firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 22 Sep 2022 18:14:02 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Ji3E1foeINkTfIzOnemORFUHVN78Klqgfchw8JcXV3MwCc4RX5pRkQ==
Age: 2187
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9368
Expires: Thu, 22 Sep 2022 21:26:37 GMT
Date: Thu, 22 Sep 2022 18:50:29 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 22 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: D7YSNy0eEGh6xxMOZ0NOXPkTFcXES95Z9zCSttU7O3rw6CdGK3IQ8A==
age: 51315
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 22 Sep 2022 18:03:22 GMT
Expires: Thu, 22 Sep 2022 18:12:27 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: W5AqTmgfoaJmKTbFSNxKzqjn9M9Uhz4LrcMFNcTVVYQCyOCj93d4kA==
Age: 2827
ocsp.digicert.com/
200 OK 471 B IP
Hash 86624f45fb3b7126dbe002f69c94dd86
30bcf274db5037122f989fb25dbf1e72c9ec417b
2cc9600578cf057dc499835773fb495caa60ac154c4945f0fc1f2b31d43f5502
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4840
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:29 GMT
Last-Modified: Thu, 22 Sep 2022 17:29:49 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dkxjhTRx+a8nJw5bWJxDhw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Y+skcfc0tppQJABDzgHcw6kWG6U=
ocsp.digicert.com/
200 OK 280 B IP
Hash de424c85b225196c5a35219b9e3ebd8e
85607bc7f8cd550eceab6a6c236b403ca91662f5
29fe2614f1d16a5e8c89f055ce08a45ea0d89e31f91b014e6cea52411a7902d3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6375
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Last-Modified: Thu, 22 Sep 2022 17:04:15 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 280 B IP
Hash de424c85b225196c5a35219b9e3ebd8e
85607bc7f8cd550eceab6a6c236b403ca91662f5
29fe2614f1d16a5e8c89f055ce08a45ea0d89e31f91b014e6cea52411a7902d3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6375
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Last-Modified: Thu, 22 Sep 2022 17:04:15 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 280 B IP
Hash de424c85b225196c5a35219b9e3ebd8e
85607bc7f8cd550eceab6a6c236b403ca91662f5
29fe2614f1d16a5e8c89f055ce08a45ea0d89e31f91b014e6cea52411a7902d3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1872
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Last-Modified: Thu, 22 Sep 2022 18:19:19 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 280 B IP
Hash de424c85b225196c5a35219b9e3ebd8e
85607bc7f8cd550eceab6a6c236b403ca91662f5
29fe2614f1d16a5e8c89f055ce08a45ea0d89e31f91b014e6cea52411a7902d3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2039
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Last-Modified: Thu, 22 Sep 2022 18:16:31 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 375756444a8871bbe816165e294fb262
2f9e18473daa3daae633a4df448a2230e77f8c33
c2e94c3082cb76fad8f5ace3c686f46d43c807b7f2d3cb9f2b4d9965b91af4c2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.tubecorp.com/b/loader.js?v=3
200 OK 831 B URL HTTP/1.1 cdn.tubecorp.com/b/loader.js?v=3
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (1745), with no line terminators
Hash 8143f2c692706afd858455911eb34152
0e9051df8fcf7a51281db01a28185679f5c32c81
03959f368154cb76dbd9d598d9a7efde0005a1f5fb62d5cd60d6e874bbb7abce
GET /b/loader.js?v=3 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:30 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Wed, 14 Oct 2020 08:55:58 GMT
ETag: W/"5f86bd1e-6d1"
Cache-Control: max-age=3600
X-Request-ID: fcf2ffedfa7ab8fb037af1f8f32a431b
Content-Encoding: gzip
Expires: Thu, 22 Sep 2022 19:50:30 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c8ac2005f83e8a3a9da1a9837b6c2ff3
7c05f49683e49232c1e11b91253e684d2f96ab83
b0b42743b4c7e4b528fd78aadc5429ef34c2e127f3d5147330d428a47203dc0a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
IP
File type ASCII text, with very long lines (32025)
Hash 83b3b5729cdff3976db52c51831e96b8
d23dc823e37f58e5366340be755730f3fa9a850d
675fa88b39008a09994460a93b310a7d4593735009a9b24b6f176c347ad12421
GET /ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29725
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 06:17:19 GMT
expires: Fri, 22 Sep 2023 06:17:19 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 45191
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash de424c85b225196c5a35219b9e3ebd8e
85607bc7f8cd550eceab6a6c236b403ca91662f5
29fe2614f1d16a5e8c89f055ce08a45ea0d89e31f91b014e6cea52411a7902d3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6375
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Last-Modified: Thu, 22 Sep 2022 17:04:15 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
www.googletagmanager.com/gtag/js?id=UA-98275526-8
200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-98275526-8
IP
File type ASCII text, with very long lines (1720)
Hash aa5df6f3e0761669d7b3296669e2efec
dd82b93dfaa861b779bec47c9dfbadee2c428fc0
950d099b77d0d55ce45a9d23cded34fb3fa63a875f277c398485cf8c4f0ac862
GET /gtag/js?id=UA-98275526-8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 22 Sep 2022 18:50:30 GMT
expires: Thu, 22 Sep 2022 18:50:30 GMT
cache-control: private, max-age=900
last-modified: Thu, 22 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42212
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 28eb8ec3223628bb9ca925634f78f7b4
b44f79aa73ded91d9373ef6a751fd08f23e43e6a
3c443a8e740ca690049988dc76516cf62815b746655ae344d26e6b31a04b812d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:30 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 08:27:05 GMT
Expires: Tue, 27 Sep 2022 08:27:04 GMT
Etag: "b44f79aa73ded91d9373ef6a751fd08f23e43e6a"
Cache-Control: max-age=393993,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ed3a04ab421c16-OSL
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 22 Sep 2022 18:50:30 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:30 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c8ac2005f83e8a3a9da1a9837b6c2ff3
7c05f49683e49232c1e11b91253e684d2f96ab83
b0b42743b4c7e4b528fd78aadc5429ef34c2e127f3d5147330d428a47203dc0a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c7b623b7bcd37d436886346d495f9577
eb5688f0df28fa33b202e78d916e35387178636d
74037773d23c4426c3717e239e9dc228904f9cc8b8f084c655e26dcd9e345a96
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b9893dbb93b5cc3cb8637b496ecd3c1c
007b31caa727ce627f6ba81a3f43326a1538181e
b82608484e9e9dbf009de73986da468fff9833e5d040016b3214b8774ba9f500
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 5f68499f2ba3b2c5aa7e979ee9b4d3a8
67a456fe80bd69aa2fbd0331ba343d1789509d0f
394e18527ce3ad7de2274de2e5e6a7f3fb390e7d6c4f7342ab485b7794e169e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gayinleeds.relayblog.com/?yessenia
200 OK 16 kB URL HTTP/1.1 gayinleeds.relayblog.com/?yessenia
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5538)
Hash da50c80a8c37381b3d3efe7e7158fad6
310b3db50b0bc26ee1d1292878e48ab22147d359
1717b1802bdf2a0b2059ec253bba87b12a5a87b453b5b75afaca4abf5418b4c3
GET /?yessenia HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4797d6fd00b4884a9a2bd74ed01e2d1d
8d5e48550c7eb8c2f81ab8c126d452257e4d98ed
4c6fb508b26b7fc8be67672a70d2d0b73ae0cee68c0969350751823c49bf4a9e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.tsyndicate.com/sdk/v1/bi.js
200 OK 3.3 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP
File type C source, ASCII text, with very long lines (7675)
Hash 994ce2eb3c88a9c1025564da2a49a681
8f8e617b60e5626becb9bd5e4edd5461ccf4279e
8927431d37a4d03469c7d618a05ac02c7149c988766fb34667f06f1310a2246e
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 09:36:46 GMT
Content-Type: application/javascript
Content-Length: 3253
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 292424
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4797d6fd00b4884a9a2bd74ed01e2d1d
8d5e48550c7eb8c2f81ab8c126d452257e4d98ed
4c6fb508b26b7fc8be67672a70d2d0b73ae0cee68c0969350751823c49bf4a9e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.tsyndicate.com/sdk/v1/bi.js
304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 292424
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 83782
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 14:52:00 GMT
expires: Thu, 21 Sep 2023 14:52:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 100710
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wideeyedlady.pro/crDt9v6.b-2i5IlcSTWEQ/9zNZD/I-2TNJzGMr4YNMgH
301 Moved Permanently 162 B URL HTTP/1.1 wideeyedlady.pro/crDt9v6.b-2i5IlcSTWEQ/9zNZD/I-2TNJzGMr4YNMgH
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /crDt9v6.b-2i5IlcSTWEQ/9zNZD/I-2TNJzGMr4YNMgH HTTP/1.1
Host: wideeyedlady.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 22 Sep 2022 18:50:30 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://wideeyedlady.pro/crDt9v6.b-2i5IlcSTWEQ/9zNZD/I-2TNJzGMr4YNMgH
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
200 OK 18 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Hash 448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
GET /bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:30 GMT
content-type: font/woff2
content-length: 18028
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "448c34a56d699c29117adc64c43affeb"
last-modified: Mon, 25 Jan 2021 22:04:28 GMT
cdn-cachedat: 08/20/2022 05:24:48
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 864
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 19765e26c59041b3a25bd67c9903c046
cdn-cache: HIT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ed3a06c97d0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
301 Moved Permanently 162 B URL HTTP/1.1 biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 22 Sep 2022 18:50:30 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4797d6fd00b4884a9a2bd74ed01e2d1d
8d5e48550c7eb8c2f81ab8c126d452257e4d98ed
4c6fb508b26b7fc8be67672a70d2d0b73ae0cee68c0969350751823c49bf4a9e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.tubecorp.com/b/tcbanner.js?v=9
200 OK 18 kB URL HTTP/1.1 cdn.tubecorp.com/b/tcbanner.js?v=9
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (50685), with no line terminators
Hash cdf1ca2de3be908c01fc475c284bd396
41d93ac6b9d836e4ee2317d00b977bc4edd6a294
14b531a858232cd186a0a4c7070ddde07e950a8e7adf0940835f6adf86600590
GET /b/tcbanner.js?v=9 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:30 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:35 GMT
ETag: W/"61989abb-c604"
Cache-Control: max-age=3600
X-Request-ID: 6f1daecf978b48536956fdbfd14a730e
Content-Encoding: gzip
Expires: Thu, 22 Sep 2022 19:50:30 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4212)
Hash 04a02b7e35d810766570883978853439
c7d8079e90c2a764040cc42e5a1dc9c71073fbb9
4ee710bacb52442dc04526cc63561c7022c07cc71ab851278e4606f464dadb20
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: c6f7d52cd2e5bdc1
Set-Cookie: ts_uid=91eaf57d-8301-4716-a8c2-748cf0fc5fd2; expires=Wed, 22 Mar 2023 18:50:31 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YYNmzAsHGDRhcWIsYUPPhQRJmJCG3MyFEjB4wZMbr0URAQ; expires=Fri, 23 Sep 2022 18:50:31 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=2194679&keywords=&maincat=
200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=2194679&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1377), with no line terminators
Hash a5186794a2cf3a288db27bb633267d7a
054c71067d22b51398232d417f53ebf79afedb12
a8650b961c555000560169404f265105d42482f2b514beb29bf339422e85328d
GET /banner.go?spaceid=2194679&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1377
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-201
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b105c53353c204913092627145553050f490a110b37254b5454544b5053564b5655524b575d5d3b555454544a0e1403
