2b746a1f0cf82b0e8f1c8308d73
9504a93d13c0d76cd2617e5b879a83c4a7b42e86
da487c4bdc56b2f4c63a2d7f711b158cc9db8f8664f36427f17c65a35e61cb23
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: mayhemsixtydeserves.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0547cbafcbc75ef07dad6d0f301f3c5f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2759
Expires: Thu, 23 Mar 2023 11:12:37 GMT
Date: Thu, 23 Mar 2023 10:26:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2759
Expires: Thu, 23 Mar 2023 11:12:37 GMT
Date: Thu, 23 Mar 2023 10:26:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2759
Expires: Thu, 23 Mar 2023 11:12:37 GMT
Date: Thu, 23 Mar 2023 10:26:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2759
Expires: Thu, 23 Mar 2023 11:12:37 GMT
Date: Thu, 23 Mar 2023 10:26:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: k6VaCG5oTQnKOvKJnleVqxIIc9yOgdOL0oPcL0ZSVw7DZQ8_GzFoZQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:43 GMT
age: 45535
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tu0ENc_6tfykYc23nLfwYEMsi5HIfaDWF6dvzVTfX5rfjr3JrmMrCA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:02:44 GMT
age: 57605
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 40d24dfcd9f0afe0e4077384f16cc494
76213c7d5c759471ed3823888860f918ac7e8f13
fbbbef0498ddf14bc9b204273a3cd416c357dceed20339c3e8c64a16b0be3caf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7083
x-amzn-requestid: 52c38747-4a30-4831-87ca-7e72e5602ed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CHY_gFu8IAMFh9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64193b96-49c53b7c2e5ed4fc0217e357;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 05:07:34 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: XUrSSF8TgZSClR4MqJ0kuXGO-8KIguNmGe5lmVwzKXZO6CN0F9mimg==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:51:03 GMT
age: 45335
etag: "76213c7d5c759471ed3823888860f918ac7e8f13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c05bfdf1411a931d8ea9adc64b07bc74
156ef59e53564a4f2b27002b2695fafecd578d82
15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6692
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9d9FcOoAMFaFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Jj5lAwItWYm45j5kLqQnd3fhsiGsiuSiSVtrBUOolyHvPAmCc0S71A==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 07:54:24 GMT
age: 9134
etag: "156ef59e53564a4f2b27002b2695fafecd578d82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f777f840a3fc7e500c57a7cbdf88f26d
3518e8a18807209e94011806a96492e0d86ee9c9
44aa32fa1bf15785a4dd8cd6184772fb268113cbf459f5f30a70ff5ca66c9e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7419
x-amzn-requestid: bc02abbe-706d-42af-b963-0163b07b87c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9xbnE7OIAMFW2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641562b0-247606a3713a20d25cf83763;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:20 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: W_FZ-TYlfmS1JSvZVG4v_4Iag3ssm5J2oYgk0LBdKqv-Q0KST6FkDQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 20:21:35 GMT
age: 50703
etag: "3518e8a18807209e94011806a96492e0d86ee9c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26aea22c-e627-45d1-bce6-55eaa4acfd06.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26aea22c-e627-45d1-bce6-55eaa4acfd06.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f3aa18378fc5715083fb26bd0d62f382
ee683e481a4501d2ab8ca63d1426d6fab6f2b064
8aade71c4b55f6a9daab28a05a90bcc3c6c01b700aa48d2f8ccdb1992fa5ee81
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26aea22c-e627-45d1-bce6-55eaa4acfd06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10816
x-amzn-requestid: 60a537d2-1b8a-4ae2-967c-a7e57c818cc6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9xY0EHqoAMFrrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6415629e-1be08f9f3a13492717fdaa48;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:02 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: pFf9EtVQUyRcUOT6Aj_L88__ZyBlVX61cOmPi70WnyxxPteVUFFXEw==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 3f3347264bcaae7af741e2a2f692c6a0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 20:21:35 GMT
age: 50703
etag: "ee683e481a4501d2ab8ca63d1426d6fab6f2b064"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 408e5e3019d3a14451bc72de4059268f
43593f0f7c57f188d239efed89adc3e71a264008
e5d9d7dc91d8a926a40e5a5f42664ab5812224f3f6359b50f3db1551768ddeec
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 23 Mar 2023 10:26:38 GMT
Last-Modified: Thu, 23 Mar 2023 09:33:14 GMT
Server: ECAcc (nya/79EB)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mRQSUg-UXqYIIlNUUv03A5MiEW7GmiQfVsTrmnAlrvCIKB9aw0SGBg==
Age: 3204
simplewebanalysis.com/stats
54.93.153.146200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 54.93.153.146:0
File type ASCII text, with no line terminators
Hash 4bd87c4c35f70d5fedec6fb9b7231dc2
4d78165a76f80696b6c49f8960d9dc0f8b42f71b
116a60534c184ec895ab04a21864094a2ae7e21d45a552b2a4ff612dee0eb8ae
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:38 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=352e4617-93d3-4233-bbb9-4819c8cdc520:1:1; expires=Sun, 20 Mar 2033 10:26:38 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A348364593%3Arqn%3A2%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A348364593%3Arqn%3A2%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A348364593%3Arqn%3A2%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 23 Mar 2023 10:26:38 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 23-Mar-2023 10:26:38 GMT
last-modified: Thu, 23-Mar-2023 10:26:38 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A921784173%3Arqn%3A3%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A921784173%3Arqn%3A3%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A921784173%3Arqn%3A3%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 23 Mar 2023 10:26:38 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 23-Mar-2023 10:26:38 GMT
last-modified: Thu, 23-Mar-2023 10:26:38 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A604352022%3Arqn%3A6%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A604352022%3Arqn%3A6%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A604352022%3Arqn%3A6%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 23 Mar 2023 10:26:38 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 23-Mar-2023 10:26:38 GMT
last-modified: Thu, 23-Mar-2023 10:26:38 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 408e5e3019d3a14451bc72de4059268f
43593f0f7c57f188d239efed89adc3e71a264008
e5d9d7dc91d8a926a40e5a5f42664ab5812224f3f6359b50f3db1551768ddeec
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=108744
Date: Thu, 23 Mar 2023 10:26:38 GMT
Etag: "641b2d57-1d7"
Expires: Fri, 24 Mar 2023 16:39:02 GMT
Last-Modified: Wed, 22 Mar 2023 16:31:19 GMT
Server: ECAcc (nya/79F3)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UyS2IgmcMIVVSr40QSATHZU0oP34eca44Y5ucqmXOoXwhiJUjMJE0A==
Age: 463
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A862038666%3Arqn%3A5%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A862038666%3Arqn%3A5%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A862038666%3Arqn%3A5%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 23 Mar 2023 10:26:38 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 23-Mar-2023 10:26:38 GMT
last-modified: Thu, 23-Mar-2023 10:26:38 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
104.21.234.93200 OK 27 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 104.21.234.93:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash e7e03604b3ce4c388d505f30039573e3
c38b5b26be9648732efa959e9aa80858ceac27e7
6b029a6aabd032aa6389a5b91acb466611397e0ed4e2bf8891d5543db6e177df
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:38 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f1880842f375231f4638d9363302edc9
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 23 Mar 2023 10:26:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QAg%2BDJX4RDMpuhLvYIm5AD6WhusIgEKUfZUEiB4DOGnoKiIlybQ4LQXjjNOhi%2FKBAYcDM%2BSwoae%2FHCX3G%2FyN117KixQBKCNK4IYyWsExViGTsPeRMiD3X9LQT3FVM1N7U7UX82M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac5fa305c6623ad-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A1009905332%3Arqn%3A7%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A1009905332%3Arqn%3A7%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102646%3Aet%3A1679567207%3Ac%3A1%3Arn%3A1009905332%3Arqn%3A7%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1679567203842%3Ast%3A1679567207&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 23 Mar 2023 10:26:38 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 23-Mar-2023 10:26:38 GMT
last-modified: Thu, 23-Mar-2023 10:26:38 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
54.93.153.146200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 54.93.153.146:0
File type ASCII text, with no line terminators
Hash 948e57d2db70836f2f4ee256a24e21d7
f6eedd74e0a44470c66f56ebae13c4a1ebf6718a
faec62168d59e716de8ba0efbedd6258993c1ea797a86b6bd39f087450873991
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:38 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=08db5d9b-5a41-4c3c-896c-bde217f439f8:1:1; expires=Sun, 20 Mar 2033 10:26:38 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a19f815eedd6c30b039ad166708ba8c6
692edfd33cdfe924604664ec4613d2fcaaa0a4a0
dff91da36f9bdcf8a5cdf00afd9cc96873e7c0b4c7d0ee35b3e9a92e512fb2e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFF91DA36F9BDCF8A5CDF00AFD9CC96873E7C0B4C7D0EE35B3E9A92E512FB2E5"
Last-Modified: Tue, 21 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15079
Expires: Thu, 23 Mar 2023 14:37:58 GMT
Date: Thu, 23 Mar 2023 10:26:39 GMT
Connection: keep-alive
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: *
etag: "641965ea-2b"
expires: Thu, 23 Mar 2023 11:26:39 GMT
accept-ranges: bytes
last-modified: Tue, 21 Mar 2023 11:08:10 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0d7ca3bdefe9f3e85ae05dae0670a29e
f859f4eb461ea5a718a0ce5fadf01270ca7c1acb
54de256ed07751e3b604b9b70331405ca0067b2ea1c8f5b5215414a48d853e27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54DE256ED07751E3B604B9B70331405CA0067B2EA1C8F5B5215414A48D853E27"
Last-Modified: Thu, 23 Mar 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12549
Expires: Thu, 23 Mar 2023 13:55:48 GMT
Date: Thu, 23 Mar 2023 10:26:39 GMT
Connection: keep-alive
d3t87ooo0697p8.cloudfront.net/?oootd=971975
54.230.245.46200 OK 114 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP 54.230.245.46:0
File type Unicode text, UTF-8 text, with very long lines (15955)
Size 114 kB (113594 bytes)
Hash 3a59d5703fcf770f902e9575e2f24888
6785f2633d7e9ff449150d50d44d33eafda8f610
245f3794432fef5bb987529f309228b0767563f102daa1cbb1f34abece69744f
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 113594
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nVruB7F7Xtwmy9MJnfWXA4pTTfCoFAO6cLUwUkohoQJoDHNhDJThBg==
X-Firefox-Spdy: h2
improviseprofane.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
192.243.61.225200 OK 30 kB URL HTTP/1.1 improviseprofane.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash 9ec4ae328ba9ee3d1c2d92124f884999
9300203883633db5994cd3b092ec1b1851a822ba
6321bc09a9780c4319c0dc1a9d128cf6e8a335f2083d2918ab9c921434efe4a2
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: improviseprofane.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 65e95ca61453f34756ecffd352d99019
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102647%3Aet%3A1679567207%3Ac%3A1%3Arn%3A508760677%3Arqn%3A9%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1679567203842%3Aadb%3A2%3Ast%3A1679567207&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102647%3Aet%3A1679567207%3Ac%3A1%3Arn%3A508760677%3Arqn%3A9%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1679567203842%3Aadb%3A2%3Ast%3A1679567207&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pa%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102647%3Aet%3A1679567207%3Ac%3A1%3Arn%3A508760677%3Arqn%3A9%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1679567203842%3Aadb%3A2%3Ast%3A1679567207&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 23-Mar-2023 10:26:39 GMT
last-modified: Thu, 23-Mar-2023 10:26:39 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
jetordinarilysouvenirs.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
192.243.61.227200 OK 29 kB URL HTTP/1.1 jetordinarilysouvenirs.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 82990d4621858654a1357931b5e55fef
88490738e00cfa57478ec2460dbccfac793b57f8
ae946179b440763ff5e47909571c255ae304e092db6bb323e829c296a18ba6ad
Analyzer Verdict Alert quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: jetordinarilysouvenirs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c12c75826aea7cee1142e325e3873d2e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pv%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102647%3Aet%3A1679567207%3Ac%3A1%3Arn%3A653292302%3Arqn%3A8%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1679567203842%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679567207%3At%3AMoonsi%20%7C%20%40Moonsimorfin%20Video%20160%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pv%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102647%3Aet%3A1679567207%3Ac%3A1%3Arn%3A653292302%3Arqn%3A8%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1679567203842%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679567207%3At%3AMoonsi%20%7C%20%40Moonsimorfin%20Video%20160%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pv%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102647%3Aet%3A1679567207%3Ac%3A1%3Arn%3A653292302%3Arqn%3A8%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1679567203842%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679567207%3At%3AMoonsi%20%7C%20%40Moonsimorfin%20Video%20160%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 23-Mar-2023 10:26:39 GMT
last-modified: Thu, 23-Mar-2023 10:26:39 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
tanceteventu.com/UnpUMHgzGDddRzNHNhYNIBZpFUoUX2Z2HGEObAcXPRVkBkFlCmweGz4VIVQeIBU6RFY8HyAVShQwGXYiYDQAXCwdKDxkOjkrcQI+Fx0zcTpgHgRxHyUtBHEuMyxkcgoeFgZFHTUZY3EuZyA3cTICIgUBFQc8OGkgODwYdUkqHxplCxcyZXUBFDszfj47MxNnFBs0HUgQACISaV1gPBN2OjY8PX0gETwGVjQQQw5mLhQABng1HzI5aiwQDT9pMQBDNmguahIWYjkeOxBXOxc7J3EiYiM2cyoEFhpyOR47F3UeBQ1sdRtiLGd4ORgXEFc1HDwDZUgXOydxMhNXFWE7PDw6Yh8TIhV4QQY4I1wgHwICVS46LD99OTEwFWciFTgVWzoxSgV2IGMRP3VJHC0HeDYXGSNXOQtLM3YwYiwmYg90ECdfFiJHDFEvGCsZBB87
54.230.111.71200 OK 1.2 kB URL HTTP/2 tanceteventu.com/UnpUMHgzGDddRzNHNhYNIBZpFUoUX2Z2HGEObAcXPRVkBkFlCmweGz4VIVQeIBU6RFY8HyAVShQwGXYiYDQAXCwdKDxkOjkrcQI+Fx0zcTpgHgRxHyUtBHEuMyxkcgoeFgZFHTUZY3EuZyA3cTICIgUBFQc8OGkgODwYdUkqHxplCxcyZXUBFDszfj47MxNnFBs0HUgQACISaV1gPBN2OjY8PX0gETwGVjQQQw5mLhQABng1HzI5aiwQDT9pMQBDNmguahIWYjkeOxBXOxc7J3EiYiM2cyoEFhpyOR47F3UeBQ1sdRtiLGd4ORgXEFc1HDwDZUgXOydxMhNXFWE7PDw6Yh8TIhV4QQY4I1wgHwICVS46LD99OTEwFWciFTgVWzoxSgV2IGMRP3VJHC0HeDYXGSNXOQtLM3YwYiwmYg90ECdfFiJHDFEvGCsZBB87
IP 54.230.111.71:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3034), with no line terminators
Hash ce402a2ee68f47aa391db70cfcbc57f3
3d8a57fc697c5a1c543783b39eb43fd1d80c2171
799ae9db956dc1a157f02561a1d77c573e37181ae319cde02d7423e074eaae83
GET /UnpUMHgzGDddRzNHNhYNIBZpFUoUX2Z2HGEObAcXPRVkBkFlCmweGz4VIVQeIBU6RFY8HyAVShQwGXYiYDQAXCwdKDxkOjkrcQI+Fx0zcTpgHgRxHyUtBHEuMyxkcgoeFgZFHTUZY3EuZyA3cTICIgUBFQc8OGkgODwYdUkqHxplCxcyZXUBFDszfj47MxNnFBs0HUgQACISaV1gPBN2OjY8PX0gETwGVjQQQw5mLhQABng1HzI5aiwQDT9pMQBDNmguahIWYjkeOxBXOxc7J3EiYiM2cyoEFhpyOR47F3UeBQ1sdRtiLGd4ORgXEFc1HDwDZUgXOydxMhNXFWE7PDw6Yh8TIhV4QQY4I1wgHwICVS46LD99OTEwFWciFTgVWzoxSgV2IGMRP3VJHC0HeDYXGSNXOQtLM3YwYiwmYg90ECdfFiJHDFEvGCsZBB87 HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1186
date: Thu, 23 Mar 2023 10:26:39 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FFJVLmobe_VEprqWrPbd6GaZINQGGxx8cMvnwS2ZatalKcRuYHR9hQ==
X-Firefox-Spdy: h2
tanceteventu.com/SzJ0Tm4qUBcjUSoPFmgbOV5Ja1wNF0YICnhGTHkBJF1EeFd8QkxgDSddASoIOV0aOkAlVwBrXA15IH0vPGAhFx0DA0AkCx9BLhgmIxdGCAsOfzEtAB1CMyUjOnkwdyATcwcWJAh8Rx4/AlE/Bh0/UR0lKx1lOTcgGWM6KjkKWDEYWiJXRiU4E1sueQgnaCYHPRlLJgw3PHhHBwoTSEw4JzNKJhcmGngmHFt6a0d/Lwx2PTgnGWASAwQdQyUpLzl/GT4tCnomfDcecyIqCRlDJSkvMn4NCCkJdTZ/Kh1nNyo6fgcmDDh5cDM+LQp2FzkPIHwMKiYRBCwpQwlBLX1fCmQNDwIBcEwYCjxwTR8vDQMQIFsKcyMMXi1KLhQgMn8EBl4jVRAPAglzPAwBLQMuCAsDUVIkHSRcBHMCBWMfHSkzdicWJSMGEjoL
54.230.111.71200 OK 1.2 kB URL HTTP/2 tanceteventu.com/SzJ0Tm4qUBcjUSoPFmgbOV5Ja1wNF0YICnhGTHkBJF1EeFd8QkxgDSddASoIOV0aOkAlVwBrXA15IH0vPGAhFx0DA0AkCx9BLhgmIxdGCAsOfzEtAB1CMyUjOnkwdyATcwcWJAh8Rx4/AlE/Bh0/UR0lKx1lOTcgGWM6KjkKWDEYWiJXRiU4E1sueQgnaCYHPRlLJgw3PHhHBwoTSEw4JzNKJhcmGngmHFt6a0d/Lwx2PTgnGWASAwQdQyUpLzl/GT4tCnomfDcecyIqCRlDJSkvMn4NCCkJdTZ/Kh1nNyo6fgcmDDh5cDM+LQp2FzkPIHwMKiYRBCwpQwlBLX1fCmQNDwIBcEwYCjxwTR8vDQMQIFsKcyMMXi1KLhQgMn8EBl4jVRAPAglzPAwBLQMuCAsDUVIkHSRcBHMCBWMfHSkzdicWJSMGEjoL
IP 54.230.111.71:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash fd21387579cf9c0ea37d14acc6398faa
561435a9fbd2d39de5d8fd497024442072e861bf
f1bc7de4759e7d6e526787f63c78d40e3bcb77aee33e30abb714053821930bfc
GET /SzJ0Tm4qUBcjUSoPFmgbOV5Ja1wNF0YICnhGTHkBJF1EeFd8QkxgDSddASoIOV0aOkAlVwBrXA15IH0vPGAhFx0DA0AkCx9BLhgmIxdGCAsOfzEtAB1CMyUjOnkwdyATcwcWJAh8Rx4/AlE/Bh0/UR0lKx1lOTcgGWM6KjkKWDEYWiJXRiU4E1sueQgnaCYHPRlLJgw3PHhHBwoTSEw4JzNKJhcmGngmHFt6a0d/Lwx2PTgnGWASAwQdQyUpLzl/GT4tCnomfDcecyIqCRlDJSkvMn4NCCkJdTZ/Kh1nNyo6fgcmDDh5cDM+LQp2FzkPIHwMKiYRBCwpQwlBLX1fCmQNDwIBcEwYCjxwTR8vDQMQIFsKcyMMXi1KLhQgMn8EBl4jVRAPAglzPAwBLQMuCAsDUVIkHSRcBHMCBWMfHSkzdicWJSMGEjoL HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1182
date: Thu, 23 Mar 2023 10:26:39 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: do7m3wbZhzYiVhKKCVxnZlYB3X7L-e5dkYhxRir4qRRmfcd-QvcHKg==
X-Firefox-Spdy: h2
ishedtotigai.info/VDJqYXl7DQkSRAdkBhsuA3wdAxIkRz1SCSdgLQ0tMgBbIyACQUwVEDAPU1ZIbQVfRwk9VldSS3JBHgANIUFXU0lkBUwIFzJdV1BfIg9aT0B6A0RUXyEPW0cNJFMNXEhyQh4VFWkDXFZAYQRdU0ljA1NQ
172.67.192.221204 No Content 0 B URL HTTP/2 ishedtotigai.info/VDJqYXl7DQkSRAdkBhsuA3wdAxIkRz1SCSdgLQ0tMgBbIyACQUwVEDAPU1ZIbQVfRwk9VldSS3JBHgANIUFXU0lkBUwIFzJdV1BfIg9aT0B6A0RUXyEPW0cNJFMNXEhyQh4VFWkDXFZAYQRdU0ljA1NQ
IP 172.67.192.221:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VDJqYXl7DQkSRAdkBhsuA3wdAxIkRz1SCSdgLQ0tMgBbIyACQUwVEDAPU1ZIbQVfRwk9VldSS3JBHgANIUFXU0lkBUwIFzJdV1BfIg9aT0B6A0RUXyEPW0cNJFMNXEhyQh4VFWkDXFZAYQRdU0ljA1NQ HTTP/1.1
Host: ishedtotigai.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KOY2EyTxC4QbE4Wyac3wdRXeAdpSSG%2F7OZsB9uQOONBHdOZM5GxvdtO5kZVKmfrD9FMdnD02SKjH%2BxUOAjnQdUYJIQIKOS6%2Bab%2Bu6%2B8uo%2FONaMZ1pqZ7P8%2Fa5xyTYXb%2FWPafEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa34ac3b1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ishedtotigai.info/R2wxc0poU1IAdxYCYz4TKQgGInkROmVADAUJADkCIylzVngFO1pLbDMFVU5zcF0IRH9hHFgXd3ReFwA+JhhEAHd2SlgdLChRFwV3d0IIXXtpWRcGd3ZKRQMrIFEAVTozGF1Oe3FbCEZ8cF4BRHt+XA
172.67.192.221204 No Content 0 B URL HTTP/2 ishedtotigai.info/R2wxc0poU1IAdxYCYz4TKQgGInkROmVADAUJADkCIylzVngFO1pLbDMFVU5zcF0IRH9hHFgXd3ReFwA+JhhEAHd2SlgdLChRFwV3d0IIXXtpWRcGd3ZKRQMrIFEAVTozGF1Oe3FbCEZ8cF4BRHt+XA
IP 172.67.192.221:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /R2wxc0poU1IAdxYCYz4TKQgGInkROmVADAUJADkCIylzVngFO1pLbDMFVU5zcF0IRH9hHFgXd3ReFwA+JhhEAHd2SlgdLChRFwV3d0IIXXtpWRcGd3ZKRQMrIFEAVTozGF1Oe3FbCEZ8cF4BRHt+XA HTTP/1.1
Host: ishedtotigai.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fldRk%2FZaY6XE38sOhDFSLd4GtOVhjq7%2BtUeW2AbULeIB2pzpIjeCb6W7jcWORVRDh1uOx%2FWwcmxcFriLTZRUN3hLOnANjvy%2F6o6Y%2Fa4uJb7Fb3i2gvuRCr9tE3PK8o%2BJ0yGNaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa34bc401c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ishedtotigai.info/RUxSdGJqczEHXxEaHDkzdhpqLSoxNgNHMC8oGjIvIyEAQQYQBXQACyFxa0NRcXthUhIsKG9FWmM/JhUWMD9vRUQsIjQbX2M6b0VMdWJgWlFjOW9FRDE8MxNfdGoiABYpcWNCVXx5ZENQdXtgRFA
172.67.192.221204 No Content 0 B URL HTTP/2 ishedtotigai.info/RUxSdGJqczEHXxEaHDkzdhpqLSoxNgNHMC8oGjIvIyEAQQYQBXQACyFxa0NRcXthUhIsKG9FWmM/JhUWMD9vRUQsIjQbX2M6b0VMdWJgWlFjOW9FRDE8MxNfdGoiABYpcWNCVXx5ZENQdXtgRFA
IP 172.67.192.221:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RUxSdGJqczEHXxEaHDkzdhpqLSoxNgNHMC8oGjIvIyEAQQYQBXQACyFxa0NRcXthUhIsKG9FWmM/JhUWMD9vRUQsIjQbX2M6b0VMdWJgWlFjOW9FRDE8MxNfdGoiABYpcWNCVXx5ZENQdXtgRFA HTTP/1.1
Host: ishedtotigai.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SoD9Bkrjos89YjuzcfOFJOFdU9g5Fa36KNCnVZp1%2FKS8mYoRlxP1HDWfee4KKkhPzb0gUbGuHCTdmJrDV2JjTh68r3YD1gBsOdp1tHQPG62IYMJbbefEIRVTqC%2Bnd%2FWecO4Kzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa34bc4b1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tanceteventu.com/U29DRFkyDSApZjJSIWIsIQN+YWsVSnECPWAbe3M2PABzcmBkH3tqOj8ANiA/IQAtMHc9CjdhaxU8EnYhKTkuET4SF3MzDjkMBQJrJwwnEmwXNXICNREIAnEaKSERDmsJOgkjADgoBQERGTogfAgpDBQCayc5GRUYACACDnxhLRAsAGctLXE9BTsgBhAFKQsnGxYVAjwxIS06MxAVLA4nFjs6BA4cHl0HEW1kLCkvHxsVLAEDP1tyHWknFRARHz47FxUfGzsKDxcRVhQeHwYbBAIDODkbDjoLOBkFOhBaFB4fBl8BFmg0OhQePx43DRw6Kz0FHTIRGA8odAkEFRAcMjkuETIwAzsDPBU5MhcMFQICLQADKAcoGDA8MwYDPz05HBwZAhUDAzY+OQUUHj4oEhYBXi4cMwUBFRwDED5wBQg1A3NiMyAALTRkB19yITMEIXcAEGcF
54.230.111.71200 OK 1.2 kB URL HTTP/2 tanceteventu.com/U29DRFkyDSApZjJSIWIsIQN+YWsVSnECPWAbe3M2PABzcmBkH3tqOj8ANiA/IQAtMHc9CjdhaxU8EnYhKTkuET4SF3MzDjkMBQJrJwwnEmwXNXICNREIAnEaKSERDmsJOgkjADgoBQERGTogfAgpDBQCayc5GRUYACACDnxhLRAsAGctLXE9BTsgBhAFKQsnGxYVAjwxIS06MxAVLA4nFjs6BA4cHl0HEW1kLCkvHxsVLAEDP1tyHWknFRARHz47FxUfGzsKDxcRVhQeHwYbBAIDODkbDjoLOBkFOhBaFB4fBl8BFmg0OhQePx43DRw6Kz0FHTIRGA8odAkEFRAcMjkuETIwAzsDPBU5MhcMFQICLQADKAcoGDA8MwYDPz05HBwZAhUDAzY+OQUUHj4oEhYBXi4cMwUBFRwDED5wBQg1A3NiMyAALTRkB19yITMEIXcAEGcF
IP 54.230.111.71:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash 7278bbc12a7ae70e5cbb925414439b5e
75f4e1081ffa9c4d156c1d1795b47414cab01487
e588acbca92c59ff1fb03cfdd609f34a49f3fb911ba2d7173a18f5842c795088
GET /U29DRFkyDSApZjJSIWIsIQN+YWsVSnECPWAbe3M2PABzcmBkH3tqOj8ANiA/IQAtMHc9CjdhaxU8EnYhKTkuET4SF3MzDjkMBQJrJwwnEmwXNXICNREIAnEaKSERDmsJOgkjADgoBQERGTogfAgpDBQCayc5GRUYACACDnxhLRAsAGctLXE9BTsgBhAFKQsnGxYVAjwxIS06MxAVLA4nFjs6BA4cHl0HEW1kLCkvHxsVLAEDP1tyHWknFRARHz47FxUfGzsKDxcRVhQeHwYbBAIDODkbDjoLOBkFOhBaFB4fBl8BFmg0OhQePx43DRw6Kz0FHTIRGA8odAkEFRAcMjkuETIwAzsDPBU5MhcMFQICLQADKAcoGDA8MwYDPz05HBwZAhUDAzY+OQUUHj4oEhYBXi4cMwUBFRwDED5wBQg1A3NiMyAALTRkB19yITMEIXcAEGcF HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1192
date: Thu, 23 Mar 2023 10:26:39 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: V7Hl3ug5W94DghL_jSXxtPDgMcemGfsElVL7mfFgzr-xPm7Jtn14qg==
X-Firefox-Spdy: h2
ishedtotigai.info/MGVWNVIfWjVGb2MtMm02Wj9iZxV6JxIGPn88PVYUVTAAUgZHNHBBO1RYbwNgAFRiEyJZAWsEdEMRN0EnQ1hnEzteAzkIdEZYZxthBEtlB3wCQyMIYxYRJlQ1DVRwRSZECWsEZAdcYwNlAlVhB2EH
172.67.192.221204 No Content 0 B URL HTTP/2 ishedtotigai.info/MGVWNVIfWjVGb2MtMm02Wj9iZxV6JxIGPn88PVYUVTAAUgZHNHBBO1RYbwNgAFRiEyJZAWsEdEMRN0EnQ1hnEzteAzkIdEZYZxthBEtlB3wCQyMIYxYRJlQ1DVRwRSZECWsEZAdcYwNlAlVhB2EH
IP 172.67.192.221:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MGVWNVIfWjVGb2MtMm02Wj9iZxV6JxIGPn88PVYUVTAAUgZHNHBBO1RYbwNgAFRiEyJZAWsEdEMRN0EnQ1hnEzteAzkIdEZYZxthBEtlB3wCQyMIYxYRJlQ1DVRwRSZECWsEZAdcYwNlAlVhB2EH HTTP/1.1
Host: ishedtotigai.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y2lGLGcuUBcCWX4Lr8jI2EHqGg3a%2F3RzNEZAIQfWiDtHWIV0ZnbMbVMORSBEki4cGGFxufGV3yjCkE1tjYlpffH6lTeX0dB7LCWUCRr%2FeAFt43omV8iUgAb8UOvCUrQVF%2BZtpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa34cc581c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/JMFZ2NTlTORhTBkQ/EggAB2dPAgwWPAVaV0BrLlRuegc7AV5ZcAJPXQ1mUFlYXjFLE1xeNUsEH1EyFAgNFiIGWlINIxhRXFY/GFBdFiMXCFRfLB9ZVVFzRHMMHmZTBwkYIR9bXV8hBRALADgCEAsAZ0YbCRVlNBALACEfWw8Ec0V3HAJmDgMNFWU0EAsAJA-AQCnFnRgAXAH9TBwlXMxVeVhVkMAcJAWZGBAkBc0QFX1kkE1NWSHNEcwgAY1gFH0VrRw
54.230.245.46200 OK 325 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/JMFZ2NTlTORhTBkQ/EggAB2dPAgwWPAVaV0BrLlRuegc7AV5ZcAJPXQ1mUFlYXjFLE1xeNUsEH1EyFAgNFiIGWlINIxhRXFY/GFBdFiMXCFRfLB9ZVVFzRHMMHmZTBwkYIR9bXV8hBRALADgCEAsAZ0YbCRVlNBALACEfWw8Ec0V3HAJmDgMNFWU0EAsAJA-AQCnFnRgAXAH9TBwlXMxVeVhVkMAcJAWZGBAkBc0QFX1kkE1NWSHNEcwgAY1gFH0VrRw
IP 54.230.245.46:0
File type ASCII text, with very long lines (413), with no line terminators
Hash a92809eeccf4469ec57a8f47555fbd1c
b1ec4235faaabffd655bf0bfff549e7f2fee475c
0cb0563bb6b5edc6f8741f8b0e93faf6cfb09676f7aa267adead111988555417
GET /JMFZ2NTlTORhTBkQ/EggAB2dPAgwWPAVaV0BrLlRuegc7AV5ZcAJPXQ1mUFlYXjFLE1xeNUsEH1EyFAgNFiIGWlINIxhRXFY/GFBdFiMXCFRfLB9ZVVFzRHMMHmZTBwkYIR9bXV8hBRALADgCEAsAZ0YbCRVlNBALACEfWw8Ec0V3HAJmDgMNFWU0EAsAJA-AQCnFnRgAXAH9TBwlXMxVeVhVkMAcJAWZGBAkBc0QFX1kkE1NWSHNEcwgAY1gFH0VrRw HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tanceteventu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 325
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nIbok5pLRwmpijILwAzKPuevWgoRZjIbxO2My-8HKkkWTllAE7drOw==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/KT3AwRUYsH14jeTsZVHh/eEMEcnVpGkMqKD9NXAsXJCN3PQIcKHstcikEVWMyNRQNdWAjEV4ie2kVXiZ7flZRISRyRBYwJ3IdXz8vIxxRYHQJRR51Y31AGDIvIRRfMjVqQgArMmpCAHR2YUAVdgRqQgAyLyFGBGB1DVUCdT55RBV2BGpCADcwakNxdHZ6Xg-BsY31AVyAlJB8VdwB9QAF1dn5AAWB0fxZZNyMpH0hgdAlBAHBof1ZFeHc
54.230.245.46200 OK 193 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/KT3AwRUYsH14jeTsZVHh/eEMEcnVpGkMqKD9NXAsXJCN3PQIcKHstcikEVWMyNRQNdWAjEV4ie2kVXiZ7flZRISRyRBYwJ3IdXz8vIxxRYHQJRR51Y31AGDIvIRRfMjVqQgArMmpCAHR2YUAVdgRqQgAyLyFGBGB1DVUCdT55RBV2BGpCADcwakNxdHZ6Xg-BsY31AVyAlJB8VdwB9QAF1dn5AAWB0fxZZNyMpH0hgdAlBAHBof1ZFeHc
IP 54.230.245.46:0
File type ASCII text, with no line terminators
Hash 20b70cb72d48e248fd33165de6b8e629
05b4e9af4cde3669ce43108304ee384dcb82415f
eef9434fe6767768758e90dabbc0338dc791cf3b8e72637d95b96999b4746a37
GET /KT3AwRUYsH14jeTsZVHh/eEMEcnVpGkMqKD9NXAsXJCN3PQIcKHstcikEVWMyNRQNdWAjEV4ie2kVXiZ7flZRISRyRBYwJ3IdXz8vIxxRYHQJRR51Y31AGDIvIRRfMjVqQgArMmpCAHR2YUAVdgRqQgAyLyFGBGB1DVUCdT55RBV2BGpCADcwakNxdHZ6Xg-BsY31AVyAlJB8VdwB9QAF1dn5AAWB0fxZZNyMpH0hgdAlBAHBof1ZFeHc HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tanceteventu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 193
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: w8JgYw0Eu-7kit5KIjOmGc0Rj0b5WbiKWyn6jduBkNx55Oz_3RBbyQ==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/SQ2xzVmUgAx0wWjcFF2tcdV5DZ1FlBgA5CzNRJ2ZUJgYkGFEHJUc8QzcWF2tVZQASOAJ+ShY4Bn5dVTcBIVFHcBEzAxhrBywIFCMcOhUGJEM2DU47CjkFHzoEZl41Y0tzSUFmTTQFHTIKNB9WZFUtGFZkVXJcXWZAcC5WZFU0BR1gUWZfMXNXcxRFYkBwLl-ZkVTEaVmUkclxGeFVqSUFmAiYPGDlAcSpBZlRzXEJmVGZeQzAMMQkVOR1mXjVnVXZCQ3AQfl0
54.230.245.46200 OK 582 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/SQ2xzVmUgAx0wWjcFF2tcdV5DZ1FlBgA5CzNRJ2ZUJgYkGFEHJUc8QzcWF2tVZQASOAJ+ShY4Bn5dVTcBIVFHcBEzAxhrBywIFCMcOhUGJEM2DU47CjkFHzoEZl41Y0tzSUFmTTQFHTIKNB9WZFUtGFZkVXJcXWZAcC5WZFU0BR1gUWZfMXNXcxRFYkBwLl-ZkVTEaVmUkclxGeFVqSUFmAiYPGDlAcSpBZlRzXEJmVGZeQzAMMQkVOR1mXjVnVXZCQ3AQfl0
IP 54.230.245.46:0
File type ASCII text, with very long lines (828), with no line terminators
Hash 5fbc99179001b19789a82628c47115e3
6ee8651f65b3ef81673189f1048d694eb3634b3d
664882284c913a8e946b9cc65b87029e28ac70e161814757f0caee6f660aed73
GET /SQ2xzVmUgAx0wWjcFF2tcdV5DZ1FlBgA5CzNRJ2ZUJgYkGFEHJUc8QzcWF2tVZQASOAJ+ShY4Bn5dVTcBIVFHcBEzAxhrBywIFCMcOhUGJEM2DU47CjkFHzoEZl41Y0tzSUFmTTQFHTIKNB9WZFUtGFZkVXJcXWZAcC5WZFU0BR1gUWZfMXNXcxRFYkBwLl-ZkVTEaVmUkclxGeFVqSUFmAiYPGDlAcSpBZlRzXEJmVGZeQzAMMQkVOR1mXjVnVXZCQ3AQfl0 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tanceteventu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 582
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -c3Du5XIl7AgdzG9CJISCQ6x4lh3zJBNUx37V6jxohu8-ZKdLjIo8A==
X-Firefox-Spdy: h2
improviseprofane.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=352e4617-93d3-4233-bbb9-4819c8cdc520%3A1%3A1
192.243.61.225200 OK 4.2 kB URL HTTP/1.1 improviseprofane.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=352e4617-93d3-4233-bbb9-4819c8cdc520%3A1%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5824), with no line terminators
Hash b2dd7d855dc27b90d1b1dfe9001277d9
6bfdf1195917885fa7ad5c8868aff86750942d68
d27568195456155045c85f126bdf9c5ab3a3375bdd0236a703418225af3d737b
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=352e4617-93d3-4233-bbb9-4819c8cdc520%3A1%3A1 HTTP/1.1
Host: improviseprofane.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:39 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Fri, 24 Mar 2023 10:26:39 GMT; secure; SameSite=None
uid_id2=352e4617-93d3-4233-bbb9-4819c8cdc520:1:1; expires=Thu, 30 Mar 2023 10:26:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 24 Mar 2023 10:26:39 GMT; secure; SameSite=None
uncs=1; expires=Fri, 24 Mar 2023 10:26:39 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 24 Mar 2023 10:26:39 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 24 Mar 2023 10:26:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 971a4bc3c7b4e0afa1f4b28ddf888527
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 60d586330439f211f7d9a782655e3ee8
6d61eb3ddf52939e6126d5e1d315669d26c01f3e
f42b1951efe96f18492aacbb99ccd9daa149fe751f05df6910614d241e28e77f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F42B1951EFE96F18492AACBB99CCD9DAA149FE751F05DF6910614D241E28E77F"
Last-Modified: Wed, 22 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11607
Expires: Thu, 23 Mar 2023 13:40:06 GMT
Date: Thu, 23 Mar 2023 10:26:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 60d586330439f211f7d9a782655e3ee8
6d61eb3ddf52939e6126d5e1d315669d26c01f3e
f42b1951efe96f18492aacbb99ccd9daa149fe751f05df6910614d241e28e77f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F42B1951EFE96F18492AACBB99CCD9DAA149FE751F05DF6910614D241E28E77F"
Last-Modified: Wed, 22 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11607
Expires: Thu, 23 Mar 2023 13:40:06 GMT
Date: Thu, 23 Mar 2023 10:26:39 GMT
Connection: keep-alive
referredscarletinward.com/pixel/purst?dl=0&th=0&sc=0&rs=3463&rd=3463&fd=785&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 referredscarletinward.com/pixel/purst?dl=0&th=0&sc=0&rs=3463&rd=3463&fd=785&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3463&rd=3463&fd=785&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: referredscarletinward.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
referredscarletinward.com/pixel/purst?dl=0&th=0&sc=0&rs=3371&rd=3371&fd=790&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 referredscarletinward.com/pixel/purst?dl=0&th=0&sc=0&rs=3371&rd=3371&fd=790&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3371&rd=3371&fd=790&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: referredscarletinward.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
improviseprofane.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvI75XdQyUVUHMGDAXe2%2F8zsTBswGGNCcN1dksgepbqqerbc6q6mqnt6dkRYEpCcZHLz2PvNbhZ1CS54EgSZ9SILguNB9uCC3rzoQQjelJkdGH1Q9d6r7x2%2B73v10U5xSlwU9GTtHd2XStHFZt2tvbIuU65LW1u5W%2FPcunulti7TpcaVWm9yme5rntusu5drNwXb1Iu%2B67mu53q1G9KIWPcWpyhkdhB69dCtN%2Fy612ygZ%2F7b28KBpQ5495Q8A8nH%2F9v47hCSjZAmX1wXdjPX2atvJYWiuTbo8v13081UlymSeRkbB3G6P5uGtmNCPjkHne7PFEB3dycKEMkxcX7yEKX7M5qIuntnTCMFkSLiF1F2RxBqBElHYPo%2BJP%2BBAIxjZRVp8mhFm5JunaF0go7JhSd%2FQpZjcuHnS0iTx9eU7NXuaFXkUqcWvbiC7I0gOyNkxRHyvgNZHoHl9yD592TxyTLSZHfVKg3JT14Omr5oLHmthTDgwULDD4KFKIrChUbbC1mbcdb03alFUo4g4xGUGIBaB8XkSAdF7KDIHCT8pEabYey6rTiKg6DdYIwFAWPN9hJv8qDRjl0UbKJhgDwbgKkBmNlGZraxKR%2BOCbm3C1N8A7tRwXIHNifo8gqlICgtQUkJSklQ5gRlt9rjyvq2esSVLSJvlv1ZDqqhzjs7dE%2FnHZGSneyUPD117%2Ff%2Ff4VNcVKjfhyGbuy5jdaSu%2BSxlhdyj3mUBtQXjPuwsoK056Za%2B3JMLj33K7LJSj%2F8GxE9glVHYPIp0OIF0HLY8l3QjWGj7aKfHvRimua0v1VnOgHXFbL8AvItZ0edkmenPF5%2F8SYEO776Zf%2BXm48vfQBmKmSmwvvyW4KOejC8rUuye1uXlhyuZrlMZJ9ONnwnp7k4%2F9nbYqvUht%2B6bgefvsEmwKQ8uCtsvkxTLtOOJZ9fk5wLc0MbJsjXt%2By6iNYKu3GtMGmRLa%2B9eeNWkhlhrdTpCFSOCfn4NzA5Jhf5H9Pf%2B9LhX5BmBFNUSIpjMgtIPQLLtmGzOX%2BrCYyaz0SZg7KohsaP5o9KEigx72lUwf6rj%2Bb1jn2AjnFA8%2FtIkwpdU6GrKlA1gC3OD%2FPMHF%2F9MZgGIuUMI2Wc3UgZ9fDMXCtPaqIZu7FwfRHFYRS3qMvDuBFGNPREK2pSD7kd8%2Bcvv%2FcPAAAA%2F%2F8BAAD%2F%2F4EvE%2BKVBAAA
192.243.61.225200 OK 7 B URL HTTP/1.1 improviseprofane.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvI75XdQyUVUHMGDAXe2%2F8zsTBswGGNCcN1dksgepbqqerbc6q6mqnt6dkRYEpCcZHLz2PvNbhZ1CS54EgSZ9SILguNB9uCC3rzoQQjelJkdGH1Q9d6r7x2%2B73v10U5xSlwU9GTtHd2XStHFZt2tvbIuU65LW1u5W%2FPcunulti7TpcaVWm9yme5rntusu5drNwXb1Iu%2B67mu53q1G9KIWPcWpyhkdhB69dCtN%2Fy612ygZ%2F7b28KBpQ5495Q8A8nH%2F9v47hCSjZAmX1wXdjPX2atvJYWiuTbo8v13081UlymSeRkbB3G6P5uGtmNCPjkHne7PFEB3dycKEMkxcX7yEKX7M5qIuntnTCMFkSLiF1F2RxBqBElHYPo%2BJP%2BBAIxjZRVp8mhFm5JunaF0go7JhSd%2FQpZjcuHnS0iTx9eU7NXuaFXkUqcWvbiC7I0gOyNkxRHyvgNZHoHl9yD592TxyTLSZHfVKg3JT14Omr5oLHmthTDgwULDD4KFKIrChUbbC1mbcdb03alFUo4g4xGUGIBaB8XkSAdF7KDIHCT8pEabYey6rTiKg6DdYIwFAWPN9hJv8qDRjl0UbKJhgDwbgKkBmNlGZraxKR%2BOCbm3C1N8A7tRwXIHNifo8gqlICgtQUkJSklQ5gRlt9rjyvq2esSVLSJvlv1ZDqqhzjs7dE%2FnHZGSneyUPD117%2Ff%2Ff4VNcVKjfhyGbuy5jdaSu%2BSxlhdyj3mUBtQXjPuwsoK056Za%2B3JMLj33K7LJSj%2F8GxE9glVHYPIp0OIF0HLY8l3QjWGj7aKfHvRimua0v1VnOgHXFbL8AvItZ0edkmenPF5%2F8SYEO776Zf%2BXm48vfQBmKmSmwvvyW4KOejC8rUuye1uXlhyuZrlMZJ9ONnwnp7k4%2F9nbYqvUht%2B6bgefvsEmwKQ8uCtsvkxTLtOOJZ9fk5wLc0MbJsjXt%2By6iNYKu3GtMGmRLa%2B9eeNWkhlhrdTpCFSOCfn4NzA5Jhf5H9Pf%2B9LhX5BmBFNUSIpjMgtIPQLLtmGzOX%2BrCYyaz0SZg7KohsaP5o9KEigx72lUwf6rj%2Bb1jn2AjnFA8%2FtIkwpdU6GrKlA1gC3OD%2FPMHF%2F9MZgGIuUMI2Wc3UgZ9fDMXCtPaqIZu7FwfRHFYRS3qMvDuBFGNPREK2pSD7kd8%2Bcvv%2FcPAAAA%2F%2F8BAAD%2F%2F4EvE%2BKVBAAA
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvI75XdQyUVUHMGDAXe2%2F8zsTBswGGNCcN1dksgepbqqerbc6q6mqnt6dkRYEpCcZHLz2PvNbhZ1CS54EgSZ9SILguNB9uCC3rzoQQjelJkdGH1Q9d6r7x2%2B73v10U5xSlwU9GTtHd2XStHFZt2tvbIuU65LW1u5W%2FPcunulti7TpcaVWm9yme5rntusu5drNwXb1Iu%2B67mu53q1G9KIWPcWpyhkdhB69dCtN%2Fy612ygZ%2F7b28KBpQ5495Q8A8nH%2F9v47hCSjZAmX1wXdjPX2atvJYWiuTbo8v13081UlymSeRkbB3G6P5uGtmNCPjkHne7PFEB3dycKEMkxcX7yEKX7M5qIuntnTCMFkSLiF1F2RxBqBElHYPo%2BJP%2BBAIxjZRVp8mhFm5JunaF0go7JhSd%2FQpZjcuHnS0iTx9eU7NXuaFXkUqcWvbiC7I0gOyNkxRHyvgNZHoHl9yD592TxyTLSZHfVKg3JT14Omr5oLHmthTDgwULDD4KFKIrChUbbC1mbcdb03alFUo4g4xGUGIBaB8XkSAdF7KDIHCT8pEabYey6rTiKg6DdYIwFAWPN9hJv8qDRjl0UbKJhgDwbgKkBmNlGZraxKR%2BOCbm3C1N8A7tRwXIHNifo8gqlICgtQUkJSklQ5gRlt9rjyvq2esSVLSJvlv1ZDqqhzjs7dE%2FnHZGSneyUPD117%2Ff%2Ff4VNcVKjfhyGbuy5jdaSu%2BSxlhdyj3mUBtQXjPuwsoK056Za%2B3JMLj33K7LJSj%2F8GxE9glVHYPIp0OIF0HLY8l3QjWGj7aKfHvRimua0v1VnOgHXFbL8AvItZ0edkmenPF5%2F8SYEO776Zf%2BXm48vfQBmKmSmwvvyW4KOejC8rUuye1uXlhyuZrlMZJ9ONnwnp7k4%2F9nbYqvUht%2B6bgefvsEmwKQ8uCtsvkxTLtOOJZ9fk5wLc0MbJsjXt%2By6iNYKu3GtMGmRLa%2B9eeNWkhlhrdTpCFSOCfn4NzA5Jhf5H9Pf%2B9LhX5BmBFNUSIpjMgtIPQLLtmGzOX%2BrCYyaz0SZg7KohsaP5o9KEigx72lUwf6rj%2Bb1jn2AjnFA8%2FtIkwpdU6GrKlA1gC3OD%2FPMHF%2F9MZgGIuUMI2Wc3UgZ9fDMXCtPaqIZu7FwfRHFYRS3qMvDuBFGNPREK2pSD7kd8%2Bcvv%2FcPAAAA%2F%2F8BAAD%2F%2F4EvE%2BKVBAAA HTTP/1.1
Host: improviseprofane.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=352e4617-93d3-4233-bbb9-4819c8cdc520:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9bf31af5ff877babb5b189105f53a4b
Strict-Transport-Security: max-age=0; includeSubdomains
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:40 GMT
content-length: 0
set-cookie: nauid=oKIrkrJ4d8xyeT4hpNGR; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:40 GMT
content-length: 0
set-cookie: nauid=CEOnjE5QNgTPELd7Ji9R; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:40 GMT
content-length: 0
set-cookie: nauid=meirPhEcFcvXOmV2D6aU; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=205&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:40 GMT
content-length: 0
set-cookie: nauid=RxA505sQter17hcnv7lk; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pv%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102647%3Aet%3A1679567207%3Ac%3A1%3Arn%3A653292302%3Arqn%3A8%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1679567203842%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679567207%3At%3AMoonsi%20%7C%20%40Moonsimorfin%20Video%20160%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
87.250.250.119302 Found 503 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pv%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102647%3Aet%3A1679567207%3Ac%3A1%3Arn%3A653292302%3Arqn%3A8%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1679567203842%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679567207%3At%3AMoonsi%20%7C%20%40Moonsimorfin%20Video%20160%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
Hash 1b35cd610ca1e023afa7463aab837549
1111d57c584a817f7155a6a0b6c561205cb523bb
d4102cdc832d746a8829089aaa3b7a9d5d0f87d920d0f53e5eac80af5d76219e
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pv%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102647%3Aet%3A1679567207%3Ac%3A1%3Arn%3A653292302%3Arqn%3A8%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1679567203842%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679567207%3At%3AMoonsi%20%7C%20%40Moonsimorfin%20Video%20160%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&charset=utf-8&hittoken=1679567198_80a4b463edfef17ebe1132581a21c8f9abc8fa5fd499b2904a95a6fe4fd8ecb0&browser-info=pv%3A1%3Aar%3A1%3Avf%3A29hzdyg3jxtu068q3vuhnr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A983%3Acn%3A1%3Adp%3A0%3Als%3A1405660524271%3Ahid%3A149488173%3Az%3A0%3Ai%3A20230323102647%3Aet%3A1679567207%3Ac%3A1%3Arn%3A653292302%3Arqn%3A8%3Au%3A167956720644663686%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1679567203842%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1679567207%3At%3AMoonsi%20%7C%20%40Moonsimorfin%20Video%20160%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
date: Thu, 23 Mar 2023 10:26:39 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=2024211471679567199; Path=/; SameSite=None; Secure
i=N3yKa5vtchWr9zBo3Gzz4ZXQPTdZ9aAAv2pKU/6kGAbMcApSnh04f8Ul3rg0q5+hc62MD/+kZG6rfMDrIL+sZmM4MkA=; Expires=Sun, 20-Mar-2033 10:26:36 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=2622029271679567199; Expires=Sun, 20-Mar-2033 10:26:36 GMT; Domain=.yandex.ru; Path=/; Secure; SameSite=None
yuidss=2622029271679567199; Expires=Fri, 22-Mar-2024 10:26:39 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1711103199.yc.1679567199#1711103199.yrts.1679567199#1711103199.yrtsi.1679567199; Expires=Fri, 22-Mar-2024 10:26:39 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 23-Mar-2023 10:26:39 GMT
last-modified: Thu, 23-Mar-2023 10:26:39 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
172.64.166.9200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
IP 172.64.166.9:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:40 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 11046920
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ix%2Bqdm%2FhkbchqNL3vJoVh34iZHmYzBJR7wwWH0%2FlC1QINF0duKfYFYCD0LNwla7r%2FFUXu40fMmlF2iLgVtHjzjE7J%2Be45VoLIGvP%2BoDvm%2Fr2LoMwBffxbKQXbnLGow13lUd%2FVK0RXi3F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac5fa3b286275a1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
jetordinarilysouvenirs.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8%3A1%3A1
192.243.61.227200 OK 3.4 kB URL HTTP/1.1 jetordinarilysouvenirs.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8%3A1%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5917), with no line terminators
Hash f84115d7470215a7ca26a3d55041ccec
9e452b67bb12859d2ad82433f8ae98d016e48001
578036a805cd79e19597bf912d1b8ca1c804f19d189500a1f9e1c045edcf8cf5
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8%3A1%3A1 HTTP/1.1
Host: jetordinarilysouvenirs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:40 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Fri, 24 Mar 2023 10:26:39 GMT; secure; SameSite=None
uid_id2=08db5d9b-5a41-4c3c-896c-bde217f439f8:1:1; expires=Thu, 30 Mar 2023 10:26:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 24 Mar 2023 10:26:40 GMT; secure; SameSite=None
uncs=1; expires=Fri, 24 Mar 2023 10:26:40 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 24 Mar 2023 10:26:40 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 24 Mar 2023 10:26:40 GMT; secure; SameSite=None
slec21fe3950f412e026c33f1b6cee613eba=[3870584]; expires=Thu, 23 Mar 2023 10:26:45 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4a49621f2f8d60253fd35acc8b49752d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.166.9200 OK 1.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.166.9:0
Hash 1334ea2c0d3b85013e15134722ad9bf0
ca1f9a4708a56621f61842ed6481a899b4622b52
e0f64589f49626d5c5f193c0d5e99944d53c460b035d604c9f4b2247d663ed2d
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:40 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 9690642
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=135uKYMCCzoRxqz0QrdKEt4XvYt9Z93L74NowovjwZ1LwgawELA2rxBiIWuvGTDWlbmhEl%2FaDTMFi8q496YSUs7JXQZE8uA2XWLvn%2FCGmqNyFxBzZ8bbju%2B%2BteCtxjUzSB9crki1Gj6d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac5fa3adff975a1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/7e/08/f0/7e08f0e18f1d9fa1ade349339356bb56/1678265769.png
45.133.44.9200 OK 71 kB URL HTTP/2 cdn.cloudimagesb.com/si/7e/08/f0/7e08f0e18f1d9fa1ade349339356bb56/1678265769.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash e0fe03cee7557fda9210389aeea26b56
b8bf1e04de172181b3b3763104b0f5411615c635
b4ad1a7b560f83d7b8425b1e247323f6d2424a183975377c99e358e2f771e7a0
GET /si/7e/08/f0/7e08f0e18f1d9fa1ade349339356bb56/1678265769.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:40 GMT
content-type: image/png
content-length: 71422
server: nginx/1.17.6
last-modified: Wed, 08 Mar 2023 08:56:18 GMT
etag: "64084db2-116fe"
expires: Sat, 25 Mar 2023 10:26:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
jetordinarilysouvenirs.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvKDHwbxAxEEP%2BYgaNCd7Z6enp0xh2CMkcW4uySRRU%2FWV8%2BUW9PVVHVPz%2B7FJQHNcXLz2PvMbhZNEIMXL4Ew60UWAo4HmYP7TwjxKjM7MPpC1fu%2B9byH53ne%2BnovPyE%2BcjrZ%2BMTsKK3pclT1K29vqkSYwlXWblYCv%2BpfrGyqpFG%2FWOlPL9t7L%2FCjqn%2Bh8pHkW2a55ge%2BH%2FhB5aqyMjb95RkKlT5oBdWWX63XqkFUR9%2F%2Bt3e5B0c9iN4JeRFKjP%2FX%2BfUhFB8h6f54RbqtzKTvftjNNc2MRU8cfppsJaZI0F2UsfUQJ4fzaRg3JuTbMzDJ4VwBTG9%2FqgBMjYn3RwCWHM5pgvUOTpkyDZmAifMoeiNIPYKiI3BzG0r8RgAusLaOpHtvzdiCbp%2BidIqOybmnf0EVY3Luz5eQdH%2B4rFW%2FcsPoPFMmcejHJVR%2FBNUeIc2PkO14UMUReHYLSjwhy0%2BvIenurzttoMTkTb8pWCRabCmi9WCpzkO%2B1Gw1%2BBITshasxPWwFTdnFik1gopH0HIA6jzk06M85LGHPPXQFZMKjVqx76%2FELA7DZp1zHoacR82GiERYb8Y%2Bcj7VMECWDsD1ANzuIrW72FJ3x4Tc2ofNH8N1SjjhwWUEPVGikASFIygoQaEIioyg6JUHQruaK%2B8J7XIWzHNtnsNyaLL2Hj0wWVsmZC89IS9M3fOe%2FeotbMlJpRbEMmxFflwPatKvNXgYxgFrcCkbQSgZhVMllDsz07qjxuT16DxSNSb%2Fv%2FQYjB7B6SNw9Txo%2FhpoMVyp%2BaCdYb3pYyf5OaFZbqnuSKqzjjO55bLKdc4gTIk0O4ds29vTJ%2BSV2UYvPteH5MeXfvr7yeTlb94BtyVSW%2BJL9QtBW98ZXjcF2b9uCkcerqeZ6qodOt32jYxm8uz3H8vtwlixesUNvnufT4Fp%2BeCmdNk1mgiVtB25f1kJIe1VY7kkj1bdpmQbuetczm2Sp9c2Pri62k2tdE6ZZASqxoRMVsHVmDzz6PPZT37j%2FmdQdgSbl%2Bjmx2QeUOYIPN2FSxf8nSGwejHDUg9FXg5tjS0etSLQctFTVsL9q2eLes%2FdQdt6oNltJN0SPVuip0tQPYDLzw6z1B5f%2Bj2cBZj2hkxbb59pq%2B%2BemuvUpCKj2I%2BlX5MsbrF4hfqiFddbjLYCucIiGiBzY%2FHqhS%2F%2BAQAA%2F%2F8BAAD%2F%2F069PP6hBAAA
192.243.61.227200 OK 7 B URL HTTP/1.1 jetordinarilysouvenirs.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvKDHwbxAxEEP%2BYgaNCd7Z6enp0xh2CMkcW4uySRRU%2FWV8%2BUW9PVVHVPz%2B7FJQHNcXLz2PvMbhZNEIMXL4Ew60UWAo4HmYP7TwjxKjM7MPpC1fu%2B9byH53ne%2BnovPyE%2BcjrZ%2BMTsKK3pclT1K29vqkSYwlXWblYCv%2BpfrGyqpFG%2FWOlPL9t7L%2FCjqn%2Bh8pHkW2a55ge%2BH%2FhB5aqyMjb95RkKlT5oBdWWX63XqkFUR9%2F%2Bt3e5B0c9iN4JeRFKjP%2FX%2BfUhFB8h6f54RbqtzKTvftjNNc2MRU8cfppsJaZI0F2UsfUQJ4fzaRg3JuTbMzDJ4VwBTG9%2FqgBMjYn3RwCWHM5pgvUOTpkyDZmAifMoeiNIPYKiI3BzG0r8RgAusLaOpHtvzdiCbp%2BidIqOybmnf0EVY3Luz5eQdH%2B4rFW%2FcsPoPFMmcejHJVR%2FBNUeIc2PkO14UMUReHYLSjwhy0%2BvIenurzttoMTkTb8pWCRabCmi9WCpzkO%2B1Gw1%2BBITshasxPWwFTdnFik1gopH0HIA6jzk06M85LGHPPXQFZMKjVqx76%2FELA7DZp1zHoacR82GiERYb8Y%2Bcj7VMECWDsD1ANzuIrW72FJ3x4Tc2ofNH8N1SjjhwWUEPVGikASFIygoQaEIioyg6JUHQruaK%2B8J7XIWzHNtnsNyaLL2Hj0wWVsmZC89IS9M3fOe%2FeotbMlJpRbEMmxFflwPatKvNXgYxgFrcCkbQSgZhVMllDsz07qjxuT16DxSNSb%2Fv%2FQYjB7B6SNw9Txo%2FhpoMVyp%2BaCdYb3pYyf5OaFZbqnuSKqzjjO55bLKdc4gTIk0O4ds29vTJ%2BSV2UYvPteH5MeXfvr7yeTlb94BtyVSW%2BJL9QtBW98ZXjcF2b9uCkcerqeZ6qodOt32jYxm8uz3H8vtwlixesUNvnufT4Fp%2BeCmdNk1mgiVtB25f1kJIe1VY7kkj1bdpmQbuetczm2Sp9c2Pri62k2tdE6ZZASqxoRMVsHVmDzz6PPZT37j%2FmdQdgSbl%2Bjmx2QeUOYIPN2FSxf8nSGwejHDUg9FXg5tjS0etSLQctFTVsL9q2eLes%2FdQdt6oNltJN0SPVuip0tQPYDLzw6z1B5f%2Bj2cBZj2hkxbb59pq%2B%2BemuvUpCKj2I%2BlX5MsbrF4hfqiFddbjLYCucIiGiBzY%2FHqhS%2F%2BAQAA%2F%2F8BAAD%2F%2F069PP6hBAAA
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvKDHwbxAxEEP%2BYgaNCd7Z6enp0xh2CMkcW4uySRRU%2FWV8%2BUW9PVVHVPz%2B7FJQHNcXLz2PvMbhZNEIMXL4Ew60UWAo4HmYP7TwjxKjM7MPpC1fu%2B9byH53ne%2BnovPyE%2BcjrZ%2BMTsKK3pclT1K29vqkSYwlXWblYCv%2BpfrGyqpFG%2FWOlPL9t7L%2FCjqn%2Bh8pHkW2a55ge%2BH%2FhB5aqyMjb95RkKlT5oBdWWX63XqkFUR9%2F%2Bt3e5B0c9iN4JeRFKjP%2FX%2BfUhFB8h6f54RbqtzKTvftjNNc2MRU8cfppsJaZI0F2UsfUQJ4fzaRg3JuTbMzDJ4VwBTG9%2FqgBMjYn3RwCWHM5pgvUOTpkyDZmAifMoeiNIPYKiI3BzG0r8RgAusLaOpHtvzdiCbp%2BidIqOybmnf0EVY3Luz5eQdH%2B4rFW%2FcsPoPFMmcejHJVR%2FBNUeIc2PkO14UMUReHYLSjwhy0%2BvIenurzttoMTkTb8pWCRabCmi9WCpzkO%2B1Gw1%2BBITshasxPWwFTdnFik1gopH0HIA6jzk06M85LGHPPXQFZMKjVqx76%2FELA7DZp1zHoacR82GiERYb8Y%2Bcj7VMECWDsD1ANzuIrW72FJ3x4Tc2ofNH8N1SjjhwWUEPVGikASFIygoQaEIioyg6JUHQruaK%2B8J7XIWzHNtnsNyaLL2Hj0wWVsmZC89IS9M3fOe%2FeotbMlJpRbEMmxFflwPatKvNXgYxgFrcCkbQSgZhVMllDsz07qjxuT16DxSNSb%2Fv%2FQYjB7B6SNw9Txo%2FhpoMVyp%2BaCdYb3pYyf5OaFZbqnuSKqzjjO55bLKdc4gTIk0O4ds29vTJ%2BSV2UYvPteH5MeXfvr7yeTlb94BtyVSW%2BJL9QtBW98ZXjcF2b9uCkcerqeZ6qodOt32jYxm8uz3H8vtwlixesUNvnufT4Fp%2BeCmdNk1mgiVtB25f1kJIe1VY7kkj1bdpmQbuetczm2Sp9c2Pri62k2tdE6ZZASqxoRMVsHVmDzz6PPZT37j%2FmdQdgSbl%2Bjmx2QeUOYIPN2FSxf8nSGwejHDUg9FXg5tjS0etSLQctFTVsL9q2eLes%2FdQdt6oNltJN0SPVuip0tQPYDLzw6z1B5f%2Bj2cBZj2hkxbb59pq%2B%2BemuvUpCKj2I%2BlX5MsbrF4hfqiFddbjLYCucIiGiBzY%2FHqhS%2F%2BAQAA%2F%2F8BAAD%2F%2F069PP6hBAAA HTTP/1.1
Host: jetordinarilysouvenirs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=08db5d9b-5a41-4c3c-896c-bde217f439f8:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9927850427bbfa88866e382a81e617ca
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 1.3 kB IP 142.250.74.131:0
Hash 500276f2112150738a4ebabb835b2a79
147c4a51d7f6d1e17efd62e9f739b419469d9a7f
20eac29f089127bd1bc2c52104c1448e7a838cc916104c8dbab18c7da306ea67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cloudimagesb.com/si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png
45.133.44.9200 OK 80 kB URL HTTP/2 cdn.cloudimagesb.com/si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 422ab27df20d8765e0fcd3aa74306f6b
3b69a90b3d1a5bd964280b7bad97c2a5baaa6951
9f2c6b29335b1545ddfa2f7e84286472468f737e1d73f6f0562babac6e3afa5a
GET /si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:40 GMT
content-type: image/png
content-length: 79704
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:41 GMT
etag: "63a12955-13758"
expires: Sat, 25 Mar 2023 10:26:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 6e965ba75b84abf96ca0d83da48d2fbb
4c2eb4c06cabee4d0f0606e88e9e074e2f767168
4b39bfe671df590e9c5baf75008d76f4272d8ffbafd7108e7592f8165b6806c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2132
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:40 GMT
Last-Modified: Thu, 23 Mar 2023 09:51:08 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f2291e02f435b0bdb6011e603864baad
19ae57ac8d9ea408223585681b9e2817e1f62bc7
d5663bc90dbebbaf53efee21e092f700f54a4b7325cb1b6592143b1b91b17034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tanceteventu.com/utx?cb=SrPZESg3h7e0&top=xfantazy.com&tid=971975
54.230.111.71204 No Content 0 B URL HTTP/2 tanceteventu.com/utx?cb=SrPZESg3h7e0&top=xfantazy.com&tid=971975
IP 54.230.111.71:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=SrPZESg3h7e0&top=xfantazy.com&tid=971975 HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 10:26:40 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 23 Mar 2023 10:27:40 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QEeUUe-zz1JPKhIHR3XCkTZcxU12-T_Il-QA5isI-Hbm4BEDZ-B3gg==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7QVvZ4QC3FYblduC6S7frp_w4LcCFsAluHcWVBHMEb7QehzNsKYrbBGRi_1nW8_LsgJBMyD7A
216.58.207.237302 Found 401 B URL HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7QVvZ4QC3FYblduC6S7frp_w4LcCFsAluHcWVBHMEb7QehzNsKYrbBGRi_1nW8_LsgJBMyD7A
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 13d80baaffc75f99e9182c04a0debac7
1d54779c18e2bd39b4e6e97f42bab2ce8da8d6d1
a64dfeb12b74e7eef41e3312f002a5e2cc696657ac7eb277ca21fb167caa96b4