200 67 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b105c53353c204913092627145553050f490a110b37254b5454544b5053564b5655524b575d5d3b555454544a0e1403
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 557x1000, components 3\012- data
Hash 7d9e01c46e7ae3a9b02749f0d671842e
74f6674b8e43399285fc81f042c540bc8deb3224
935f1349625757ad5157ea6afb47d01571c853cc363930ae2728f6fc49936304
GET /viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b105c53353c204913092627145553050f490a110b37254b5454544b5053564b5655524b575d5d3b555454544a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:25 GMT
Content-Length: 66664
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
tsyndicate.com/iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
200 OK 2.8 kB URL HTTP/1.1 tsyndicate.com/iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4412)
Hash 2c51c73e27470a41c0f11da6e14b3786
90d96d366ff7f7c3a80f3f88edb9f37f63958b9b
5934ab823beedb2543b477a4c8c73ff95ba8fc03de716d8f2c173ccfc3ad3108
GET /iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 65da02360acd3a9f
Set-Cookie: ts_uid=6972af74-5de2-4a93-9057-3f42a0cf7c29; expires=Wed, 22 Mar 2023 18:50:31 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YYNmzAsHEjRhcWIsYUPPhQRJmJCG3MyFEjB4wZDvso; expires=Fri, 23 Sep 2022 18:50:31 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
static.eabids.com/data/bannerpools/112022/34093.gif
200 OK 24 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/34093.gif
IP
File type GIF image data, version 89a, 160 x 600\012- data
Hash 325fa577b032b0847fc13b9e86108bb3
8b2055b70855093d31bb9a71fc29f6becfff2878
9c9efc00b6329d620dd00042411429159a663a3f3ecad450a3de2702e03a327c
GET /data/bannerpools/112022/34093.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: image/gif
Content-Length: 24324
Last-Modified: Thu, 28 Apr 2022 14:46:26 GMT
Connection: keep-alive
ETag: "626aa8c2-5f04"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/b.b.js
200 OK 2.8 kB URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Tue, 08 Mar 2022 10:11:03 GMT
Content-Type: application/javascript
Content-Length: 2808
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17138368
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17138368
go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=y91LkdLvO5YHIwMpUbDm9nTSN15iKZDTlykEhlp5Ya58JEFZ51mCiJxNWcda87v7cKAUpBdYBaFxAe34PcUMj4l3YP-pCn2BBMBoi9M_gUIDRUi&p1=3844273
301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=y91LkdLvO5YHIwMpUbDm9nTSN15iKZDTlykEhlp5Ya58JEFZ51mCiJxNWcda87v7cKAUpBdYBaFxAe34PcUMj4l3YP-pCn2BBMBoi9M_gUIDRUi&p1=3844273
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=y91LkdLvO5YHIwMpUbDm9nTSN15iKZDTlykEhlp5Ya58JEFZ51mCiJxNWcda87v7cKAUpBdYBaFxAe34PcUMj4l3YP-pCn2BBMBoi9M_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 18:50:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 19:50:31 GMT
Location: https://go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=y91LkdLvO5YHIwMpUbDm9nTSN15iKZDTlykEhlp5Ya58JEFZ51mCiJxNWcda87v7cKAUpBdYBaFxAe34PcUMj4l3YP-pCn2BBMBoi9M_gUIDRUi&p1=3844273
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ed3a0909a5b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707
301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 18:50:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 19:50:31 GMT
Location: https://go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ed3a0919beb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b28563c0e25282b020e1c21301436201d2234090217354b5454544b5053514b5153574b53535d3b555454544a0e1403
200 110 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b28563c0e25282b020e1c21301436201d2234090217354b5454544b5053514b5153574b53535d3b555454544a0e1403
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 750x1000, components 3\012- data
Size 110 kB (110224 bytes)
Hash 46bf6ff6bc8b9d3fec96726f33d829e4
dcab7c95df1c90e8faebfd084b7cc66d72312053
02a871b2ab7682195b93f33f3d9455ed4e180acfeb0960eae54bb03c6b65b1d6
GET /viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b28563c0e25282b020e1c21301436201d2234090217354b5454544b5053514b5153574b53535d3b555454544a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:25 GMT
Content-Length: 110224
Connection: keep-alive
Cache-Control: max-age=31418383
biptolyla.com/aUWVZ.yWP_3YBZ1acb2-hdaebf2g5_liSjWkQl9-NnDoEp2qN_DsUtwuOvC-0x0yMzTAY_0CNDTEAF5-JHnIpJvKb_mMVNJOZPD-0R0SMTTUY_0WNXTYAZ4-LbTcQdxeN_jgQh1iMjD-kl?iframeId=sayrws
200 OK 859 B URL HTTP/2 biptolyla.com/aUWVZ.yWP_3YBZ1acb2-hdaebf2g5_liSjWkQl9-NnDoEp2qN_DsUtwuOvC-0x0yMzTAY_0CNDTEAF5-JHnIpJvKb_mMVNJOZPD-0R0SMTTUY_0WNXTYAZ4-LbTcQdxeN_jgQh1iMjD-kl?iframeId=sayrws
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (713)
Hash ea52486e166124a1d190713b397446d0
70641414a7e0320cc8c96e9b63a769147850f54e
a1590f4434855044e618ddb18e6890cd5e8b0b3ce4070fb5627e3b91c896130b
GET /aUWVZ.yWP_3YBZ1acb2-hdaebf2g5_liSjWkQl9-NnDoEp2qN_DsUtwuOvC-0x0yMzTAY_0CNDTEAF5-JHnIpJvKb_mMVNJOZPD-0R0SMTTUY_0WNXTYAZ4-LbTcQdxeN_jgQh1iMjD-kl?iframeId=sayrws HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Thu, 22 Sep 2022 18:50:31 GMT
set-cookie: kadCCap=199507:1:1655888030;168401:1:1663017409;211845:1:1661388894;180343:1:1656296307;194136:1:1663118711;132751:1:1663300715;210190:1:1662153287;199455:1:1662011125;210565:1:1660883596; max-age=1695408631; path=/
kadACap=419299:1:1662523186;383700:1:1662671864;419291:1:1662829503;445389:1:1663209970;443580:1:1661935629;419295:1:1661224266;444311:1:1663771206;445475:1:1662616891;424441:1:1662472246;444360:1:1662446108;346327:2:1663791482;438050:1:1657036135;426142:1:1655888030;384014:1:1658355870;427172:1:1661328422;444410:1:1662620118;419321:1:1662477203;433660:1:1662623802;407186:1:1660140957;442019:1:1663736826;419293:1:1662883102;320483:1:1661342695;442673:1:1660504936;419297:1:1662889803;444565:1:1663112893;443007:1:1661388894;422197:1:1661937740;419303:1:1662804291;272913:1:1661284037;438036:1:1657029440;419323:1:1661776141;432805:1:1656295137;434524:1:1657107027;401659:1:1662418246;410252:1:1662915839;445933:1:1662662013;419301:1:1663566374;434768:1:1656274688;446120:1:1663148405;435966:1:1656602141;432801:1:1656295814;319611:1:1659066943; max-age=1695408631; path=/
kadASCap=346327:2:1663791482; path=/
kadRPixJ=bnVsbA==; max-age=1695408631; path=/
kadUnP3=CAIQgqCvmQYaDQjzwZkBEAEY+uKtmQYaDQivp/4BEAEYgqCvmQYaDQiC/5MCEAEY+YexmQYiCggDEAEY+YexmQYiCggBEAEYgqCvmQYqDAjE4ycQARj5h7GZBioMCMPpDBABGIKgr5kGKgwIjL0SEAEY+uKtmQY=; max-age=1695408631; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707
302 Found 0 B URL HTTP/2 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226437&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&buttonColor=%23930606&liveBadgeColor=%23ff0707 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 22 Sep 2022 18:50:31 GMT
content-length: 0
location: https://creative.xxxvjmp.com/widgets/v4/MobileSlider?buttonColor=%23930606&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&isFace=1&iterationId=28473&liveBadgeColor=%23ff0707&masterSmartpopId=0&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&ruleId=0&showButton=1&showModelName=1&showTitle=1&smartpopId=1547&sourceId=226437&tag=females&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=21696
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=808613.21696; Path=/; HttpOnly; SameSite=Strict
__cflb=04dToQvE4FPLng5Mz6amGAT9NT3YTMLeNKpdPT9Xxx; SameSite=None; Secure; path=/; expires=Fri, 23-Sep-22 17:50:31 GMT; HttpOnly
server: cloudflare
cf-ray: 74ed3a094d700b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gayinleeds.relayblog.com/s3/ad_wc1_v_01/3128.jpg
200 OK 23 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_wc1_v_01/3128.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x450, components 3\012- data
Hash 2622f71b35b5d5d959eda7626f7fbddb
c37bc23ecab268111ccc8b9e9b2e9a8218f69779
6aee95d36b0fc713b8437a6c716e3d8543e0811a547f9203fb1161609dc57820
GET /s3/ad_wc1_v_01/3128.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:25 GMT
Content-Type: image/jpeg
Content-Length: 23273
Connection: keep-alive
Last-Modified: Fri, 02 Apr 2021 18:05:58 GMT
ETag: "60675d06-5ae9"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WDfY1j76AsjIOybE0cBjuDQfsH3od93803u6jEd93cqM6Z9vXV327jOlE9UzVT3gRw11m6%2F%2FFJ%2BizLtXQb7k7ZaWg80gk%2FlJ4UTPrB08q%2BZR7iRGPgxm20vg2hqdd%2Bw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a05fef93ff2-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
ocsp.digicert.com/
200 OK 280 B IP
Hash 862a9c28a20e43a574089e4a2f3b7934
b2fff7584fa896b7472edd2ada7189c41bcd7c7e
67d3e5c63856c59f8292e9b34320b0c08ae49988be3dbcbae1e4e822d92f2e54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1866
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:31 GMT
Last-Modified: Thu, 22 Sep 2022 18:19:25 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 280 B IP
Hash 862a9c28a20e43a574089e4a2f3b7934
b2fff7584fa896b7472edd2ada7189c41bcd7c7e
67d3e5c63856c59f8292e9b34320b0c08ae49988be3dbcbae1e4e822d92f2e54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 686
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:31 GMT
Last-Modified: Thu, 22 Sep 2022 18:39:05 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
fonts.googleapis.com/css?family=Roboto:400,500,700
200 OK 10 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,500,700
IP
File type ASCII text, with very long lines (26976)
Hash 381f66f78b5118afba7b170a36d96015
35575050b166b77a9c4d26e1ff335eca6e1a9a7b
b6dd3c3ba532847049b62ad3ecde18f00da89178689f4026d0ec138d56660b58
GET /css?family=Roboto:400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 22 Sep 2022 18:50:30 GMT
date: Thu, 22 Sep 2022 18:50:30 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 862a9c28a20e43a574089e4a2f3b7934
b2fff7584fa896b7472edd2ada7189c41bcd7c7e
67d3e5c63856c59f8292e9b34320b0c08ae49988be3dbcbae1e4e822d92f2e54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1866
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:31 GMT
Last-Modified: Thu, 22 Sep 2022 18:19:25 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
gayinleeds.relayblog.com/s3/ad_tf2/7017.jpg
200 OK 62 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_tf2/7017.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x1117, components 3\012- data
Hash ace0b5367eaa3da26648b05689e2f782
e9fd7dd43acda44244d221fcd08e250f62f4198f
bebaf76eef09462b3b507f7741841870dadbe95bca8fb15039113561bef38455
GET /s3/ad_tf2/7017.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:25 GMT
Content-Type: image/jpeg
Content-Length: 62536
Connection: keep-alive
Last-Modified: Wed, 21 Apr 2021 16:41:09 GMT
ETag: "608055a5-f448"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2F4w21sSgkv9aLNvlRuMlDlL9dVN0Oq3ZXCdsAkIQ9jn0TJJTl5UwJMbGref4J8OKYEUK12mFj3Wg0eYjnbDIUSTCbNVaGAbst%2FzIHtJkD%2BZ%2FHht7iYRdLKfdyM3F00%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a05281fa1ff-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
10945-2.s.cdn15.com/creatives/247/186312/407099_f64b1.gif
200 OK 92 kB URL HTTP/2 10945-2.s.cdn15.com/creatives/247/186312/407099_f64b1.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Hash 7b45136b40990d095377c1f9a9f42532
c8a58f127edfd49f410cb415c7646f974831bf19
4dde2bd698af73457a1a96aa9df2fd0b6e9eb9976aca76fbbd51f76bc0f01162
GET /creatives/247/186312/407099_f64b1.gif HTTP/1.1
Host: 10945-2.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: image/gif
content-length: 92027
last-modified: Fri, 22 Oct 2021 11:41:48 GMT
etag: "7b45136b40990d095377c1f9a9f42532"
x-timestamp: 1634902907.98810
x-trans-id: txf05ef9161f0a4113b91b9-0062e837e3
x-openstack-request-id: txf05ef9161f0a4113b91b9-0062e837e3
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsrP7jnHS8YSuPjrkuTCVphpOep5ZtMQ/BuVATeWDB/wTfYfr6RO3mwsJAG8WiB2Xy4wB2YVA12dYU9wrMO424JP
x-served-from: l1
expires: Thu, 12 Jan 2023 04:15:38 GMT
cache-control: max-age=9624307
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 104, 20899
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 292425
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1102099b82852e76e5336371741068e7
79077b41d6ad08a4bf6362addfe328c0043f035f
f5372e82f1fdbca0f539b78921613f32caf8a32a7da16c32b0005cd886991ebb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F5372E82F1FDBCA0F539B78921613F32CAF8A32A7DA16C32B0005CD886991EBB"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10416
Expires: Thu, 22 Sep 2022 21:44:07 GMT
Date: Thu, 22 Sep 2022 18:50:31 GMT
Connection: keep-alive
go.eabids.com/banner.go?spaceid=5675302&keywords=&maincat=
200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675302&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1360), with no line terminators
Hash 41e2c18e6b36a71933b24fdd6fd68554
23deac5292ca8e61466e274a7039b69a3f28bf5a
e17ff46b06da97b71c75a2de70c6c1f1069038d5c89fc69a32ac540a7750a66c
GET /banner.go?spaceid=5675302&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1360
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-201
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
301 Moved Permanently 162 B URL HTTP/1.1 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12182
Expires: Thu, 22 Sep 2022 22:13:33 GMT
Date: Thu, 22 Sep 2022 18:50:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c0201d377c57a684452c0d26372e674d
3829f81048cc63b5f0d1e82dfbe3b8e31646e733
efa055dc93267be2dddd94b334c0655c2e1f1682467fd738e013a778aea175b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 14397
x-amzn-requestid: c5a03ce8-f695-4ad3-8c42-c3bfd47d6279
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1wLGqKIAMF-Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329699a-2b130d8b1a4b1b9131db8984;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:19:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: u2ObvTaTM2JREJRnWVxEdqPXYFWTdrtlqLLbHugcsNbENjZq63rKVw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 15:24:06 GMT
age: 12385
etag: "3829f81048cc63b5f0d1e82dfbe3b8e31646e733"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gayinleeds.relayblog.com/s3/ad_amt1_h_01/2528.jpg
200 OK 28 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_amt1_h_01/2528.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 706x80, components 3\012- data
Hash 5c63cd6854c87bc4c067d786e00a134c
560e966d6a7b914ee27c1e24373de3df11beef06
250ebcb5a0cfcf2d5a9cbfda30649fe0978df7377f45607631f50f494f3eca59
GET /s3/ad_amt1_h_01/2528.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Type: image/jpeg
Content-Length: 27536
Connection: keep-alive
Last-Modified: Fri, 02 Apr 2021 20:39:06 GMT
ETag: "606780ea-6b90"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uANVou78GYbDBbcjggVoZoZDCueRHM%2FkqigLs9HGT7rZSbF8R0EP3sBW6USTx7%2FbM7DkKJw%2Ftz2vzYkw%2F0yW3Gr3sJCO9DAxSOFqbmZA0Dy33lz5QxLwBSSPpSBWhU4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a06fc5a549d-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62818de3c50f957b2e5680851a1768c9
80e48c9ae48c89598780736b089c98e22d58df9a
16f2c2d23e8641a3f297a175730343d11120a228c0fe846c0fdf1e39212c522c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8549
x-amzn-requestid: 6d44626b-16c6-4f19-ae52-d5350065b390
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwPHJJoAMFdfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84ce-46ebc35612eb7a4473b36189;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UoQTXSP0LgR4LwELp2Avm27hUekfO9TU9yfvNbIlmUtB-FrU9MGRbg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:48:19 GMT
age: 75732
etag: "80e48c9ae48c89598780736b089c98e22d58df9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash af5773255351157d72c28a670a355c60
c803e5866edbe6c9baec14e93677f610bdf09bff
3229b4aa1c698647ad96d114174782549ad240f1b2c4ba8c268165a16afc84f0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10754
x-amzn-requestid: 2d03531d-6055-477f-9cb6-9ea9fa27eeb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1F0vHJ4IAMF42Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b8351-692620e80d5b2efe1d0e3a82;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eYUP9NfAkmU4A-mZvysejq1228Qfb8vbfdXOaHQvr6mjXhnVoWdqJw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:34:09 GMT
etag: "c803e5866edbe6c9baec14e93677f610bdf09bff"
content-type: image/jpeg
age: 76582
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.kinogogly.pro/eef849/4f8a112651cb.js
200 OK 35 kB URL HTTP/2 www.kinogogly.pro/eef849/4f8a112651cb.js
IP
ASN #61107 Toonbox Studio Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Hash 395e964a5842924dfbbf6e5f1a861397
0f3310c2aee431ffbf28701dc26e9fda27a792a5
d64b8a454275e07cd743cb41abb9841a2d5ed306935564f94777fdc8b8d19ab7
GET /eef849/4f8a112651cb.js HTTP/1.1
Host: www.kinogogly.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315356969, public
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr3uaLidETSLqKazNe79F20GEByJQyhOC8MENovHnWAlKl6rDOZz1zoddCAgTNgNdg=
x-served-from: l1
x-vhostid: 6534, 23884
content-encoding: br
X-Firefox-Spdy: h2
www.kinogogly.pro/eef849/4f8a112651cb.js
200 OK 29 kB URL HTTP/2 www.kinogogly.pro/eef849/4f8a112651cb.js
IP
ASN #61107 Toonbox Studio Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Hash 25559b8896af86a08492c726cf754188
eb7d09d2832920b97bee797ca2501cba11b2622a
e9a4b120e277d49489e2748e6955a419b029f8a2e4cb7f3e7e16ea1d7f74e5ce
GET /eef849/4f8a112651cb.js HTTP/1.1
Host: www.kinogogly.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315356969, public
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr3uaLidETSLqKazNe79F20GEByJQyhOC8MENovHnWAlKl6rDOZz1zoddCAgTNgNdg=
x-served-from: l1
x-vhostid: 6534, 24155
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12182
Expires: Thu, 22 Sep 2022 22:13:33 GMT
Date: Thu, 22 Sep 2022 18:50:31 GMT
Connection: keep-alive
gayinleeds.relayblog.com/s3/da_oct20/0042.gif
200 OK 14 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/da_oct20/0042.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Hash ba782ad741ac63954bb99171282460aa
645ca876b549e18262a3e727f862afd68dc745e3
1c85461e0655f648c0fb3f6838ed615307fa179d8b18c182740e8166a58edcb7
GET /s3/da_oct20/0042.gif HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Type: image/gif
Content-Length: 13798
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:24:49 GMT
ETag: "5f80c711-35e6"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2MopbhWPkcMK690wTz4853hEmnHc%2Bm9TfeB3Cg2m49OTkMFYIxbtkiRhL9X5B7izveOs5uI%2FIAsqYBJHHdqVvh65wFwKN0NQ18e7G%2BM96R%2FJq2i6BbgbX2ezunj9Ao%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a09e8235413-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
200 OK 610 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (610), with no line terminators
Hash e4015c0e2be1f7c3da6f01aabc115076
faf6179aa73aa1ff633473acebce30ad8a5b3452
e7f7bf0bc5bb3060b7d84b4bff83d2579d7079280686f4da9fc979e5272757b9
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 610
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
200 OK 610 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (610), with no line terminators
Hash e4015c0e2be1f7c3da6f01aabc115076
faf6179aa73aa1ff633473acebce30ad8a5b3452
e7f7bf0bc5bb3060b7d84b4bff83d2579d7079280686f4da9fc979e5272757b9
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 610
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-201
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
200 OK 674 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (674), with no line terminators
Hash bc58553cfaa054522193309d76801afb
2ee5e96ca9f7b8bbefca4a970f24dffcac6963c6
5cfcf4564cfff7d630144aa90206762d2ccdde0d0feea64d3181df3c56263d9b
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 674
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9becda6e892a190dbbc63216ae697506
ba3369e1827d8f01ca10acb8648195847dd02ffd
d71dd28e0ff260326ba0c30748fa11160f4544c2a264d3a3dc361af0de9fd283
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11286
x-amzn-requestid: 7263b60d-fffe-4c0b-8de5-59dc9ac92a47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwZHOaIAMFSQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84cf-62e160b156b587cc21c7fda5;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QxgrVMX7xwI6qE3T3-LRS3JWoJauPyvCSb9TacW9-ktw-BIq5PSF-g==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:48:26 GMT
etag: "ba3369e1827d8f01ca10acb8648195847dd02ffd"
content-type: image/jpeg
age: 75725
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12182
Expires: Thu, 22 Sep 2022 22:13:33 GMT
Date: Thu, 22 Sep 2022 18:50:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c2db94039cb675cb250519fe57b2b3c9
37222a70df5d9a69073b4b32ebc3a5da60006001
444f4359ac25747e7c5d7e09202f195d407bc94a4933ac7ebbbaf9839bf59aff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12048
x-amzn-requestid: bc551b18-fddb-4502-8c11-b8de83d75def
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YwlKzF9FoAMFp_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329b578-7e030b2e0af1d1c309d2dde6;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 12:43:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dRyKwUtxiHGz_bqMMSlRKS1cDNhKm_g1ocpZLmE15k8owH789jueWA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 22:19:10 GMT
age: 73881
etag: "37222a70df5d9a69073b4b32ebc3a5da60006001"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12182
Expires: Thu, 22 Sep 2022 22:13:33 GMT
Date: Thu, 22 Sep 2022 18:50:31 GMT
Connection: keep-alive
static.eabids.com/data/bannerpools/94553/59045.gif
200 OK 262 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/59045.gif
IP
File type GIF image data, version 89a, 160 x 600\012- data
Size 262 kB (261932 bytes)
Hash 6f38df726a2fcf53c810c21bf01cf622
0abdf92f2a8020c4a00085b6f37788a3ac808968
9c11871c1860c4abf83c7b9ff51470898c6b29ab68f7168937e55a427ae9ef8e
GET /data/bannerpools/94553/59045.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: image/gif
Content-Length: 261932
Last-Modified: Thu, 28 Apr 2022 14:45:47 GMT
Connection: keep-alive
ETag: "626aa89b-3ff2c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17138368
video.ktkjmp.com/adsbygoogle.js
200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: kyl0IVMMo5KW4pDdzfnQKUa/Cfs4W9YHdQTiL3YWd73Il6pI7lh92KHTCplsaUtVSNRKq3KXr04=
x-amz-request-id: 3YWBDN4EWV9170D8
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xxxvjmp.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 3939
expires: Thu, 22 Sep 2022 22:50:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a0b9f2f0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gayinleeds.relayblog.com/s3/gam_oct20/0113.gif
200 OK 304 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/gam_oct20/0113.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Size 304 kB (303593 bytes)
Hash 5b6d8d971f8704457ee061b8aaff1bc5
a6562c25656cd171fbaae26c2f044767be31ca97
b839884a0b6ccae1cdf1b7e327775192d07464b9eb59a63d6c6daef339fa1727
GET /s3/gam_oct20/0113.gif HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:25 GMT
Content-Type: image/gif
Content-Length: 303593
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:35:02 GMT
ETag: "5f80c976-4a1e9"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wPu%2B4kyhxp5fkP9p0V5Qpr39ZKCIWL%2BFgXXs2VBawkqtsTC3ydtoKNrnSKn1SjaCFrCsxlC9uS8u3oG7D9hqGgOEIxprCXc4oAc8EJD6CWwPfpAqdR4zylTSUOhXMXM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a05e93aa22c-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 389994a7455c8c61e967ada2ec63a895
cc36df56270f6896aeafa490b1078679c818ee0b
39f2483a1b6bc748449a6c432e657e51e0a1af2704bc35490955f0c9d110eb8a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 18:50:31 GMT