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7QVvZ4QC3FYblduC6S7frp_w4LcCFsAluHcWVBHMEb7QehzNsKYrbBGRi_1nW8_LsgJBMyD7A HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 Mar 2023 10:26:40 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-2079917900%3A1679567200825072&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QH3Surql_sRrx2A7ue21AA8Ph0c_5ILNYYBjhQuBA47EAympLET-HdL0uHqgTkSjbmUFCdZQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-QSfY5r-wLM6G_xL6KfaU7w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 401
server: GSE
set-cookie: __Host-GAPS=1:ZQ3-r1aADNkNW1noQ9X5il8KPLy-jg:s_eC6IPn65ikmvw6;Path=/;Expires=Sat, 22-Mar-2025 10:26:40 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9f0607231b4674d2bfb5a6798b0b4093
6c14f5c952e413365703144951b09b7126ff8e2d
869816689cb9507d294d69f953e8ea33452a177d405816ad86f729b123ceaa98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7QazvYI5Zn5Ipr88qB4zZuw4B7e_et4Xj4KYL6oLLAzmt-N0pyZfjEH63xEyGKfjtOMu5mgOg
216.58.207.237302 Found 391 B URL HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7QazvYI5Zn5Ipr88qB4zZuw4B7e_et4Xj4KYL6oLLAzmt-N0pyZfjEH63xEyGKfjtOMu5mgOg
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash e9275fde830dd8d2b2ea9b4a3e01f13e
8ff275714765246bd52acb9def491f37a51d7ff4
99a2d238cdc537b7ac1abd0efa00024a18487c80b95e1bb0479d922963260309
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7QazvYI5Zn5Ipr88qB4zZuw4B7e_et4Xj4KYL6oLLAzmt-N0pyZfjEH63xEyGKfjtOMu5mgOg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 Mar 2023 10:26:40 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S654356094%3A1679567200850789&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7RmG3qMqB4AMd2rolaNr0jEfnbFdaVing3Yw9C51c85VK9CEh1P5htytdvbG85pXHBqouSmFg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-H-XTTI5ZYJwWM_bD-_EosQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:72PJdGRdHvZZ-ZIHghXJP8sdpPLKkw:gagaBQ2coeb-zzIR;Path=/;Expires=Sat, 22-Mar-2025 10:26:40 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tanceteventu.com/utx?cb=nPkcifgym2aA&top=xfantazy.com&tid=962014
54.230.111.71204 No Content 0 B URL HTTP/2 tanceteventu.com/utx?cb=nPkcifgym2aA&top=xfantazy.com&tid=962014
IP 54.230.111.71:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=nPkcifgym2aA&top=xfantazy.com&tid=962014 HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 10:26:40 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 23 Mar 2023 10:27:40 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8MVgBYpbc2mZuCIM4t3hTWQmEl0Nk_813h1fJOuntZqi0slcWdOpkw==
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 6e965ba75b84abf96ca0d83da48d2fbb
4c2eb4c06cabee4d0f0606e88e9e074e2f767168
4b39bfe671df590e9c5baf75008d76f4272d8ffbafd7108e7592f8165b6806c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6447
Cache-Control: max-age=106419
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 10:26:40 GMT
Etag: "641b0ce4-1d7"
Expires: Fri, 24 Mar 2023 16:00:19 GMT
Last-Modified: Wed, 22 Mar 2023 14:12:52 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
improviseprofane.com/pixel/sbs?c=1
192.243.61.225200 OK 0 B URL HTTP/1.1 improviseprofane.com/pixel/sbs?c=1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: improviseprofane.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=352e4617-93d3-4233-bbb9-4819c8cdc520:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
improviseprofane.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvI75XdQyUVUHMGDAXe2%2F83OjAGDMSYE190liexRqquqZ8ut7mqquqdnR4QlAclJJjePvd%2FsZlGX4IInQZBZL7IgOB5kDy7ozYsehOBNmdmB0QdV77363uH7vlcf7RSnxEVBT9be0X2pFF1s1N3aK%2Bsy5bq0tZW7Nc%2Btu1dq6zJdCq%2FUepPLdF%2Fz3EbdvVy7KdimXvRdz3U916vdkEbEurc4RSGzg7ZXb7v10K97jRA989%2FeFg4sdcC7p%2BQZSD7%2B38Z3h5BshDT54rqwm7nOXn0rKRTNtUGX77%2Bbbqa6TJHMy9g4iNP92TS0HRPyyTnodH%2BmALq7O1GASI6J85OHKN2f0UTU3TtjGimIFBG%2FiLI7glAjSDoC0%2Fch%2BQ8EYBwrq0iTRyvalHTrDKUTdEwuPPkTshyTCz9fQpo8vqZkr3ZHqyKXOrXoxRVkbwTZGSErjpD3HcjyCCy%2FB8m%2FJ4tPlpEmu6tWaUh%2B8nLQ8EW45DUX2gEPFkI%2FCBaiKGovhC2vzVqMs4bvTi2ScgQZj6DEANQ6KCZHOihiB0XmIOEnNdpox67bjKM4CFohYywIGGu0lniDB2ErdlGwiYYB8mwApgZgZhuZ2camfDgm5N4uTPEN7EYFyx3YnKDLK5SCoLQEJSUoJUGZE5Tdao8r69vqEVe2iLxZ9mc5qIY67%2BzQPZ13REp2slPy9NS93%2F%2F%2FFTbFSY36cbvtxp4bNpfcJY81vTb3mEdpQH3BuA8rK0h7bqq1L8fk0nO%2FIpus9MO%2FEdEjWHUEJp8CLV4ALYdN3wXdGIYtF%2F30oBfTNKf9rTrTCbiukOUXkG85O%2BqUPDvl8fqLNyHY8dUv%2B7%2FcfHzpAzBTITMV3pffEnTUg%2BFtXZLd27q05HA1y2Ui%2B3Sy4Ts5zcX5z94WW6U2%2FNZ1O%2Fj0DTYBJuXBXWHzZZpymXYs%2Bfya5FyYG9owQb6%2BZddFtFbYjWuFSYtsee3NG7eSzAhrpU5HoHJMyMe%2Fgckxucj%2FmP7elw7%2FgjQjmKJCUhyTWUDqEVi2DZvN%2BVtNYNR8JsoclEU1NH40f1SSQIl5T6MK9l99NK937AN0jAOa30eaVOiaCl1VgaoBbHF%2BmGfm%2BOqPwTQQKWcYKePsRsqoh2fmWnlSa3ihaEWtJuM8Eox7TT9oBa7rcx4228JrI7dj%2Fvzl9%2F4BAAD%2F%2FwEAAP%2F%2FlSedBJUEAAA%3D
192.243.61.225200 OK 7 B URL HTTP/1.1 improviseprofane.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvI75XdQyUVUHMGDAXe2%2F83OjAGDMSYE190liexRqquqZ8ut7mqquqdnR4QlAclJJjePvd%2FsZlGX4IInQZBZL7IgOB5kDy7ozYsehOBNmdmB0QdV77363uH7vlcf7RSnxEVBT9be0X2pFF1s1N3aK%2Bsy5bq0tZW7Nc%2Btu1dq6zJdCq%2FUepPLdF%2Fz3EbdvVy7KdimXvRdz3U916vdkEbEurc4RSGzg7ZXb7v10K97jRA989%2FeFg4sdcC7p%2BQZSD7%2B38Z3h5BshDT54rqwm7nOXn0rKRTNtUGX77%2Bbbqa6TJHMy9g4iNP92TS0HRPyyTnodH%2BmALq7O1GASI6J85OHKN2f0UTU3TtjGimIFBG%2FiLI7glAjSDoC0%2Fch%2BQ8EYBwrq0iTRyvalHTrDKUTdEwuPPkTshyTCz9fQpo8vqZkr3ZHqyKXOrXoxRVkbwTZGSErjpD3HcjyCCy%2FB8m%2FJ4tPlpEmu6tWaUh%2B8nLQ8EW45DUX2gEPFkI%2FCBaiKGovhC2vzVqMs4bvTi2ScgQZj6DEANQ6KCZHOihiB0XmIOEnNdpox67bjKM4CFohYywIGGu0lniDB2ErdlGwiYYB8mwApgZgZhuZ2camfDgm5N4uTPEN7EYFyx3YnKDLK5SCoLQEJSUoJUGZE5Tdao8r69vqEVe2iLxZ9mc5qIY67%2BzQPZ13REp2slPy9NS93%2F%2F%2FFTbFSY36cbvtxp4bNpfcJY81vTb3mEdpQH3BuA8rK0h7bqq1L8fk0nO%2FIpus9MO%2FEdEjWHUEJp8CLV4ALYdN3wXdGIYtF%2F30oBfTNKf9rTrTCbiukOUXkG85O%2BqUPDvl8fqLNyHY8dUv%2B7%2FcfHzpAzBTITMV3pffEnTUg%2BFtXZLd27q05HA1y2Ui%2B3Sy4Ts5zcX5z94WW6U2%2FNZ1O%2Fj0DTYBJuXBXWHzZZpymXYs%2Bfya5FyYG9owQb6%2BZddFtFbYjWuFSYtsee3NG7eSzAhrpU5HoHJMyMe%2Fgckxucj%2FmP7elw7%2FgjQjmKJCUhyTWUDqEVi2DZvN%2BVtNYNR8JsoclEU1NH40f1SSQIl5T6MK9l99NK937AN0jAOa30eaVOiaCl1VgaoBbHF%2BmGfm%2BOqPwTQQKWcYKePsRsqoh2fmWnlSa3ihaEWtJuM8Eox7TT9oBa7rcx4228JrI7dj%2Fvzl9%2F4BAAD%2F%2FwEAAP%2F%2FlSedBJUEAAA%3D
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvI75XdQyUVUHMGDAXe2%2F83OjAGDMSYE190liexRqquqZ8ut7mqquqdnR4QlAclJJjePvd%2FsZlGX4IInQZBZL7IgOB5kDy7ozYsehOBNmdmB0QdV77363uH7vlcf7RSnxEVBT9be0X2pFF1s1N3aK%2Bsy5bq0tZW7Nc%2Btu1dq6zJdCq%2FUepPLdF%2Fz3EbdvVy7KdimXvRdz3U916vdkEbEurc4RSGzg7ZXb7v10K97jRA989%2FeFg4sdcC7p%2BQZSD7%2B38Z3h5BshDT54rqwm7nOXn0rKRTNtUGX77%2Bbbqa6TJHMy9g4iNP92TS0HRPyyTnodH%2BmALq7O1GASI6J85OHKN2f0UTU3TtjGimIFBG%2FiLI7glAjSDoC0%2Fch%2BQ8EYBwrq0iTRyvalHTrDKUTdEwuPPkTshyTCz9fQpo8vqZkr3ZHqyKXOrXoxRVkbwTZGSErjpD3HcjyCCy%2FB8m%2FJ4tPlpEmu6tWaUh%2B8nLQ8EW45DUX2gEPFkI%2FCBaiKGovhC2vzVqMs4bvTi2ScgQZj6DEANQ6KCZHOihiB0XmIOEnNdpox67bjKM4CFohYywIGGu0lniDB2ErdlGwiYYB8mwApgZgZhuZ2camfDgm5N4uTPEN7EYFyx3YnKDLK5SCoLQEJSUoJUGZE5Tdao8r69vqEVe2iLxZ9mc5qIY67%2BzQPZ13REp2slPy9NS93%2F%2F%2FFTbFSY36cbvtxp4bNpfcJY81vTb3mEdpQH3BuA8rK0h7bqq1L8fk0nO%2FIpus9MO%2FEdEjWHUEJp8CLV4ALYdN3wXdGIYtF%2F30oBfTNKf9rTrTCbiukOUXkG85O%2BqUPDvl8fqLNyHY8dUv%2B7%2FcfHzpAzBTITMV3pffEnTUg%2BFtXZLd27q05HA1y2Ui%2B3Sy4Ts5zcX5z94WW6U2%2FNZ1O%2Fj0DTYBJuXBXWHzZZpymXYs%2Bfya5FyYG9owQb6%2BZddFtFbYjWuFSYtsee3NG7eSzAhrpU5HoHJMyMe%2Fgckxucj%2FmP7elw7%2FgjQjmKJCUhyTWUDqEVi2DZvN%2BVtNYNR8JsoclEU1NH40f1SSQIl5T6MK9l99NK937AN0jAOa30eaVOiaCl1VgaoBbHF%2BmGfm%2BOqPwTQQKWcYKePsRsqoh2fmWnlSa3ihaEWtJuM8Eox7TT9oBa7rcx4228JrI7dj%2Fvzl9%2F4BAAD%2F%2FwEAAP%2F%2FlSedBJUEAAA%3D HTTP/1.1
Host: improviseprofane.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=352e4617-93d3-4233-bbb9-4819c8cdc520:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 92feefd94f062bc2fdcddc0a9065003d
Strict-Transport-Security: max-age=0; includeSubdomains
tanceteventu.com/floater?cs=NUc3T1AMcA54aAZyAH9gA3MFd2g&abt=0&red=1&sm=83&k=xfantazy%20moonsi%20moonsimorfin%20video&v=0.9.1.5&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_us4K=1679567207930&crc=1
54.230.111.71200 OK 2.6 kB URL HTTP/2 tanceteventu.com/floater?cs=NUc3T1AMcA54aAZyAH9gA3MFd2g&abt=0&red=1&sm=83&k=xfantazy%20moonsi%20moonsimorfin%20video&v=0.9.1.5&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_us4K=1679567207930&crc=1
IP 54.230.111.71:0
Hash 2b04353769513abf5e9553a81cc40a8e
e365ee62be9d8583a010b0e0abce942dabd48a86
09a3f7044bcdd22e9f80f88cbdb95ec2a303f1c867af1c67ddb3d7ebc37fd87e
GET /floater?cs=NUc3T1AMcA54aAZyAH9gA3MFd2g&abt=0&red=1&sm=83&k=xfantazy%20moonsi%20moonsimorfin%20video&v=0.9.1.5&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F63b1b6a4f1977b2d7f383272&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_us4K=1679567207930&crc=1 HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2539
date: Thu, 23 Mar 2023 10:26:40 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=e333bad8-2155-4716-9a7f-a91332f986e2
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nsjz2v5OLUVDScbUtvYTXWqlOc6SJjj6lPpXA-nl7FqlqMJuptkKQg==
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LejFuXeizf_rq22R_w/w320h240/0.jpeg
188.72.235.186200 OK 6.2 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LejFuXeizf_rq22R_w/w320h240/0.jpeg
IP 188.72.235.186:0
Hash c5e411e54364765e3a0af4390615f4a2
dded3f4dd08bf3bc369eb71e21416a2273a6f414
0e0601b103126c717f9835f9e6fc3a1f22c8fdfaf193c19bee9004c5f2fa0dac
GET /thumbnail/LejFuXeizf_rq22R_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: image/jpeg
content-length: 6175
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-varnish: 412844459 11896743
age: 38817
via: 1.1 varnish (Varnish/6.0)
accept-ranges: bytes
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cL-X636mmPi9rjyVrA/w320h240/0.jpeg
188.72.235.186200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cL-X636mmPi9rjyVrA/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 09bebe790330c2fe3f20627e797ede5e
59458e812fe5c74fcba799681136ae7ef7832b4d
fc6e0c481d45cd96a73988821224a13c00567aab408b1215abd3902a4619519e
GET /thumbnail/cL-X636mmPi9rjyVrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: image/jpeg
content-length: 11887
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-varnish: 506795402 148340932
age: 874083
via: 1.1 varnish (Varnish/6.0)
accept-ranges: bytes
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I7uU7HKgzqa5-D-T-Q/w320h240/0.jpeg
188.72.235.186200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I7uU7HKgzqa5-D-T-Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 2a9fd155bec5179c0d9ac26f5d5f162d
6d4abe79b5451c3b85c2654284482dba3a1f3598
e846e7e5919d7505e4ed6d619e3ab5066f86b6e29f1d795c92603e60e2a4a874
GET /thumbnail/I7uU7HKgzqa5-D-T-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: image/jpeg
content-length: 12460
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-varnish: 203491531 138576700
age: 872920
via: 1.1 varnish (Varnish/6.0)
accept-ranges: bytes
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IuXCvSTzmau_q2_BrQ/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IuXCvSTzmau_q2_BrQ/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 968cbb278dea7ea73d4154959ae71207
8a05f637100a92ba22ea07f48774b13ddb256c99
1cf6c0a8ca9d57a6510b71ccdf8d65f9533a7384d86aed5fa2a81ea702e11258
GET /thumbnail/IuXCvSTzmau_q2_BrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: image/jpeg
content-length: 10966
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-varnish: 388636333 16744490
age: 38878
via: 1.1 varnish (Varnish/6.0)
accept-ranges: bytes
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/dunA7CL0mazq8Tyf_Q/w320h240/0.jpeg
188.72.235.186200 OK 7.9 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/dunA7CL0mazq8Tyf_Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 16e5a4bd1e464a1e9f00c4d4e63ba277
82e8f1badad5503dc0c4cc77420c65ed3447c7dd
8f05aa199fea8db25086a1bbc3345ba37bb2ed56e4905be96c270b69b8fc03ba
GET /thumbnail/dunA7CL0mazq8Tyf_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: image/jpeg
content-length: 7932
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-varnish: 208896114 140411174, 506795404
age: 874083
via: 1.1 varnish (Varnish/6.0), 1.1 varnish (Varnish/6.0)
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-uavnb0yq3r-T2R9w/w320h240/0.jpeg
188.72.235.186200 OK 17 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-uavnb0yq3r-T2R9w/w320h240/0.jpeg
IP 188.72.235.186:0
Hash 503268b3a3c5d5fd4ac7fc5e67359043
1bb6223847882aae56c03b1e0be1391b0fb9c043
86186e2621d2331d08c361ec0fa01b77916eaeda453e45326a98aa2075046b0a
GET /thumbnail/J-uavnb0yq3r-T2R9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: image/jpeg
content-length: 9337
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-varnish: 511708461 134676984, 390824472
age: 873866
via: 1.1 varnish (Varnish/6.0), 1.1 varnish (Varnish/6.0)
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JLmauH73w6fprjvBrQ/w320h240/0.jpeg
188.72.235.186200 OK 9.0 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JLmauH73w6fprjvBrQ/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 9312fc85e172627b976f5573d3e44297
876a7d79fec6fd965ac5c4044f3be66138b61520
134ace2ff3756b229fe25b910a3abb8bb83e87bb936d802dd4cf7a272d9e2769
GET /thumbnail/JLmauH73w6fprjvBrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: image/jpeg
content-length: 9017
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-varnish: 402522436 19238125, 202114717
age: 38365
via: 1.1 varnish (Varnish/6.0), 1.1 varnish (Varnish/6.0)
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/db_CvH73y67qqjyT-Q/w320h240/0.jpeg
188.72.235.186200 OK 8.2 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/db_CvH73y67qqjyT-Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 954c2d772ee6e540be13ab8f03388453
65d76444eb961be9ccf097f28145ca05223b6da7
6fcba2a600fb21ec72e1ec231dd175d73ea46bc514ae3a967fd8de49f38e1988
GET /thumbnail/db_CvH73y67qqjyT-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: image/jpeg
content-length: 8212
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-varnish: 419234101 5931131, 538017829
age: 39011
via: 1.1 varnish (Varnish/6.0), 1.1 varnish (Varnish/6.0)
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-SRvH_1nPzk-z3E9w/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-SRvH_1nPzk-z3E9w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 59935d7b258c3bc0c831ede03e2307fa
e26a683d37428b0bb5fd5f30c4b88ddad13a79e5
e3094e0d5d902c2ccfd3cc5b1e267de1549ff49a6e1bb3c46720e549cba6adde
GET /thumbnail/J-SRvH_1nPzk-z3E9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: image/jpeg
content-length: 10933
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-varnish: 390140781 9080213
age: 38095
via: 1.1 varnish (Varnish/6.0)
accept-ranges: bytes
access-control-allow-origin: *, *
X-Firefox-Spdy: h2
jetordinarilysouvenirs.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy4tcxReum%2BQHPwziAxEEH70QNOj03Fe%2FzCIYY2QwJiGJBF1Zr9tdTvWtS9W9fTuzMSSgWXZ2Lu98PZNBE8Tgxk0g9LiRgYDtQnrh%2FBNC3Er3NLQeqDrn1HcW3%2Fed%2Bnq7OCQ%2BCjq7%2FInZUlrT9Ubdr719XaXClK528Vot8Ov%2B6dp1lTbj07Xh%2FLKD9wK%2FUfdP1T6SfNOsh37g%2B4Ef1M4rKxMzXF%2BgUNmDTlDv%2BPU4rAeNGEP7394VHhz1IAaH5EUoMf1f79eHUHyCtP%2FjOek2c5O9%2B2G%2F0DQ3FgOx92m6mZoyRX9VJtZDku4tp2HclJBvj8Gke0sFMIOduQIwNSXeHwFYurekCTbYPWLKNGQKJk6iHEwg9QSKTsDNbSjxGwG4wMVLSPv3Lhpb0htHKJ2jU3Li6V9Q5ZSc%2BPMlpP0fzmo1rF01usiVSR2GSQU1nEB1J8iKfeRbHlS5D57fghJPyPrTC0j7O5ecNlBi9qbfFqwhOmytQeNgLeYRX2t3mnyNCRkGrSSOOkl7YZFSE6hkAi1HoM5DMT%2FKQ5F4KDIPfTGr0UYn8f1WwpIoasec8yjivNFuioaI4nbio%2BBzDSPk2Qhcj8DtTWT2JjbV3Skht3Zgi8dwvQpOeHA5wUBUKCVB6QhKSlAqgjInKAfVrtAudNU9oV3BgmUOlzmqxibvbtNdk3dlSrazQ%2FLC3D3v2a%2Fewqac1cIgkVGn4SdxEEo%2FbPIoSgLW5FI2g0gyCqcqKHdsoXVLTcnrjZPI1JT8%2F8xjMLoPp%2FfB1fOgxWug5bgV%2BqC9cdz2sZX%2BnNK8sFT3JNV5z5nCclnnumAQpkKWn0B%2Bw9vWh%2BSVxUZPPzeE5Adnfvr7yezlb94BtxUyW%2BFL9QtBV98ZXzEl2bliSkceXspy1VdbdL7tqznN5fHvP5Y3SmPFxjk3%2Bu59Pgfm5YNr0uUXaCpU2nXk%2FlklhLTnjeWSPNpw1yW7XLje2cKmRXbh8gfnN%2FqZlc4pk05A1ZSQ2Qa4mpJnHn2%2B%2BMlv3P8Myk5giwr94oAsA8rsg2c34bIVf2cIrF7NsMxDWVRjG7LVo1YEWq56yiq4f%2FVsVW%2B7O%2BhaDzS%2FjbRfYWArDHQFqkdwxfFxntmDM79HiwDT3php6%2B0wbfXdI3OdmtUaQSzbrN3iQjDJRdAKo3bk%2B6EQcasjgw5yNxWvnvriHwAAAP%2F%2FAQAA%2F%2F9atbIYoQQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 jetordinarilysouvenirs.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy4tcxReum%2BQHPwziAxEEH70QNOj03Fe%2FzCIYY2QwJiGJBF1Zr9tdTvWtS9W9fTuzMSSgWXZ2Lu98PZNBE8Tgxk0g9LiRgYDtQnrh%2FBNC3Er3NLQeqDrn1HcW3%2Fed%2Bnq7OCQ%2BCjq7%2FInZUlrT9Ubdr719XaXClK528Vot8Ov%2B6dp1lTbj07Xh%2FLKD9wK%2FUfdP1T6SfNOsh37g%2B4Ef1M4rKxMzXF%2BgUNmDTlDv%2BPU4rAeNGEP7394VHhz1IAaH5EUoMf1f79eHUHyCtP%2FjOek2c5O9%2B2G%2F0DQ3FgOx92m6mZoyRX9VJtZDku4tp2HclJBvj8Gke0sFMIOduQIwNSXeHwFYurekCTbYPWLKNGQKJk6iHEwg9QSKTsDNbSjxGwG4wMVLSPv3Lhpb0htHKJ2jU3Li6V9Q5ZSc%2BPMlpP0fzmo1rF01usiVSR2GSQU1nEB1J8iKfeRbHlS5D57fghJPyPrTC0j7O5ecNlBi9qbfFqwhOmytQeNgLeYRX2t3mnyNCRkGrSSOOkl7YZFSE6hkAi1HoM5DMT%2FKQ5F4KDIPfTGr0UYn8f1WwpIoasec8yjivNFuioaI4nbio%2BBzDSPk2Qhcj8DtTWT2JjbV3Skht3Zgi8dwvQpOeHA5wUBUKCVB6QhKSlAqgjInKAfVrtAudNU9oV3BgmUOlzmqxibvbtNdk3dlSrazQ%2FLC3D3v2a%2Fewqac1cIgkVGn4SdxEEo%2FbPIoSgLW5FI2g0gyCqcqKHdsoXVLTcnrjZPI1JT8%2F8xjMLoPp%2FfB1fOgxWug5bgV%2BqC9cdz2sZX%2BnNK8sFT3JNV5z5nCclnnumAQpkKWn0B%2Bw9vWh%2BSVxUZPPzeE5Adnfvr7yezlb94BtxUyW%2BFL9QtBV98ZXzEl2bliSkceXspy1VdbdL7tqznN5fHvP5Y3SmPFxjk3%2Bu59Pgfm5YNr0uUXaCpU2nXk%2FlklhLTnjeWSPNpw1yW7XLje2cKmRXbh8gfnN%2FqZlc4pk05A1ZSQ2Qa4mpJnHn2%2B%2BMlv3P8Myk5giwr94oAsA8rsg2c34bIVf2cIrF7NsMxDWVRjG7LVo1YEWq56yiq4f%2FVsVW%2B7O%2BhaDzS%2FjbRfYWArDHQFqkdwxfFxntmDM79HiwDT3php6%2B0wbfXdI3OdmtUaQSzbrN3iQjDJRdAKo3bk%2B6EQcasjgw5yNxWvnvriHwAAAP%2F%2FAQAA%2F%2F9atbIYoQQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy4tcxReum%2BQHPwziAxEEH70QNOj03Fe%2FzCIYY2QwJiGJBF1Zr9tdTvWtS9W9fTuzMSSgWXZ2Lu98PZNBE8Tgxk0g9LiRgYDtQnrh%2FBNC3Er3NLQeqDrn1HcW3%2Fed%2Bnq7OCQ%2BCjq7%2FInZUlrT9Ubdr719XaXClK528Vot8Ov%2B6dp1lTbj07Xh%2FLKD9wK%2FUfdP1T6SfNOsh37g%2B4Ef1M4rKxMzXF%2BgUNmDTlDv%2BPU4rAeNGEP7394VHhz1IAaH5EUoMf1f79eHUHyCtP%2FjOek2c5O9%2B2G%2F0DQ3FgOx92m6mZoyRX9VJtZDku4tp2HclJBvj8Gke0sFMIOduQIwNSXeHwFYurekCTbYPWLKNGQKJk6iHEwg9QSKTsDNbSjxGwG4wMVLSPv3Lhpb0htHKJ2jU3Li6V9Q5ZSc%2BPMlpP0fzmo1rF01usiVSR2GSQU1nEB1J8iKfeRbHlS5D57fghJPyPrTC0j7O5ecNlBi9qbfFqwhOmytQeNgLeYRX2t3mnyNCRkGrSSOOkl7YZFSE6hkAi1HoM5DMT%2FKQ5F4KDIPfTGr0UYn8f1WwpIoasec8yjivNFuioaI4nbio%2BBzDSPk2Qhcj8DtTWT2JjbV3Skht3Zgi8dwvQpOeHA5wUBUKCVB6QhKSlAqgjInKAfVrtAudNU9oV3BgmUOlzmqxibvbtNdk3dlSrazQ%2FLC3D3v2a%2Fewqac1cIgkVGn4SdxEEo%2FbPIoSgLW5FI2g0gyCqcqKHdsoXVLTcnrjZPI1JT8%2F8xjMLoPp%2FfB1fOgxWug5bgV%2BqC9cdz2sZX%2BnNK8sFT3JNV5z5nCclnnumAQpkKWn0B%2Bw9vWh%2BSVxUZPPzeE5Adnfvr7yezlb94BtxUyW%2BFL9QtBV98ZXzEl2bliSkceXspy1VdbdL7tqznN5fHvP5Y3SmPFxjk3%2Bu59Pgfm5YNr0uUXaCpU2nXk%2FlklhLTnjeWSPNpw1yW7XLje2cKmRXbh8gfnN%2FqZlc4pk05A1ZSQ2Qa4mpJnHn2%2B%2BMlv3P8Myk5giwr94oAsA8rsg2c34bIVf2cIrF7NsMxDWVRjG7LVo1YEWq56yiq4f%2FVsVW%2B7O%2BhaDzS%2FjbRfYWArDHQFqkdwxfFxntmDM79HiwDT3php6%2B0wbfXdI3OdmtUaQSzbrN3iQjDJRdAKo3bk%2B6EQcasjgw5yNxWvnvriHwAAAP%2F%2FAQAA%2F%2F9atbIYoQQAAA%3D%3D HTTP/1.1
Host: jetordinarilysouvenirs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=08db5d9b-5a41-4c3c-896c-bde217f439f8:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:41 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b52e1685f59de12c7ff570e725e8a53b
Strict-Transport-Security: max-age=0; includeSubdomains
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 3.4 kB URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type gzip compressed data, from Unix\012- data
Hash 8bd768a18ef56d4fbc692db8071c6944
6a804da79b8b8dcd48f8d7fe4e25204338deecd7
1cd22368007565d4ac9f7d6eaf7dda93322e2be079b91778f36fb116acf2a6a1
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 Mar 2023 10:26:40 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7QVvZ4QC3FYblduC6S7frp_w4LcCFsAluHcWVBHMEb7QehzNsKYrbBGRi_1nW8_LsgJBMyD7A
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-9V__TrK84C2i7-uD_lKREA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none; report-to="AccountsSigninPassiveLoginHttp"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSigninPassiveLoginHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSigninPassiveLoginHttp/external"}]}, {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: application/binary
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:xzrr10oFAIXm-vDrQqbSXxLiICEatg:ixAtL1SBnGaerpSt; Expires=Sat, 22-Mar-2025 10:26:40 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/click/17507519567147798095?c=90
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/click/17507519567147798095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/17507519567147798095?c=90 HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
Cookie: nauid=RxA505sQter17hcnv7lk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/click/4324436260420632095?c=90
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/click/4324436260420632095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/4324436260420632095?c=90 HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
Cookie: nauid=RxA505sQter17hcnv7lk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private
X-Firefox-Spdy: h2
20915.polarbearyulia.com/v2/a/ban/iframe/210389
88.208.59.102204 No Content 0 B URL HTTP/2 20915.polarbearyulia.com/v2/a/ban/iframe/210389
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/a/ban/iframe/210389 HTTP/1.1
Host: 20915.polarbearyulia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 23 Mar 2023 10:26:41 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e40bb17bda7aab35dc503617f1753fe8
478a59a81a75cf5ce8fa5847a1baa254a5f281c4
5fa13ef9ba37eef20024f6a75043475f1b00781a5feec14db78fe192f24895af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5FA13EF9BA37EEF20024F6A75043475F1B00781A5FEEC14DB78FE192F24895AF"
Last-Modified: Wed, 22 Mar 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15534
Expires: Thu, 23 Mar 2023 14:45:35 GMT
Date: Thu, 23 Mar 2023 10:26:41 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 24 kB URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type gzip compressed data, from Unix\012- data
Hash a7158a784d1ee34e444340736dbe705f
bc1ad080ebeac709fbecfd44c3641efcab571870
d21e685803756642838f8607b95e6baede9a5e12fb84e41eff72a02374ac0d6e
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 Mar 2023 10:26:40 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7QazvYI5Zn5Ipr88qB4zZuw4B7e_et4Xj4KYL6oLLAzmt-N0pyZfjEH63xEyGKfjtOMu5mgOg
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-Q2o_9l6Ak7ve7RWQlrUD3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-type: application/binary
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:pFdP1r2jeSEhdzhkr3wXbJduD3rvGQ:FICBqeXNrNgJ2qwb; Expires=Sat, 22-Mar-2025 10:26:40 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 435b3556ae37169146d5b17cc8daa61f
045b105a71bb10b1415ca45a887e95fda83548fc
8e2adddda597d358f61ae1bc6200e6b4c2f9137f18097f5e69de22ca2ef3858c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E2ADDDDA597D358F61AE1BC6200E6B4C2F9137F18097F5E69DE22CA2EF3858C"
Last-Modified: Wed, 22 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13417
Expires: Thu, 23 Mar 2023 14:10:18 GMT
Date: Thu, 23 Mar 2023 10:26:41 GMT
Connection: keep-alive
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.9 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash b5f1745caf667da1dcfb2c72e15f388d
109061469dbfe66be8d1b838ff886173545cb558
2bec1b4b4c570ff3539069829060e6fdc64d11391d97c51127c7e0177c679387
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=RxA505sQter17hcnv7lk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 6.2 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (4356)
Hash 85eb714472f8d5076564cd02fb60c9f8
1a3945c99c84a82034084481d6c5e056fcf8a05c
d479c71e61b7acfdd92d8678a7835c16c60d46ac4bbb4e1c585aa8e498a811b9
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=RxA505sQter17hcnv7lk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 18 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Hash 449779896949b898e3de4c1c829f8d2b
62ccc21afa0080f23b7805287c7519956e8d0061
6341d093a81d790961e6e45e199c1b0cc1aa433491bb5ca918f779bdf111d8ba
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: JPW948ikPQ4UQv30DCn2NPLFZEjTOaZLTfguQdy4hGWu/au6w4rjMiGpfnDPDkAuJxNmKt/hRYUPGVU19x3TLQ==