Last-Modified: Thu, 22 Sep 2022 17:52:49 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sBpni6uR_IQDHXVyYq2GbXwP6D0RSuaxeiA2U33ShFamwSVrzo8_pw==
Age: 3462
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash cdcf9f1de13932c5f792551cc46692a6
8264911aec6f0df8b93dedbf066d354f8826ec6f
f90f4ab60e3ef46b1631f63b06eedbcf59f99a3d99785c74d4a90bcd18f2bb62
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://gayinleeds.relayblog.com
access-control-allow-credentials: true
set-cookie: uid_id2=3aabf0ec-865b-4b05-aed3-6ea38f3d9129:1:1; expires=Sun, 19 Sep 2032 18:50:31 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XYMAOjRo0wMMa0KEODzI0WJc2IFDMmTI0WZnKIcRmGRgyTM2yIeBimzpiMOcrMuAGDzM2RN3DIQImjzEsxYnDkaDFGjEcYYmZkZRljJ0QydijioJEDx0M4dcQstBEjxg2ecOBQnJGDxsM5cCbqyDn2BtGHY9rI1SFDhg0aQ3mSMbNQxoyHYty4oWjDBgwbNyqKaOMGI8MZhWGc5ezZRg2bD-t01TGQDh04c3S8eHHmjQs8uNOoEexizJs2L-a0CSPn9Rs4L8bMMBNmBo0bMnB0TFomB4wwQXGEEROjjI3oIWEIZVtDRsmGN6ua8Q61hhjoy8tUfz6mDA4cP-rMQZiETI8yZNAgFA1kyQCDDDXREAZzOMQwQ0Mw3ICdUQjGMEYO34EWAw6WkSSGSmMgGEYMWc0w4n053CBGh1zUAcOBNszxRh1y1NdfD4UdNlSLLxrWRhltiMGff2zUYUcaNpDxBRRB4LDEFWwEwcYNQ2RxBho4vLGGEnPYgcQRUhiRhQxFrGFDEnNccQMTUCghhw1DrNHSGjTIIcMdQsZhgxA5PHHGGHg6ccYXbSxBxQ1ZNMHEDUewgYMSbtAwhxRkkIFGE7jJkMYVbxyhxRJKEKEFE0vYkMUXZ1SRBBFSVJEGjzDCEUMPfD1HFKyGiVGHa2-4McQbbLwhRw8lOJbDDJddhqsNbKRhRxlCGHRGGb8GO2yxy3FE1A1ekfFbRmeEkUcabrAhHxlzuCBHGWyIK0awZ_T2LWBh6LVFRY_Z5dBbZsUgAwsOAmxXDDaw4FgXkDGmAwwuwKCZHHYMhmxqdaSRkQ0pImjGDTS0UMNBSyl4bAvW1XDScjQgGNLGIebgVRqDiZBDDC5Y50LKLjREg1dyfAEzUDTbjLPOXtURRkZNvKFHGmy0-0INDYOAAhZt7QACE-TWgQcIeHD4xWFWQ6wDhg2nAMIRZYyxxhsvGBjDi2_HAIIRaaxrxht4vEA2DF6N8RNrTjzhlbBf-J1R4F6x8bcIRTjRbRl2fLEuGxSZnBRfLz4kxxmTEVYDDm-JcFDkYsix0H0PjU7oG2Q0xqFmZMjxxkKPifCGQoSdJTseeSxklwh2Z4SGa3DIRpu45JoLYLqTuwuvvMB5dUdG_krnFRrUH7jzXRBnJDsd9QrbQh1upEFHC_66QMYY_na7-EFfrN--RW1QZsMMoBv2IP0y2I8_dPdry4EUI7ky4OUL9fJf_gL4EMgh0FzFwd0WnIMwiIhBL6IrA3PqwIaJnEVxCxGNCMbgGRj0QQEBAQ%3D%3D&s=54d47a98b075a9aa8516836e3bc960541f8262c8a2ac3c4d3a291469dddfa5ea1663872631&w=t&r=1&d=376&priv=false
200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XYMAOjRo0wMMa0KEODzI0WJc2IFDMmTI0WZnKIcRmGRgyTM2yIeBimzpiMOcrMuAGDzM2RN3DIQImjzEsxYnDkaDFGjEcYYmZkZRljJ0QydijioJEDx0M4dcQstBEjxg2ecOBQnJGDxsM5cCbqyDn2BtGHY9rI1SFDhg0aQ3mSMbNQxoyHYty4oWjDBgwbNyqKaOMGI8MZhWGc5ezZRg2bD-t01TGQDh04c3S8eHHmjQs8uNOoEexizJs2L-a0CSPn9Rs4L8bMMBNmBo0bMnB0TFomB4wwQXGEEROjjI3oIWEIZVtDRsmGN6ua8Q61hhjoy8tUfz6mDA4cP-rMQZiETI8yZNAgFA1kyQCDDDXREAZzOMQwQ0Mw3ICdUQjGMEYO34EWAw6WkSSGSmMgGEYMWc0w4n053CBGh1zUAcOBNszxRh1y1NdfD4UdNlSLLxrWRhltiMGff2zUYUcaNpDxBRRB4LDEFWwEwcYNQ2RxBho4vLGGEnPYgcQRUhiRhQxFrGFDEnNccQMTUCghhw1DrNHSGjTIIcMdQsZhgxA5PHHGGHg6ccYXbSxBxQ1ZNMHEDUewgYMSbtAwhxRkkIFGE7jJkMYVbxyhxRJKEKEFE0vYkMUXZ1SRBBFSVJEGjzDCEUMPfD1HFKyGiVGHa2-4McQbbLwhRw8lOJbDDJddhqsNbKRhRxlCGHRGGb8GO2yxy3FE1A1ekfFbRmeEkUcabrAhHxlzuCBHGWyIK0awZ_T2LWBh6LVFRY_Z5dBbZsUgAwsOAmxXDDaw4FgXkDGmAwwuwKCZHHYMhmxqdaSRkQ0pImjGDTS0UMNBSyl4bAvW1XDScjQgGNLGIebgVRqDiZBDDC5Y50LKLjREg1dyfAEzUDTbjLPOXtURRkZNvKFHGmy0-0INDYOAAhZt7QACE-TWgQcIeHD4xWFWQ6wDhg2nAMIRZYyxxhsvGBjDi2_HAIIRaaxrxht4vEA2DF6N8RNrTjzhlbBf-J1R4F6x8bcIRTjRbRl2fLEuGxSZnBRfLz4kxxmTEVYDDm-JcFDkYsix0H0PjU7oG2Q0xqFmZMjxxkKPifCGQoSdJTseeSxklwh2Z4SGa3DIRpu45JoLYLqTuwuvvMB5dUdG_krnFRrUH7jzXRBnJDsd9QrbQh1upEFHC_66QMYY_na7-EFfrN--RW1QZsMMoBv2IP0y2I8_dPdry4EUI7ky4OUL9fJf_gL4EMgh0FzFwd0WnIMwiIhBL6IrA3PqwIaJnEVxCxGNCMbgGRj0QQEBAQ%3D%3D&s=54d47a98b075a9aa8516836e3bc960541f8262c8a2ac3c4d3a291469dddfa5ea1663872631&w=t&r=1&d=376&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XYMAOjRo0wMMa0KEODzI0WJc2IFDMmTI0WZnKIcRmGRgyTM2yIeBimzpiMOcrMuAGDzM2RN3DIQImjzEsxYnDkaDFGjEcYYmZkZRljJ0QydijioJEDx0M4dcQstBEjxg2ecOBQnJGDxsM5cCbqyDn2BtGHY9rI1SFDhg0aQ3mSMbNQxoyHYty4oWjDBgwbNyqKaOMGI8MZhWGc5ezZRg2bD-t01TGQDh04c3S8eHHmjQs8uNOoEexizJs2L-a0CSPn9Rs4L8bMMBNmBo0bMnB0TFomB4wwQXGEEROjjI3oIWEIZVtDRsmGN6ua8Q61hhjoy8tUfz6mDA4cP-rMQZiETI8yZNAgFA1kyQCDDDXREAZzOMQwQ0Mw3ICdUQjGMEYO34EWAw6WkSSGSmMgGEYMWc0w4n053CBGh1zUAcOBNszxRh1y1NdfD4UdNlSLLxrWRhltiMGff2zUYUcaNpDxBRRB4LDEFWwEwcYNQ2RxBho4vLGGEnPYgcQRUhiRhQxFrGFDEnNccQMTUCghhw1DrNHSGjTIIcMdQsZhgxA5PHHGGHg6ccYXbSxBxQ1ZNMHEDUewgYMSbtAwhxRkkIFGE7jJkMYVbxyhxRJKEKEFE0vYkMUXZ1SRBBFSVJEGjzDCEUMPfD1HFKyGiVGHa2-4McQbbLwhRw8lOJbDDJddhqsNbKRhRxlCGHRGGb8GO2yxy3FE1A1ekfFbRmeEkUcabrAhHxlzuCBHGWyIK0awZ_T2LWBh6LVFRY_Z5dBbZsUgAwsOAmxXDDaw4FgXkDGmAwwuwKCZHHYMhmxqdaSRkQ0pImjGDTS0UMNBSyl4bAvW1XDScjQgGNLGIebgVRqDiZBDDC5Y50LKLjREg1dyfAEzUDTbjLPOXtURRkZNvKFHGmy0-0INDYOAAhZt7QACE-TWgQcIeHD4xWFWQ6wDhg2nAMIRZYyxxhsvGBjDi2_HAIIRaaxrxht4vEA2DF6N8RNrTjzhlbBf-J1R4F6x8bcIRTjRbRl2fLEuGxSZnBRfLz4kxxmTEVYDDm-JcFDkYsix0H0PjU7oG2Q0xqFmZMjxxkKPifCGQoSdJTseeSxklwh2Z4SGa3DIRpu45JoLYLqTuwuvvMB5dUdG_krnFRrUH7jzXRBnJDsd9QrbQh1upEFHC_66QMYY_na7-EFfrN--RW1QZsMMoBv2IP0y2I8_dPdry4EUI7ky4OUL9fJf_gL4EMgh0FzFwd0WnIMwiIhBL6IrA3PqwIaJnEVxCxGNCMbgGRj0QQEBAQ%3D%3D&s=54d47a98b075a9aa8516836e3bc960541f8262c8a2ac3c4d3a291469dddfa5ea1663872631&w=t&r=1&d=376&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
biptolyla.com/agW_ZiyjP.3kBl1-cn2ohpaqb_2s5tluSvW-Qx9yNzDAE_2CNDDEUFw-OHCI0J0KM_TMYN0ONPT-AR5SJTnUp_vWbXmYVZJ-ZbDc0d0eM_TgYh0iNjT-Al4mLnToQ_xqNrjsQt1-MvDwkx?iframeId=yresll
200 OK 89 kB URL HTTP/2 biptolyla.com/agW_ZiyjP.3kBl1-cn2ohpaqb_2s5tluSvW-Qx9yNzDAE_2CNDDEUFw-OHCI0J0KM_TMYN0ONPT-AR5SJTnUp_vWbXmYVZJ-ZbDc0d0eM_TgYh0iNjT-Al4mLnToQ_xqNrjsQt1-MvDwkx?iframeId=yresll
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (592)
Hash f385525eff85275eda6cb55317578a51
5d5d8eb88110ad72bfa891ae108c08eb4f422f1e
7f1ae721fe9079afb6e03cd854e2c68f11928e9948a1b48a6df9db8d1933299d
GET /agW_ZiyjP.3kBl1-cn2ohpaqb_2s5tluSvW-Qx9yNzDAE_2CNDDEUFw-OHCI0J0KM_TMYN0ONPT-AR5SJTnUp_vWbXmYVZJ-ZbDc0d0eM_TgYh0iNjT-Al4mLnToQ_xqNrjsQt1-MvDwkx?iframeId=yresll HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Thu, 22 Sep 2022 18:50:31 GMT
set-cookie: kadCCap=199507:1:1655888030;211845:1:1661388894;194136:1:1663118711;132751:1:1663300715;210565:1:1660883596;168401:1:1663017409;180343:1:1656296307;210190:1:1662153287;199455:1:1662011125; max-age=1695408631; path=/
kadACap=445933:1:1662662013;434768:1:1656274688;419291:1:1662829503;445475:1:1662616891;424441:1:1662472246;434524:1:1657107027;410252:1:1662915839;319611:1:1659066943;438050:1:1657036135;419321:1:1662477203;272913:1:1661284037;432805:1:1656295137;446120:1:1663148405;419303:1:1662804291;419301:1:1663566374;432801:1:1656295814;383700:1:1662671864;346327:2:1663791482;433660:1:1662623802;419293:1:1662883102;320483:1:1661342695;443580:1:1661935629;444360:1:1662446108;384014:1:1658355870;419297:1:1662889803;435966:1:1656602141;444311:1:1663771206;407186:1:1660140957;442019:1:1663736826;401659:1:1662418246;419299:1:1662523186;419295:1:1661224266;444410:1:1662620118;443007:1:1661388894;426142:1:1655888030;427172:1:1661328422;422197:1:1661937740;438036:1:1657029440;419323:1:1661776141;445389:1:1663209970;442673:1:1660504936;444565:1:1663112893; max-age=1695408631; path=/
kadASCap=346327:2:1663791482; path=/
kadRPixJ=bnVsbA==; max-age=1695408631; path=/
kadUnP3=CAIQgqCvmQYaDQjzwZkBEAEY+uKtmQYaDQivp/4BEAEYgqCvmQYaDQiC/5MCEAEY+YexmQYiCggDEAEY+YexmQYiCggBEAEYgqCvmQYqDAjD6QwQARiCoK+ZBioMCIy9EhABGPrirZkGKgwIxOMnEAEY+YexmQY=; max-age=1695408631; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMMEPm4AwaOFqQCZMjRwsaZsSQaREmBgwxIg2OGSNDBpkZNsjEEPEwTJ0xGcvc2FhDRg0YLWqIERPjJIwaYVrkgBFGRgszDW_AiDGGRgwzZWTwhEjGDkUcNHLgeAinjpiFNmLEuNETDhyKM3LQeDgHzkQdM9DSkDH04Zg2d3XUtEGDBoyeZMxQfCjGjRuKNmzAsHFjr4g2bjAynFHzsQg4oEXbqOH1YZ2dOgbSoQNnjo4XL868cYGndxo1iF2MedPmxZw2YeTQfgPnRQwZOGDIyHEDh42UZcjkuF4GR_QZM16KgYFjRpmZZbyWeS5DTBjyYW_InYpDzBi9OcybwVm-8Y86cyCUBBk9ZEdDGR-lJYN0YTQWhhlh4BDDDA3BcANJOsnQ0n02yEBaDNbBkJ4YZsykYUtigNeSd9SJoVkZXNQBg3Q2zPFGHXKMUcaAPSzWGAwxziiDDW2U0YYYAhJ4RB1YQPGEEG3cMQQeazBJRR5CHJFGGFYgEUMSV4yRRB1JzIFDcmNUkccbdlgRWhVFlNGEEUSUAUUcZThRgxZxnPHEEDJkMQMZergRQxtaQPFFGkQgeQYUQbBRgxRZEGEGGneUcYcRS0SBRRNoGJGFHW2QkYUeVAhRBxUwfHFGFUkQIUUVaQRJIxwx9BBYY4TNMBYZxGV0Rhh5pOEGG2VkN4cLcpTBBrFisPHGGcIFa1gYf21R0Qws7OUQXWs9x8KE4-4Vgw0seNgFZZLpAIMLWz0khx2JhedaHWlklEMMBZlRww0rlbfVSfLZwBIONLXQGcJmwFBiDRyJ9VAaiYmwrwtTuTCYCw3RMJYci1Z8ccYbdzxWHWFk1MQbeqTBxrMv1AAvCChgIdcOIDBhbB14gICHdV8whvO8OmwHbwogHHHeGm-8sKBLW20FghFpNGvGG3i8YDQMY82UkRNPjPUGyF7HBvZYbAAVWxFO_FqGHV80ywZF_1bH34zynnGZYjXgQJcIB8EthhwLefdQ4F-08QYZC0EX1-FyvLEQtyK8oZBibEWORx4LeWZ1RmjMBsdtuRFrLLLKMusstNJSO1xxY92R0XPRjYXG7NJ5zNe8GUVOB7Zjt1CHG2nQ0cKQLpAxxnO_qg14GV8oz7xFbWBmQ2A3DEkh9WIxlBn22kONLllxl9HXF9haD_71FYnwNvrIKnf5Fh-tC5EYfz0PYR1sTMRW2gsxzRhEA4M-KCAg&s=5d5ea35e168e170fa6e92a5ff6fa3d6b264c03b7d49db441c03da35b092100301663872631&w=t&r=1&d=400&priv=false
200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMMEPm4AwaOFqQCZMjRwsaZsSQaREmBgwxIg2OGSNDBpkZNsjEEPEwTJ0xGcvc2FhDRg0YLWqIERPjJIwaYVrkgBFGRgszDW_AiDGGRgwzZWTwhEjGDkUcNHLgeAinjpiFNmLEuNETDhyKM3LQeDgHzkQdM9DSkDH04Zg2d3XUtEGDBoyeZMxQfCjGjRuKNmzAsHFjr4g2bjAynFHzsQg4oEXbqOH1YZ2dOgbSoQNnjo4XL868cYGndxo1iF2MedPmxZw2YeTQfgPnRQwZOGDIyHEDh42UZcjkuF4GR_QZM16KgYFjRpmZZbyWeS5DTBjyYW_InYpDzBi9OcybwVm-8Y86cyCUBBk9ZEdDGR-lJYN0YTQWhhlh4BDDDA3BcANJOsnQ0n02yEBaDNbBkJ4YZsykYUtigNeSd9SJoVkZXNQBg3Q2zPFGHXKMUcaAPSzWGAwxziiDDW2U0YYYAhJ4RB1YQPGEEG3cMQQeazBJRR5CHJFGGFYgEUMSV4yRRB1JzIFDcmNUkccbdlgRWhVFlNGEEUSUAUUcZThRgxZxnPHEEDJkMQMZergRQxtaQPFFGkQgeQYUQbBRgxRZEGEGGneUcYcRS0SBRRNoGJGFHW2QkYUeVAhRBxUwfHFGFUkQIUUVaQRJIxwx9BBYY4TNMBYZxGV0Rhh5pOEGG2VkN4cLcpTBBrFisPHGGcIFa1gYf21R0Qws7OUQXWs9x8KE4-4Vgw0seNgFZZLpAIMLWz0khx2JhedaHWlklEMMBZlRww0rlbfVSfLZwBIONLXQGcJmwFBiDRyJ9VAaiYmwrwtTuTCYCw3RMJYci1Z8ccYbdzxWHWFk1MQbeqTBxrMv1AAvCChgIdcOIDBhbB14gICHdV8whvO8OmwHbwogHHHeGm-8sKBLW20FghFpNGvGG3i8YDQMY82UkRNPjPUGyF7HBvZYbAAVWxFO_FqGHV80ywZF_1bH34zynnGZYjXgQJcIB8EthhwLefdQ4F-08QYZC0EX1-FyvLEQtyK8oZBibEWORx4LeWZ1RmjMBsdtuRFrLLLKMusstNJSO1xxY92R0XPRjYXG7NJ5zNe8GUVOB7Zjt1CHG2nQ0cKQLpAxxnO_qg14GV8oz7xFbWBmQ2A3DEkh9WIxlBn22kONLllxl9HXF9haD_71FYnwNvrIKnf5Fh-tC5EYfz0PYR1sTMRW2gsxzRhEA4M-KCAg&s=5d5ea35e168e170fa6e92a5ff6fa3d6b264c03b7d49db441c03da35b092100301663872631&w=t&r=1&d=400&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMMEPm4AwaOFqQCZMjRwsaZsSQaREmBgwxIg2OGSNDBpkZNsjEEPEwTJ0xGcvc2FhDRg0YLWqIERPjJIwaYVrkgBFGRgszDW_AiDGGRgwzZWTwhEjGDkUcNHLgeAinjpiFNmLEuNETDhyKM3LQeDgHzkQdM9DSkDH04Zg2d3XUtEGDBoyeZMxQfCjGjRuKNmzAsHFjr4g2bjAynFHzsQg4oEXbqOH1YZ2dOgbSoQNnjo4XL868cYGndxo1iF2MedPmxZw2YeTQfgPnRQwZOGDIyHEDh42UZcjkuF4GR_QZM16KgYFjRpmZZbyWeS5DTBjyYW_InYpDzBi9OcybwVm-8Y86cyCUBBk9ZEdDGR-lJYN0YTQWhhlh4BDDDA3BcANJOsnQ0n02yEBaDNbBkJ4YZsykYUtigNeSd9SJoVkZXNQBg3Q2zPFGHXKMUcaAPSzWGAwxziiDDW2U0YYYAhJ4RB1YQPGEEG3cMQQeazBJRR5CHJFGGFYgEUMSV4yRRB1JzIFDcmNUkccbdlgRWhVFlNGEEUSUAUUcZThRgxZxnPHEEDJkMQMZergRQxtaQPFFGkQgeQYUQbBRgxRZEGEGGneUcYcRS0SBRRNoGJGFHW2QkYUeVAhRBxUwfHFGFUkQIUUVaQRJIxwx9BBYY4TNMBYZxGV0Rhh5pOEGG2VkN4cLcpTBBrFisPHGGcIFa1gYf21R0Qws7OUQXWs9x8KE4-4Vgw0seNgFZZLpAIMLWz0khx2JhedaHWlklEMMBZlRww0rlbfVSfLZwBIONLXQGcJmwFBiDRyJ9VAaiYmwrwtTuTCYCw3RMJYci1Z8ccYbdzxWHWFk1MQbeqTBxrMv1AAvCChgIdcOIDBhbB14gICHdV8whvO8OmwHbwogHHHeGm-8sKBLW20FghFpNGvGG3i8YDQMY82UkRNPjPUGyF7HBvZYbAAVWxFO_FqGHV80ywZF_1bH34zynnGZYjXgQJcIB8EthhwLefdQ4F-08QYZC0EX1-FyvLEQtyK8oZBibEWORx4LeWZ1RmjMBsdtuRFrLLLKMusstNJSO1xxY92R0XPRjYXG7NJ5zNe8GUVOB7Zjt1CHG2nQ0cKQLpAxxnO_qg14GV8oz7xFbWBmQ2A3DEkh9WIxlBn22kONLllxl9HXF9haD_71FYnwNvrIKnf5Fh-tC5EYfz0PYR1sTMRW2gsxzRhEA4M-KCAg&s=5d5ea35e168e170fa6e92a5ff6fa3d6b264c03b7d49db441c03da35b092100301663872631&w=t&r=1&d=400&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
a.realsrv.com/ads.js
200 OK 974 B IP
File type ASCII text, with very long lines (2475), with no line terminators
Hash f2e9f79e4bd643ca1264fca98531c71e
7acaa14a18676a38bdc3043d0e016e8cfacb275a
db8cf84b422102aa8bc89c36a569921dc69ed556703a96ca44434d2fe98af57b
GET /ads.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:31 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 974
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"f4fddb85b686269b678e3caf766"
X-HW: 1663872631.dop212.sk1.t,1663872631.cds209.sk1.shn,1663872631.cds209.sk1.c
Access-Control-Allow-Origin: *, *
rtbrennab.com/banner/in/show/?mid=413284543&pid=0&site=8047&sc=NO&usage_type=DCH&subid=933499612&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=8047&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D933499612%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D8047%26utm1%3Dtcban_s%26utm2%3D8047%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fgayinleeds.relayblog.com%252F%253Fyessenia%26katds_labels%3D%26btype%3D0%26score%3D74&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
302 Found 188 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=413284543&pid=0&site=8047&sc=NO&usage_type=DCH&subid=933499612&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=8047&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D933499612%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D8047%26utm1%3Dtcban_s%26utm2%3D8047%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fgayinleeds.relayblog.com%252F%253Fyessenia%26katds_labels%3D%26btype%3D0%26score%3D74&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
IP
ASN #24940 Hetzner Online GmbH
Hash 099736b9d5031b7969d3dfdd75abff45
066523cac9443d32d6c3ee107b17a06de3db7cab
d2bbaa4ae48d2a024c18c72c1c1e14b7c71929047d189c9bfc03a4d05eb74d9a
GET /banner/in/show/?mid=413284543&pid=0&site=8047&sc=NO&usage_type=DCH&subid=933499612&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=8047&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D933499612%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D8047%26utm1%3Dtcban_s%26utm2%3D8047%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fgayinleeds.relayblog.com%252F%253Fyessenia%26katds_labels%3D%26btype%3D0%26score%3D74&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 22 Sep 2022 18:50:31 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=933499612&idzone=3902650&w=160&h=600&mo=&ve=&site_id=8047&utm1=tcban_s&utm2=8047&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&katds_labels=&btype=0&score=74
X-Firefox-Spdy: h2
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914524a1c0c07000a4a070b094b054b091402082917030626251708343d2e26172c3e501e254b5454544b5051534b52535c4b5057523b555454544a0e1403
200 167 B URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914524a1c0c07000a4a070b094b054b091402082917030626251708343d2e26172c3e501e254b5454544b5051534b52535c4b5057523b555454544a0e1403
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914524a1c0c07000a4a070b094b054b091402082917030626251708343d2e26172c3e501e254b5454544b5051534b52535c4b5057523b555454544a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-CORE: core4
X-LB: core4
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FMobileSlider%3FbuttonColor%3D%2523930606%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26isFace%3D1%26iterationId%3D28473%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DX07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi%26p1%3D3684770%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D1%26smartpopId%3D1547%26sourceId%3D226437%26tag%3Dfemales%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D21696
200 OK 1.7 kB URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FMobileSlider%3FbuttonColor%3D%2523930606%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26isFace%3D1%26iterationId%3D28473%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DX07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi%26p1%3D3684770%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D1%26smartpopId%3D1547%26sourceId%3D226437%26tag%3Dfemales%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D21696
IP
File type JSON data\012- , ASCII text
Hash dd953288fbe33f04982426fe9eea7eb5
87b8e3957fe736730b057e9044866b53cab188e5
2ea06d822f7fc35b116d42b3fb92629e732287cbc68f6699030d27a1b8b2c8b6
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FMobileSlider%3FbuttonColor%3D%2523930606%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26isFace%3D1%26iterationId%3D28473%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DX07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi%26p1%3D3684770%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D1%26smartpopId%3D1547%26sourceId%3D226437%26tag%3Dfemales%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D21696 HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Thu, 22 Sep 2022 18:50:31 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbsJiAdqwdGmchz; SameSite=None; Secure; path=/; expires=Fri, 23-Sep-22 17:50:31 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a0b8ba30afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=fe_mT2Hxl6SJZIVefYXP-kwS3hzwj1yCNH3I-LtsKfwVo9F72xdQ5j1er2aq2lo-gx0KhNIk8OCZoeSP1kP51NLqxUBWA3itYFS_kXg_gUIDRUi&p1=3841229
301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=fe_mT2Hxl6SJZIVefYXP-kwS3hzwj1yCNH3I-LtsKfwVo9F72xdQ5j1er2aq2lo-gx0KhNIk8OCZoeSP1kP51NLqxUBWA3itYFS_kXg_gUIDRUi&p1=3841229
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=fe_mT2Hxl6SJZIVefYXP-kwS3hzwj1yCNH3I-LtsKfwVo9F72xdQ5j1er2aq2lo-gx0KhNIk8OCZoeSP1kP51NLqxUBWA3itYFS_kXg_gUIDRUi&p1=3841229 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 18:50:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 19:50:31 GMT
Location: https://go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=fe_mT2Hxl6SJZIVefYXP-kwS3hzwj1yCNH3I-LtsKfwVo9F72xdQ5j1er2aq2lo-gx0KhNIk8OCZoeSP1kP51NLqxUBWA3itYFS_kXg_gUIDRUi&p1=3841229
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ed3a0c8f01b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1
200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-244
Content-Encoding: gzip
chaturbate.com/in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f
301 Moved Permanently 0 B URL HTTP/1.1 chaturbate.com/in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: https://chaturbate.com:443/in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=YQE0uAx4CTVCrpHkg6FFx5fHx0VRK7PmbgdmLWSSx5Y-1663872631-0-ARRzL7pI34K31RfhPJ272R5McQATQVbluhVjDhEjeX3dz6leA+qnce+8PCOcU+jwOxfaQ3KjdhVPrrUMmaIM9h4=; path=/; expires=Thu, 22-Sep-22 19:20:31 GMT; domain=.chaturbate.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hr2QQs2SsOwXZFXAZL%2F9gNF2aA%2FliP6dmBe2xAa6zqQ6li1f8FQatl0wlS3MZV0pIC1I9DiJNGfSon6v9a0GNo4ebfgV6iwxtC%2FLftemoI%2Fb%2FWq8V4QzHbjsEcFoqXf0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74ed3a0c78aab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b21022c1534052102370e2a03310833201e33290312254b5454544b5052574b575c514b5257563b555454544a0e1403
200 88 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b21022c1534052102370e2a03310833201e33290312254b5454544b5052574b575c514b5257563b555454544a0e1403
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 600x774, components 3\012- data
Hash b4175cf9336cec0f9b76c8933e64c988
0d1ac988d0026fcce1aef8b974b43f979b6a601b
3914fced828456d6468842df2acc71986c28c0b053d1c59e10e3ad0e4b087bff
GET /viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b21022c1534052102370e2a03310833201e33290312254b5454544b5052574b575c514b5257563b555454544a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Length: 88011
Connection: keep-alive
Cache-Control: max-age=31418383
poweredby.jads.co/adshow.php?adzone=830959
200 OK 1.6 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830959
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (376), with CRLF, LF line terminators
Hash d170ad10656f61c9b63535c556a1ca7a
66ce9874cc89321b5b516214c58daa939ae69351
84339cbfc0b931375eb67a607f817b322424dee6ff5e74662431cf11af59313e
GET /adshow.php?adzone=830959 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=fe2ae070a602ebd0a0d8f295c7d3324c; expires=Fri, 22-Sep-2023 18:50:30 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sun, 25-Sep-2022 18:50:30 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:30 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=e5937915a343437993bcb6ac18eb41d4&hn=gayinleeds.relayblog.com&et=139
200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=e5937915a343437993bcb6ac18eb41d4&hn=gayinleeds.relayblog.com&et=139
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=e5937915a343437993bcb6ac18eb41d4&hn=gayinleeds.relayblog.com&et=139 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
200 OK 5.9 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
File type ASCII text, with very long lines (2401)
Hash 1c19e1246bfe1517ae2ef6e5f1607a4e
c3b9d9b99b0057be67ffcce1e7e68bb5994baa5b
9528a6d8748e04e11c36fd4c2bacc8ff07b257c54521bb06f452a17ba70d749e
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b505c554b525653575355575c4b525653575355575c3b5454563b5c0202024a0e1403
200 90 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b505c554b525653575355575c4b525653575355575c3b5454563b5c0202024a0e1403
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 853x1280, components 3\012- data
Hash 1b50ec30bf1f170d95cae166d4cb9562
27eff47273216152fa525e3910a82d98b77921dc
866565129b881f17450d1dae7de898c431b8f9722e0f310df79fce68b294d890
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b505c554b525653575355575c4b525653575355575c3b5454563b5c0202024a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Length: 90385
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjgwNDcsImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo4MDQ3LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjkzMzQ5OTYxMiIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjgwNDciLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjgwNDciLCJwYWdlIjoiaHR0cDovL2dheWlubGVlZHMucmVsYXlibG9nLmNvbS8/eWVzc2VuaWEifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZDY2ZmM2M2U5MmY0NjdlNDgxNDE3Y2MxNjMxMTQ4ZmEifSwiZXh0Ijp7ImR0IjoxNjYzODcyNjMwNzA5fX0=
200 OK 2.3 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjgwNDcsImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo4MDQ3LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjkzMzQ5OTYxMiIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjgwNDciLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjgwNDciLCJwYWdlIjoiaHR0cDovL2dheWlubGVlZHMucmVsYXlibG9nLmNvbS8/eWVzc2VuaWEifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZDY2ZmM2M2U5MmY0NjdlNDgxNDE3Y2MxNjMxMTQ4ZmEifSwiZXh0Ijp7ImR0IjoxNjYzODcyNjMwNzA5fX0=
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1321)
Hash 4288cf22ae07e93bc41861c982ab9c6c
ed0e4d8ffcc41c54867121f58f9e20a9bd93371f
d629c1306e955881b9e3485a4a0eac78da8d8f4a4c4a0863934aef36a85de110
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjgwNDcsImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo4MDQ3LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjkzMzQ5OTYxMiIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjgwNDciLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjgwNDciLCJwYWdlIjoiaHR0cDovL2dheWlubGVlZHMucmVsYXlibG9nLmNvbS8/eWVzc2VuaWEifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZDY2ZmM2M2U5MmY0NjdlNDgxNDE3Y2MxNjMxMTQ4ZmEifSwiZXh0Ijp7ImR0IjoxNjYzODcyNjMwNzA5fX0= HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
200 OK 679 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (679), with no line terminators
Hash 08463e5606879289ba13ddd8e113bfbf
86cfe4dbcfa347e33bd4f43e30487ebbffe31825
8496c6ceb0edb3a226cc7c409e12abc5cc362668bfa92de92bf1c01d480ad07b
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 679
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c54cb9749023a30a2ff01514259986aa
d4493f0e32f93525d86be2472fd7b155e48a4149
07fb0f1ac09b7e952f00909d421e3ea454795e9320009424ded5257479ec3647
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "07FB0F1AC09B7E952F00909D421E3EA454795E9320009424DED5257479EC3647"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5604