date: Thu, 23 Mar 2023 10:26:40 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6926ebd86f68eff15da2ec8ec597ad33
b8100e6fb5410e17da8975ae032ceed97e4ea91a
b2925dbc655a662ea8915106a1e65cb1ec4c82b6f0c3d9aa5b86dd9a48019c30
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:41 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 08:36:27 GMT
Expires: Thu, 30 Mar 2023 08:36:26 GMT
Etag: "b8100e6fb5410e17da8975ae032ceed97e4ea91a"
Cache-Control: max-age=597584,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac5fa442eddb4eb-OSL
a.medfoodsafety.com/loader?a=4788036&s=4776911&t=1&p=8575
172.64.205.2200 OK 3.3 kB URL HTTP/2 a.medfoodsafety.com/loader?a=4788036&s=4776911&t=1&p=8575
IP 172.64.205.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a8b9c9c1109ef79c98cc5de07396c259
10f3ee0cd7d9cbd80b29b0e1f6f1f99537f1266e
32b4312efeb974385ce3d40a9e1f378a4a9cb7b88e37552b737f22057e799311
GET /loader?a=4788036&s=4776911&t=1&p=8575 HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HN6GLnhDIlVn7BNw4C9M1wBLyiRWHthOLgWEGJ2N3Vfxq6j6koLMlG9CNeafFvt83EsceHIGk5ymuK0qV%2FwPren3uDGf3hY9xNg6vsWHy%2BrTFVdHR20i0OTGb%2B5BOIzGrsZNiM1I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa40cdb60656-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.248.225.238304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.248.225.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=693ab59a-be1d-42cd-9f6e-94cc61dbb3ef; bfq=APeIECNCx5YZMGbcmEGDRhcWIsYU3BLjoYgyE2PYuJHDRo0ZNmBU7KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
If-Modified-Since: Wed, 23 Nov 2022 12:50:59 GMT
If-None-Match: W/"637e1733-1f37"
TE: trailers
HTTP/2 304 Not Modified
date: Thu, 23 Mar 2023 10:26:41 GMT
last-modified: Wed, 23 Nov 2022 12:50:59 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"637e1733-1f37"
age: 8798354
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bec22956160b90281f0fde3244fb9115
ba1b1b83e3874e5d8e6f987599f93e66dab0cfe1
2cbd4e40014fa3bc5bce28323d5b9ad80b2a9e1abd6e213cc91d0ac9b32c46d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CBD4E40014FA3BC5BCE28323D5B9AD80B2A9E1ABD6E213CC91D0AC9B32C46D6"
Last-Modified: Mon, 20 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2694
Expires: Thu, 23 Mar 2023 11:11:36 GMT
Date: Thu, 23 Mar 2023 10:26:42 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6926ebd86f68eff15da2ec8ec597ad33
b8100e6fb5410e17da8975ae032ceed97e4ea91a
b2925dbc655a662ea8915106a1e65cb1ec4c82b6f0c3d9aa5b86dd9a48019c30
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 08:36:27 GMT
Expires: Thu, 30 Mar 2023 08:36:26 GMT
Etag: "b8100e6fb5410e17da8975ae032ceed97e4ea91a"
Cache-Control: max-age=597583,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac5fa442b23b518-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e7464ad4e48253fde290f771e1f45500
50fad111b07ae2b3d0bc6152e5d8b42e90a3daef
bc288d03aad73ff9d8921d2a7bb50f46707d18c5764f6e4c671530dda5c8ab7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC288D03AAD73FF9D8921D2A7BB50F46707D18C5764F6E4C671530DDA5C8AB7E"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14041
Expires: Thu, 23 Mar 2023 14:20:43 GMT
Date: Thu, 23 Mar 2023 10:26:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e7464ad4e48253fde290f771e1f45500
50fad111b07ae2b3d0bc6152e5d8b42e90a3daef
bc288d03aad73ff9d8921d2a7bb50f46707d18c5764f6e4c671530dda5c8ab7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC288D03AAD73FF9D8921D2A7BB50F46707D18C5764F6E4C671530DDA5C8AB7E"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14041
Expires: Thu, 23 Mar 2023 14:20:43 GMT
Date: Thu, 23 Mar 2023 10:26:42 GMT
Connection: keep-alive
go.xlivrdr.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=czzUcuJ71t5CgEqUpaN9m4AX99jNxi2ZfcWvOAn0pn-D4gMNiIs3r4DtY55MfxSVW9_J2XXvzgblWoqA-vYKJVy8O-cofNOwj68-VXX0I2cfBdM_gUIDRUi&p1=4235550
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=czzUcuJ71t5CgEqUpaN9m4AX99jNxi2ZfcWvOAn0pn-D4gMNiIs3r4DtY55MfxSVW9_J2XXvzgblWoqA-vYKJVy8O-cofNOwj68-VXX0I2cfBdM_gUIDRUi&p1=4235550
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=czzUcuJ71t5CgEqUpaN9m4AX99jNxi2ZfcWvOAn0pn-D4gMNiIs3r4DtY55MfxSVW9_J2XXvzgblWoqA-vYKJVy8O-cofNOwj68-VXX0I2cfBdM_gUIDRUi&p1=4235550 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 23 Mar 2023 10:26:42 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=ca6624202b11763d71416a8ead72efb72b6393c2d3c8dd0c6eab3c1996806e05&iterationId=402446&masterSmartpopId=1914&memberId=czzUcuJ71t5CgEqUpaN9m4AX99jNxi2ZfcWvOAn0pn-D4gMNiIs3r4DtY55MfxSVW9_J2XXvzgblWoqA-vYKJVy8O-cofNOwj68-VXX0I2cfBdM_gUIDRUi&p1=4235550&quality=optimal&ruleId=17&smartpopId=1793&sourceId=477848&tag=-girls%2Findian&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=30282
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=887637.30282; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeScBLPeXxw9eeb9jHh2X4LoUYkt; SameSite=None; Secure; path=/; expires=Fri, 24-Mar-23 09:26:42 GMT; HttpOnly
server: cloudflare
cf-ray: 7ac5fa455cf30b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=iJnjWYtylbdtphhdVbEHB6RG0bgWJKgj1pLWWd105OEosQiUhZPTR-XhwHVx9QlFoenH4LiIeLDinnadhapVogSLw3VcNsi1D_cJwt2lljtNXlE_gUIDRUi&p1=4235552
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=iJnjWYtylbdtphhdVbEHB6RG0bgWJKgj1pLWWd105OEosQiUhZPTR-XhwHVx9QlFoenH4LiIeLDinnadhapVogSLw3VcNsi1D_cJwt2lljtNXlE_gUIDRUi&p1=4235552
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=iJnjWYtylbdtphhdVbEHB6RG0bgWJKgj1pLWWd105OEosQiUhZPTR-XhwHVx9QlFoenH4LiIeLDinnadhapVogSLw3VcNsi1D_cJwt2lljtNXlE_gUIDRUi&p1=4235552 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 23 Mar 2023 10:26:42 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=ca6624202b11763d71416a8ead72efb72b6393c2d3c8dd0c6eab3c1996806e05&iterationId=402446&masterSmartpopId=1914&memberId=iJnjWYtylbdtphhdVbEHB6RG0bgWJKgj1pLWWd105OEosQiUhZPTR-XhwHVx9QlFoenH4LiIeLDinnadhapVogSLw3VcNsi1D_cJwt2lljtNXlE_gUIDRUi&p1=4235552&quality=optimal&ruleId=17&smartpopId=1793&sourceId=477848&tag=-girls%2Findian&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=30282
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=887637.30282; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1XYMARUwdYFVsfbm4JoPdwBBS4; SameSite=None; Secure; path=/; expires=Fri, 24-Mar-23 09:26:42 GMT; HttpOnly
server: cloudflare
cf-ray: 7ac5fa455cf90b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6b558bee3cba64e8fc20fe7fb40f5289
5876bc45ff6493951cdf81301fecdad9be627fc1
5c32ee019946d069486e8bed6d72ff08ea06b2efd6e20c722d8f84c38981f473
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C32EE019946D069486E8BED6D72FF08EA06B2EFD6E20C722D8F84C38981F473"
Last-Modified: Tue, 21 Mar 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20034
Expires: Thu, 23 Mar 2023 16:00:36 GMT
Date: Thu, 23 Mar 2023 10:26:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2c1864a8c58f609a345b7068ef562581
a0c9fca1f64817e2120333500c1ac447c18b194f
48ba91cd80d15dc010e2ba367cb2091d64787dd53cefb83fb3ff86b35a533a8f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48BA91CD80D15DC010E2BA367CB2091D64787DD53CEFB83FB3FF86B35A533A8F"
Last-Modified: Wed, 22 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10375
Expires: Thu, 23 Mar 2023 13:19:37 GMT
Date: Thu, 23 Mar 2023 10:26:42 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=67059
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=67059
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=67059 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://a.naturalhealthsource.club/
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 10:26:42 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
19d80f4f97.523d6475f9.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTc1MjUyMTM1NDIyNzY3NTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjMwLjAiLCJ0YWdfaWQiOjY3MDU5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMzUsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IiJ9
45.133.44.24200 OK 0 B URL HTTP/2 19d80f4f97.523d6475f9.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTc1MjUyMTM1NDIyNzY3NTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjMwLjAiLCJ0YWdfaWQiOjY3MDU5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMzUsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IiJ9
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTc1MjUyMTM1NDIyNzY3NTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjMwLjAiLCJ0YWdfaWQiOjY3MDU5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMzUsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IiJ9 HTTP/1.1
Host: 19d80f4f97.523d6475f9.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:42 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e1ec25f2b41abd0cc1856a7c4f3924d4
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:42 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3bbfbf8f5f4bf66a9e735ca6f9accde3
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=08db5d9b-5a41-4c3c-896c-bde217f439f8&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 Mar 2023 10:26:42 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 48fbab0ba51351f98aceb0acdb1d6c86
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 739056cc4532d93846b698a46a100ddd
ce0b372934223ebf58f1848a2e1fe3b6356c97ee
eb3ee9fde830e7f45c96ce20aaa538d789083b74623fe9b08605dc164e0eb8a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB3EE9FDE830E7F45C96CE20AAA538D789083B74623FE9B08605DC164E0EB8A3"
Last-Modified: Tue, 21 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18505
Expires: Thu, 23 Mar 2023 15:35:07 GMT
Date: Thu, 23 Mar 2023 10:26:42 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
172.64.172.27200 OK 108 kB IP 172.64.172.27:0
Size 108 kB (108228 bytes)
Hash c8c0a9e4837806063ffe5d08198b69db
326e783407174aba99e2c04fb3fb723f3126fd07
3b8c0f072ea027409f0b2eef4adfe82fabc33f1648bceb75d7e3e88a4c8e9bfb
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:40 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 69
last-modified: Thu, 23 Mar 2023 10:25:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k5qfnLT%2Bs3I0Q0fnVso3mVWJ0iM1CTRDmR%2F2WAmoUkcKQIk%2FIHmkguBYdPTYTYFm6ano1BhdBJLVb3BxZx6a50pbXjPUzeFUdFOcIVy493nZKLOrhB4XjSkdzetmqmNn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac5fa3d0aaf755a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=67059
157.90.84.242200 OK 79 kB URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=67059
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash 8f503cb1f41edd2466d98dc997628e0c
0e28458fbe339a32e55a1787c2aadebf63152a68
86b9e4784dbffa5d0ee2a97fd4ad3a779c9c9e2b07682cbf780b67682d4117e5
POST /fp?tag_id=67059 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22284
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 10:26:42 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Set-Cookie: id=16248757985529113086; Expires=Fri, 22 Mar 2024 10:26:42 GMT; Secure; SameSite=None
Vary: Origin
imgspics.com/ie?v=4&c=mndxYQwkKDnQ4KrHhI13Yvd7LdQF9eHbu4vE3Kpo5T9DEZg5oB-ECfeUCwlzapieR979jiaxBCpiLcHTsnqAbXAimr_sGrZMtzJSP95CMUg0mbglf0G3cqywohNIi4oNV8aVOiURfyR5424hU8hMG71YJqzRQaXNmGTCWuXkl_bRyisnNhBINRdGj0ss6wn4pPQWup-Jw_Q0jeFsWOYVnmwwKYJcE4jbu-wIfHP3RwSXmgqPButzXRLt1MaJN8qqKRW7p-k-yMWqriG2XcOpCzRvEpRIV11bhNyaQ_F0Vi-NBX7TTtJNeaeO1nxG52VK_M9G1FmVoCT1VVPkDEOnXpgZOPE-j2H6WUAAjX2DXQMX4IRK0iYgvFN2XAc-N4qIne1_KAM3xrnDiH_HcpqvaKMfvx2bSCV_j_BBoMZavQ==&v1=86&v2=68678
157.90.94.146301 Moved Permanently 0 B URL HTTP/1.1 imgspics.com/ie?v=4&c=mndxYQwkKDnQ4KrHhI13Yvd7LdQF9eHbu4vE3Kpo5T9DEZg5oB-ECfeUCwlzapieR979jiaxBCpiLcHTsnqAbXAimr_sGrZMtzJSP95CMUg0mbglf0G3cqywohNIi4oNV8aVOiURfyR5424hU8hMG71YJqzRQaXNmGTCWuXkl_bRyisnNhBINRdGj0ss6wn4pPQWup-Jw_Q0jeFsWOYVnmwwKYJcE4jbu-wIfHP3RwSXmgqPButzXRLt1MaJN8qqKRW7p-k-yMWqriG2XcOpCzRvEpRIV11bhNyaQ_F0Vi-NBX7TTtJNeaeO1nxG52VK_M9G1FmVoCT1VVPkDEOnXpgZOPE-j2H6WUAAjX2DXQMX4IRK0iYgvFN2XAc-N4qIne1_KAM3xrnDiH_HcpqvaKMfvx2bSCV_j_BBoMZavQ==&v1=86&v2=68678
IP 157.90.94.146:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=mndxYQwkKDnQ4KrHhI13Yvd7LdQF9eHbu4vE3Kpo5T9DEZg5oB-ECfeUCwlzapieR979jiaxBCpiLcHTsnqAbXAimr_sGrZMtzJSP95CMUg0mbglf0G3cqywohNIi4oNV8aVOiURfyR5424hU8hMG71YJqzRQaXNmGTCWuXkl_bRyisnNhBINRdGj0ss6wn4pPQWup-Jw_Q0jeFsWOYVnmwwKYJcE4jbu-wIfHP3RwSXmgqPButzXRLt1MaJN8qqKRW7p-k-yMWqriG2XcOpCzRvEpRIV11bhNyaQ_F0Vi-NBX7TTtJNeaeO1nxG52VK_M9G1FmVoCT1VVPkDEOnXpgZOPE-j2H6WUAAjX2DXQMX4IRK0iYgvFN2XAc-N4qIne1_KAM3xrnDiH_HcpqvaKMfvx2bSCV_j_BBoMZavQ==&v1=86&v2=68678 HTTP/1.1
Host: imgspics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Thu, 23 Mar 2023 10:26:41 GMT
content-length: 0
location: https://img.vmmcdn.com/get/7609021/200747_icon.png
x-app-id: 13
video.ktkjmp.com/adsbygoogle.js
104.18.62.235200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.62.235:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: umnGOMVCjminO+qe5UBV06OrSizh/U59KvaEibge5v1gMRbq/UnThpljPBepeh+5w7wEpQIcu/4=
x-amz-request-id: 3YW9SERF7DC7262X
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 5824
expires: Thu, 23 Mar 2023 14:26:42 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac5fa4789ad0b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2af5860c9fb25e01bce89616f7460e88
0b4c10e8f6254b7f9e85de07bcc51651c28d0c53
fda2d4fbaebcb2c4772edd87fd9dcc8479c44239adfea9723d82e26a8cdd6464
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FDA2D4FBAEBCB2C4772EDD87FD9DCC8479C44239ADFEA9723D82E26A8CDD6464"
Last-Modified: Wed, 22 Mar 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15112
Expires: Thu, 23 Mar 2023 14:38:34 GMT
Date: Thu, 23 Mar 2023 10:26:42 GMT
Connection: keep-alive
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIgTFjBowyNnC0sBGGRpgWNGaMEYkjh5mTNEyGmWFDRoyCY8aIeBimjk4dImbcIGMmRgwZMFqMsWHGDEocNGK0wHHjBo0WYWKQxCEjx40ZNGzY2AmRjB2KNG7EwPEQTh0xFLvCqAgRDpyFVFM-nANnog4aMmbUGAzj4Zg2d_9Whcq2rBmKD8W4cbPQo1CwNB62cYOR4QwZSNtu7myjRtSHdWJkREOHDpw5Ol68OPPGBR42aezIISPHxZg3bV7MaRNGjus3cF5wjClUq0cZVWPQgEGGBsgyUIXWFEM0hw0a1cOUuSHGjOAY0b03zFHDDHeQY2QYzBrjR505CJOQ6UEmBgwYZgxVlBgz4FADdGPU4JJ8c40BUg04kFGeGDiIYYN3OdCQwxhHcRhWDlrRYMZ0OGg1lEkxjBEGF3X8J4MNc7xRhxwO6tdDWjcwxqKLNrRRRhti5LffGVnoEUcSMsgRxhpLMPGbGlpEgQYaSDyRwxlJSKFFE3a0gcMXTtiRBxNZMJGHHXXgcUYRVtTBBhpUwIAHEkE0ocUdcuAQoRB65JAFEUq4gYabNKARxBEcNTGGE9NVYcQNb1SRBxRJGEFFDnJEAUcaRrCBhxZuCBGDFUHgAIMNVRBRRw1BfHFGFUkQIUUVaewIw4twxHBjYIPVAANZZACXURguuBEGHTOG8WZBbNCBRowzOugbG2-RpaJfW8wQQxdt0VhZGS3A4JBGj-kAgwtzGQZHG1_A4a256Mow2ENy2JFYQw-VMca6C53LEWp1pDEsDmZ0ZUMZNbQwAxljiIGSDWM4FUZ54IYVRg1lyJBSYDDQQFYaiYkAogs5nAuYCw15TO8XIGc0cskunJwyWXWEkVETb-iRBhtshPFCDeiCgMIVabgR7B1zgOAEFSD4h-4OIBDtxndQ40E1CPUyJC66KYBwhL5rvPECUv7NNRcIRqQhRxlmvIHHC_4B_athP4ngxBNkvSHHFzlldDdZbNRdhBPAlmHHF2uzQVENi9FkamEiyHEGZTrIS9VDBx0uhhx4NZb5F228QcZCMuBgA128vVHZQ28o9Fe3buexUGYikJEH5XTIUUcZ9LK9WmuvxfYCscYiq-SyyjoLLY1lTPvWC2TNUW9GcrxBx7F6t1CHG2nQofC5DB8FbN0HfRG-DGTR0QZFNtzAXvtkW9QG-gy1__4NZNPQEk9kIF4GX184FvvcVwP4pUsEhgsgGxBCB9dtAT3cgogY_FI7tvWkWWSBQ-D6ZZjOwKAPCggI&s=c3daad89cab968ce33f3aecd6af0d1696822a8e88ba6f54410ca8f59e22708991679567201&w=t&r=1&d=437&priv=false
78.46.97.249200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIgTFjBowyNnC0sBGGRpgWNGaMEYkjh5mTNEyGmWFDRoyCY8aIeBimjk4dImbcIGMmRgwZMFqMsWHGDEocNGK0wHHjBo0WYWKQxCEjx40ZNGzY2AmRjB2KNG7EwPEQTh0xFLvCqAgRDpyFVFM-nANnog4aMmbUGAzj4Zg2d_9Whcq2rBmKD8W4cbPQo1CwNB62cYOR4QwZSNtu7myjRtSHdWJkREOHDpw5Ol68OPPGBR42aezIISPHxZg3bV7MaRNGjus3cF5wjClUq0cZVWPQgEGGBsgyUIXWFEM0hw0a1cOUuSHGjOAY0b03zFHDDHeQY2QYzBrjR505CJOQ6UEmBgwYZgxVlBgz4FADdGPU4JJ8c40BUg04kFGeGDiIYYN3OdCQwxhHcRhWDlrRYMZ0OGg1lEkxjBEGF3X8J4MNc7xRhxwO6tdDWjcwxqKLNrRRRhti5LffGVnoEUcSMsgRxhpLMPGbGlpEgQYaSDyRwxlJSKFFE3a0gcMXTtiRBxNZMJGHHXXgcUYRVtTBBhpUwIAHEkE0ocUdcuAQoRB65JAFEUq4gYabNKARxBEcNTGGE9NVYcQNb1SRBxRJGEFFDnJEAUcaRrCBhxZuCBGDFUHgAIMNVRBRRw1BfHFGFUkQIUUVaewIw4twxHBjYIPVAANZZACXURguuBEGHTOG8WZBbNCBRowzOugbG2-RpaJfW8wQQxdt0VhZGS3A4JBGj-kAgwtzGQZHG1_A4a256Mow2ENy2JFYQw-VMca6C53LEWp1pDEsDmZ0ZUMZNbQwAxljiIGSDWM4FUZ54IYVRg1lyJBSYDDQQFYaiYkAogs5nAuYCw15TO8XIGc0cskunJwyWXWEkVETb-iRBhtshPFCDeiCgMIVabgR7B1zgOAEFSD4h-4OIBDtxndQ40E1CPUyJC66KYBwhL5rvPECUv7NNRcIRqQhRxlmvIHHC_4B_athP4ngxBNkvSHHFzlldDdZbNRdhBPAlmHHF2uzQVENi9FkamEiyHEGZTrIS9VDBx0uhhx4NZb5F228QcZCMuBgA128vVHZQ28o9Fe3buexUGYikJEH5XTIUUcZ9LK9WmuvxfYCscYiq-SyyjoLLY1lTPvWC2TNUW9GcrxBx7F6t1CHG2nQofC5DB8FbN0HfRG-DGTR0QZFNtzAXvtkW9QG-gy1__4NZNPQEk9kIF4GX184FvvcVwP4pUsEhgsgGxBCB9dtAT3cgogY_FI7tvWkWWSBQ-D6ZZjOwKAPCggI&s=c3daad89cab968ce33f3aecd6af0d1696822a8e88ba6f54410ca8f59e22708991679567201&w=t&r=1&d=437&priv=false
IP 78.46.97.249:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIgTFjBowyNnC0sBGGRpgWNGaMEYkjh5mTNEyGmWFDRoyCY8aIeBimjk4dImbcIGMmRgwZMFqMsWHGDEocNGK0wHHjBo0WYWKQxCEjx40ZNGzY2AmRjB2KNG7EwPEQTh0xFLvCqAgRDpyFVFM-nANnog4aMmbUGAzj4Zg2d_9Whcq2rBmKD8W4cbPQo1CwNB62cYOR4QwZSNtu7myjRtSHdWJkREOHDpw5Ol68OPPGBR42aezIISPHxZg3bV7MaRNGjus3cF5wjClUq0cZVWPQgEGGBsgyUIXWFEM0hw0a1cOUuSHGjOAY0b03zFHDDHeQY2QYzBrjR505CJOQ6UEmBgwYZgxVlBgz4FADdGPU4JJ8c40BUg04kFGeGDiIYYN3OdCQwxhHcRhWDlrRYMZ0OGg1lEkxjBEGF3X8J4MNc7xRhxwO6tdDWjcwxqKLNrRRRhti5LffGVnoEUcSMsgRxhpLMPGbGlpEgQYaSDyRwxlJSKFFE3a0gcMXTtiRBxNZMJGHHXXgcUYRVtTBBhpUwIAHEkE0ocUdcuAQoRB65JAFEUq4gYabNKARxBEcNTGGE9NVYcQNb1SRBxRJGEFFDnJEAUcaRrCBhxZuCBGDFUHgAIMNVRBRRw1BfHFGFUkQIUUVaewIw4twxHBjYIPVAANZZACXURguuBEGHTOG8WZBbNCBRowzOugbG2-RpaJfW8wQQxdt0VhZGS3A4JBGj-kAgwtzGQZHG1_A4a256Mow2ENy2JFYQw-VMca6C53LEWp1pDEsDmZ0ZUMZNbQwAxljiIGSDWM4FUZ54IYVRg1lyJBSYDDQQFYaiYkAogs5nAuYCw15TO8XIGc0cskunJwyWXWEkVETb-iRBhtshPFCDeiCgMIVabgR7B1zgOAEFSD4h-4OIBDtxndQ40E1CPUyJC66KYBwhL5rvPECUv7NNRcIRqQhRxlmvIHHC_4B_athP4ngxBNkvSHHFzlldDdZbNRdhBPAlmHHF2uzQVENi9FkamEiyHEGZTrIS9VDBx0uhhx4NZb5F228QcZCMuBgA128vVHZQ28o9Fe3buexUGYikJEH5XTIUUcZ9LK9WmuvxfYCscYiq-SyyjoLLY1lTPvWC2TNUW9GcrxBx7F6t1CHG2nQofC5DB8FbN0HfRG-DGTR0QZFNtzAXvtkW9QG-gy1__4NZNPQEk9kIF4GX184FvvcVwP4pUsEhgsgGxBCB9dtAT3cgogY_FI7tvWkWWSBQ-D6ZZjOwKAPCggI&s=c3daad89cab968ce33f3aecd6af0d1696822a8e88ba6f54410ca8f59e22708991679567201&w=t&r=1&d=437&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=693ab59a-be1d-42cd-9f6e-94cc61dbb3ef; bfq=APeIECNCx5YZMGbcmEGDRhcWIsYU3BLjoYgyE2PYuJHDRo0ZNmBU7KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAIHMDh5kaZmC0KBPjxo0WNMKYKdMixxgcMlqYyZHDRgwaOW7AsGHmhoiHYeqMyVjGRkoyNMyMaQljjEgaNGCIaUkmxwyUN2qQGSNjBowYY7T-hEjGDkUaN2LgeAinjhiKMnJ8BQoHzkIcN2jMeDgHzkQdNLrWGCzj4Zg2dgGbxEFjLVkzFB-KceNmodcZN2ZAfdjGDUaGM2TIgMG282cbNWhUFFEnRkY0dOjAmaPjxYszb1zgYZPGjhwyclyMedPmxZw2YeTIfgPnBQzNetPa8CrD5M2NNIqWYYzZhgwxZGYaRRqmzA0xZmbUKJm2ZsMcIMEX5WowTIwYP-rMQZiETA8yMcAAQ0_hxSDGDDjUUF1YOZghQxhfjVFUDTiQgZ4YOIhhQ0054DRGDDJ8SMOGMRhlRlQ4lHgDeWCFwUUdAspgwxxv1CGHhP31gFZHjb0Yow1tlNGGGPz5d8UXYnxRBAx4KGEGG2g4QYMRQ5CxBg1N5EFFHjkkEUMabYjWRhQzMBHGFVPQUUcZThDRxBI4OHFVnG3U8cUbTFDxRhFXiAGjGU9cEcccawRRBBxrTCEFEzHEoYQWVMxRHx5OPIHGE3SYgRSkdRyhBhZMNEGFHULMYBMbOMCBxRxfnFFFEkRIUUUaPsIgIxwx6CgYYWORQVxGYbjgRhhqyhEGlAWxQQcaNNoooXBsuDXWGMQutMUMMXTB1o2WsQSDQyKgtxAMLswlwhhwtPEFHNzqQK6tgz0khx2JNfRQGei2MW65e7FWRxoZbThDGGLUkEMYLRAZAxkohchwgzaw1OEYY9hk4YFlQPZQGomJkEMMLsjlQmAuNETDWHJ8wXFGH4dMLskmj1VHGBk18YYeabDBRhgv1FAuCChckYYbvt4xBwhOUAFCgOXuAILQbhjlNB5SgzAvQ9-WmwIIR-C7xhsvjBbgV1-BYEQacmT8Bh4vBOgzDNMOpYMIlY71RsoUZ1T3Q2zILUIRTvRahh1fpM0GRTUsZioOAsp7RmU6yEDhDQ8dRLgYctzlmOVftPEGGQvJgINNlcvxhmUPvaEQYNuuncdCNFSeB-R0yLGmvBm_Fttstb0Q7LDFHkvQscs2e2MZ0Lr1wlhzzJuR6XQQe3cLdbiRBh0ozeDCViD26vdBX3Avw1h06MuQDTfAh77YFoVJEfrq3yB2DTDETlbhZfT1RbXnp1_D-uYa3P7YgBA6rG4LJdEWRMTwFxEcxAxBUdZY4NC3cRnmMzDogwICAg%3D%3D&s=5aa9a17ea22a4743e1c3d0aa23352d265557efed4fca2f245a8c7438102838181679567201&w=t&r=1&d=439&priv=false
78.46.97.249200 OK 1.6 kB URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAIHMDh5kaZmC0KBPjxo0WNMKYKdMixxgcMlqYyZHDRgwaOW7AsGHmhoiHYeqMyVjGRkoyNMyMaQljjEgaNGCIaUkmxwyUN2qQGSNjBowYY7T-hEjGDkUaN2LgeAinjhiKMnJ8BQoHzkIcN2jMeDgHzkQdNLrWGCzj4Zg2dgGbxEFjLVkzFB-KceNmodcZN2ZAfdjGDUaGM2TIgMG282cbNWhUFFEnRkY0dOjAmaPjxYszb1zgYZPGjhwyclyMedPmxZw2YeTIfgPnBQzNetPa8CrD5M2NNIqWYYzZhgwxZGYaRRqmzA0xZmbUKJm2ZsMcIMEX5WowTIwYP-rMQZiETA8yMcAAQ0_hxSDGDDjUUF1YOZghQxhfjVFUDTiQgZ4YOIhhQ0054DRGDDJ8SMOGMRhlRlQ4lHgDeWCFwUUdAspgwxxv1CGHhP31gFZHjb0Yow1tlNGGGPz5d8UXYnxRBAx4KGEGG2g4QYMRQ5CxBg1N5EFFHjkkEUMabYjWRhQzMBHGFVPQUUcZThDRxBI4OHFVnG3U8cUbTFDxRhFXiAGjGU9cEcccawRRBBxrTCEFEzHEoYQWVMxRHx5OPIHGE3SYgRSkdRyhBhZMNEGFHULMYBMbOMCBxRxfnFFFEkRIUUUaPsIgIxwx6CgYYWORQVxGYbjgRhhqyhEGlAWxQQcaNNoooXBsuDXWGMQutMUMMXTB1o2WsQSDQyKgtxAMLswlwhhwtPEFHNzqQK6tgz0khx2JNfRQGei2MW65e7FWRxoZbThDGGLUkEMYLRAZAxkohchwgzaw1OEYY9hk4YFlQPZQGomJkEMMLsjlQmAuNETDWHJ8wXFGH4dMLskmj1VHGBk18YYeabDBRhgv1FAuCChckYYbvt4xBwhOUAFCgOXuAILQbhjlNB5SgzAvQ9-WmwIIR-C7xhsvjBbgV1-BYEQacmT8Bh4vBOgzDNMOpYMIlY71RsoUZ1T3Q2zILUIRTvRahh1fpM0GRTUsZioOAsp7RmU6yEDhDQ8dRLgYctzlmOVftPEGGQvJgINNlcvxhmUPvaEQYNuuncdCNFSeB-R0yLGmvBm_Fttstb0Q7LDFHkvQscs2e2MZ0Lr1wlhzzJuR6XQQe3cLdbiRBh0ozeDCViD26vdBX3Avw1h06MuQDTfAh77YFoVJEfrq3yB2DTDETlbhZfT1RbXnp1_D-uYa3P7YgBA6rG4LJdEWRMTwFxEcxAxBUdZY4NC3cRnmMzDogwICAg%3D%3D&s=5aa9a17ea22a4743e1c3d0aa23352d265557efed4fca2f245a8c7438102838181679567201&w=t&r=1&d=439&priv=false
IP 78.46.97.249:0
ASN #24940 Hetzner Online GmbH
Hash 5b330bde2e5b2aabc1bae4f065d7c895
f1bc8ccb1135c0a45a255efd5c357226d23a6492
8f83a2e6162fb7ec7e8b06c630c83462efd86a2e3c851ced766d3b574fc31c65
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAIHMDh5kaZmC0KBPjxo0WNMKYKdMixxgcMlqYyZHDRgwaOW7AsGHmhoiHYeqMyVjGRkoyNMyMaQljjEgaNGCIaUkmxwyUN2qQGSNjBowYY7T-hEjGDkUaN2LgeAinjhiKMnJ8BQoHzkIcN2jMeDgHzkQdNLrWGCzj4Zg2dgGbxEFjLVkzFB-KceNmodcZN2ZAfdjGDUaGM2TIgMG282cbNWhUFFEnRkY0dOjAmaPjxYszb1zgYZPGjhwyclyMedPmxZw2YeTIfgPnBQzNetPa8CrD5M2NNIqWYYzZhgwxZGYaRRqmzA0xZmbUKJm2ZsMcIMEX5WowTIwYP-rMQZiETA8yMcAAQ0_hxSDGDDjUUF1YOZghQxhfjVFUDTiQgZ4YOIhhQ0054DRGDDJ8SMOGMRhlRlQ4lHgDeWCFwUUdAspgwxxv1CGHhP31gFZHjb0Yow1tlNGGGPz5d8UXYnxRBAx4KGEGG2g4QYMRQ5CxBg1N5EFFHjkkEUMabYjWRhQzMBHGFVPQUUcZThDRxBI4OHFVnG3U8cUbTFDxRhFXiAGjGU9cEcccawRRBBxrTCEFEzHEoYQWVMxRHx5OPIHGE3SYgRSkdRyhBhZMNEGFHULMYBMbOMCBxRxfnFFFEkRIUUUaPsIgIxwx6CgYYWORQVxGYbjgRhhqyhEGlAWxQQcaNNoooXBsuDXWGMQutMUMMXTB1o2WsQSDQyKgtxAMLswlwhhwtPEFHNzqQK6tgz0khx2JNfRQGei2MW65e7FWRxoZbThDGGLUkEMYLRAZAxkohchwgzaw1OEYY9hk4YFlQPZQGomJkEMMLsjlQmAuNETDWHJ8wXFGH4dMLskmj1VHGBk18YYeabDBRhgv1FAuCChckYYbvt4xBwhOUAFCgOXuAILQbhjlNB5SgzAvQ9-WmwIIR-C7xhsvjBbgV1-BYEQacmT8Bh4vBOgzDNMOpYMIlY71RsoUZ1T3Q2zILUIRTvRahh1fpM0GRTUsZioOAsp7RmU6yEDhDQ8dRLgYctzlmOVftPEGGQvJgINNlcvxhmUPvaEQYNuuncdCNFSeB-R0yLGmvBm_Fttstb0Q7LDFHkvQscs2e2MZ0Lr1wlhzzJuR6XQQe3cLdbiRBh0ozeDCViD26vdBX3Avw1h06MuQDTfAh77YFoVJEfrq3yB2DTDETlbhZfT1RbXnp1_D-uYa3P7YgBA6rG4LJdEWRMTwFxEcxAxBUdZY4NC3cRnmMzDogwICAg%3D%3D&s=5aa9a17ea22a4743e1c3d0aa23352d265557efed4fca2f245a8c7438102838181679567201&w=t&r=1&d=439&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=693ab59a-be1d-42cd-9f6e-94cc61dbb3ef; bfq=APeIECNCx5YZMGbcmEGDRhcWIsYU3BLjoYgyE2PYuJHDRo0ZNmBU7KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 28e9593b872e07dbb34807261e4d5230
e9eb1cae1bde967f3db8a3f1fbb4e93426c0abd9
81464c060ee0ffd20b76d9eaef459b0d2a9f8ab8432745edc5835027a24db28f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "81464C060EE0FFD20B76D9EAEF459B0D2A9F8AB8432745EDC5835027A24DB28F"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1626
Expires: Thu, 23 Mar 2023 10:53:48 GMT
Date: Thu, 23 Mar 2023 10:26:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 98501f9e716f718dea32f5f22039bd45
4e524f2bcf7c36e5eb8bcb1f9b0ea0ffa7e55211
f81d4a790f1369619f1bf160f9046a1ea8e2f4c25f15611caea7afac4a9cb7f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F81D4A790F1369619F1BF160F9046A1EA8E2F4C25F15611CAEA7AFAC4A9CB7F2"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12967
Expires: Thu, 23 Mar 2023 14:02:49 GMT
Date: Thu, 23 Mar 2023 10:26:42 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
172.64.172.27200 OK 135 kB IP 172.64.172.27:0
Size 135 kB (134795 bytes)
Hash 43458ad5b8136ca5b8bf0be50e2e958b
68743d115eeb63a3d8fb11427da1de4be78caad0
53807cbefafac364ba1652fc1a19f0c29257f8b6e9a1d0458e2570c98ba6ea26
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:40 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 69
last-modified: Thu, 23 Mar 2023 10:25:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fql%2B27PLZHBbIyncLDm6lsaEtPFUQOa3uN66PblqjLOPQnXRIVUG0KC8TVO5dSyTpje9fzPM8%2FbqgN%2BJsoBljCkSjS3r3sY5n3SsbDIMN83koV2IZJB%2BatX4z20ThvHs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac5fa3d1ab8755a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ac1d488833.bae0c0aefd.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 ac1d488833.bae0c0aefd.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /health/ HTTP/1.1