Expires: Thu, 22 Sep 2022 20:23:55 GMT
Date: Thu, 22 Sep 2022 18:50:31 GMT
Connection: keep-alive
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
200 OK 5.9 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP
Hash 1ff21a2a27ea04fb406eff34981d3054
600ce1bc0aa9c5d180dc92528d958e4d46236ed3
e8d00f426e0ac0b3090b33b5a0a2a392840bfc231ea381e049e70c498919f706
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 610
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
200 OK 674 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (674), with no line terminators
Hash bc58553cfaa054522193309d76801afb
2ee5e96ca9f7b8bbefca4a970f24dffcac6963c6
5cfcf4564cfff7d630144aa90206762d2ccdde0d0feea64d3181df3c56263d9b
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 674
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-202
btds.zog.link/in/912/?sid=0&source=933499612&idzone=3902650&w=160&h=600&mo=&ve=&site_id=8047&utm1=tcban_s&utm2=8047&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&katds_labels=&btype=0&score=74
302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=933499612&idzone=3902650&w=160&h=600&mo=&ve=&site_id=8047&utm1=tcban_s&utm2=8047&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&katds_labels=&btype=0&score=74
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=933499612&idzone=3902650&w=160&h=600&mo=&ve=&site_id=8047&utm1=tcban_s&utm2=8047&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&katds_labels=&btype=0&score=74 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Fri, 23 Sep 2022 18:50:32 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
gayinleeds.relayblog.com/s3/ad_vc_gam2/banner-00714.gif
200 OK 797 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_vc_gam2/banner-00714.gif
IP
File type GIF image data, version 89a, 160 x 600\012- data
Size 797 kB (797368 bytes)
Hash 64510cdc360baa9335f6dfc0ba5745c0
800471e67ed2706b34ef0a01ffe937fcdbbf57b1
ab6e24f2b2a7bde7bdbd572f9c6fcf55205d68514ca075d13102ee844b92d1af
GET /s3/ad_vc_gam2/banner-00714.gif HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Type: image/gif
Content-Length: 797368
Connection: keep-alive
Last-Modified: Tue, 04 May 2021 06:55:57 GMT
ETag: "6090effd-c2ab8"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBunKxd1tzNSAor8Xb9pt7E5MKMprRUoWtJu61KT4zXG5wks%2F2IOqRpNP6I98CMrhQuYt4vWKm7emDlvHKLEmsOLKnZPOfq41SYlzoOJbXgw62OHH1fFCuwjNXMDZ0g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ec99064e2e5437-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|7017784|no|1|40694670|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1
200 OK 5.1 kB URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|7017784|no|1|40694670|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1
IP
Hash 04695bd4613823b2bdffbba69aa6b121
16ed8c52e6239d97dec9cdfcd06e0d5aad36b75c
e45c9cc1682598cc125df254344b233d1c196d32b1f7ca531e6626ab1fb2744f
GET /banner.go?spaceid=1090934&subid=2|163520|7017784|no|1|40694670|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-244
Content-Encoding: gzip
www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
200 OK 9.8 kB URL HTTP/1.1 www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26968), with no line terminators
Hash 8c4e321c8efe7fdd7364e0822021bf95
7e975c350e8a89821fb30673dd1b7e9af62c0fb4
75c4fdc5c436d89e0bc2d65f3fbee2ee12cb53f38868bbbe44c1441da069a0ad
GET /3cb5727a16a2f566d5a822edf1d58427/invoke.js HTTP/1.1
Host: www.effectivedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 316b0b2919d4bd2fee86440a0ce24967
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
i.jads.co/ads/user77628/ad1705569-1663168446.gif
200 OK 21 kB URL HTTP/1.1 i.jads.co/ads/user77628/ad1705569-1663168446.gif
IP
File type GIF image data, version 89a, 468 x 60\012- data
Hash 64b25a8372d5b1de08bd5f9a38e0bf4b
363c9cdb02dc4fe696c3355cea37238be81e767a
ccb381a6af1d45435c8dac486b060fa01fcc0d8c939c2e3517cd8214fbca3530
GET /ads/user77628/ad1705569-1663168446.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:31 GMT
Connection: Keep-Alive
ETag: "1663168446"
Cache-Control: max-age=30831913
Content-Length: 20899
Content-Type: image/gif
Last-Modified: Wed, 14 Sep 2022 15:14:06 GMT
Accept-Ranges: bytes
X-HW: 1663872631.dop001.sk1.t,1663872631.cds217.sk1.c
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1
200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|5711849|no|1|40694670|5675442|1|0|10|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-244
Content-Encoding: gzip
28980.weednewspro.com/v2/a/na/if/203282
200 OK 364 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364), with no line terminators
Hash c64529578fdecd3831f4afd6a4e4be4e
672ae6efe0d189c4ed3c332dc57f44f569f48455
7abf8e5dd0e1976987a64aa4ae1f517dad66aba028acfe1df4d59b03f024256f
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
quarrelaimless.com/3e/30/c2/3e30c23ff07a03c37bd566417ad5d86d.js
200 OK 29 kB URL HTTP/1.1 quarrelaimless.com/3e/30/c2/3e30c23ff07a03c37bd566417ad5d86d.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 4261d5b39afbaae32016d70a0c7ffc3b
c6b0fe5792ce912ce884a4fa0dcc0569fdeb033e
aa382600f372b1771940bf0152df84635c73e2925a71d752d37376a8ad12b8d2
Analyzer Verdict Alert quad9 Sinkholed
GET /3e/30/c2/3e30c23ff07a03c37bd566417ad5d86d.js HTTP/1.1
Host: quarrelaimless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 22 Sep 2022 18:50:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 90fbe268f8572a7b41abe9eadfaeb669
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 23f83b49268356210b063d257e0921b4
c8da6a07980a446f6d066d4efac41d10cfae6efc
4b8b005cfb1c9a11343e8c57c535abc20352043fd3000688c6fc3a8343c198ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B8B005CFB1C9A11343E8C57C535ABC20352043FD3000688C6FC3A8343C198EF"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13528
Expires: Thu, 22 Sep 2022 22:36:00 GMT
Date: Thu, 22 Sep 2022 18:50:32 GMT
Connection: keep-alive
28980.weednewspro.com/v2/a/na/if/203282
200 OK 364 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364), with no line terminators
Hash c64529578fdecd3831f4afd6a4e4be4e
672ae6efe0d189c4ed3c332dc57f44f569f48455
7abf8e5dd0e1976987a64aa4ae1f517dad66aba028acfe1df4d59b03f024256f
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=961197
200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=961197
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (415), with CRLF, LF line terminators
Hash 9f47009d89216f59d7defb8a0ced5d5f
94488d5f0753e3e0358f99f7141a33f4d4d7dd8c
2f6cd02744f499ab96911864fb9d261cc9c1e6394aba1ce971d9430940e0c56c
GET /adshow.php?adzone=961197 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=fe2ae070a602ebd0a0d8f295c7d3324c; expires=Fri, 22-Sep-2023 18:50:30 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY5Mzg7aToxNjY0MTMxODMwO30%3D; expires=Sun, 25-Sep-2022 18:50:30 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:30 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b2c015400301d51103506052f060950261d105c5226354b5454544b50515c4b5451554b50505d3b555454544a0e1403
200 167 B URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b2c015400301d51103506052f060950261d105c5226354b5454544b50515c4b5451554b50505d3b555454544a0e1403
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b2c015400301d51103506052f060950261d105c5226354b5454544b50515c4b5451554b50505d3b555454544a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash eec52ba77099578fe886b6bf13206678
ba500db4ec07ee84a6d93155776463ade3b341bd
e620b2115c6c3ac305db8e7fea38c298dd67d7506cf72b1ca9ad0b1530de62aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E620B2115C6C3AC305DB8E7FEA38C298DD67D7506CF72B1CA9AD0B1530DE62AA"
Last-Modified: Wed, 21 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14781
Expires: Thu, 22 Sep 2022 22:56:53 GMT
Date: Thu, 22 Sep 2022 18:50:32 GMT
Connection: keep-alive
www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
200 OK 9.8 kB URL HTTP/1.1 www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26976), with no line terminators
Hash 5322b40a05a1157d7e8c6ca8a5ed3562
e3be110f66742bf40a8f887b62b44304d1ab146a
f8c25736e74eb53cace816016d53493e60d72c153c3e88f53a024aa026acd671
GET /3cb5727a16a2f566d5a822edf1d58427/invoke.js HTTP/1.1
Host: www.effectivedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3114ce53f5b2b12acb22a43a6ec98ae2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHmoGGmBowbZlqIiWEGRwsaMnDMECmjBo0WMcaYuXFDzIwaDWvUEPEwTJ0xGcmIgZFDJQ0xLcbYwHHj5NCXOGzciNGiTJkxM2YcLFPj4A2eEMnYoYiDRtGHcOqIWWgjRowbPeHAoThj48M5cCbqmFE2hgwZOR6OaTNXx18bNOr2JGOGbUURYty4oWjDBgypMx62cYOR4Yy_MNBu7mzD5eM6MTKioUMHzhwdL16ceeMCj-00agi7GPOmzYs5bcLIaf0GzgusZsLMoHEjJYwaN3CUyQEjTI4yOMKMLGPD-RgYZWa0rSGDBpmGMciMEWOGuxgxNcQ0n9F-OvMx2HH8qDMHYRIyPZRBBg3h0WCWDDDIEIaBYSSHQwwzNPSRdecpGFMO3X0WQ1TgHWXGGGMoGEYMNs0wIg445FCTZWVwUQcMCdowxxt1yIHffz0cllgOLsIogw1tlNGGGP4BqAUcQSQxwxU2aGEDEjLAJAMZc5TVhhZQ2JBHDUnkAIceaRRBg2VxEMHGGFEkYUYVWDBBnXVWCFGFFk20IYcVTcgRBRFozCAkFUiYEcQRbhAxgx42LNFGHGfgQQcRSpDxxBJkpGGGFFfcEYUQZ2CBR0htGIGDDGvQ8MUZVSRBhBRVpNFjjHDE0ANfNPgFGFhk9JbRGWHkkYYbbFhFpQtylMFGr2Kw8cYZu-kqWBh6bVFRZjSw4BBcOLDgl7aZxVBtDDawIMMMXTzE3kIwuADDY3LYUdgMoYlQRx1pZHRdDaOGkeBJZNywEkdlvBRGDd1VJR17Hk01Rg1hgJVGYSLkEIML1LmAkgsN0QCWHF88bO_EFV-cMVh1NKyDCE28ASYbx75Qg7ogoICFWzuAwMSvdeABAh5RfYFYze3qgKG6KYBwxFVrvPECgjHA2HQMIBiRRrFmvIHHC0PDABaIGTnxBFhvcMz1yV6DdWZGRTiBaxl2fFEsGxRBF514OMD4kBxnTGYYvnCJcFDbYsixEIoP_f1FG2-QsVBKbRUuxxsLZSbCGwoZhtbjeOSxULUiUK0aa3DAJluvvwYr4BzEGoussszy5htYd2TkV91goSF7ghrf1W5Gj9MBbdgt1OFGGnTAlK56fuEK1MkHfYG8DGDR0QZlNvDVXPWPSQ89Q5VZ_2OE5AUWlttl4PUFtNR7j_1DbJ8f7HCVb7FcuRCJoZffZSRXBxsToXW2DvEaQ2dg0AcFBAQ%3D&s=1e2d7371272ab8d17c9d2afd8aa18226f67455847953133b6740f56e5108399b1663872631&w=t&r=1&d=450&priv=false
200 OK 1.7 kB URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHmoGGmBowbZlqIiWEGRwsaMnDMECmjBo0WMcaYuXFDzIwaDWvUEPEwTJ0xGcmIgZFDJQ0xLcbYwHHj5NCXOGzciNGiTJkxM2YcLFPj4A2eEMnYoYiDRtGHcOqIWWgjRowbPeHAoThj48M5cCbqmFE2hgwZOR6OaTNXx18bNOr2JGOGbUURYty4oWjDBgypMx62cYOR4Yy_MNBu7mzD5eM6MTKioUMHzhwdL16ceeMCj-00agi7GPOmzYs5bcLIaf0GzgusZsLMoHEjJYwaN3CUyQEjTI4yOMKMLGPD-RgYZWa0rSGDBpmGMciMEWOGuxgxNcQ0n9F-OvMx2HH8qDMHYRIyPZRBBg3h0WCWDDDIEIaBYSSHQwwzNPSRdecpGFMO3X0WQ1TgHWXGGGMoGEYMNs0wIg445FCTZWVwUQcMCdowxxt1yIHffz0cllgOLsIogw1tlNGGGP4BqAUcQSQxwxU2aGEDEjLAJAMZc5TVhhZQ2JBHDUnkAIceaRRBg2VxEMHGGFEkYUYVWDBBnXVWCFGFFk20IYcVTcgRBRFozCAkFUiYEcQRbhAxgx42LNFGHGfgQQcRSpDxxBJkpGGGFFfcEYUQZ2CBR0htGIGDDGvQ8MUZVSRBhBRVpNFjjHDE0ANfNPgFGFhk9JbRGWHkkYYbbFhFpQtylMFGr2Kw8cYZu-kqWBh6bVFRZjSw4BBcOLDgl7aZxVBtDDawIMMMXTzE3kIwuADDY3LYUdgMoYlQRx1pZHRdDaOGkeBJZNywEkdlvBRGDd1VJR17Hk01Rg1hgJVGYSLkEIML1LmAkgsN0QCWHF88bO_EFV-cMVh1NKyDCE28ASYbx75Qg7ogoICFWzuAwMSvdeABAh5RfYFYze3qgKG6KYBwxFVrvPECgjHA2HQMIBiRRrFmvIHHC0PDABaIGTnxBFhvcMz1yV6DdWZGRTiBaxl2fFEsGxRBF514OMD4kBxnTGYYvnCJcFDbYsixEIoP_f1FG2-QsVBKbRUuxxsLZSbCGwoZhtbjeOSxULUiUK0aa3DAJluvvwYr4BzEGoussszy5htYd2TkV91goSF7ghrf1W5Gj9MBbdgt1OFGGnTAlK56fuEK1MkHfYG8DGDR0QZlNvDVXPWPSQ89Q5VZ_2OE5AUWlttl4PUFtNR7j_1DbJ8f7HCVb7FcuRCJoZffZSRXBxsToXW2DvEaQ2dg0AcFBAQ%3D&s=1e2d7371272ab8d17c9d2afd8aa18226f67455847953133b6740f56e5108399b1663872631&w=t&r=1&d=450&priv=false
IP
ASN #24940 Hetzner Online GmbH
Hash daabfb059768440e1d31557b1b6e2ca7
85b6d9ac0b5055f577e7624b697d06384e74da0b
81c5bb63a454be129b6ced8197b8036eab33d7410c01bc286832a6e2c034628e