Host: ac1d488833.bae0c0aefd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.0
date: Thu, 23 Mar 2023 10:26:42 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1679567160/95501563
104.18.63.124200 OK 41 kB URL HTTP/2 img.strpst.com/thumbs/1679567160/95501563
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash af43b2a2d46fe50498e0f7f379f23f25
a2bc380ca3945425edd21a2d890ded758eace7e3
f7e0e6d748fad6ccd5e04225270adc169eeabb8c09c1b17a787dbaf35cb3cb96
GET /thumbs/1679567160/95501563 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: image/jpeg
content-length: 41171
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=42715, status=webp_bigger
etag: "60bd0a76b90b204664e631f7f9879497"
last-modified: Thu, 23 Mar 2023 10:25:17 GMT
cf-cache-status: HIT
age: 32
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac5fa48ed11b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.vmmcdn.com/get/7609021/200747_icon.png
138.201.51.142200 OK 78 kB URL HTTP/1.1 img.vmmcdn.com/get/7609021/200747_icon.png
IP 138.201.51.142:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 53282b73b589873fa79c738c03b4e47d
ca5ab91a4e36ebddd6b326fa67071e915415085d
530d10989a16c4cbdec879d1f82bb200fe63f5fb111179d873354058460dacc8
GET /get/7609021/200747_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 23 Mar 2023 10:26:42 GMT
Content-Type: image/png
Content-Length: 78410
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 15:29:52 GMT
Cache-Control: public, max-age=604800
ETag: "63692470-1324a"
X-Proxy-Cache: HIT
Accept-Ranges: bytes
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
216.127.52.249200 3.0 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
IP 216.127.52.249:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 383ac575fe8cca77290bf69c61168ce0
3f9399c638fae9785b33cdfa9bca9f162fe7f84a
266c8c92cf200e532eb9e4bb7b19bf4ef23d11f002a81522a4139de0acfaa367
GET /as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Thu, 23 Mar 2023 10:26:42 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11679567202937_0_5106_4398=0001000; expires=Sat, 22-Apr-2023 10:26:42 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=6860-1679567202; expires=Sun, 20-Mar-2033 10:26:42 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
static-assets.highwebmedia.com/cachebust/theatermode-react-b96e8c8a59a58b99e93a.js
104.16.93.42200 OK 38 kB URL HTTP/2 static-assets.highwebmedia.com/cachebust/theatermode-react-b96e8c8a59a58b99e93a.js
IP 104.16.93.42:0
File type ASCII text, with very long lines (22727), with no line terminators
Hash 49bddcc595477b72c3309cfc57eb4303
951617cb5408c451f787ff8977e195edca9c3305
89df3757eb3129fd4fcc64ef4124707de6ec918b6e420eddc1c49e9435aca8af
GET /cachebust/theatermode-react-b96e8c8a59a58b99e93a.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=22794
etag: W/"48bdf5737fd4d30cacaa33fdf2d543e9"
last-modified: Tue, 07 Feb 2023 01:02:23 GMT
x-amz-id-2: zxVQ+KZwzZ9gGokLLxSLdQhS4msEWXF+qQOqUtJmtyvvLlSFAuhYWkQvooYJPn/C4D+0jUG0wQI=
x-amz-meta-s3cmd-attrs: md5:48bdf5737fd4d30cacaa33fdf2d543e9
x-amz-request-id: SAJZDTV2YHF7DDTZ
cf-cache-status: HIT
age: 1243296
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WBQipZ0ACR4ISEobi6IbI6u7bpNbz2cJOpBrSem090ImeqxGr9WVIoKFLi%2FpLon2s7Rj3XuB8EvPEZyS%2F%2FvQoffPJzWVe%2BILVlLz2Ucm0byfYXYyq7ryBSI9DbafLvODkmOPgsYCFgNFQv0IP7fy%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=xXTui0nvAgAVjrVRn2CT76xnZotw6LzrEuTrl4nQVZg-1679567202802-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa497f920b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/129-react-f50007b4e3ded9be6468.js
104.16.93.42200 OK 46 kB URL HTTP/2 static-assets.highwebmedia.com/cachebust/129-react-f50007b4e3ded9be6468.js
IP 104.16.93.42:0
File type ASCII text, with very long lines (51326), with no line terminators
Hash 344d6862b463a20af5575a460efc312e
149572a563cd05cfe0690e14c76d5651a178b9ec
c8af0a4d6c8763b59d07c87c58462191a8ddd8a31d6df406d8266d3e1e4b30c9
GET /cachebust/129-react-f50007b4e3ded9be6468.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=51385
etag: W/"4c237955f494e5c0540a1e9e530837c7"
last-modified: Tue, 21 Mar 2023 20:53:17 GMT
x-amz-id-2: DFQZf1s/FtfvtuGEvZCrgYVFco/4SOpYA0VVvX00jt8rp3WEJY2CY0HBC7GfBmURpqfPHUae24o=
x-amz-meta-s3cmd-attrs: md5:4c237955f494e5c0540a1e9e530837c7
x-amz-request-id: CTPC9FFD7W3BDC6Q
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 135031
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sDKouvbmd2G0vPvxZ97NJctpqE70s%2BOEVvtdP9ZIH9k%2BQxZQJH%2B7xl3zJ0rnfXHMmQ%2FT9MP0mJ08zetjdKzDdUwLrh9s8kI3PYPsGEXs%2FJTFCx4ycRlV%2BOMDWQsbmQRPR%2BXafu1Y%2Fe%2BTB3IHgE20KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=xXTui0nvAgAVjrVRn2CT76xnZotw6LzrEuTrl4nQVZg-1679567202802-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa497f900b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
216.127.52.249200 4.9 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
IP 216.127.52.249:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (631)
Hash 59280e222d2d897a35329a6321108f4e
3a8979118cb210bca5bc1d82069962fb53969aa2
200a3adedbe458a44eb8a57ee3fa423d9e9f7a02c2eeff6f1d5c368ec3845d74
GET /as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Thu, 23 Mar 2023 10:26:42 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11679567202937_0_5104_5671=0001000; expires=Sat, 22-Apr-2023 10:26:42 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=9875-1679567202; expires=Sun, 20-Mar-2033 10:26:42 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
static-assets.highwebmedia.com/cachebust/chatembed-prod-38f6f20adf09.js
104.16.93.42200 OK 287 kB URL HTTP/2 static-assets.highwebmedia.com/cachebust/chatembed-prod-38f6f20adf09.js
IP 104.16.93.42:0
File type ASCII text, with very long lines (16136)
Size 287 kB (287170 bytes)
Hash 4491b668a43ded7b31774f8d5b77396b
630f1de3aab8f230d1d1e164c71fa8a6034a2d62
68de27f99f76ed3c1293fe1b40d28bcfe7142b97615de73cc91a60d4d904e8c3
GET /cachebust/chatembed-prod-38f6f20adf09.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=997023
etag: W/"3de015949d3c5fe8b30541301425cb98"
last-modified: Thu, 23 Mar 2023 01:22:09 GMT
x-amz-id-2: MPIJpIuJVHUbeTqDey+OQ+dP1p3FTbmNSIW92MU/fFShf1Qd6QtMJ3Wg6uf/sxvrHoHHpqR2GN0=
x-amz-meta-s3cmd-attrs: md5:3de015949d3c5fe8b30541301425cb98
x-amz-request-id: 565S19BF26AWRTW2
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 32500
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42jC4nv%2BKzkBIl2aXqH3eYzZ5fmQNKaUztcqV8ty5v6R3VTAbFoQ%2FXZ4P%2Bc1gVVsEuw9C281ZZRzDHt1e%2BpVaC%2BswZBquF01l9F4hK7QC%2BBiJTOC1hBdHo21GnuvMcE%2BeAxsPW4BNXRMJHaesf3enA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=ImR4WwkZR9vKDv4_pK.4qoRiyzE02hOTCsKRVRDnJrw-1679567202809-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa497f9a0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.c7889e6fe859.css
104.16.93.42200 OK 7.4 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.c7889e6fe859.css
IP 104.16.93.42:0
File type ASCII text, with very long lines (24511), with no line terminators
Hash de47db4b5fefc2c3e3279b8df74bcd5e
86e6f2da681ae258b44300ae35427762f1d36b19
0c44156dc903f2dbf3b439c8b10be5fab259504d565780ea5211ce3b8ed053d8
GET /CACHE/css/output.c7889e6fe859.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29632
etag: W/"cef83c77a5f8a731d2c1971dd2af351b"
last-modified: Tue, 28 Feb 2023 22:29:33 GMT
x-amz-id-2: +SANdag4jubQgecaoHv7ocmnj5KzMJ5/oUvMszuS5Gm1ii8OY7S/OfLEFQeJindDK/7ajVTduqQ=
x-amz-meta-s3cmd-attrs: md5:cef83c77a5f8a731d2c1971dd2af351b
x-amz-request-id: CP1TWFFRJW4XSCPX
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 1513762
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UEsX4dpHupTaubypb0Y3gXtTeBTnRUjsYcXu3ZYxhcaGBPz7k4pA8GqOCdydxyzeb4%2Bfsb34Xb6j6nubtB2hzbG257JtCdJn%2FMLHJisZIOny6iQB7KEn%2F3EC0cCwpM9RtpYIL8kfswoZ%2FrsirDVy2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=6PSXeyOM.Z7XQQi0_81M22f17TeGwDitshvUsHPCHho-1679567202816-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa498fbc0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
code.jquery.com/jquery-2.1.3.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-2.1.3.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32180)
Hash de4fdb8e2e5d9b9624bad7ed2b726525
053a31e8e83b261e3863c4f9e652caba910a2b89
f44c9556d0ecebc0716a7fce2899c0b40ed96394bebafb2937f4305bf3b118f3
GET /jquery-2.1.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:43 GMT
content-encoding: gzip
content-length: 29507
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-14960"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1679567203.dop021.sk1.t,1679567203.cds221.sk1.hn,1679567203.cds215.sk1.c
X-Firefox-Spdy: h2
m.sancdn.net/common/fontawesome-430/font-awesome.min.css
69.16.175.10200 OK 38 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/font-awesome.min.css
IP 69.16.175.10:0
Hash 346b1bf7c98d49495c0969ce0bf39e23
eade4d6a962f40215f29e86540f344ec680fcdf5
3105e14c8cf3cb65bed32bf5ef3b75b746ea2f238e837b2776456cb61bc9e8d0
GET /common/fontawesome-430/font-awesome.min.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:43 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 23685
Content-Type: text/css
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1679567203.dop001.sk1.t,1679567203.cds251.sk1.shn,1679567203.dop001.sk1.t,1679567203.cds206.sk1.c
ac1d488833.bae0c0aefd.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImEiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTAxOCwic3BhY2VpZCI6MTAxOCwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxNjUwMTM2MTAyIiwicmVmcmVzaCI6MSwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6Mjk3NjA0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoieGZhbnRhenkuY29tIiwicGwiOjMwMywic3RyYXRhZ2VtIjoibmxhYmVsLWIiLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTgsImJ0eXBlIjowLCJ2MiI6MCwicmNoYW5nZSI6ZmFsc2V9LCJiYW5uZXIiOnsidyI6OTAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiIyOTc2MDQiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8veGZhbnRhenkuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiIsImZwIjpudWxsfSwiZXh0Ijp7ImR0IjoxNjc5NTY3MjEwNDkyfX0=
162.55.139.130200 OK 2.7 kB URL HTTP/2 ac1d488833.bae0c0aefd.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImEiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTAxOCwic3BhY2VpZCI6MTAxOCwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxNjUwMTM2MTAyIiwicmVmcmVzaCI6MSwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6Mjk3NjA0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoieGZhbnRhenkuY29tIiwicGwiOjMwMywic3RyYXRhZ2VtIjoibmxhYmVsLWIiLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTgsImJ0eXBlIjowLCJ2MiI6MCwicmNoYW5nZSI6ZmFsc2V9LCJiYW5uZXIiOnsidyI6OTAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiIyOTc2MDQiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8veGZhbnRhenkuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiIsImZwIjpudWxsfSwiZXh0Ijp7ImR0IjoxNjc5NTY3MjEwNDkyfX0=
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash 3a36f3a7d30d3b9c66a3e9275067ff21
f67850f1b7fb1b5d3a21e1dd4d7a78b4a11a7d3b
19a3860a4d617f79e2cf1b9b3ab97dfd4fa669905c6de372569751daac61f06a
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImEiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTAxOCwic3BhY2VpZCI6MTAxOCwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxNjUwMTM2MTAyIiwicmVmcmVzaCI6MSwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6Mjk3NjA0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoieGZhbnRhenkuY29tIiwicGwiOjMwMywic3RyYXRhZ2VtIjoibmxhYmVsLWIiLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTgsImJ0eXBlIjowLCJ2MiI6MCwicmNoYW5nZSI6ZmFsc2V9LCJiYW5uZXIiOnsidyI6OTAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiIyOTc2MDQiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8veGZhbnRhenkuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiIsImZwIjpudWxsfSwiZXh0Ijp7ImR0IjoxNjc5NTY3MjEwNDkyfX0= HTTP/1.1
Host: ac1d488833.bae0c0aefd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Thu, 23 Mar 2023 10:26:43 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.249200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.249:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
Cookie: iid=9875-1679567202
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Thu, 23 Mar 2023 10:26:43 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1679567203; expires=Sun, 20-Mar-2033 10:26:43 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
static-assets.highwebmedia.com/CACHE/css/output.c604915fd7b4.css
104.16.93.42200 OK 34 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.c604915fd7b4.css
IP 104.16.93.42:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 813cd31a75d920607f42df30e4d55369
f5cf32e22560a26c292364edddbc52d1987f3993
215b691424d5867e3f475cf2567a2c31cd7311827060d1403e5f2d801fe2cbf4
GET /CACHE/css/output.c604915fd7b4.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=215023
etag: W/"b07590aff41d12531ee4268d53077adc"
last-modified: Fri, 17 Mar 2023 01:13:30 GMT
x-amz-id-2: DS23jdR/gmwlXI9OxN/91uxydqLlYTu9x+f2D0+jdzZt29jdAIf9jRXu+330i/dkHNyXWXXWOEE=
x-amz-meta-s3cmd-attrs: md5:b07590aff41d12531ee4268d53077adc
x-amz-request-id: 9F2FTRGPXR5FCS7M
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 551449
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MtF84tOqkZAVc%2BBlflXsa%2F%2FoK7gxdQXVIAbsRL7gG9aZVRWGsQ3kAvvaJySx5fR6VfuNqH1ERzwNX6HuC3%2Baoo3ocMJvHNR8tDZPUFULA6TfHZ9ZNpIZGv6Y62eq%2Fo3oHokESv%2BLCTPMc06AljA7tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=oXCvzmw_idUV5hhv7TT4R8FcKKfp791x30ShCEOT5MQ-1679567202800-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa496f850b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.6844178737510749
131.153.88.91200 OK 39 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.6844178737510749
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 04dbf16cd30d8253cb0ea63c0809cc31
f636785dd64511f25105063f65d458ba2b86d483
ac2bbde565ff3c66bee61fd4a76a71110d69f310d36e23a494c5e7413dc63280
GET /stream?room=hayleex&f=0.6844178737510749 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:43 GMT
content-type: image/jpeg
content-length: 38827
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
104.16.93.42200 OK 256 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
IP 104.16.93.42:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size 256 kB (255928 bytes)
Hash 16c6a2445a4ad2ec165f33278783bb82
89d5aa3f249822c678f899a567162d0a5d24b9cc
a6e1a5d84e1ed9e55292d4a2b212040a84c823ec4db10458bf37cc0b87d55bfb
GET /CACHE/js/output.97a5db11ca63.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=827275
etag: W/"692ec922d2a39b4037073f70286968b3"
last-modified: Fri, 13 May 2022 09:09:46 GMT
x-amz-id-2: gTEF4QSQwnS8c0jBrqdsXPIJKzaqR9jeomtjfhvNA6tuBAqkRj/DWSdLN+3V6KAz6+O3GvhWfhE=
x-amz-meta-s3cmd-attrs: md5:692ec922d2a39b4037073f70286968b3
x-amz-request-id: SNQHVWRKEYE18P8H
cf-cache-status: HIT
age: 1168078
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itOHLxv3brNo3tRmlnLvsGoSow2qOiSJH2h7gpNDGnjUrIgwXlgpbXM6v9xpZ3%2FU6LSLspLPQ3vI%2FEqBHX%2Bv8OWhWkwOtuQ1lFBtXFN6Phl4xz1aEXZH4ASSN6G3aOI%2Fj8gtSLnmY7spBytCjjxZOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Ns1gZxXgei5gmk0nveXwaRtf0uS6Q2wIp8nECCBOV40-1679567202803-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa497f8a0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/in/?track=adnium-xfantazy.com-ww&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
104.18.101.40302 Found 55 kB URL HTTP/2 chaturbate.com/in/?track=adnium-xfantazy.com-ww&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
IP 104.18.101.40:0
Hash 1144de963570f94b9bac93f604a08404
b3f5f7ab43a96d8c7cd2a0968c3243aeba24bbeb
b48f03ba3108b33b28541fd87136c143ae41265ce047e3e93b4cc1ce72d763c8
GET /in/?track=adnium-xfantazy.com-ww&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: text/html; charset=utf-8
location: /topembed/?join_overlay=1&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_dTm0=1; expires=Tue, 28 Mar 2023 10:26:41 GMT; Max-Age=432000; Path=/
us_dTm0=1; Path=/
affkey="eJwdzT0KgDAMhuGrSGa16ujoBVy8QGwbFImVNuIf3l3i+H55IA8ItBm4gSvIM7C8aQr2qdOWuGijW+edi5NwFbyv0gYujkNB1PMksqXWGCzZOwrBJSQvPzOKkEiZvUYfeV68bv+fpob3A/dxJyk="; Domain=.chaturbate.com; expires=Sat, 22 Apr 2023 10:26:41 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Thu, 23 Mar 2023 16:26:41 GMT; Max-Age=21600; Path=/
sbr=sec:sbr350986d8-13c1-4a7c-a064-299dde2d710b:1pfI9a:Ej8AOVvfSFqKhK0P8ISleNBg3Qk; Domain=.chaturbate.com; expires=Tue, 16 Dec 2025 10:26:42 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=vB0jaPHG2dlxukuh5hDOr_1_1OSOWTwWXdTTL4nZBsg-1679567202-0-Ad5ObAOCQRnnPGmaAYBIKmpuXjpHVHYL8bfsLHhO9GHtZdO6drNZr9HuWECuDpvIoGRS4FP3fr9YsJ5am7Z44Cc=; path=/; expires=Thu, 23-Mar-23 10:56:42 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7ac5fa43e81cb51d-OSL
X-Firefox-Spdy: h2
m.sancdn.net/common/videojs/videojs-411.js
69.16.175.10200 OK 71 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs-411.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (691)
Hash 532c3b3953d350e917649027f2c2accc
ffa74d9d511742bcf131580f71475dda94b962bc
16d0f10631780e6f883d0ec99240c59cc9836c76121d31111331732aac932fe0
GET /common/videojs/videojs-411.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:43 GMT
Connection: Keep-Alive
ETag: "1448403647"
Cache-Control: max-age=86400
Content-Length: 71023
Content-Type: application/javascript
Last-Modified: Tue, 24 Nov 2015 22:20:47 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1679567203.dop230.sk1.shc,1679567203.dop230.sk1.t,1679567203.cds205.sk1.c
js-agent.newrelic.com/async-api.737e0ca6-1227.min.js
151.101.2.137200 OK 1.1 kB URL HTTP/2 js-agent.newrelic.com/async-api.737e0ca6-1227.min.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (2129), with no line terminators
Hash 03dfc27bd3e9c55760c43279990e3229
b113bb4989edd07f098c6e1bb09b363444fac3ca
701b3c2622fc68fc8853e1898044bd46d6717de875a178bca0ecf2e533b0234b
GET /async-api.737e0ca6-1227.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LLTB4EDFC5QdmDB6fBVQH93tx9tnr4EXlsaYC2YJm4sqjgK75ZMyTo22k8mG/8P1cD3albbe9oA=
x-amz-request-id: X1KWZ3FX1KK6PDEW
last-modified: Thu, 09 Mar 2023 16:57:12 GMT
etag: "d12e5c859f6125ad9fcfab27abe9d60a"
x-amz-server-side-encryption: AES256
x-amz-version-id: .VExrz.uwnbfzMN2qSXv.A5mU3ucPuDN
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Mar 2023 10:26:44 GMT
via: 1.1 varnish
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 4698
x-timer: S1679567204.036823,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1123
X-Firefox-Spdy: h2
js-agent.newrelic.com/lazy-loader.540ab0d1-1227.min.js
151.101.2.137200 OK 415 B URL HTTP/2 js-agent.newrelic.com/lazy-loader.540ab0d1-1227.min.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (928), with no line terminators
Hash 0b53ee06b30157139fb5c09dc6c0fe36
f3b8adc2a11e6b1bca4a21b390eba1d38b9b5a09
bd24585f29a4e2ebc31878107971ff2f6bccd63fb3b004d67bf8d3068edc997a
GET /lazy-loader.540ab0d1-1227.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: HNXAVOU1+5WnN+AUDz2G+vBPOv0Zex2FvNHd5Lc4ngcrm02q0Use/ZfKYM1PCBaMYII9KuwAHiM=
x-amz-request-id: X1KHYM6H2X0GJ99K
last-modified: Thu, 09 Mar 2023 16:57:12 GMT
etag: "a041a84a662929211a210e7b10cc82d0"
x-amz-server-side-encryption: AES256
x-amz-version-id: i5brlKSFH8dErjq3e9pOJ9e9W7YKVyAf
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Mar 2023 10:26:44 GMT
via: 1.1 varnish
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 4714
x-timer: S1679567204.058787,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 415
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 77fc266649ebd02708ec96facb80a06b
8a4dc8026170f3be2107d5c69bd4d5b6f270f877
8efc709ae8f65ce123dae9dfb27aebdd2a0129750cd8bf2d43f2e713b94249d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EFC709AE8F65CE123DAE9DFB27AEBDD2A0129750CD8BF2D43F2E713B94249D9"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12384
Expires: Thu, 23 Mar 2023 13:53:08 GMT
Date: Thu, 23 Mar 2023 10:26:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7f1a8ba93e7875a2a576ea68fc1d7e5f
2029eb5cf5b3331da51d9db1df9275eea5f4deaf
e5dec1ad49f18d4aa98b4eb7b2d6812d3bf55b8c9816af52e7d35bc45134c05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E5DEC1AD49F18D4AA98B4EB7B2D6812D3BF55B8C9816AF52E7D35BC45134C05D"
Last-Modified: Wed, 22 Mar 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20517
Expires: Thu, 23 Mar 2023 16:08:41 GMT
Date: Thu, 23 Mar 2023 10:26:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7f1a8ba93e7875a2a576ea68fc1d7e5f
2029eb5cf5b3331da51d9db1df9275eea5f4deaf
e5dec1ad49f18d4aa98b4eb7b2d6812d3bf55b8c9816af52e7d35bc45134c05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E5DEC1AD49F18D4AA98B4EB7B2D6812D3BF55B8C9816AF52E7D35BC45134C05D"
Last-Modified: Wed, 22 Mar 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20517
Expires: Thu, 23 Mar 2023 16:08:41 GMT
Date: Thu, 23 Mar 2023 10:26:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7f1a8ba93e7875a2a576ea68fc1d7e5f
2029eb5cf5b3331da51d9db1df9275eea5f4deaf
e5dec1ad49f18d4aa98b4eb7b2d6812d3bf55b8c9816af52e7d35bc45134c05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E5DEC1AD49F18D4AA98B4EB7B2D6812D3BF55B8C9816AF52E7D35BC45134C05D"
Last-Modified: Wed, 22 Mar 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20517
Expires: Thu, 23 Mar 2023 16:08:41 GMT
Date: Thu, 23 Mar 2023 10:26:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cce43a9dedd614e19237ac6917f5e9d2
8742385e272c8a9535ab1d56a3ff4e22a61f1351
5cca2e712cc3c6995a37ef0320e24bff9d6d6e2ff8965ebe4a236a3b23a3fc05
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CCA2E712CC3C6995A37EF0320E24BFF9D6D6E2FF8965EBE4A236A3B23A3FC05"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13237
Expires: Thu, 23 Mar 2023 14:07:21 GMT
Date: Thu, 23 Mar 2023 10:26:44 GMT
Connection: keep-alive
m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
69.16.175.10200 OK 57 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
IP 69.16.175.10:0
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://as.sexad.net
Connection: keep-alive
Referer: https://m.sancdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 10:26:44 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=5063
Content-Length: 56780
Content-Type: application/octet-stream
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1679567204.dop203.sk1.t,1679567204.cds243.sk1.shn,1679567204.dop203.sk1.t,1679567204.cds252.sk1.c
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.249200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.249:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
Cookie: iid=9875-1679567202; ust=1679567203
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Thu, 23 Mar 2023 10:26:44 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1679567203; expires=Sun, 20-Mar-2033 10:26:44 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
104.16.93.42200 OK 4.8 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
IP 104.16.93.42:0
File type ASCII text, with very long lines (7845)
Hash ecdf23d30939e3f459e81b1640bc3a24
0bb97f8c397395af97074a99d6d4696abb147758
703847bea21a190b30425df7e87d608a7a35908ef6a7afe44a2f551fb56ef423
GET /CACHE/js/output.9b823bb2f723.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"1360376b8f5657814f662391b765d655"
last-modified: Tue, 24 May 2022 17:14:17 GMT
x-amz-id-2: KTWJY/HCZAzfCN7zvoTtoCRDkjCDtsx43npe+RSp0Ebo2HF6WHgess4Ct9QL7Zi8XExzaRuhmCw=
x-amz-meta-s3cmd-attrs: md5:1360376b8f5657814f662391b765d655
x-amz-request-id: M1HHWCFNA8C6CV81
cf-cache-status: HIT
age: 1680771
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4PzyiPkH0r3EkC3o50z3fLryX6mffqG6rObtFvn7Xoi2sdJoox7VGFVk5p3wuYker3ZWVMtF%2BZZk9URMAiYKMMffFn9csLj3f2rcy%2FukACxpdB%2B58NNMOqbZrikAu4VylOtk8X7QJAvvGD568mUllA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=6Zsaz1qQtuiKULlmUeBENYs5ULsLd_nIjLME1HtiDc0-1679567202821-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa498fbf0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
btds.zog.link/in/va?spot_id=297604&view=1&tag_ab=a
109.206.181.2200 OK 2 B URL HTTP/2 btds.zog.link/in/va?spot_id=297604&view=1&tag_ab=a