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHmoGGmBowbZlqIiWEGRwsaMnDMECmjBo0WMcaYuXFDzIwaDWvUEPEwTJ0xGcmIgZFDJQ0xLcbYwHHj5NCXOGzciNGiTJkxM2YcLFPj4A2eEMnYoYiDRtGHcOqIWWgjRowbPeHAoThj48M5cCbqmFE2hgwZOR6OaTNXx18bNOr2JGOGbUURYty4oWjDBgypMx62cYOR4Yy_MNBu7mzD5eM6MTKioUMHzhwdL16ceeMCj-00agi7GPOmzYs5bcLIaf0GzgusZsLMoHEjJYwaN3CUyQEjTI4yOMKMLGPD-RgYZWa0rSGDBpmGMciMEWOGuxgxNcQ0n9F-OvMx2HH8qDMHYRIyPZRBBg3h0WCWDDDIEIaBYSSHQwwzNPSRdecpGFMO3X0WQ1TgHWXGGGMoGEYMNs0wIg445FCTZWVwUQcMCdowxxt1yIHffz0cllgOLsIogw1tlNGGGP4BqAUcQSQxwxU2aGEDEjLAJAMZc5TVhhZQ2JBHDUnkAIceaRRBg2VxEMHGGFEkYUYVWDBBnXVWCFGFFk20IYcVTcgRBRFozCAkFUiYEcQRbhAxgx42LNFGHGfgQQcRSpDxxBJkpGGGFFfcEYUQZ2CBR0htGIGDDGvQ8MUZVSRBhBRVpNFjjHDE0ANfNPgFGFhk9JbRGWHkkYYbbFhFpQtylMFGr2Kw8cYZu-kqWBh6bVFRZjSw4BBcOLDgl7aZxVBtDDawIMMMXTzE3kIwuADDY3LYUdgMoYlQRx1pZHRdDaOGkeBJZNywEkdlvBRGDd1VJR17Hk01Rg1hgJVGYSLkEIML1LmAkgsN0QCWHF88bO_EFV-cMVh1NKyDCE28ASYbx75Qg7ogoICFWzuAwMSvdeABAh5RfYFYze3qgKG6KYBwxFVrvPECgjHA2HQMIBiRRrFmvIHHC0PDABaIGTnxBFhvcMz1yV6DdWZGRTiBaxl2fFEsGxRBF514OMD4kBxnTGYYvnCJcFDbYsixEIoP_f1FG2-QsVBKbRUuxxsLZSbCGwoZhtbjeOSxULUiUK0aa3DAJluvvwYr4BzEGoussszy5htYd2TkV91goSF7ghrf1W5Gj9MBbdgt1OFGGnTAlK56fuEK1MkHfYG8DGDR0QZlNvDVXPWPSQ89Q5VZ_2OE5AUWlttl4PUFtNR7j_1DbJ8f7HCVb7FcuRCJoZffZSRXBxsToXW2DvEaQ2dg0AcFBAQ%3D&s=1e2d7371272ab8d17c9d2afd8aa18226f67455847953133b6740f56e5108399b1663872631&w=t&r=1&d=450&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
28980.weednewspro.com/v2/a/na/if/203282
200 OK 364 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364), with no line terminators
Hash c64529578fdecd3831f4afd6a4e4be4e
672ae6efe0d189c4ed3c332dc57f44f569f48455
7abf8e5dd0e1976987a64aa4ae1f517dad66aba028acfe1df4d59b03f024256f
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
200 OK 391 B URL HTTP/2 12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 18be7c35751aead7e793103f27bc4ccd
32d328e67b94fe85dd2c2d2ec0b27784337f2efb
7a82fde7afb24b945f8fa1272cf0bd901b6490c3587992f851d0130b42fbfaa4
GET /a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags= HTTP/1.1
Host: 12007250.pix-cdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 20 May 2020 13:08:32 GMT
cache-control: max-age=3600
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ImKoxQi9cv7253YmqOrp90Abs9FJF%2FaDsVA1cuV%2BAsmk1sc83oufO4Qk2yrJ8Qqh5BKjC%2BcOjJ2%2BS0G66tDCtTtPA3raVgs8xqXvafTN8yEGox%2BmLY7KHO3HMvi9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 73d7aedbdc911e61-MUC
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 22 Sep 2022 19:50:32 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
200 OK 23 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 487ad2b48cd98e36abf708a3b60f4a36
ccf7b110523d50bb619becd48c3f013cc5fdce87
768eff747f795e1232d182eb859170e32d4f06ed29da872c09af5363c459668f
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: e868d23b01392d972bd121021c4d4673
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Thu, 22 Sep 2022 18:50:32 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=77j4aYX4qfuqXOc0sKWAAjoVQ74w3U90B3VyANr99gjvqzSmz%2BfwVbKBrVj4rxBifLQlL5CZ0ryHTl9P07xTOLWcNcqlCrFJAvIrdPHQTPt43Fc291ipS8Ny4xo2cWZs1u%2Fx5eo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ed3a0ead747732-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
200 OK 5.3 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
File type ASCII text, with very long lines (2401)
Hash 8b40b5f024173744f77ee4853ac962e3
85a4f755d6113319741984271f5dd161ccecffdb
86d54a29a40ec5b438d415ab2ecf13fc4327be75bf19f064d023cab089ea8d00
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: application/javascript
vary: Accept-Encoding
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
chaturbate.com/in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f
302 Found 55 kB URL HTTP/2 chaturbate.com/in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x600, components 3\012- data
Hash dc758a7ea885c9e45ccbf2bb315cf2fa
e00e03b7f8648b660ca4d485ec65b6439d4b0762
86bb80e5cee68b62da1c0f9d3a9c80940f39812d43dd00b671f6a2acce62e8ff
GET /in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Tue, 27-Sep-2022 18:50:32 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey=eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomwQP7UoPzGlGCRQBOJmlJQUWOnrp+frpSYmZaYU6yXn5+qDZBPT0kDyuYkVFRW5qSmZiUYGhhYgCbCpRoZKtQDgLx82; Domain=.chaturbate.com; expires=Sat, 22-Oct-2022 18:50:32 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Fri, 23-Sep-2022 00:50:32 GMT; Max-Age=21600; Path=/
stcki="pOtSwZ=0\054FqPd9a=1\0546pduSG=0\054aDBbcK=0"; expires=Sat, 22-Oct-2022 18:50:32 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr9b606b45-4dc7-4b78-b242-8935a28b1ce1:1obRHM:at70zjxd5z5Diaoa_aizkMEHi-s; Domain=.chaturbate.com; expires=Tue, 17-Jun-2025 18:50:32 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=rEfXtSZJMyOZa8EDNP5vt0eIBEqpwtQHbAdqhIG41uQ-1663872632-0-AbirxntUkCUHCp+gPIm35UkNr5+cHojRsVO+DOT+mLsIbKGNh1Ri1wHdM7kz1e6vOxvPF0YNfHANr8CiwqV71oc=; path=/; expires=Thu, 22-Sep-22 19:20:32 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ed3a0e2e8efab4-OSL
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=910219
200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=910219
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (422), with CRLF, LF line terminators
Hash ecdc178e63b52ef4f24191518c9f6533
bbda02176748f1fd099b8b92659d8ade835a167a
dc76f9595f26264fd9863b4306e07fda05effe89c42f860c79cc2fac6cdb1f34
GET /adshow.php?adzone=910219 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=fe2ae070a602ebd0a0d8f295c7d3324c; expires=Fri, 22-Sep-2023 18:50:30 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps32597=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjc2Njg2OTtpOjE2NjQxMzE4MzA7aTo1NjQ2MzA7aToxNjY0MTMxODMwO30%3D; expires=Sun, 25-Sep-2022 18:50:30 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:30 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
gayinleeds.relayblog.com/s3/ad_tf2/5333.jpg
200 OK 42 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_tf2/5333.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x926, components 3\012- data
Hash c547412ca31f8c8fdc35be9539fb40a1
8b168f99e629b5c7597fbef4d2415398e06fdeb0
0ddfc74fc8bea0699c48b49ababaa4f0fb6f8ba6bf0755577b72ba9c2de49b43
GET /s3/ad_tf2/5333.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Type: image/jpeg
Content-Length: 42277
Connection: keep-alive
Last-Modified: Wed, 21 Apr 2021 16:41:05 GMT
ETag: "608055a1-a525"
X-Cluster: web-cdn2
X-Cache: EXPIRED
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ta1CeHHKI%2Bgwa7owTHsZ4OSmbAPX4qKG4%2FZDYgbeQc3bBwy1DFx0rYb8%2BHZ3IKhk%2FjURhACAujyKAIaN5EEUUJ5ffR9EeF0%2FtDggcHc49bGV1AsFT%2FOX3azwMKTjtLE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a0b79c3a1e6-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
ads.realsrv.com/ads.js
200 OK 974 B IP
File type ASCII text, with very long lines (2475), with no line terminators
Hash f2e9f79e4bd643ca1264fca98531c71e
7acaa14a18676a38bdc3043d0e016e8cfacb275a
db8cf84b422102aa8bc89c36a569921dc69ed556703a96ca44434d2fe98af57b
GET /ads.js HTTP/1.1
Host: ads.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632cae77c75f02.348153553439571066%22%3B%7D; impressions=oslmroemnxgxaasmmxxmogeicxbmsbocnxgxaasborcsogeioslmrxbrnxgxaasmxrlexgeicxbmsbxcnxgxaasmxelmageicxbmsbcenxgxaasborcsrgeislsaroornxgxaasmxelmageicxbmsboenxgxaasborcsrgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaasmxelmageimcclsoeenxgxaasamsoccgeimcclosconxgxaasabxarlgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaasabxarlgeioslmrxlsnxgxaasalbrsegeicaormbbonxgxaasalbbregeioslmrxlrnxgxaasmebascgeimcclsxscnxgxaasmebascgeimrerbmbbnxgxaasmeceesgeimememseonxgxaasmbmbalgxcceimeelareanxgxaasmbmbalgxcceimoobcomonxgxaasmblacmgxcceimrsreamonsgxaasmlelesgxcceimrmxraocnxgxaasmlamrbgxcceicxmecmcanxgxaasbermabgxcceimexexabbnxgxaasbermalgxcceimrmxceebnxgxaasbebbblgxcceimrsreamcnsgxaasbeblexgxcceimememsecnxgxaasbxrbcsgxcceimrracoaenxgxaasbxrbcsgxcceimrracoaonogxaasbxrbcsgxcceimrsreabonsgxaasbxmlmcgxcceimrsreamensgxaasbxbaaogxcceimxxerrxenxgxaasboxexogxcceialbsereanxgxaasboxexogeimsacexoonxgxaasboxexogxcceimcssmlrcnsgxaasboxexogxcceimcoaxmxcncgxaasboxexsgxcceixaoosscrnxgxaasboxexsgxcceialbserebnxgxaasborcsogeimxlbmxbbnsgxaasborcsogxcceixaoossalnxgxaasborcssgxcceimraeelabnxgxaasborcssgxcceimxlbmoscnrgxaasborcsrgxcceialbbebsbnxgxaasborcsrgxcceiccmblmmcnxgxaasborcsrgeimxlbmosencgxaasborcsrgxcceialbbebrenxgxaasborcsrgxcceimxcbrxscnxgxaasborcsrgxcceimxlbmoobnsgxaasborcsagxcceicloaecoanxgxaasbcrsaogxcceimrmbbrcbnxgxaasbcaemxgxcceimxlbalscnxgxaasbcaemxgxcceimeembecenagxaasbcamxcgxcceimeembescnagxaasbcamxrgxcceimeembesonrgxaasbcamxrgxcceimrbxmxmanxgxaasbcamxrgxcceicmarxbbonagxaasbcamxrgxcceimrmaobxanagxaasbcamxrgxcceimeelaclanxgxaasbcamxrgxcceimeelaclcnxgxaasbcamxrgxcceiaaxcabeonxgxaasbremccgxcceiaaxcabecnxgxaasbremccgxcceimrmcxbranxgxaasbrosolgxcceimrxrxsaenogxaasbrosolgxcceialbbebsanxgxaasbrosolgxcceimemlxbocnxgxaasbrosolgxcceimrsreaabnsgxaasbrmselgxcceimrrcrrlenxgxaasbamxoagxcceimclsaoxbnogxaasbabelogxcceimxlbmosanxgxaasbabelogxcceimeembeconxgxaasbmoasxgxcce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:32 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 974
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"f4fddb85b686269b678e3caf766"
X-HW: 1663872632.dop202.sk1.t,1663872632.cds209.sk1.shn,1663872632.cds209.sk1.c
Access-Control-Allow-Origin: *, *
quarrelaimless.com/watch.1153519982417.js?key=8ebf289c4f46a422ca6a5aed541bd534&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 quarrelaimless.com/watch.1153519982417.js?key=8ebf289c4f46a422ca6a5aed541bd534&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1153519982417.js?key=8ebf289c4f46a422ca6a5aed541bd534&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1 HTTP/1.1
Host: quarrelaimless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://gayinleeds.relayblog.com
Access-Control-Allow-Origin: http://gayinleeds.relayblog.com
Access-Control-Allow-Credentials: true
Location: https://quarrelaimless.com/watch.1153519982417.js?key=8ebf289c4f46a422ca6a5aed541bd534&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=3290b08a3405f1ef807c1cdae6d10a0b5305b5d00f954764afa2b6a58086fead98d5a5579a64d765ee55c4fedd3d929124169c3a2245d104cbcd526eb42bc0ca2d4a1aeac2ef24099353fc0a1a21a9c605f438&pst=1663872692&rmtc=t
Set-Cookie: u_pl=16189060; expires=Fri, 23 Sep 2022 18:50:32 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjE4OTA2MCwiayI6IjhlYmYyODljNGY0NmE0MjJjYTZhNWFlZDU0MWJkNTM0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ3LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyNSwicHQiOjQsInBrIjoidnNjbTAzcDNjZiIsImNwa3MiOnsgIjI4IjoiM2UzMGMyM2ZmMDdhMDNjMzdiZDU2NjQxN2FkNWQ4NmQifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLz95ZXNzZW5pYSJ9fQ.0qIsyZ1U0TwB9QI2LNBJ9jch6wKRkgkcigeTnurhUTk; expires=Thu, 22 Sep 2022 18:51:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 789dbed0af6990c24f6c2e2bf181407a
Strict-Transport-Security: max-age=0; includeSubdomains
gayinleeds.relayblog.com/s3/ad_tf1/4145.jpg
200 OK 55 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_tf1/4145.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x1009, components 3\012- data
Hash 315956cf0a894186f0a0a1ca3dd27487
a7a9ab634c2a49dfa961353b42d5eee51bfc86ee
af53e4e566c7c96fae226fd0c3ca10fdca164e2ef46a6cdec5609f7737d8fb82
GET /s3/ad_tf1/4145.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Type: image/jpeg
Content-Length: 54805
Connection: keep-alive
Last-Modified: Tue, 20 Apr 2021 20:23:27 GMT
ETag: "607f383f-d615"
X-Cluster: web-cdn2
X-Cache: EXPIRED
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fLB%2FcUrFSIkRphc1fW4lfV8XPrbIT5iF5xQZ3fZf7qLI2HlN9CmDVsK0sqpW76jiSeoxnKc0vhx%2FOC1xGo%2B1fpMzXdzODR4%2Bbx6VlImBoloE97bU4s%2FLLUo2yyMS9kU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a0c18a9a1f0-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b5456524b5c5d574b5752554b5757525353535c55554b4c095901491d0505231505054d4c090c59303c052d253e3e2d37340655280c3e214d0b160d030d0a05083b5757525353535c55554a0e1403
200 67 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b5456524b5c5d574b5752554b5757525353535c55554b4c095901491d0505231505054d4c090c59303c052d253e3e2d37340655280c3e214d0b160d030d0a05083b5757525353535c55554a0e1403