IP 109.206.181.2:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /in/va?spot_id=297604&view=1&tag_ab=a HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: 1840.0=1; expires=Fri, 24 Mar 2023 10:26:44 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=2493582664005027884&pid=0&site=297604&sc=NO&usage_type=DCH&subid=1650136102&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xfantazy.com&hostname=auc-banner-hz-1&site_id=0&spot_id=297604&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=303&skin_test=&verify_hash=&score=96.84250672347424&ml=&tag_ab=a&v2=0&ttl=&space_id=1018&banner_width=900&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D297604%26source%3D1650136102%26idzone%3D0%26w%3D900%26h%3D250%26mo%3D%26ve%3D%26site_id%3D297604%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D297604%26p%3Dhttps%253A%252F%252Fxfantazy.com%252F%26katds_labels%3D%26btype%3D0%26score%3D96.84250672347424%26bf%3D0.0001&pr=xfantazy.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-b&ssp=3758&refresh=1&priority=0&bb=0.0001
159.69.163.6302 Found 11 kB URL HTTP/2 rtbrennab.com/banner/in/show/?mid=2493582664005027884&pid=0&site=297604&sc=NO&usage_type=DCH&subid=1650136102&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xfantazy.com&hostname=auc-banner-hz-1&site_id=0&spot_id=297604&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=303&skin_test=&verify_hash=&score=96.84250672347424&ml=&tag_ab=a&v2=0&ttl=&space_id=1018&banner_width=900&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D297604%26source%3D1650136102%26idzone%3D0%26w%3D900%26h%3D250%26mo%3D%26ve%3D%26site_id%3D297604%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D297604%26p%3Dhttps%253A%252F%252Fxfantazy.com%252F%26katds_labels%3D%26btype%3D0%26score%3D96.84250672347424%26bf%3D0.0001&pr=xfantazy.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-b&ssp=3758&refresh=1&priority=0&bb=0.0001
IP 159.69.163.6:0
ASN #24940 Hetzner Online GmbH
Hash 667449873fa4dc3da338cae1e763c8c7
fb000e3f150ecb60dbe63fc6b3700ea31056972d
90bc67fcc56de432fbf5e15e20eec386a654e2d66b4de06ada575cf353052f47
GET /banner/in/show/?mid=2493582664005027884&pid=0&site=297604&sc=NO&usage_type=DCH&subid=1650136102&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xfantazy.com&hostname=auc-banner-hz-1&site_id=0&spot_id=297604&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=303&skin_test=&verify_hash=&score=96.84250672347424&ml=&tag_ab=a&v2=0&ttl=&space_id=1018&banner_width=900&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D297604%26source%3D1650136102%26idzone%3D0%26w%3D900%26h%3D250%26mo%3D%26ve%3D%26site_id%3D297604%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D297604%26p%3Dhttps%253A%252F%252Fxfantazy.com%252F%26katds_labels%3D%26btype%3D0%26score%3D96.84250672347424%26bf%3D0.0001&pr=xfantazy.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-b&ssp=3758&refresh=1&priority=0&bb=0.0001 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ac1d488833.bae0c0aefd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 23 Mar 2023 10:26:44 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=297604&source=1650136102&idzone=0&w=900&h=250&mo=&ve=&site_id=297604&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297604&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=96.84250672347424&bf=0.0001
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.5996308031657601
131.153.88.91200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.5996308031657601
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 514ca27045f72d6d2dd3e7bbefbb4be9
714e14871761690b38ee3ac98e8aa3a81276d0c7
83396063ab5a016c0c09afb7c4519d9e482c0d052fc4581920dda51511bc8aeb
GET /stream?room=beverlyvega&f=0.5996308031657601 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/jpeg
content-length: 22827
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.7178302511130588
131.153.88.91200 OK 38 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.7178302511130588
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 645efd9c8f6def15b55f723729fcc46b
69f24b07bc681f3de2ee0c072ceb8a6939e6bd30
d76cd987686bd4ff3f048b4715d315cd24e4a3c4642d0abda919505369cd662b
GET /stream?room=hayleex&f=0.7178302511130588 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/jpeg
content-length: 38272
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
js-agent.newrelic.com/spa-aggregate.494130b7-1227.min.js
151.101.2.137200 OK 6.7 kB URL HTTP/2 js-agent.newrelic.com/spa-aggregate.494130b7-1227.min.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (18780), with no line terminators
Hash 8663942728c4e3ba0df2337240c35ee3
cfad319e622269f9c3a29c2bc7e0e0df7bc4a6d6
fa933e57987c869c0d563c218372a4c85acd6cf1d737cfc789a0b47a774ec96f
GET /spa-aggregate.494130b7-1227.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: TIE1n7VMj7a0ZMKSZyXsxWQwz/KtqLTPsDtLZjBBbER8IkqtT+Hq/WcV1TH3DMAy7qYWlCTW2j4=
x-amz-request-id: J3KFTKZNH4ZC5FKN
last-modified: Thu, 09 Mar 2023 16:57:12 GMT
etag: "c9a85289539a80c3ce75d510ee52f0c6"
x-amz-server-side-encryption: AES256
x-amz-version-id: MOfgH_1ttKzddlisAak1jm7fbEtINNGC
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Mar 2023 10:26:44 GMT
via: 1.1 varnish
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 1891
x-timer: S1679567204.262036,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 6664
X-Firefox-Spdy: h2
js-agent.newrelic.com/178.52056f28-1227.min.js
151.101.2.137200 OK 3.8 kB URL HTTP/2 js-agent.newrelic.com/178.52056f28-1227.min.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (9255), with no line terminators
Hash 0cdee4386fc5e26c88588f13c1f98d2f
7f787ff772c58db6d8eb86e3718210cf02e823bf
d2aea8be91ec37fa5c0f6fe1f65baba7486684ecbd60f73d56d22d423a657025
GET /178.52056f28-1227.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: aT06CGh5oOpXrIqz5qwibNaMUOM/m7kcMAEg7Jf3TVcRfAagKDE4/nS+nf0+eQPu+zomW62XXt4=
x-amz-request-id: J3KF281NCW962AQS
last-modified: Thu, 09 Mar 2023 16:57:12 GMT
etag: "b21a67c8e50dcceef0405ebb063eca96"
x-amz-server-side-encryption: AES256
x-amz-version-id: tfnJWGkgjVdXF5EV55Q2uJIk1QgPYrSL
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Mar 2023 10:26:44 GMT
via: 1.1 varnish
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 4471
x-timer: S1679567204.263937,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3764
X-Firefox-Spdy: h2
js-agent.newrelic.com/page_view_event-aggregate.2ae3c96c-1227.min.js
151.101.2.137200 OK 1.7 kB URL HTTP/2 js-agent.newrelic.com/page_view_event-aggregate.2ae3c96c-1227.min.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (3814), with no line terminators
Hash eb1f985802faf8e291793c6c6a509a0d
77a00623aa6fcce14e8acc3d17adbfe30e6d9f55
0b876f14f19c14c874c6e4f892517f91b36be238f18acebc5502d001244f65f9
GET /page_view_event-aggregate.2ae3c96c-1227.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: RGUZ8edb5ibnhA3ai0RzLn0AOxcz8rfWlVv3yR0obJn8Nxhj+jSWLnK9qmK/G80UOegoBtuC5Q4=
x-amz-request-id: J3K0ZC8YB249SAHT
last-modified: Thu, 09 Mar 2023 16:57:12 GMT
etag: "f768d3f0fb8ea163c644cfa4a536676d"
x-amz-server-side-encryption: AES256
x-amz-version-id: FeegzFVNqKt6H_XSfsFwZcx1Np._S4kr
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Mar 2023 10:26:44 GMT
via: 1.1 varnish
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 4469
x-timer: S1679567204.264280,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1713
X-Firefox-Spdy: h2
js-agent.newrelic.com/page_view_timing-aggregate.a7d9d7be-1227.min.js
151.101.2.137200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/page_view_timing-aggregate.a7d9d7be-1227.min.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (5426), with no line terminators
Hash 1d0aca99dc56a135a91221ab5314b29c
a44835c7e37f94e33cb20f4a2b51a2b94a1ed11d
7c1277b080c6737e0b266099b42d5c2ade65be54c9dc27c4a8e9625e34608357
GET /page_view_timing-aggregate.a7d9d7be-1227.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: MeR9P8RqaGzGYO1G4on1DBJmuSM9V+li+iEGIcVb5R/cEtGrnv/5zYy1NywRKsVssm0sdpVbJFI=
x-amz-request-id: J3KFSTCH0H35BJM1
last-modified: Thu, 09 Mar 2023 16:57:12 GMT
etag: "eb3b7aaf78edc0a629532c28a1c06b8a"
x-amz-server-side-encryption: AES256
x-amz-version-id: sqO0QzvZ3V3OZNlIV1_qDeOPuvdGFJah
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Mar 2023 10:26:44 GMT
via: 1.1 varnish
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 4473
x-timer: S1679567204.264375,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2224
X-Firefox-Spdy: h2
js-agent.newrelic.com/metrics-aggregate.28086cfb-1227.min.js
151.101.2.137200 OK 1.8 kB URL HTTP/2 js-agent.newrelic.com/metrics-aggregate.28086cfb-1227.min.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (4128), with no line terminators
Hash 4bee99d08a8fc5bee885a4663ace89dc
96445a39f3eb3f8f3d7b90e7333c91ef365b249a
25809b8e76c7398e2ac3da2b317a79159fb1febbb30c170b5941181a7eabe0e3
GET /metrics-aggregate.28086cfb-1227.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: JlI9jEnvHwyUH5q51zPj7FC0eR8SIbY27K1rjyASXl8wqklVZ78+KkILmuVlfa9+u7BPhqCqDdg=
x-amz-request-id: J3KE7BT8ZDH9ZJM2
last-modified: Thu, 09 Mar 2023 16:57:12 GMT
etag: "fd7ae418fde6eab067f9005c5dccc62b"
x-amz-server-side-encryption: AES256
x-amz-version-id: 3OFnwVDELpuG2CawrTfxxEzGbg_GjKb5
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Mar 2023 10:26:44 GMT
via: 1.1 varnish
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 4474
x-timer: S1679567204.264470,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1752
X-Firefox-Spdy: h2
js-agent.newrelic.com/jserrors-aggregate.941c6e17-1227.min.js
151.101.2.137200 OK 2.9 kB URL HTTP/2 js-agent.newrelic.com/jserrors-aggregate.941c6e17-1227.min.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (7661), with no line terminators
Hash b94b9853573a235e49b390310d18f8c8
7edbeb499928788296b7e9eaaf52720b04423663
bc57cadd1025ab6cbb6967cd21f5bbfc324f1a7c977fee20ee715a3ef074aa2c
GET /jserrors-aggregate.941c6e17-1227.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: WJlvLjGJlxrmBB8rgC9pVHFwHvXx9C2rr+PUuT0PJgAiqq/YbO4hm7afvFD3IsJsd2qC0CTtB/8=
x-amz-request-id: H85NTR4DKHDTZFMV
last-modified: Thu, 09 Mar 2023 16:57:12 GMT
etag: "8a0b3cc73395206dfac178f98f412980"
x-amz-server-side-encryption: AES256
x-amz-version-id: wlVstoCC4UFYAF1ILBCZ5Nc.v2fH1cp7
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Mar 2023 10:26:44 GMT
via: 1.1 varnish
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 1000
x-timer: S1679567204.265084,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2938
X-Firefox-Spdy: h2
js-agent.newrelic.com/session_trace-aggregate.545db67a-1227.min.js
151.101.2.137200 OK 3.7 kB URL HTTP/2 js-agent.newrelic.com/session_trace-aggregate.545db67a-1227.min.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (9923), with no line terminators
Hash e7e6ee264746303d21bbb267a9ba3d81
752836aa17acfc6b7df98c952d736ea06f41f776
45d351c15ee5f1e543c07e3986f9e310c7af6c518c2bb3ddef3ae9d75743870f
GET /session_trace-aggregate.545db67a-1227.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2/LkMvvv/W3Vc2zaO7/N0k1X0D1BEr2QUVv7EW93g6wV5zsa/CZODpT5p0a62KCeZ7DEF+5k8TM=
x-amz-request-id: J3KB37HK18WBXXKE
last-modified: Thu, 09 Mar 2023 16:57:12 GMT
etag: "00f1a92b2eb88dcbd4684c44ca621600"
x-amz-server-side-encryption: AES256
x-amz-version-id: 8sXc8kke00U4XRsYmYhWsmLPR6EjlyYd
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Mar 2023 10:26:44 GMT
via: 1.1 varnish
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 2791
x-timer: S1679567204.267708,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3742
X-Firefox-Spdy: h2
pt-static4.ptwmstcnt.com/npe/_common/script/incognito/di.min-v974215.js
93.93.51.200200 OK 2.6 kB URL HTTP/2 pt-static4.ptwmstcnt.com/npe/_common/script/incognito/di.min-v974215.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type C source, ASCII text, with very long lines (6165), with no line terminators
Hash 0d8e3464760347f811084355a7567cd0
555afb9e4983a6c80341976791940478b3683a9b
9acd2fd822abf9563db4caaa54ee6e13321381bf1718a7df040a0b27f27343ca
GET /npe/_common/script/incognito/di.min-v974215.js HTTP/1.1
Host: pt-static4.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: application/javascript
last-modified: Thu, 23 Mar 2023 06:46:09 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"641bf5b1-d47"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=297604&source=1650136102&idzone=0&w=900&h=250&mo=&ve=&site_id=297604&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297604&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=96.84250672347424&bf=0.0001
109.206.181.2302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=297604&source=1650136102&idzone=0&w=900&h=250&mo=&ve=&site_id=297604&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297604&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=96.84250672347424&bf=0.0001
IP 109.206.181.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=297604&source=1650136102&idzone=0&w=900&h=250&mo=&ve=&site_id=297604&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297604&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=96.84250672347424&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ac1d488833.bae0c0aefd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://twinrdack.com/link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=1650136102&kw=,
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Sun, 26 Mar 2023 12:26:44 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.4078776608929279
131.153.88.91200 OK 22 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.4078776608929279
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash e700fe012055cd9affc5a8017a82ce18
e61c81642d15c2dd5b9a681cdcf559ab6809720f
43ddfe193c9a4594f1718eb1dcc22469eff05d255aaff175785de7d91c813700
GET /stream?room=beverlyvega&f=0.4078776608929279 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/jpeg
content-length: 22089
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.7782493584994177
131.153.88.91200 OK 39 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.7782493584994177
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 9d08ea58e7ae1e5aeab6a83caa3ee448
c2cf77302d69aaca1881371a1cd80e146663ac34
7820963f57e3690c6c973e8d7b16c9dcac1c5fb98689a4d420aaa1efcc074773
GET /stream?room=hayleex&f=0.7782493584994177 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/jpeg
content-length: 38557
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
m1.nsimg.net//biopic/320x240/107626480
207.178.0.91200 OK 13 kB URL HTTP/1.1 m1.nsimg.net//biopic/320x240/107626480
IP 207.178.0.91:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash 24bb37dbcd581216a2b29a59086f87a4
7b56cfce5b66e8a7b7d8abf25051ebccb455f2a0
52cdc8dda0bc180e82a93e7c79b3c912c3fbe8ee3c856af6f35a03da9a9918fe
GET //biopic/320x240/107626480 HTTP/1.1
Host: m1.nsimg.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 10:26:44 GMT
Content-Type: image/jpeg
Content-Length: 12731
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 02:16:06 GMT
ETag: "632d16e6-31bb"
Expires: Thu, 23 Mar 2023 10:48:15 GMT
Cache-Control: max-age=7200
X-Varnish: 89108494 89085526
Age: 1
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
pt-static1.ptwmstcnt.com/npe/image/smilies_ex.png
93.93.51.200200 OK 41 kB URL HTTP/2 pt-static1.ptwmstcnt.com/npe/image/smilies_ex.png
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash edcb5e7c57216b0f400276a43e02e138
01132874e6fa5524f1f36736ef3384c0d6013a33
1f9379c1bcdf4346dd0f7820e1091f4c4745e7df50d42a2ea2088f27459bb297
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/png
content-length: 8533
last-modified: Tue, 14 Mar 2023 11:38:44 GMT
etag: "64105cc4-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1227.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2227&ck=0&s=975a4cab312c9885&ref=https://chaturbate.com/tours/3/&ap=23&be=529&fe=1084&dc=571&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1679567210024,%22n%22:0,%22r%22:0,%22re%22:182,%22f%22:182,%22dn%22:182,%22dne%22:182,%22c%22:182,%22s%22:182,%22ce%22:182,%22rq%22:191,%22rp%22:373,%22rpe%22:386,%22dl%22:495,%22di%22:1002,%22ds%22:1100,%22de%22:1104,%22dc%22:1609,%22l%22:1609,%22le%22:1617%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAdaAF9QVQYPBFdXBlcACBh4Yy8TFUMhJTshCU0XAwhRHRsiJDwmDBJzZhsLB1BVEgdPRiAgZndWRSRJTRMDQV5BAFhZSlRNV1gNEQZGT0RLUFhdPlhJQ1hBXVJIAAUXBVMfCFRWQUhBB1daV24HXVgGEUFeQUQVF1tUEkVmBhcGFxA5UEUbC0MICE9bU0pXVBcEDAVDHRsDBxAQPAFMUEpCPlZcDkBZRi0pGxkbWBFuWg4XDRARHxsPG38uExVDCxM7AAlMW01DGG5aDgwFDQcDV1ZcE1sTAFhAT0YKFmZbXEUWXksKQFlGAQpQTRdSDlwbTUAKFDwJS1JYXwhLWBULDApBXBt3VVgZEWoODhYQCglXRhsdQ1hJPgsQFEFcG3dVWBkRag4OFhAKCVdGGx1DWEk%2BAxAKQVwMBQoBVR0bCBI8BRAIZlpLVkMLGyMOChxDNVZZTEUIXlcSQiI3QUobXEluAl5XDwcAEAoJV2pNSBFUG1tAIAUBClwafWItExVDCxM7FhVcR2ZFGEFcQ1hBFgYVUFFcXxVYWA1AT0YRA0hAXEIVbkkAFgtGWUQWQVZEE0IWUk1BSEERVWpRXhJFG1tAAAwCEkxHW1AVVBcCDQ5GT0RKXE1UPlhdQ1hSSEEVUEFcbgVeVAALDUZZRFpdWEUUQ1sAFgZKAAlUFxUTE1RIFAcQEDwOVkZNE1sTWgkDFxERBFhBXB8CXlRDTkEGEQlORlxDPlhdQ1hBVAcHWwAMVVUcCgVVU0lXXwpQFAhTBAtMUAFdBl9aAFxSUggPQ05BFgYAXEdcQ0MLGwkWFxQQXBYaWlAMQloJAxdKDQNNGhsdQ0NcEBcGFxc5VFBNWQ5VG1tAJCE3RBUXSUgVWVYPPRUBERVQWlcTWxMKT1tBSEETWGpdVBdYWgQ9BQUOD1VMGwtDfk0JBxFGT0RMVGZVBEdQAgc8EBoWXBcDEwVUSgoWDBRBShtAWG4OQmYHAw4NDx8bDxtmCF9dDhUQRk9ETFRmXhJuTwQQEA0MCBsPGwBRExVDFwI7ARRWQkpUE25fAA8KCBpEAxd/WBNUXw4aQUhBE1hqW0MORkoEEDwSBhRKXFZfQwsbUFJWSlNEFRdMUD5CTRMLDQNBXBt4VksIXVUATVZKU0YRYlBfBV5OEkItMENXCRsJCkFmUA9UV19DHg8BAhETRwNQUlZKU08ZclxSCl4WU1JSVFNXCQQZdwhDXAcNG0tSVgwbCRNNE14IFjwHDAtUXE0TWxMKWQRVAlFWWFFfAVgTFUMSAhYCC0oXAxMabRsVDRYWP0QDFWUTGQBrBT5BSEM6G1ZYXBFQUAYMP0ZZRmUXTVAuQns9QE9EP0RaaRsLQW0bUD5BSEM6G0VlE1sRZUNSP0ZPRmUXXlQPVVwTPkFeQzobU2UTTRFlQwYKFwIEVVBmQg5EVwU%2BQV5DOhsFZRMcE0Qc&jsonp=NREUM.setToken
162.247.243.29200 OK 49 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1227.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2227&ck=0&s=975a4cab312c9885&ref=https://chaturbate.com/tours/3/&ap=23&be=529&fe=1084&dc=571&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1679567210024,%22n%22:0,%22r%22:0,%22re%22:182,%22f%22:182,%22dn%22:182,%22dne%22:182,%22c%22:182,%22s%22:182,%22ce%22:182,%22rq%22:191,%22rp%22:373,%22rpe%22:386,%22dl%22:495,%22di%22:1002,%22ds%22:1100,%22de%22:1104,%22dc%22:1609,%22l%22:1609,%22le%22:1617%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAdaAF9QVQYPBFdXBlcACBh4Yy8TFUMhJTshCU0XAwhRHRsiJDwmDBJzZhsLB1BVEgdPRiAgZndWRSRJTRMDQV5BAFhZSlRNV1gNEQZGT0RLUFhdPlhJQ1hBXVJIAAUXBVMfCFRWQUhBB1daV24HXVgGEUFeQUQVF1tUEkVmBhcGFxA5UEUbC0MICE9bU0pXVBcEDAVDHRsDBxAQPAFMUEpCPlZcDkBZRi0pGxkbWBFuWg4XDRARHxsPG38uExVDCxM7AAlMW01DGG5aDgwFDQcDV1ZcE1sTAFhAT0YKFmZbXEUWXksKQFlGAQpQTRdSDlwbTUAKFDwJS1JYXwhLWBULDApBXBt3VVgZEWoODhYQCglXRhsdQ1hJPgsQFEFcG3dVWBkRag4OFhAKCVdGGx1DWEk%2BAxAKQVwMBQoBVR0bCBI8BRAIZlpLVkMLGyMOChxDNVZZTEUIXlcSQiI3QUobXEluAl5XDwcAEAoJV2pNSBFUG1tAIAUBClwafWItExVDCxM7FhVcR2ZFGEFcQ1hBFgYVUFFcXxVYWA1AT0YRA0hAXEIVbkkAFgtGWUQWQVZEE0IWUk1BSEERVWpRXhJFG1tAAAwCEkxHW1AVVBcCDQ5GT0RKXE1UPlhdQ1hSSEEVUEFcbgVeVAALDUZZRFpdWEUUQ1sAFgZKAAlUFxUTE1RIFAcQEDwOVkZNE1sTWgkDFxERBFhBXB8CXlRDTkEGEQlORlxDPlhdQ1hBVAcHWwAMVVUcCgVVU0lXXwpQFAhTBAtMUAFdBl9aAFxSUggPQ05BFgYAXEdcQ0MLGwkWFxQQXBYaWlAMQloJAxdKDQNNGhsdQ0NcEBcGFxc5VFBNWQ5VG1tAJCE3RBUXSUgVWVYPPRUBERVQWlcTWxMKT1tBSEETWGpdVBdYWgQ9BQUOD1VMGwtDfk0JBxFGT0RMVGZVBEdQAgc8EBoWXBcDEwVUSgoWDBRBShtAWG4OQmYHAw4NDx8bDxtmCF9dDhUQRk9ETFRmXhJuTwQQEA0MCBsPGwBRExVDFwI7ARRWQkpUE25fAA8KCBpEAxd/WBNUXw4aQUhBE1hqW0MORkoEEDwSBhRKXFZfQwsbUFJWSlNEFRdMUD5CTRMLDQNBXBt4VksIXVUATVZKU0YRYlBfBV5OEkItMENXCRsJCkFmUA9UV19DHg8BAhETRwNQUlZKU08ZclxSCl4WU1JSVFNXCQQZdwhDXAcNG0tSVgwbCRNNE14IFjwHDAtUXE0TWxMKWQRVAlFWWFFfAVgTFUMSAhYCC0oXAxMabRsVDRYWP0QDFWUTGQBrBT5BSEM6G1ZYXBFQUAYMP0ZZRmUXTVAuQns9QE9EP0RaaRsLQW0bUD5BSEM6G0VlE1sRZUNSP0ZPRmUXXlQPVVwTPkFeQzobU2UTTRFlQwYKFwIEVVBmQg5EVwU%2BQV5DOhsFZRMcE0Qc&jsonp=NREUM.setToken
IP 162.247.243.29:0
File type ASCII text, with no line terminators
Hash ada33e5b8877e743ff658bf4bfa1867c
5a78662243dac43c0ee48bcb7e05a536b84c2e38
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
GET /1/6f524845d1?a=24279235&v=1227.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2227&ck=0&s=975a4cab312c9885&ref=https://chaturbate.com/tours/3/&ap=23&be=529&fe=1084&dc=571&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1679567210024,%22n%22:0,%22r%22:0,%22re%22:182,%22f%22:182,%22dn%22:182,%22dne%22:182,%22c%22:182,%22s%22:182,%22ce%22:182,%22rq%22:191,%22rp%22:373,%22rpe%22:386,%22dl%22:495,%22di%22:1002,%22ds%22:1100,%22de%22:1104,%22dc%22:1609,%22l%22:1609,%22le%22:1617%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAdaAF9QVQYPBFdXBlcACBh4Yy8TFUMhJTshCU0XAwhRHRsiJDwmDBJzZhsLB1BVEgdPRiAgZndWRSRJTRMDQV5BAFhZSlRNV1gNEQZGT0RLUFhdPlhJQ1hBXVJIAAUXBVMfCFRWQUhBB1daV24HXVgGEUFeQUQVF1tUEkVmBhcGFxA5UEUbC0MICE9bU0pXVBcEDAVDHRsDBxAQPAFMUEpCPlZcDkBZRi0pGxkbWBFuWg4XDRARHxsPG38uExVDCxM7AAlMW01DGG5aDgwFDQcDV1ZcE1sTAFhAT0YKFmZbXEUWXksKQFlGAQpQTRdSDlwbTUAKFDwJS1JYXwhLWBULDApBXBt3VVgZEWoODhYQCglXRhsdQ1hJPgsQFEFcG3dVWBkRag4OFhAKCVdGGx1DWEk%2BAxAKQVwMBQoBVR0bCBI8BRAIZlpLVkMLGyMOChxDNVZZTEUIXlcSQiI3QUobXEluAl5XDwcAEAoJV2pNSBFUG1tAIAUBClwafWItExVDCxM7FhVcR2ZFGEFcQ1hBFgYVUFFcXxVYWA1AT0YRA0hAXEIVbkkAFgtGWUQWQVZEE0IWUk1BSEERVWpRXhJFG1tAAAwCEkxHW1AVVBcCDQ5GT0RKXE1UPlhdQ1hSSEEVUEFcbgVeVAALDUZZRFpdWEUUQ1sAFgZKAAlUFxUTE1RIFAcQEDwOVkZNE1sTWgkDFxERBFhBXB8CXlRDTkEGEQlORlxDPlhdQ1hBVAcHWwAMVVUcCgVVU0lXXwpQFAhTBAtMUAFdBl9aAFxSUggPQ05BFgYAXEdcQ0MLGwkWFxQQXBYaWlAMQloJAxdKDQNNGhsdQ0NcEBcGFxc5VFBNWQ5VG1tAJCE3RBUXSUgVWVYPPRUBERVQWlcTWxMKT1tBSEETWGpdVBdYWgQ9BQUOD1VMGwtDfk0JBxFGT0RMVGZVBEdQAgc8EBoWXBcDEwVUSgoWDBRBShtAWG4OQmYHAw4NDx8bDxtmCF9dDhUQRk9ETFRmXhJuTwQQEA0MCBsPGwBRExVDFwI7ARRWQkpUE25fAA8KCBpEAxd/WBNUXw4aQUhBE1hqW0MORkoEEDwSBhRKXFZfQwsbUFJWSlNEFRdMUD5CTRMLDQNBXBt4VksIXVUATVZKU0YRYlBfBV5OEkItMENXCRsJCkFmUA9UV19DHg8BAhETRwNQUlZKU08ZclxSCl4WU1JSVFNXCQQZdwhDXAcNG0tSVgwbCRNNE14IFjwHDAtUXE0TWxMKWQRVAlFWWFFfAVgTFUMSAhYCC0oXAxMabRsVDRYWP0QDFWUTGQBrBT5BSEM6G1ZYXBFQUAYMP0ZZRmUXTVAuQns9QE9EP0RaaRsLQW0bUD5BSEM6G0VlE1sRZUNSP0ZPRmUXXlQPVVwTPkFeQzobU2UTTRFlQwYKFwIEVVBmQg5EVwU%2BQV5DOhsFZRMcE0Qc&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 49
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: text/javascript
cross-origin-resource-policy: cross-origin
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: *
x-served-by: cache-bma1628-BMA
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1c/cc35db9631401f89b8fc0c04290b05f6_glamour_896x504.jpg
93.93.51.190200 OK 77 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1c/cc35db9631401f89b8fc0c04290b05f6_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash d5948ca078b70c351ca61556bb1ccbb0
0300d6cca3aee5e1a4dc1caf50d10c27f2ba6d9a
fee7c4476d99b75711f448b84e2ac08a54b9d0bde88a7d4274a56e6d34440736
GET /ff268cab8d9fbae1ed7506f97496274f1c/cc35db9631401f89b8fc0c04290b05f6_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/jpeg
content-length: 77083
last-modified: Fri, 03 Mar 2023 16:10:08 GMT
etag: "d5948ca078b70c351ca61556bb1ccbb0"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Thu, 06 Apr 2023 10:26:44 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.06268508159822328
131.153.88.91200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.06268508159822328
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 6a73cb851ea098c31c8c0347c269ab5a
9a5d0aff8142d0a1ff51540a9dd172b14cb8ea8c
69b177a686f1f29ec36efd387011a468f55427ea5b0865264c2640ffd656cc5a
GET /stream?room=beverlyvega&f=0.06268508159822328 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/jpeg
content-length: 22624
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.02027103049514667
131.153.88.91200 OK 39 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.02027103049514667
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 5a4f4033bc2e11edab1e42b150f752ff
ccbc0b430ff891f6ba59a22487794a981df3ce1e
6f3fe539c96902d680f4e2d1b581fcb92e6446ce83c8b4d7d96658ed21da7034
GET /stream?room=hayleex&f=0.02027103049514667 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/jpeg
content-length: 38961
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
twinrdack.com/Redirect.eng?MediaSegmentId=46824&dcid=3_ctx_11b3ac6a-8863-422f-bb0b-9b2839cb0e41&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=utn_I22yrxGa3hkBgor7k3nJmOd44GpV_dOcZBYAkIR1OoqaAhhsNEITvJYl0EJxyBQSnkP80ELHZ84ai-LyfDkqySiDx15eX21MMCJ94MI_2x4-A9KU9mNFa1XgGLuw_bLzN5sOCdb4q3ZFu2pLgt6tgM1mGn0GK3MQ-EnpCQapukXg2w1UG5L6czJDbbSMxqkvTeHCBRfmySURD3rAaJ0iKcNsX3_O-sFM6RmP8LzMeW_A4cO9pK5BCa4aOjWYwXmI-QEOEdGqQja8Ibd_pk_Ax7YOSwzkusOyEA4xUdoddfrmO8yU8_622nOfwLZqSakM9GmQeIDjO90HEwuzQm6GQbXgwhLW5F_JXDIHDRnGIOFRvpooFFNnqksDgY5W_wgSvVUN6gXQboQHcahKCd6zhKIRWnK0CwpT-HWwFSXU9gU1goDdBDHCEGxUZa-kSgC9pc_AbRGo1P_l_guiHnNIDO4F3wWRi646gDLmhdDfe4dF8PV30kb-g5kVdSyo_E9CNiKqXMfa14FrmH8D7lks3_xcgby-K83kQV1xfHUy2uuxQHM4N8xPv2HM1YikeyqhXaZQWC0TqSVWMw6mMCGGx2YGqgDaX2LdKemDOMROI-e-cEiMSvKMj-Zn4yD3-xB2k-6teHqhuskrvbuk1UIplmN9hxj7DP5kRi3q8JW8PISZCt90YK-kPf9a8Rn6tSMoJPln8wvWdStw-qTRGU1KFuBm8MitXP_z3r9FKZPo8Ko0MTdZ2-mSaPaE-6MX9ran47u6uJBr7vbPh4c_mg3rc2l3bGauRtXYG0xtefOwRFdCK3d_yOPzZezDl9j2NPGg4vemiSSQ4ZJzrwtJxmllZB-tLM10LJbBV1Y3PqZCuwrYti0Azs_m6TLmC_rFJqjkRMe727AOpCBTJrhjZ2t4fEU5zvFdBw0Sj2U8PnMUg7FCxcQQQpceihVNrHeznmZOYdyyX3ovnT2Sa833FZm5CXljjJvlrHtS64sabGs1&kw=&mw=300&mh=250
172.66.43.134302 Found 419 B URL HTTP/2 twinrdack.com/Redirect.eng?MediaSegmentId=46824&dcid=3_ctx_11b3ac6a-8863-422f-bb0b-9b2839cb0e41&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=utn_I22yrxGa3hkBgor7k3nJmOd44GpV_dOcZBYAkIR1OoqaAhhsNEITvJYl0EJxyBQSnkP80ELHZ84ai-LyfDkqySiDx15eX21MMCJ94MI_2x4-A9KU9mNFa1XgGLuw_bLzN5sOCdb4q3ZFu2pLgt6tgM1mGn0GK3MQ-EnpCQapukXg2w1UG5L6czJDbbSMxqkvTeHCBRfmySURD3rAaJ0iKcNsX3_O-sFM6RmP8LzMeW_A4cO9pK5BCa4aOjWYwXmI-QEOEdGqQja8Ibd_pk_Ax7YOSwzkusOyEA4xUdoddfrmO8yU8_622nOfwLZqSakM9GmQeIDjO90HEwuzQm6GQbXgwhLW5F_JXDIHDRnGIOFRvpooFFNnqksDgY5W_wgSvVUN6gXQboQHcahKCd6zhKIRWnK0CwpT-HWwFSXU9gU1goDdBDHCEGxUZa-kSgC9pc_AbRGo1P_l_guiHnNIDO4F3wWRi646gDLmhdDfe4dF8PV30kb-g5kVdSyo_E9CNiKqXMfa14FrmH8D7lks3_xcgby-K83kQV1xfHUy2uuxQHM4N8xPv2HM1YikeyqhXaZQWC0TqSVWMw6mMCGGx2YGqgDaX2LdKemDOMROI-e-cEiMSvKMj-Zn4yD3-xB2k-6teHqhuskrvbuk1UIplmN9hxj7DP5kRi3q8JW8PISZCt90YK-kPf9a8Rn6tSMoJPln8wvWdStw-qTRGU1KFuBm8MitXP_z3r9FKZPo8Ko0MTdZ2-mSaPaE-6MX9ran47u6uJBr7vbPh4c_mg3rc2l3bGauRtXYG0xtefOwRFdCK3d_yOPzZezDl9j2NPGg4vemiSSQ4ZJzrwtJxmllZB-tLM10LJbBV1Y3PqZCuwrYti0Azs_m6TLmC_rFJqjkRMe727AOpCBTJrhjZ2t4fEU5zvFdBw0Sj2U8PnMUg7FCxcQQQpceihVNrHeznmZOYdyyX3ovnT2Sa833FZm5CXljjJvlrHtS64sabGs1&kw=&mw=300&mh=250
IP 172.66.43.134:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (347), with CRLF line terminators
Hash 9c13b7ece10ca3169073f6c20315506a
b089bebcc352780aae04b578835873938f06afdf
2219dc29dcbc06a74dccc1497512d74c024aaee0a90b5a445c59d3de740dc7aa
GET /Redirect.eng?MediaSegmentId=46824&dcid=3_ctx_11b3ac6a-8863-422f-bb0b-9b2839cb0e41&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=utn_I22yrxGa3hkBgor7k3nJmOd44GpV_dOcZBYAkIR1OoqaAhhsNEITvJYl0EJxyBQSnkP80ELHZ84ai-LyfDkqySiDx15eX21MMCJ94MI_2x4-A9KU9mNFa1XgGLuw_bLzN5sOCdb4q3ZFu2pLgt6tgM1mGn0GK3MQ-EnpCQapukXg2w1UG5L6czJDbbSMxqkvTeHCBRfmySURD3rAaJ0iKcNsX3_O-sFM6RmP8LzMeW_A4cO9pK5BCa4aOjWYwXmI-QEOEdGqQja8Ibd_pk_Ax7YOSwzkusOyEA4xUdoddfrmO8yU8_622nOfwLZqSakM9GmQeIDjO90HEwuzQm6GQbXgwhLW5F_JXDIHDRnGIOFRvpooFFNnqksDgY5W_wgSvVUN6gXQboQHcahKCd6zhKIRWnK0CwpT-HWwFSXU9gU1goDdBDHCEGxUZa-kSgC9pc_AbRGo1P_l_guiHnNIDO4F3wWRi646gDLmhdDfe4dF8PV30kb-g5kVdSyo_E9CNiKqXMfa14FrmH8D7lks3_xcgby-K83kQV1xfHUy2uuxQHM4N8xPv2HM1YikeyqhXaZQWC0TqSVWMw6mMCGGx2YGqgDaX2LdKemDOMROI-e-cEiMSvKMj-Zn4yD3-xB2k-6teHqhuskrvbuk1UIplmN9hxj7DP5kRi3q8JW8PISZCt90YK-kPf9a8Rn6tSMoJPln8wvWdStw-qTRGU1KFuBm8MitXP_z3r9FKZPo8Ko0MTdZ2-mSaPaE-6MX9ran47u6uJBr7vbPh4c_mg3rc2l3bGauRtXYG0xtefOwRFdCK3d_yOPzZezDl9j2NPGg4vemiSSQ4ZJzrwtJxmllZB-tLM10LJbBV1Y3PqZCuwrYti0Azs_m6TLmC_rFJqjkRMe727AOpCBTJrhjZ2t4fEU5zvFdBw0Sj2U8PnMUg7FCxcQQQpceihVNrHeznmZOYdyyX3ovnT2Sa833FZm5CXljjJvlrHtS64sabGs1&kw=&mw=300&mh=250 HTTP/1.1
Host: twinrdack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ac1d488833.bae0c0aefd.com/
Connection: keep-alive
Cookie: IKSR={}; INF_DFL8=false; IUID=36c4b37e-de08-4434-bb6d-ef8605aae4a3; ISSH=6A1BEE; VMI=; IPLH=#{}; IPLH_Q=#[]; CHN=#[]; MSSH=#{}; MSRH=#{}; ILP=null; ILPLU=#1/1/0001 12:00:00 AM; ILEALC=#1/1/0001 12:00:00 AM; ILMPF=#False; IPMPLU=#; IPMUID=#; BSWUID=#; IBL=#[]; IPLSH=#{}; IPLSH_Q=#[]; IZH=#{}; IZH_Q=#[]; IMCH=#{}; IMCH_Q=#[]; IMH=#{}; IMH_Q=#[]; ISH=#{"14173":[{"SId":"6A1BEE","D":"23/3/23T3:26:44"}]}; ISH_Q=#[14173]; ISPH=#{}; ISPH_Q=#[]; ICH=#{}; ICH_Q=#[]
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: text/html; charset=utf-8
content-length: 419
location: https://twinrdack.com/mediahosting.engine?MediaId=83029&AId=9902&CId=34036&PId=61095&SiteId=14173&ZoneId=56531&VolumeMetricId=c1e72fbd-92bd-4e49-b71e-736cd7688cf9&PassBackUrl=&res=&dcid=3_ctx_11b3ac6a-8863-422f-bb0b-9b2839cb0e41&cu=&kw=&mw=300&mh=250
cache-control: private, no-transform
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=36c4b37e-de08-4434-bb6d-ef8605aae4a3; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure
ISSH=6A1BEE; path=/; SameSite=None; secure
VMI=c1e72fbd-92bd-4e49-b71e-736cd7688cf9; path=/; SameSite=None; secure
IPLH=#{"61095":[{"SId":"6A1BEE","D":"23/3/23T3:26:44"}]}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[61095]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Thu, 23-Mar-2023 14:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{"56531":[{"SId":"6A1BEE","D":"23/3/23T3:26:44"}]}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[56531]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{"83029":[{"SId":"6A1BEE","D":"23/3/23T3:26:44"}]}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[83029]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"14173":[{"SId":"6A1BEE","D":"23/3/23T3:26:44"}]}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[14173]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{"14173":[{"SId":"6A1BEE","D":"23/3/23T3:26:44"}]}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[14173]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{"34036":[{"SId":"6A1BEE","D":"23/3/23T3:26:44"}]}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[34036]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
p3p: CP="CAO PSA OUR IND"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B9To90VjEHdJTweVFQpmQ2aJkIkuivarVSqo91%2BS%2FMAzVvW212ok1kyeebGrAjKKyMibCvE%2FaOgwjBDKaAa3wXMtIimRrgLsOKcy5t%2BMSD%2Bej4lRroIISiVUI%2FMCcyM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa54fce40b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1227.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2943&ck=0&s=975a4cab312c9885&ref=https://chaturbate.com/embed/hayleex/&ap=127&be=890&fe=1849&dc=789&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1679567209564,%22n%22:0,%22r%22:1,%22re%22:493,%22f%22:493,%22dn%22:493,%22dne%22:493,%22c%22:493,%22s%22:493,%22ce%22:493,%22rq%22:497,%22rp%22:798,%22rpe%22:804,%22dl%22:840,%22di%22:1550,%22ds%22:1678,%22de%22:1688,%22dc%22:2737,%22l%22:2737,%22le%22:2744%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&fcp=2046&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAdaAF9QVQcPAgcGBlcACBh4Yy8TFUMhJTshCU0XAwhRHRsiJDwmDBJzZhsLB1BVEgdPRiAgZndWRSRJTRMDQV5BAFhZSlRNV1gNEQZGT0RLUFhdPlhJQ1hBXVJIAAUXBVMfCFRWQUhBB1daV24HXVgGEUFeQUQVF1tUEkVmBhcGFxA5UEUbC0MICE9bU0pXVBcEDAVDHRsDBxAQPAFMUEpCPlZcDkBZRi0pGxkbWBFuWg4XDRARHxsPG38uExVDCxM7AAlMW01DGG5aDgwFDQcDV1ZcE1sTAFhAT0YKFmZbXEUWXksKQFlGAQpQTRdSDlwbTUAKFDwJS1JYXwhLWBULDApBXBt3VVgZEWoODhYQCglXRhsdQ1hJPgsQFEFcG3dVWBkRag4OFhAKCVdGGx1DWEk%2BAxAKQVwMBQoBVR0bCBI8BRAIZlpLVkMLGyMOChxDNVZZTEUIXlcSQiI3QUobXEluAl5XDwcAEAoJV2pNSBFUG1tAIAUBClwafWItExVDCxM7FhVcR2ZFGEFcQ1hBFgYVUFFcXxVYWA1AT0YRA0hAXEIVbkkAFgtGWUQWUFRTBFUWCQMaCAYDQRobHUNGVT4KDBcXRAMXWlkARUwTAAIQBkhaWlQTTRNKCBYGOwoCGw8IHUNCUBUHPAAMC1hcVxNbE1oJAxcREQRYQVwfAl5UQ05BFgYXTFBKRT5ZVhIWQV5BBVFUTUQTU1gVB00HDAsbGRtTE15OEgcROwoCGw8bAQcDC1IDUgFOA1wEWBxVAQxVTwJVAgUUUVsFAlABA1VTBVYAGxkbQwRXXBMHEUZZRFFBTUESCxZOA00JBgJfWlZVElBfBBYaSgAJVBobHUNDXBAXBhcXOVRQTVkOVRtbQCQhN0QVF0lIFVlWDz0VAREVUFpXE1sTCk9bQUhBE1hqXVQXWFoEPQUFDg9VTBsLQ35NCQcRRk9ETFRmVQRHUAIHPBAaFlwXAxMFVEoKFgwUQUobQFhuDkJmBwMODQ8fGw8bZghfXQ4VEEZPRExUZl4Sbk8EEBANDAgbDxsAURMVQxcCOwEUVkJKVBNuXwAPCggaRAMXf1gTVF8OGkFIQRNYaltDDkZKBBA8EgYUSlxWX0MLG1BSVkpTRBUXTFA%2BQk0TCw0DQVwbeFZLCF1VAE1WSlNGEWJQXwVeThJCLTBDVwkbCQpBZlAPVFdfQx4PAQIRE0cDUFJWSlNPGXJcUgpeFlNSUlRTVwkEGXcIQ1wHDRtLUlYMGwkTTRNeCBY8BwwLVFxNE1sTClkEVQJRVlhRXwFYExVDEgIWAgtKFwMTGm0bCw0KCjwJT1BLXQBIZUNYQzhBV2UXFRE9E00OFxE4QVwZaRtVNVwJPUBPRD9EWlRUQQBYXg8%2BQV5DOhtBWH4Sc2VDTkM4QQJQRlhTDVRmEg0WCgc6Gw8ZbUMAZUNOQzhBC1ZXUF0EY1wFCxEBABJlFwMRPRNYFBYMOEFKGWkbVAxTXAU9FQ0HA1ZqVl8NSGVDWEM4QVdlFxURPRNNABAEARc6Gw8ZbUNuWw0DDQ8/REQXFRMCUFQ%2BFgIDQVwbRUxTDVhaQ05BBwwKVkdmXA5VXENYQQgKAVFBVF4FVBtNQBELDAtmRk1QFURKQ1hBCAoQXBdETA%3D%3D&jsonp=NREUM.setToken
162.247.243.29200 OK 55 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1227.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2943&ck=0&s=975a4cab312c9885&ref=https://chaturbate.com/embed/hayleex/&ap=127&be=890&fe=1849&dc=789&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1679567209564,%22n%22:0,%22r%22:1,%22re%22:493,%22f%22:493,%22dn%22:493,%22dne%22:493,%22c%22:493,%22s%22:493,%22ce%22:493,%22rq%22:497,%22rp%22:798,%22rpe%22:804,%22dl%22:840,%22di%22:1550,%22ds%22:1678,%22de%22:1688,%22dc%22:2737,%22l%22:2737,%22le%22:2744%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&fcp=2046&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAdaAF9QVQcPAgcGBlcACBh4Yy8TFUMhJTshCU0XAwhRHRsiJDwmDBJzZhsLB1BVEgdPRiAgZndWRSRJTRMDQV5BAFhZSlRNV1gNEQZGT0RLUFhdPlhJQ1hBXVJIAAUXBVMfCFRWQUhBB1daV24HXVgGEUFeQUQVF1tUEkVmBhcGFxA5UEUbC0MICE9bU0pXVBcEDAVDHRsDBxAQPAFMUEpCPlZcDkBZRi0pGxkbWBFuWg4XDRARHxsPG38uExVDCxM7AAlMW01DGG5aDgwFDQcDV1ZcE1sTAFhAT0YKFmZbXEUWXksKQFlGAQpQTRdSDlwbTUAKFDwJS1JYXwhLWBULDApBXBt3VVgZEWoODhYQCglXRhsdQ1hJPgsQFEFcG3dVWBkRag4OFhAKCVdGGx1DWEk%2BAxAKQVwMBQoBVR0bCBI8BRAIZlpLVkMLGyMOChxDNVZZTEUIXlcSQiI3QUobXEluAl5XDwcAEAoJV2pNSBFUG1tAIAUBClwafWItExVDCxM7FhVcR2ZFGEFcQ1hBFgYVUFFcXxVYWA1AT0YRA0hAXEIVbkkAFgtGWUQWUFRTBFUWCQMaCAYDQRobHUNGVT4KDBcXRAMXWlkARUwTAAIQBkhaWlQTTRNKCBYGOwoCGw8IHUNCUBUHPAAMC1hcVxNbE1oJAxcREQRYQVwfAl5UQ05BFgYXTFBKRT5ZVhIWQV5BBVFUTUQTU1gVB00HDAsbGRtTE15OEgcROwoCGw8bAQcDC1IDUgFOA1wEWBxVAQxVTwJVAgUUUVsFAlABA1VTBVYAGxkbQwRXXBMHEUZZRFFBTUESCxZOA00JBgJfWlZVElBfBBYaSgAJVBobHUNDXBAXBhcXOVRQTVkOVRtbQCQhN0QVF0lIFVlWDz0VAREVUFpXE1sTCk9bQUhBE1hqXVQXWFoEPQUFDg9VTBsLQ35NCQcRRk9ETFRmVQRHUAIHPBAaFlwXAxMFVEoKFgwUQUobQFhuDkJmBwMODQ8fGw8bZghfXQ4VEEZPRExUZl4Sbk8EEBANDAgbDxsAURMVQxcCOwEUVkJKVBNuXwAPCggaRAMXf1gTVF8OGkFIQRNYaltDDkZKBBA8EgYUSlxWX0MLG1BSVkpTRBUXTFA%2BQk0TCw0DQVwbeFZLCF1VAE1WSlNGEWJQXwVeThJCLTBDVwkbCQpBZlAPVFdfQx4PAQIRE0cDUFJWSlNPGXJcUgpeFlNSUlRTVwkEGXcIQ1wHDRtLUlYMGwkTTRNeCBY8BwwLVFxNE1sTClkEVQJRVlhRXwFYExVDEgIWAgtKFwMTGm0bCw0KCjwJT1BLXQBIZUNYQzhBV2UXFRE9E00OFxE4QVwZaRtVNVwJPUBPRD9EWlRUQQBYXg8%2BQV5DOhtBWH4Sc2VDTkM4QQJQRlhTDVRmEg0WCgc6Gw8ZbUMAZUNOQzhBC1ZXUF0EY1wFCxEBABJlFwMRPRNYFBYMOEFKGWkbVAxTXAU9FQ0HA1ZqVl8NSGVDWEM4QVdlFxURPRNNABAEARc6Gw8ZbUNuWw0DDQ8/REQXFRMCUFQ%2BFgIDQVwbRUxTDVhaQ05BBwwKVkdmXA5VXENYQQgKAVFBVF4FVBtNQBELDAtmRk1QFURKQ1hBCAoQXBdETA%3D%3D&jsonp=NREUM.setToken
IP 162.247.243.29:0
Hash 2f891aff15ce2d398428bf0faeeceef0
7e07157f3ab6800ac2b48126a61ee338b8a1ef4f
10bc3ee0a7f5fd93972bbfa859e3499eef5be354cee6c9657dfcb0a05d9d15bb
GET /1/6f524845d1?a=24279235&v=1227.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2943&ck=0&s=975a4cab312c9885&ref=https://chaturbate.com/embed/hayleex/&ap=127&be=890&fe=1849&dc=789&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1679567209564,%22n%22:0,%22r%22:1,%22re%22:493,%22f%22:493,%22dn%22:493,%22dne%22:493,%22c%22:493,%22s%22:493,%22ce%22:493,%22rq%22:497,%22rp%22:798,%22rpe%22:804,%22dl%22:840,%22di%22:1550,%22ds%22:1678,%22de%22:1688,%22dc%22:2737,%22l%22:2737,%22le%22:2744%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&fcp=2046&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAdaAF9QVQcPAgcGBlcACBh4Yy8TFUMhJTshCU0XAwhRHRsiJDwmDBJzZhsLB1BVEgdPRiAgZndWRSRJTRMDQV5BAFhZSlRNV1gNEQZGT0RLUFhdPlhJQ1hBXVJIAAUXBVMfCFRWQUhBB1daV24HXVgGEUFeQUQVF1tUEkVmBhcGFxA5UEUbC0MICE9bU0pXVBcEDAVDHRsDBxAQPAFMUEpCPlZcDkBZRi0pGxkbWBFuWg4XDRARHxsPG38uExVDCxM7AAlMW01DGG5aDgwFDQcDV1ZcE1sTAFhAT0YKFmZbXEUWXksKQFlGAQpQTRdSDlwbTUAKFDwJS1JYXwhLWBULDApBXBt3VVgZEWoODhYQCglXRhsdQ1hJPgsQFEFcG3dVWBkRag4OFhAKCVdGGx1DWEk%2BAxAKQVwMBQoBVR0bCBI8BRAIZlpLVkMLGyMOChxDNVZZTEUIXlcSQiI3QUobXEluAl5XDwcAEAoJV2pNSBFUG1tAIAUBClwafWItExVDCxM7FhVcR2ZFGEFcQ1hBFgYVUFFcXxVYWA1AT0YRA0hAXEIVbkkAFgtGWUQWUFRTBFUWCQMaCAYDQRobHUNGVT4KDBcXRAMXWlkARUwTAAIQBkhaWlQTTRNKCBYGOwoCGw8IHUNCUBUHPAAMC1hcVxNbE1oJAxcREQRYQVwfAl5UQ05BFgYXTFBKRT5ZVhIWQV5BBVFUTUQTU1gVB00HDAsbGRtTE15OEgcROwoCGw8bAQcDC1IDUgFOA1wEWBxVAQxVTwJVAgUUUVsFAlABA1VTBVYAGxkbQwRXXBMHEUZZRFFBTUESCxZOA00JBgJfWlZVElBfBBYaSgAJVBobHUNDXBAXBhcXOVRQTVkOVRtbQCQhN0QVF0lIFVlWDz0VAREVUFpXE1sTCk9bQUhBE1hqXVQXWFoEPQUFDg9VTBsLQ35NCQcRRk9ETFRmVQRHUAIHPBAaFlwXAxMFVEoKFgwUQUobQFhuDkJmBwMODQ8fGw8bZghfXQ4VEEZPRExUZl4Sbk8EEBANDAgbDxsAURMVQxcCOwEUVkJKVBNuXwAPCggaRAMXf1gTVF8OGkFIQRNYaltDDkZKBBA8EgYUSlxWX0MLG1BSVkpTRBUXTFA%2BQk0TCw0DQVwbeFZLCF1VAE1WSlNGEWJQXwVeThJCLTBDVwkbCQpBZlAPVFdfQx4PAQIRE0cDUFJWSlNPGXJcUgpeFlNSUlRTVwkEGXcIQ1wHDRtLUlYMGwkTTRNeCBY8BwwLVFxNE1sTClkEVQJRVlhRXwFYExVDEgIWAgtKFwMTGm0bCw0KCjwJT1BLXQBIZUNYQzhBV2UXFRE9E00OFxE4QVwZaRtVNVwJPUBPRD9EWlRUQQBYXg8%2BQV5DOhtBWH4Sc2VDTkM4QQJQRlhTDVRmEg0WCgc6Gw8ZbUMAZUNOQzhBC1ZXUF0EY1wFCxEBABJlFwMRPRNYFBYMOEFKGWkbVAxTXAU9FQ0HA1ZqVl8NSGVDWEM4QVdlFxURPRNNABAEARc6Gw8ZbUNuWw0DDQ8/REQXFRMCUFQ%2BFgIDQVwbRUxTDVhaQ05BBwwKVkdmXA5VXENYQQgKAVFBVF4FVBtNQBELDAtmRk1QFURKQ1hBCAoQXBdETA%3D%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 49
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: text/javascript
cross-origin-resource-policy: cross-origin
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: *
x-served-by: cache-bma1628-BMA
pt.ctsdwm.com/lNcai/Gt7.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&im=0
93.93.51.191200 OK 43 B URL HTTP/2 pt.ctsdwm.com/lNcai/Gt7.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&im=0
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /lNcai/Gt7.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&im=0 HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 22-Apr-23 10:26:44 GMT; SameSite=None; Secure
expires: Thu, 23 Mar 2023 10:26:43 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.4549542567335768
131.153.88.91200 OK 38 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.4549542567335768
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 58ce72b0290945ced19de99556ae485b
8b92228c67e848f0d3f5ab922aece7804ed09460
1b9ee833c88ecaa3afe9f9b9b525afeecb788b24d0cb9b7a7ed5d41ee6529e25
GET /stream?room=hayleex&f=0.4549542567335768 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/jpeg
content-length: 37931
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.4695409320523878
131.153.88.91200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.4695409320523878
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 5b572be339a7831ca943f9fd619c655e
e577b58c8c1265e756222b08844ee84049e2e3ab
0fc61eeaf9ce4015dc40cd7126c159fb18518f1c4911b9b0dfc6f9b38b1f182a
GET /stream?room=beverlyvega&f=0.4695409320523878 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: image/jpeg
content-length: 22934
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1a/af689dd9095a328790a0c5fb12d80c6a_glamour_896x504.jpg
93.93.51.190200 OK 108 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1a/af689dd9095a328790a0c5fb12d80c6a_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Size 108 kB (108394 bytes)
Hash 371e27f590652170742edce82436358a
6679fd3fb250342f908e7ee08d6a6b7c3aa45d97
6a8b9a474080a33725486956abbcaa03d0f68ffbdc4c8de28337811b7b6ac615
GET /ff268cab8d9fbae1ed7506f97496274f1a/af689dd9095a328790a0c5fb12d80c6a_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: image/jpeg
content-length: 108394
last-modified: Tue, 07 Mar 2023 05:54:21 GMT
etag: "371e27f590652170742edce82436358a"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Thu, 06 Apr 2023 10:26:45 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1b/b58065d0b7c55c0e7426ec24a154f50d_glamour_896x504.jpg
93.93.51.190200 OK 31 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1b/b58065d0b7c55c0e7426ec24a154f50d_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash edb0df847334b382886a82998b545648
543354e5bddbf04dbaf273eb9d6a9163a59c4bc9
11502b7017f9b273fde14b7cd090df57c13624ecb8f5ff002747348db08f668e
GET /ff268cab8d9fbae1ed7506f97496274f1b/b58065d0b7c55c0e7426ec24a154f50d_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: image/jpeg
content-length: 31038
last-modified: Sun, 19 Feb 2023 06:51:30 GMT
etag: "edb0df847334b382886a82998b545648"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Thu, 06 Apr 2023 10:26:45 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 38 kB URL HTTP/2 pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash c6457acd8bcddd5c24190beed6a33cb6
ef3716b2f25986e15fc839653c43d507875943ed
99b2d3e86c4cc1acaa69328010c565721d8c4368c426139c6bbb4eb82e84edfb
GET /live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Thu, 23 Mar 2023 10:26:43 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 22-Apr-23 10:26:43 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.20618508926503742
131.153.88.91200 OK 38 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.20618508926503742
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 2d8257fbc333c62098b5f646c0d3f6c3
c07db0ebf0c44b05bdc2662ec277c065a6a16551
ce6965e4cbfaf087e2d15e8a4ecc861e5fee72ca0783a0b09f7ef3d8d5bed00a
GET /stream?room=hayleex&f=0.20618508926503742 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: image/jpeg
content-length: 38386
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1c/cd59cb6a798c16e441325afe734eb9d4_glamour_896x504.jpg
93.93.51.190200 OK 60 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1c/cd59cb6a798c16e441325afe734eb9d4_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 9cb8916354f0c5ed7d93483afeed06a9
8dad4488ff184a287555d92523f558c4d73a5150
7a8c84147762772213af3b3a3147b4bfd8071a95a57b28d747f273b20b995b65
GET /ff268cab8d9fbae1ed7506f97496274f1c/cd59cb6a798c16e441325afe734eb9d4_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: image/jpeg
content-length: 59455
last-modified: Fri, 12 Aug 2022 18:38:15 GMT
etag: "9cb8916354f0c5ed7d93483afeed06a9"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Thu, 06 Apr 2023 10:26:45 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.8998520219891987
131.153.88.91200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.8998520219891987
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash f6fa2688a62f3a1728bff1d10dcfb070
1e4ffc51b287c5ea4c2279a3dbd60215b8251eb2
79aedf250eeb200b076faf573ac00e4fc6fc6a43ce71d3a6eab0d9c60bf4ba86
GET /stream?room=beverlyvega&f=0.8998520219891987 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: image/jpeg
content-length: 23030
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
go.xlirdr.com/smartpop/60684e88d309fbd3ff61f63ef06b1a247c89a296a8feb122dc3b2f4269c9ae54?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&memberId=331573d1-9534-4c65-b619-83d0bcca9366&sourceId=14173&p1=61095&p2=83029&no_bb=1
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/smartpop/60684e88d309fbd3ff61f63ef06b1a247c89a296a8feb122dc3b2f4269c9ae54?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&memberId=331573d1-9534-4c65-b619-83d0bcca9366&sourceId=14173&p1=61095&p2=83029&no_bb=1
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/60684e88d309fbd3ff61f63ef06b1a247c89a296a8feb122dc3b2f4269c9ae54?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&memberId=331573d1-9534-4c65-b619-83d0bcca9366&sourceId=14173&p1=61095&p2=83029&no_bb=1 HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdack.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 23 Mar 2023 10:26:45 GMT
content-length: 0
location: https://creative.cambaddies.com/widgets/v4/Universal?actionButtonPlacement=bottom&applyGeobans=0&autoplay=onHover&autoplayForce=1&broadcastHD=0&broadcastMobile=0&broadcastVR=0&buttonColor=%23DC0C2C&campaignId=60684e88d309fbd3ff61f63ef06b1a247c89a296a8feb122dc3b2f4269c9ae54&campaignType=smartpop&creativeId=c1f85954f77878e0e35ab9f0604da8d286ec0e7b899f760f0c9f6d7d8eb93c90&goalEnabled=0&hideButton=0&hideButtonOnSmallSpots=1&hideLiveBadge=0&hideModelName=0&hideModelNameOnSmallSpots=1&hideTitle=1&hideTitleOnSmallSpots=1&isFace=0&isLogged=0&isMlAnal=0&isMlBlowjob=0&isMlCountry=0&isNew=0&isPerson=0&iterationId=272074&language=en&liveBadgeColor=%2300bd8f&masterSmartpopId=0&memberId=331573d1-9534-4c65-b619-83d0bcca9366&no_bb=1&p1=61095&p2=83029&playButton=0&responsive=1&ruleId=0&smartpopId=7649&sourceId=14173&strict=0&thumbFit=cover&thumbSizeKey=big&thumbType=avatar&thumbsMargin=2&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=29583
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=67670872.29583; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7neNqcurJ4awYp; SameSite=None; Secure; path=/; expires=Fri, 24-Mar-23 09:26:45 GMT; HttpOnly
server: cloudflare
cf-ray: 7ac5fa58ba811c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.21424888939304443
131.153.88.91200 OK 39 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.21424888939304443
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash e1f1a5d6f0026ec6d11fcfad5d01fea1
5e7f4d2918779d0476e1dd119e37603c9f1b1c13
9db029baf39ae8911b5519b56882fed54a0c1a4ea677c5025889370e12251f64
GET /stream?room=hayleex&f=0.21424888939304443 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: image/jpeg
content-length: 38981
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.11165468041170046
131.153.88.91200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.11165468041170046
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
Hash 033903419fd464f7d1159547be911b2b
4b8c687b1a8dd57af95e4aea3bcbe951e645b803
a9c04e8813d935571768450e5d5a1647a4c2136b947f8a057656eb94c11d0247
GET /stream?room=beverlyvega&f=0.11165468041170046 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: image/jpeg
content-length: 22837
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.392317269744742
131.153.88.91200 OK 40 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=hayleex&f=0.392317269744742
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
Hash 74c91017b27c19fc156a8cba24c15388
02ab473bd77fb928382c53b0c00a156ab0762f4e
d3239a0867ee97f8aa17ea2b59d198b7f1393f484d6e56fce9ae8139c6818b19
GET /stream?room=hayleex&f=0.392317269744742 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: image/jpeg
content-length: 38955
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.5734586785405205
131.153.88.91200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=beverlyvega&f=0.5734586785405205
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 838f823de4e2f5162d02405ba7bbd27b
2a0976a1876d3b25e49654101fe3d4e72c3b9850
c62bc8ebf3ce23a702abb117dfc2f1d35e574ecdb0ae458adc627caa59e2e508
GET /stream?room=beverlyvega&f=0.5734586785405205 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=4Sc7CCB8Hd8xjepcmDYV8QoJae41N7WRfv0IIo45biY-1679567202866-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: image/jpeg
content-length: 22892
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
bam.nr-data.net/ins/1/6f524845d1?a=24279235&v=1227.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3611&ck=0&s=975a4cab312c9885&ref=https://chaturbate.com/embed/hayleex/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAdaAF9QVQcPAgcGBlcACBh4Yy8TFUMhJTshCU0XAwhRHRsiJDwmDBJzZhsLB1BVEgdPRiAgZndWRSRJTRMDQV5BAFhZSlRNV1gNEQZGT0RLUFhdPlhJQ1hBXVJIAAUXBVMfCFRWQUhBB1daV24HXVgGEUFeQUQVF1tUEkVmBhcGFxA5UEUbC0MICE9bU0pXVBcEDAVDHRsDBxAQPAFMUEpCPlZcDkBZRi0pGxkbWBFuWg4XDRARHxsPG38uExVDCxM7AAlMW01DGG5aDgwFDQcDV1ZcE1sTAFhAT0YKFmZbXEUWXksKQFlGAQpQTRdSDlwbTUAKFDwJS1JYXwhLWBULDApBXBt3VVgZEWoODhYQCglXRhsdQ1hJPgsQFEFcG3dVWBkRag4OFhAKCVdGGx1DWEk%2BAxAKQVwMBQoBVR0bCBI8BRAIZlpLVkMLGyMOChxDNVZZTEUIXlcSQiI3QUobXEluAl5XDwcAEAoJV2pNSBFUG1tAIAUBClwafWItExVDCxM7FhVcR2ZFGEFcQ1hBFgYVUFFcXxVYWA1AT0YRA0hAXEIVbkkAFgtGWUQWUFRTBFUWCQMaCAYDQRobHUNGVT4KDBcXRAMXWlkARUwTAAIQBkhaWlQTTRNKCBYGOwoCGw8IHUNCUBUHPAAMC1hcVxNbE1oJAxcREQRYQVwfAl5UQ05BFgYXTFBKRT5ZVhIWQV5BBVFUTUQTU1gVB00HDAsbGRtTE15OEgcROwoCGw8bAQcDC1IDUgFOA1wEWBxVAQxVTwJVAgUUUVsFAlABA1VTBVYAGxkbQwRXXBMHEUZZRFFBTUESCxZOA00JBgJfWlZVElBfBBYaSgAJVBobHUNDXBAXBhcXOVRQTVkOVRtbQCQhN0QVF0lIFVlWDz0VAREVUFpXE1sTCk9bQUhBE1hqXVQXWFoEPQUFDg9VTBsLQ35NCQcRRk9ETFRmVQRHUAIHPBAaFlwXAxMFVEoKFgwUQUobQFhuDkJmBwMODQ8fGw8bZghfXQ4VEEZPRExUZl4Sbk8EEBANDAgbDxsAURMVQxcCOwEUVkJKVBNuXwAPCggaRAMXf1gTVF8OGkFIQRNYaltDDkZKBBA8EgYUSlxWX0MLG1BSVkpTRBUXTFA%2BQk0TCw0DQVwbeFZLCF1VAE1WSlNGEWJQXwVeThJCLTBDVwkbCQpBZlAPVFdfQx4PAQIRE0cDUFJWSlNPGXJcUgpeFlNSUlRTVwkEGXcIQ1wHDRtLUlYMGwkTTRNeCBY8BwwLVFxNE1sTClkEVQJRVlhRXwFYExVDEgIWAgtKFwMTGm0bCw0KCjwJT1BLXQBIZUNYQzhBV2UXFRE9E00OFxE4QVwZaRtVNVwJPUBPRD9EWlRUQQBYXg8%2BQV5DOhtBWH4Sc2VDTkM4QQJQRlhTDVRmEg0WCgc6Gw8ZbUMAZUNOQzhBC1ZXUF0EY1wFCxEBABJlFwMRPRNYFBYMOEFKGWkbVAxTXAU9FQ0HA1ZqVl8NSGVDWEM4QVdlFxURPRNNABAEARc6Gw8ZbUNuWw0DDQ8/REQXFRMCUFQ%2BFgIDQVwbRUxTDVhaQ05BBwwKVkdmXA5VXENYQQgKAVFBVF4FVBtNQBELDAtmRk1QFURKQ1hBCAoQXBdETA%3D%3D
162.247.243.29204 No Content 0 B URL HTTP/1.1 bam.nr-data.net/ins/1/6f524845d1?a=24279235&v=1227.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3611&ck=0&s=975a4cab312c9885&ref=https://chaturbate.com/embed/hayleex/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAdaAF9QVQcPAgcGBlcACBh4Yy8TFUMhJTshCU0XAwhRHRsiJDwmDBJzZhsLB1BVEgdPRiAgZndWRSRJTRMDQV5BAFhZSlRNV1gNEQZGT0RLUFhdPlhJQ1hBXVJIAAUXBVMfCFRWQUhBB1daV24HXVgGEUFeQUQVF1tUEkVmBhcGFxA5UEUbC0MICE9bU0pXVBcEDAVDHRsDBxAQPAFMUEpCPlZcDkBZRi0pGxkbWBFuWg4XDRARHxsPG38uExVDCxM7AAlMW01DGG5aDgwFDQcDV1ZcE1sTAFhAT0YKFmZbXEUWXksKQFlGAQpQTRdSDlwbTUAKFDwJS1JYXwhLWBULDApBXBt3VVgZEWoODhYQCglXRhsdQ1hJPgsQFEFcG3dVWBkRag4OFhAKCVdGGx1DWEk%2BAxAKQVwMBQoBVR0bCBI8BRAIZlpLVkMLGyMOChxDNVZZTEUIXlcSQiI3QUobXEluAl5XDwcAEAoJV2pNSBFUG1tAIAUBClwafWItExVDCxM7FhVcR2ZFGEFcQ1hBFgYVUFFcXxVYWA1AT0YRA0hAXEIVbkkAFgtGWUQWUFRTBFUWCQMaCAYDQRobHUNGVT4KDBcXRAMXWlkARUwTAAIQBkhaWlQTTRNKCBYGOwoCGw8IHUNCUBUHPAAMC1hcVxNbE1oJAxcREQRYQVwfAl5UQ05BFgYXTFBKRT5ZVhIWQV5BBVFUTUQTU1gVB00HDAsbGRtTE15OEgcROwoCGw8bAQcDC1IDUgFOA1wEWBxVAQxVTwJVAgUUUVsFAlABA1VTBVYAGxkbQwRXXBMHEUZZRFFBTUESCxZOA00JBgJfWlZVElBfBBYaSgAJVBobHUNDXBAXBhcXOVRQTVkOVRtbQCQhN0QVF0lIFVlWDz0VAREVUFpXE1sTCk9bQUhBE1hqXVQXWFoEPQUFDg9VTBsLQ35NCQcRRk9ETFRmVQRHUAIHPBAaFlwXAxMFVEoKFgwUQUobQFhuDkJmBwMODQ8fGw8bZghfXQ4VEEZPRExUZl4Sbk8EEBANDAgbDxsAURMVQxcCOwEUVkJKVBNuXwAPCggaRAMXf1gTVF8OGkFIQRNYaltDDkZKBBA8EgYUSlxWX0MLG1BSVkpTRBUXTFA%2BQk0TCw0DQVwbeFZLCF1VAE1WSlNGEWJQXwVeThJCLTBDVwkbCQpBZlAPVFdfQx4PAQIRE0cDUFJWSlNPGXJcUgpeFlNSUlRTVwkEGXcIQ1wHDRtLUlYMGwkTTRNeCBY8BwwLVFxNE1sTClkEVQJRVlhRXwFYExVDEgIWAgtKFwMTGm0bCw0KCjwJT1BLXQBIZUNYQzhBV2UXFRE9E00OFxE4QVwZaRtVNVwJPUBPRD9EWlRUQQBYXg8%2BQV5DOhtBWH4Sc2VDTkM4QQJQRlhTDVRmEg0WCgc6Gw8ZbUMAZUNOQzhBC1ZXUF0EY1wFCxEBABJlFwMRPRNYFBYMOEFKGWkbVAxTXAU9FQ0HA1ZqVl8NSGVDWEM4QVdlFxURPRNNABAEARc6Gw8ZbUNuWw0DDQ8/REQXFRMCUFQ%2BFgIDQVwbRUxTDVhaQ05BBwwKVkdmXA5VXENYQQgKAVFBVF4FVBtNQBELDAtmRk1QFURKQ1hBCAoQXBdETA%3D%3D
IP 162.247.243.29:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ins/1/6f524845d1?a=24279235&v=1227.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3611&ck=0&s=975a4cab312c9885&ref=https://chaturbate.com/embed/hayleex/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAdaAF9QVQcPAgcGBlcACBh4Yy8TFUMhJTshCU0XAwhRHRsiJDwmDBJzZhsLB1BVEgdPRiAgZndWRSRJTRMDQV5BAFhZSlRNV1gNEQZGT0RLUFhdPlhJQ1hBXVJIAAUXBVMfCFRWQUhBB1daV24HXVgGEUFeQUQVF1tUEkVmBhcGFxA5UEUbC0MICE9bU0pXVBcEDAVDHRsDBxAQPAFMUEpCPlZcDkBZRi0pGxkbWBFuWg4XDRARHxsPG38uExVDCxM7AAlMW01DGG5aDgwFDQcDV1ZcE1sTAFhAT0YKFmZbXEUWXksKQFlGAQpQTRdSDlwbTUAKFDwJS1JYXwhLWBULDApBXBt3VVgZEWoODhYQCglXRhsdQ1hJPgsQFEFcG3dVWBkRag4OFhAKCVdGGx1DWEk%2BAxAKQVwMBQoBVR0bCBI8BRAIZlpLVkMLGyMOChxDNVZZTEUIXlcSQiI3QUobXEluAl5XDwcAEAoJV2pNSBFUG1tAIAUBClwafWItExVDCxM7FhVcR2ZFGEFcQ1hBFgYVUFFcXxVYWA1AT0YRA0hAXEIVbkkAFgtGWUQWUFRTBFUWCQMaCAYDQRobHUNGVT4KDBcXRAMXWlkARUwTAAIQBkhaWlQTTRNKCBYGOwoCGw8IHUNCUBUHPAAMC1hcVxNbE1oJAxcREQRYQVwfAl5UQ05BFgYXTFBKRT5ZVhIWQV5BBVFUTUQTU1gVB00HDAsbGRtTE15OEgcROwoCGw8bAQcDC1IDUgFOA1wEWBxVAQxVTwJVAgUUUVsFAlABA1VTBVYAGxkbQwRXXBMHEUZZRFFBTUESCxZOA00JBgJfWlZVElBfBBYaSgAJVBobHUNDXBAXBhcXOVRQTVkOVRtbQCQhN0QVF0lIFVlWDz0VAREVUFpXE1sTCk9bQUhBE1hqXVQXWFoEPQUFDg9VTBsLQ35NCQcRRk9ETFRmVQRHUAIHPBAaFlwXAxMFVEoKFgwUQUobQFhuDkJmBwMODQ8fGw8bZghfXQ4VEEZPRExUZl4Sbk8EEBANDAgbDxsAURMVQxcCOwEUVkJKVBNuXwAPCggaRAMXf1gTVF8OGkFIQRNYaltDDkZKBBA8EgYUSlxWX0MLG1BSVkpTRBUXTFA%2BQk0TCw0DQVwbeFZLCF1VAE1WSlNGEWJQXwVeThJCLTBDVwkbCQpBZlAPVFdfQx4PAQIRE0cDUFJWSlNPGXJcUgpeFlNSUlRTVwkEGXcIQ1wHDRtLUlYMGwkTTRNeCBY8BwwLVFxNE1sTClkEVQJRVlhRXwFYExVDEgIWAgtKFwMTGm0bCw0KCjwJT1BLXQBIZUNYQzhBV2UXFRE9E00OFxE4QVwZaRtVNVwJPUBPRD9EWlRUQQBYXg8%2BQV5DOhtBWH4Sc2VDTkM4QQJQRlhTDVRmEg0WCgc6Gw8ZbUMAZUNOQzhBC1ZXUF0EY1wFCxEBABJlFwMRPRNYFBYMOEFKGWkbVAxTXAU9FQ0HA1ZqVl8NSGVDWEM4QVdlFxURPRNNABAEARc6Gw8ZbUNuWw0DDQ8/REQXFRMCUFQ%2BFgIDQVwbRUxTDVhaQ05BBwwKVkdmXA5VXENYQQgKAVFBVF4FVBtNQBELDAtmRk1QFURKQ1hBCAoQXBdETA%3D%3D HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 2455
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Connection: keep-alive
date: Thu, 23 Mar 2023 10:26:45 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
x-served-by: cache-bma1628-BMA
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f5fd2eba1f2aa041083285e4a8365482
e6f6a39fce6037875928493b290b64ad976da880
403a75febcdef01c6bff5dd1b994dc02815e3bba4a230328ceeac83a4254d69e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "403A75FEBCDEF01C6BFF5DD1B994DC02815E3BBA4A230328CEEAC83A4254D69E"
Last-Modified: Tue, 21 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5264
Expires: Thu, 23 Mar 2023 11:54:29 GMT
Date: Thu, 23 Mar 2023 10:26:45 GMT
Connection: keep-alive
static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
IP 104.16.93.42:0
GET /CACHE/js/output.e1067846ea15.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=108152
etag: W/"97a23c5e27826ee4bed1dbcfe0601da8"
last-modified: Thu, 24 Jun 2021 21:24:09 GMT
x-amz-id-2: sZx/hKnuGDhNa61R3FEdIbXB4af2uw7uOz32ypKCm1Xu3jw0mNYYEtyRa1eL6n6ApxbIA6b8Ud4=
x-amz-meta-s3cmd-attrs: md5:97a23c5e27826ee4bed1dbcfe0601da8
x-amz-request-id: 02S2FGR0KBTHFDSR
cf-cache-status: HIT
age: 1166954
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2tf35CNwA3PkjXvkaRKX6Xm4sFsUe4GEtDYGSSYwP%2FbM1eytGRKqXpTzfYTfKy20Q9Yads44oUzpjBu%2Fcf%2FUjr9LvaVoKrCjFPxxXtBypkbiELUrQS45hxzg6kEuY%2BASuaw73CXs1ZpdFUl1fZvlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=xXTui0nvAgAVjrVRn2CT76xnZotw6LzrEuTrl4nQVZg-1679567202802-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa496f890b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
aa69f8e019.55706cc809.com/1675ff9235b8b672802f66dbc35fe5b9/67059?version_name=a
45.133.44.25200 OK 0 B URL HTTP/2 aa69f8e019.55706cc809.com/1675ff9235b8b672802f66dbc35fe5b9/67059?version_name=a
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /1675ff9235b8b672802f66dbc35fe5b9/67059?version_name=a HTTP/1.1
Host: aa69f8e019.55706cc809.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Thu, 23 Mar 2023 10:31:41 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
pt.ctsdwm.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
93.93.51.191200 OK 0 B URL HTTP/2 pt.ctsdwm.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3 HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Thu, 23 Mar 2023 10:26:45 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 22-Apr-23 10:26:45 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.21e4d7885076.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.21e4d7885076.js
IP 104.16.93.42:0
GET /CACHE/js/output.21e4d7885076.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=114830
etag: W/"b4ad9510a310ef8a83f71a5f317f091d"
last-modified: Wed, 02 Nov 2022 16:55:42 GMT
x-amz-id-2: PsN3iv65Njn7hNZwOdYd1oAvY+pAIQWUXN9tndhJWmeM1MvoPlyG8vIpgAHr+IS5kjdZ1+l3zUY=
x-amz-meta-s3cmd-attrs: md5:b4ad9510a310ef8a83f71a5f317f091d
x-amz-request-id: QXPZJGZRTB4AE79K
cf-cache-status: HIT
age: 1790906
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3S8nBdc0eTumFtWbhAUf9QJ0nYAl3JYJeM2hr3lRen6sl8lKqZW4w0nE4eBnZVMsLkZPoCPuCXqshKbtTt8lQJ9HKt%2FtLCuAb0jqBPmgGouEHYxwDV6cMyKet2jddPLCQnwDcQIqSnWTgJi0Q%2FCjGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=6Zsaz1qQtuiKULlmUeBENYs5ULsLd_nIjLME1HtiDc0-1679567202821-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa498fbe0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.74:0
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 23 Mar 2023 10:26:37 GMT
date: Thu, 23 Mar 2023 10:26:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true
172.64.205.2200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true
IP 172.64.205.2:0
GET /loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MzeyWT98Up9BpZpeI%2B4QoxQDGt4Wxpa5CyrbyippCKq5pLpO66N7h63yRpbIrACk0r52Yficd7OngG3auz0jJyml1LcPBWkcAn8a1fkHDXUIHMCFmCSHLPfSHHZU3vt52EQzdJ8D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa41deb50656-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.cabnnr.com/banner-admanager/build.m.js
45.133.44.24200 OK 0 B URL HTTP/2 js.cabnnr.com/banner-admanager/build.m.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /banner-admanager/build.m.js HTTP/1.1
Host: js.cabnnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 27 Jan 2023 07:04:13 GMT
etag: W/"63d3776d-d174"
content-encoding: gzip
expires: Thu, 23 Mar 2023 10:31:42 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420557?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/420557?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/420557?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=RxA505sQter17hcnv7lk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
camschat.net/900250/adnium.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/adnium.php
IP 66.230.180.98:0
GET /900250/adnium.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3-4ubuntu2.18
content-encoding: gzip
X-Firefox-Spdy: h2
twinrdack.com/link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=1650136102&kw=,
172.66.43.134302 Found 0 B URL HTTP/2 twinrdack.com/link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=1650136102&kw=,
IP 172.66.43.134:0
GET /link.engine?z=56531&guid=ca671639-b7fa-4892-a712-9dad1adff15a&tid=1650136102&kw=, HTTP/1.1
Host: twinrdack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ac1d488833.bae0c0aefd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 23 Mar 2023 10:26:44 GMT
content-type: text/html; charset=utf-8
location: https://twinrdack.com/Redirect.eng?MediaSegmentId=46824&dcid=3_ctx_11b3ac6a-8863-422f-bb0b-9b2839cb0e41&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=utn_I22yrxGa3hkBgor7k3nJmOd44GpV_dOcZBYAkIR1OoqaAhhsNEITvJYl0EJxyBQSnkP80ELHZ84ai-LyfDkqySiDx15eX21MMCJ94MI_2x4-A9KU9mNFa1XgGLuw_bLzN5sOCdb4q3ZFu2pLgt6tgM1mGn0GK3MQ-EnpCQapukXg2w1UG5L6czJDbbSMxqkvTeHCBRfmySURD3rAaJ0iKcNsX3_O-sFM6RmP8LzMeW_A4cO9pK5BCa4aOjWYwXmI-QEOEdGqQja8Ibd_pk_Ax7YOSwzkusOyEA4xUdoddfrmO8yU8_622nOfwLZqSakM9GmQeIDjO90HEwuzQm6GQbXgwhLW5F_JXDIHDRnGIOFRvpooFFNnqksDgY5W_wgSvVUN6gXQboQHcahKCd6zhKIRWnK0CwpT-HWwFSXU9gU1goDdBDHCEGxUZa-kSgC9pc_AbRGo1P_l_guiHnNIDO4F3wWRi646gDLmhdDfe4dF8PV30kb-g5kVdSyo_E9CNiKqXMfa14FrmH8D7lks3_xcgby-K83kQV1xfHUy2uuxQHM4N8xPv2HM1YikeyqhXaZQWC0TqSVWMw6mMCGGx2YGqgDaX2LdKemDOMROI-e-cEiMSvKMj-Zn4yD3-xB2k-6teHqhuskrvbuk1UIplmN9hxj7DP5kRi3q8JW8PISZCt90YK-kPf9a8Rn6tSMoJPln8wvWdStw-qTRGU1KFuBm8MitXP_z3r9FKZPo8Ko0MTdZ2-mSaPaE-6MX9ran47u6uJBr7vbPh4c_mg3rc2l3bGauRtXYG0xtefOwRFdCK3d_yOPzZezDl9j2NPGg4vemiSSQ4ZJzrwtJxmllZB-tLM10LJbBV1Y3PqZCuwrYti0Azs_m6TLmC_rFJqjkRMe727AOpCBTJrhjZ2t4fEU5zvFdBw0Sj2U8PnMUg7FCxcQQQpceihVNrHeznmZOYdyyX3ovnT2Sa833FZm5CXljjJvlrHtS64sabGs1&kw=&mw=300&mh=250
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=36c4b37e-de08-4434-bb6d-ef8605aae4a3; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure
ISSH=6A1BEE; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Thu, 23-Mar-2023 14:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"14173":[{"SId":"6A1BEE","D":"23/3/23T3:26:44"}]}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[14173]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Wed, 23-Mar-2033 10:26:44 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SDJB5soS3exmkpi0utZ%2FFJdpIneeU%2B9XZK7cosYNOTBMlJ4eXNI3YotnKdFTibNPK2nRn43BydWNNgla780nF5PuHdfTmB1bvjUS%2FKYy5JLymhsCXjDjdg5z8tm0d6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa533b060b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.a6262276739d.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.a6262276739d.js
IP 104.16.93.42:0
GET /CACHE/js/output.a6262276739d.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=300835
etag: W/"fae44c3d88d5fe646f2c5a8e2dd53729"
last-modified: Tue, 21 Mar 2023 01:59:26 GMT
x-amz-id-2: JtLe2YjV8dhyxf67S5LtWcKbrouNlJSa0nCMqs/3FKE4SMCjvEopxoGOoU3O3u5i7XUEDKJDySY=
x-amz-meta-s3cmd-attrs: md5:fae44c3d88d5fe646f2c5a8e2dd53729
x-amz-request-id: 889H1Q68GDC49608
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 203088
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9soIwwu7XcN3y17e%2BHOw7fa1H%2BuTHSCJOvyMELkPac4U0cQezciOmBbJchNwdjMo2M%2BNsLCFc7CCM4ypkqz78x%2F3Js8mXX%2FEIuKjbTMldsJQib67P%2F0DbimTIjPa58uOnMYgSZSjroMr5xmVw6X0Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=PJGjH8LnZ_OcWFJ4tmfQTPlORO1oyep1Ptu661f34PI-1679567202801-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa497f960b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=38f6f20adf09
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=38f6f20adf09
IP 104.16.93.42:0
GET /jsi18n/en/djangojs.js?hash=38f6f20adf09 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=3305
etag: W/"2623d59dd64d45dc63e949b7350c2c0c"
last-modified: Mon, 13 Mar 2023 21:55:43 GMT
x-amz-id-2: lOZVaiF0txN4MDb8MV91kueEzq+OLNOutDID2kIGGdng5J1MX9YVW+9iZFA/8v+mO3pbE6YfVIk=
x-amz-meta-s3cmd-attrs: md5:2623d59dd64d45dc63e949b7350c2c0c
x-amz-request-id: N0E6G02BK7ZJT0SR
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 32531
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ypnwRrl9ZYQPFqhcSa5o4IviI1pEEdq4u2w%2ByiidVU1XnYyEVyWuCZMNdcr%2BctfuXvvMknRp3EEohaBUZ5gYWd1uora%2FWgEfp3UMvvQVVBPnwdYG%2BzeXIqfMd34TKVJ48txHJZqECFK5UDRHW9slDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=hQKLo_W9U5_i53oy9AvKwdicati14PnN8SObTIff5Y8-1679567202818-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa498fbb0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
93.93.51.191200 OK 0 B URL HTTP/2 awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID} HTTP/1.1
Host: awecre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
cache-control: no-cache
date: Thu, 23 Mar 2023 10:26:42 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sat, 22-Apr-23 10:26:42 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2
aa69f8e019.55706cc809.com/ec5d51fbcae857dcb7a79eecb8f69789.js
45.133.44.25200 OK 0 B URL HTTP/2 aa69f8e019.55706cc809.com/ec5d51fbcae857dcb7a79eecb8f69789.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /ec5d51fbcae857dcb7a79eecb8f69789.js HTTP/1.1
Host: aa69f8e019.55706cc809.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 17 Mar 2023 10:10:23 GMT
etag: W/"64143c8f-9e73"
content-encoding: gzip
expires: Thu, 23 Mar 2023 10:31:42 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-2079917900%3A1679567200825072&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QH3Surql_sRrx2A7ue21AA8Ph0c_5ILNYYBjhQuBA47EAympLET-HdL0uHqgTkSjbmUFCdZQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-2079917900%3A1679567200825072&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QH3Surql_sRrx2A7ue21AA8Ph0c_5ILNYYBjhQuBA47EAympLET-HdL0uHqgTkSjbmUFCdZQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-2079917900%3A1679567200825072&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7QH3Surql_sRrx2A7ue21AA8Ph0c_5ILNYYBjhQuBA47EAympLET-HdL0uHqgTkSjbmUFCdZQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 Mar 2023 10:26:40 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-t5RtIWqZ0yi9FtHogjy8QQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:40 GMT
content-type: text/plain
set-cookie: csu=85260395998082@1@1679567200; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WscHwzC78BMJhHRU2NpnggVb6zebalmykwO7d%2B28JHclEoaQWmmY14bRd%2BhZm%2FFkivpoL0aqV0i47J%2F0ztz%2BAgY8pyQx3YMrcIVmi5znovkIo3Ol5c2biI8aT47ERARZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa3d1abe755a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=RxA505sQter17hcnv7lk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
aa69f8e019.55706cc809.com/a47a6110daeb38bb4fdd5d5862d2cb46.js
45.133.44.25200 OK 0 B URL HTTP/2 aa69f8e019.55706cc809.com/a47a6110daeb38bb4fdd5d5862d2cb46.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /a47a6110daeb38bb4fdd5d5862d2cb46.js HTTP/1.1
Host: aa69f8e019.55706cc809.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:41 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 22 Mar 2023 14:12:21 GMT
etag: W/"641b0cc5-19bd6"
content-encoding: gzip
expires: Thu, 23 Mar 2023 10:31:41 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
camschat.net/900250/game.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/game.php
IP 66.230.180.98:0
GET /900250/game.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3-4ubuntu2.18
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static5.ptwmstcnt.com/npe/ba/elf/css/elf-v974215.css
93.93.51.200200 OK 0 B URL HTTP/2 pt-static5.ptwmstcnt.com/npe/ba/elf/css/elf-v974215.css
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/ba/elf/css/elf-v974215.css HTTP/1.1
Host: pt-static5.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: text/css
last-modified: Thu, 23 Mar 2023 06:46:10 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"641bf5b2-2e86"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:40 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 23 Mar 2023 11:26:40 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
IP 172.64.166.9:0
GET /sb/chat/mob/ssp/v2/new/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:40 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:58 GMT
etag: W/"62ceb706-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 11046920
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Beo4j4Zy3KLljxAQDrMI3HpoMikijOY9Xu1TvsngouYREjmdYml8kfWKlLjmkSBUiwtK0NKkUp5fFxWaeAKMclS0enX1Hw%2Fk%2BA3wSNmVn8Dp0CakJBD%2FVJtgMWJjeCjt5KyS9Ef4vCC%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac5fa3b286375a1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pt-static4.ptwmstcnt.com/npe/ba/elf/script/elf-v974215.js
93.93.51.200200 OK 0 B URL HTTP/2 pt-static4.ptwmstcnt.com/npe/ba/elf/script/elf-v974215.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/ba/elf/script/elf-v974215.js HTTP/1.1
Host: pt-static4.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:45 GMT
content-type: application/javascript
last-modified: Thu, 23 Mar 2023 06:46:10 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"641bf5b2-8a54b"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/825-react-bb8e2b5d8559102e7274.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/825-react-bb8e2b5d8559102e7274.js
IP 104.16.93.42:0
GET /cachebust/825-react-bb8e2b5d8559102e7274.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=161808
etag: W/"7a130551f6e927ecc9daaab2d085fc21"
last-modified: Fri, 03 Feb 2023 01:47:49 GMT
x-amz-id-2: m26geDVZRxhFy0Qd/ImOpZZNsTEArJr8X5QBNJsWjUDPUxnCKgxago9I2SYbzspSbFfVNONjf3U=
x-amz-meta-s3cmd-attrs: md5:7a130551f6e927ecc9daaab2d085fc21
x-amz-request-id: 8ZDMJ16KJWKK3FPS
cf-cache-status: HIT
age: 1586172
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBwcNgc2LCRa1LXd315drZ0ejQE0SLu1BToKc3mEo9SL50GoXpx1aunSla4KmIaAL1O7gOnZCjp3CzfQx6ESUnPd1RMNOC3LwPXuStjvayWeTbFalK9BMn1ESUyIDJamOe4tm%2BKW2nF3HkR5T5CFoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=PJGjH8LnZ_OcWFJ4tmfQTPlORO1oyep1Ptu661f34PI-1679567202801-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa497f8e0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/runtime-react-afb237e8b31275fe8b77.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/runtime-react-afb237e8b31275fe8b77.js
IP 104.16.93.42:0
GET /cachebust/runtime-react-afb237e8b31275fe8b77.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=2562
etag: W/"cf9f6aa238586d52f229a7c69315220c"
last-modified: Fri, 03 Feb 2023 01:47:49 GMT
x-amz-id-2: H+OQOab8jyLazuGfQcb1jQRjUx4B9zVTBWfSw3aGbiSYmTrYEVMTDuafkHv7StkOxiSFsJEDYvQ=
x-amz-meta-s3cmd-attrs: md5:cf9f6aa238586d52f229a7c69315220c
x-amz-request-id: 8ZDGPX65Q0PQ1773
cf-cache-status: HIT
age: 1586172
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6QmdwHFXiOQiMS0tl7HNo8QzQyXMDJzgiWOb4aFL8uvXP5hi6EO1ZaCF14AahbhnMD3w3BtwOeg5dR1MB0MoxiO1oT2zBXX1uq8QRu3X1fKC61RsHFduiYmAMYMWQ9Qv7OxPCRToxyWWZ3IX%2FUwhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=l3iUPYPN0CmDgzq9N7lN6zHA81Kh9tyykGMsPpJx3PU-1679567202806-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa497f8d0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
camschat.net/900250/awe900250.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/awe900250.php
IP 66.230.180.98:0
GET /900250/awe900250.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3-4ubuntu2.18
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/video/63b1b6a4f1977b2d7f383272
172.64.96.10200 OK 0 B URL HTTP/2 xfantazy.com/video/63b1b6a4f1977b2d7f383272
IP 172.64.96.10:0
GET /video/63b1b6a4f1977b2d7f383272 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:36 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=adhs3rka8xcm0luejpkqu; Domain=xfantazy.com; Path=/; Expires=Wed, 23 Mar 2033 10:26:36 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Thu, 30 Mar 2023 10:26:36 GMT
experiment-save-to-button-2=0; Path=/; Expires=Thu, 30 Mar 2023 10:26:36 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RqtdOxLiFAp3AHXlvxi%2FFOavQXC1keWXLTF7nSZTELHSK4tyEzfM8zM%2Fgutf1AiminZrpG%2F8KTH9BQOxAbU%2BqMVEk7oRtm1MEf0Wu0v3%2BDTfTyWWRlEDVUPjOb1axNY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa226f61405d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/settings/289411
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/settings/289411
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/settings/289411 HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 10:26:38 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.93.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: 82UyDwhtg0Qak/cFEe6BGdCWn6De4XRli35cTEqbCVxdfXGVWZqf/Nev8pYK/+glqgvKM5oFu8g=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: SM1ZFEHB4V02GE43
cf-cache-status: HIT
age: 46919
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sYxe%2B%2Bo2%2BMPv8n1ToGXFtj4vvezZqpilbg1HWG7xnef51AiZvyWRBmTCsgqLM9ZDw9YePaCv6e%2BKpGR4rzAh1UwXfUBVe8ilQ71okgQTyvO7%2BPEuyU7SsJ0dhdXSxe9gse5fU0uJJbKgffjxKn77kA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=ZqPAt_pNGvRbxoYInT_ZK_cIE5SlRMICueJiZGO7N8s-1679567202817-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa498fc10b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
IP 104.16.93.42:0
GET /CACHE/js/output.caee332d326d.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:42 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"b61e15511bf0db70d0d422e98c465403"
last-modified: Thu, 24 Jun 2021 21:24:08 GMT
x-amz-id-2: HeoCFEUKzTihPkh1D1dueOkltnCJFjGi5HuYWiCUmgPBwm4469ef2j6fTJmt3Rc9WX3D61SDttc=
x-amz-meta-s3cmd-attrs: md5:b61e15511bf0db70d0d422e98c465403
x-amz-request-id: 75T4PX5CV0NYCRDS
cf-cache-status: HIT
age: 279662
expires: Sat, 22 Apr 2023 10:26:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yYIHkgwjWsR4pLMw%2Fr09h8prwp9CyirAYBPjfkKoaThsJQ2GzySVKo12tYACbPA21uI0M2G6YhkYlQhUKeUraCzMh%2FqMU0oHvpQBg9H%2BpCddhA8sp8yfouWF8t3PnC8knQbvvjQ6r1ZcC5DCJ1g18w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=M76SC6lewGToJUMO0r6RoGz15PrgndVKP3umx__rMOk-1679567202820-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ac5fa498fbd0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
104.16.88.20200 OK 0 B URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 104.16.88.20:0
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 10:26:37 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.260.0
x-jsd-version-type: version
etag: W/"34f5f-yGewIL0vxuRUBEBE3b6MwsdNGFQ"
x-served-by: cache-fra-eddf8230100-FRA, cache-bma1635-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 5775
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N203MLrPfW213%2B2%2BYw8xGM2ijLOYYPXjhXzhgtkNr%2FykVpUNS0NxQVknYeGu1UdQXHtFZWWPPhTl%2FDrg0FvDJ%2Fp0dA2NhW4%2BTfg5N7oFFQIKdZydesgPQuGppPWoj9Rv%2Bjw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac5fa290ea0b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2