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 575x383, components 3\012- data
Hash 160fb7ebfeef68a8962de30ccd00da2e
44a574ab068c973c0af6782870d83555775f0ec1
b42b87cfe8507916a9d638a760d5ffe903095dae06a056f41ba35486ab972a01
GET /viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b5456524b5c5d574b5752554b5757525353535c55554b4c095901491d0505231505054d4c090c59303c052d253e3e2d37340655280c3e214d0b160d030d0a05083b5757525353535c55554a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Length: 67222
Connection: keep-alive
Cache-Control: max-age=31418383
syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1663872631833&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
200 OK 52 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1663872631833&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with no line terminators
Hash c3743cf5e9e53705dc66056f1a34f6ec
740253d7fe753ab9b7d71e1832fd1af41c0677c1
c184a4ce5928e23f286176d3c76a8d5c12c67a8957554c92fb144b1cdd2fb17c
GET /ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1663872631833&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632cae77c75f02.348153553439571066%22%3B%7D; impressions=oslmroemnxgxaasmmxxmogeicxbmsbocnxgxaasborcsogeioslmrxbrnxgxaasmxrlexgeicxbmsbxcnxgxaasmxelmageicxbmsbcenxgxaasborcsrgeislsaroornxgxaasmxelmageicxbmsboenxgxaasborcsrgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaasmxelmageimcclsoeenxgxaasamsoccgeimcclosconxgxaasabxarlgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaasabxarlgeioslmrxlsnxgxaasalbrsegeicaormbbonxgxaasalbbregeioslmrxlrnxgxaasmebascgeimcclsxscnxgxaasmebascgeimrerbmbbnxgxaasmeceesgeimememseonxgxaasmbmbalgxcceimeelareanxgxaasmbmbalgxcceimoobcomonxgxaasmblacmgxcceimrsreamonsgxaasmlelesgxcceimrmxraocnxgxaasmlamrbgxcceicxmecmcanxgxaasbermabgxcceimexexabbnxgxaasbermalgxcceimrmxceebnxgxaasbebbblgxcceimrsreamcnsgxaasbeblexgxcceimememsecnxgxaasbxrbcsgxcceimrracoaenxgxaasbxrbcsgxcceimrracoaonogxaasbxrbcsgxcceimrsreabonsgxaasbxmlmcgxcceimrsreamensgxaasbxbaaogxcceimxxerrxenxgxaasboxexogxcceialbsereanxgxaasboxexogeimsacexoonxgxaasboxexogxcceimcssmlrcnsgxaasboxexogxcceimcoaxmxcncgxaasboxexsgxcceixaoosscrnxgxaasboxexsgxcceialbserebnxgxaasborcsogeimxlbmxbbnsgxaasborcsogxcceixaoossalnxgxaasborcssgxcceimraeelabnxgxaasborcssgxcceimxlbmoscnrgxaasborcsrgxcceialbbebsbnxgxaasborcsrgxcceiccmblmmcnxgxaasborcsrgeimxlbmosencgxaasborcsrgxcceialbbebrenxgxaasborcsrgxcceimxcbrxscnxgxaasborcsrgxcceimxlbmoobnsgxaasborcsagxcceicloaecoanxgxaasbcrsaogxcceimrmbbrcbnxgxaasbcaemxgxcceimxlbalscnxgxaasbcaemxgxcceimeembecenagxaasbcamxcgxcceimeembescnagxaasbcamxrgxcceimeembesonrgxaasbcamxrgxcceimrbxmxmanxgxaasbcamxrgxcceicmarxbbonagxaasbcamxrgxcceimrmaobxanagxaasbcamxrgxcceimeelaclanxgxaasbcamxrgxcceimeelaclcnxgxaasbcamxrgxcceiaaxcabeonxgxaasbremccgxcceiaaxcabecnxgxaasbremccgxcceimrmcxbranxgxaasbrosolgxcceimrxrxsaenogxaasbrosolgxcceialbbebsanxgxaasbrosolgxcceimemlxbocnxgxaasbrosolgxcceimrsreaabnsgxaasbrmselgxcceimrrcrrlenxgxaasbamxoagxcceimclsaoxbnogxaasbabelogxcceimxlbmosanxgxaasbabelogxcceimeembeconxgxaasbmoasxgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632cae77c75f02.348153553439571066%22%3B%7D; expires=Sat, 21 Sep 2024 18:50:32 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
creative.xxxvjmp.com/widgets/v4/Universal?actionButtonPlacement=bottom&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&iterationId=30231&masterSmartpopId=0&memberId=y91LkdLvO5YHIwMpUbDm9nTSN15iKZDTlykEhlp5Ya58JEFZ51mCiJxNWcda87v7cKAUpBdYBaFxAe34PcUMj4l3YP-pCn2BBMBoi9M_gUIDRUi&p1=3844273&ruleId=0&showButton=1&showModelName=1&showTitle=&smartpopId=1548&sourceId=226440&thumbSizeKey=big&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=22460
200 OK 10 kB URL HTTP/2 creative.xxxvjmp.com/widgets/v4/Universal?actionButtonPlacement=bottom&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&iterationId=30231&masterSmartpopId=0&memberId=y91LkdLvO5YHIwMpUbDm9nTSN15iKZDTlykEhlp5Ya58JEFZ51mCiJxNWcda87v7cKAUpBdYBaFxAe34PcUMj4l3YP-pCn2BBMBoi9M_gUIDRUi&p1=3844273&ruleId=0&showButton=1&showModelName=1&showTitle=&smartpopId=1548&sourceId=226440&thumbSizeKey=big&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=22460
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 53bcd9b3374b94903e1f3201e08c1281
9914448577426b4d032413e6d59fa39b868f3e92
de59f18ee96ec1ef9e59a6112b51e8510937482ddb3703dc979c89a19173779e
GET /widgets/v4/Universal?actionButtonPlacement=bottom&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&iterationId=30231&masterSmartpopId=0&memberId=y91LkdLvO5YHIwMpUbDm9nTSN15iKZDTlykEhlp5Ya58JEFZ51mCiJxNWcda87v7cKAUpBdYBaFxAe34PcUMj4l3YP-pCn2BBMBoi9M_gUIDRUi&p1=3844273&ruleId=0&showButton=1&showModelName=1&showTitle=&smartpopId=1548&sourceId=226440&thumbSizeKey=big&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=22460 HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: text/html
last-modified: Mon, 19 Sep 2022 11:33:49 GMT
expires: Thu, 22 Sep 2022 18:50:29 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 10
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a09dfb71c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f
302 Found 610 B URL HTTP/2 chaturbate.com/in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (610), with no line terminators
Hash e4015c0e2be1f7c3da6f01aabc115076
faf6179aa73aa1ff633473acebce30ad8a5b3452
e7f7bf0bc5bb3060b7d84b4bff83d2579d7079280686f4da9fc979e5272757b9
GET /in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Tue, 27-Sep-2022 18:50:32 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey=eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomwQP7UoPzGlGCRQBOJmlJQUWOnrp+frpSYmZaYU6yXn5+qDZBPT0kDyuYkVFRW5qSmZiUYGhhYgCbCpRoZKtQDgLx82; Domain=.chaturbate.com; expires=Sat, 22-Oct-2022 18:50:32 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Fri, 23-Sep-2022 00:50:32 GMT; Max-Age=21600; Path=/
stcki="pOtSwZ=0\054FqPd9a=0\0546pduSG=0\054aDBbcK=1"; expires=Sat, 22-Oct-2022 18:50:32 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrf4fb509a-ecd6-483e-a348-50181b7c89ab:1obRHM:kYLIz8LBtfktv2XbeAsHw6sVUPM; Domain=.chaturbate.com; expires=Tue, 17-Jun-2025 18:50:32 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=KxWjQCgfQ5I_vQdeyUWXXCKuzGHr9KYIP2u8SJ6VVrE-1663872632-0-AQqoTooDbcRwg1BvJmiQTT92n7GVrEIHdkTe9MI47OSgYOTSJwAn8O6b4MtMJllAiDMruDW/Ls58RJtgBwaVzXs=; path=/; expires=Thu, 22-Sep-22 19:20:32 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ed3a0e2e8cfab4-OSL
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/js/203282?container=c
200 OK 32 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/js/203282?container=c
IP
ASN #39572 DataWeb Global Group B.V.
Hash 43f01148a637aa1bc71c6d56aa4edd53
f0fd2ee5d78e78bee3ffacfea7252fe71c7d88d1
9aaf253ce85bf8529fb1ea6fe6adf59475314bde27a0f1bfc0f04a5a106cb0a4
GET /v2/a/na/js/203282?container=c HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1376), with no line terminators
Hash 5255ef9840ddf3f19ba760f5ec99def5
cbb781c799b65179a7f518aa6f47d5fab98847ac
2692e84a1669962b6d9e71e7fbcf482f96b57b856a831c84287d474164339fda
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1376
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-202
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
200 OK 756 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (756), with no line terminators
Hash 7f9324f03e54b98189ef9cfec17a1d15
2ede45bf054317b3451309206c9aaebbec525754
a2fb189f31245d0e9453015128812e1d2be9307cb33cf2d55d9af78b4afd04a1
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 756
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 4c0c771401e73286
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A31%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
200 OK 2.6 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A31%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP
ASN #39572 DataWeb Global Group B.V.
Hash 2b8d15b8078d41a32410deb363a2defa
690784f91ed7d366ea938865e6977503a59e55fb
b286617f91133eaa2ac00c0a51d5c970f2511336bb56b97d119a52e419d49ac3
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A31%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Thu, 22 Sep 2022 18:50:32 UTC
expires: Thu, 22 Sep 2022 18:50:32 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f&disable_sound=0
200 OK 155 kB URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f&disable_sound=0
IP
File type ASCII text, with very long lines (7370), with no line terminators
Size 155 kB (154716 bytes)
Hash a26898010af7dd801ee1d8216b89c990
d837895007d7cf1d8c5b104778dac606dadca70e
61a0926d599d3572411a4536b2d3e7bedbe253d0f687cd92da7f462a95bb0f6b
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Cookie: __cf_bm=MKSx09r6m4kBHr_G9GrPLaM0bpmboE5V67shqhMtsJ8-1663872632-0-AXqd+jTeMbxwq48SE8av//7GCffztkdU6M1/CL32EA/JTjtqJhXvB5ak8JsdrqjeSWJE21XnblwgbVSQLjLisVo=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: stcki="pOtSwZ=0\054FqPd9a=0\0546pduSG=0\054aDBbcK=1"; expires=Sat, 22-Oct-2022 18:50:32 GMT; Max-Age=2592000; Path=/
affkey="eJyrVipSslJQyigpKbDS10/P10tNTMpMKdZLzs/VV6oFAJBCCa0="; Domain=.chaturbate.com; expires=Sat, 22-Oct-2022 18:50:32 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr371bf7a0-a6eb-4046-b36c-96a91f9705f6:1obRHM:Jmz_bEoP3MGkf4ayrSJ6QG6iFAY; Domain=.chaturbate.com; expires=Tue, 17-Jun-2025 18:50:32 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ed3a0e3e90fab4-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 117ec669107ae59662529d88c8ac9478
04dc7b5f8b400d85c3bb83efe3d17f8a71cee419
8d549b093e4064eed1779f6c358f47e742dc905a6714b27e3da0329742f9b760
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8D549B093E4064EED1779F6C358F47E742DC905A6714B27E3DA0329742F9B760"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12404
Expires: Thu, 22 Sep 2022 22:17:16 GMT
Date: Thu, 22 Sep 2022 18:50:32 GMT
Connection: keep-alive
i.jads.co/network/user500/32597-1558022665-0283856001558022665.gif
200 OK 397 kB URL HTTP/1.1 i.jads.co/network/user500/32597-1558022665-0283856001558022665.gif
IP
File type GIF image data, version 89a, 160 x 600\012- data
Size 397 kB (397204 bytes)
Hash bc8f6b45ce34fc18217afa4862ad8ac1
75bf9391674fb315c9031acce5eb058f3efe685c
9db09ecd3edda4077e6ec03b3cfdb90e1cbbd0c60019120d72643120b55c2385
GET /network/user500/32597-1558022665-0283856001558022665.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:32 GMT
Connection: Keep-Alive
ETag: "1558022665"
Cache-Control: max-age=18059149
Content-Length: 397204
Content-Type: image/gif
Last-Modified: Thu, 16 May 2019 16:04:25 GMT
Accept-Ranges: bytes
X-HW: 1663872632.dop001.sk1.t,1663872632.cds248.sk1.c
biptolyla.com/aLW.ZMyNPO3_BQ1RcS2Th-aVbW2X5Yl_SaWbQc9dN-DfEg4hMij_kk0lNmCn0-0pMqTrgsy_OuTvQw1xJ-nzpAvBbCm_VEJFZGDH0-0JMKTLgMy_OOTPQQ0RL-TTQUxVOWD_IY5ZNaDbU-?iframeId=bmalzh
200 OK 43 kB URL HTTP/2 biptolyla.com/aLW.ZMyNPO3_BQ1RcS2Th-aVbW2X5Yl_SaWbQc9dN-DfEg4hMij_kk0lNmCn0-0pMqTrgsy_OuTvQw1xJ-nzpAvBbCm_VEJFZGDH0-0JMKTLgMy_OOTPQQ0RL-TTQUxVOWD_IY5ZNaDbU-?iframeId=bmalzh
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (713)
Hash 93a79d56c73100fece9ba1410a11ed00
beed452f1bbfa18489347958f03508a71151263e
ac78b5253a87817765cc6aadcc92376a6e72d7ce86ea0b093091010ae34fec01
GET /aLW.ZMyNPO3_BQ1RcS2Th-aVbW2X5Yl_SaWbQc9dN-DfEg4hMij_kk0lNmCn0-0pMqTrgsy_OuTvQw1xJ-nzpAvBbCm_VEJFZGDH0-0JMKTLgMy_OOTPQQ0RL-TTQUxVOWD_IY5ZNaDbU-?iframeId=bmalzh HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
last-modified: Thu, 22 Sep 2022 18:50:32 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: kadCCap=132751:1:1663300715;210190:1:1662153287;199455:1:1662011125;199507:1:1655888030;168401:1:1663017409;194136:1:1663118711;180343:1:1656296307;211845:1:1661388894;210565:1:1660883596; max-age=1695408632; path=/
kadACap=419299:1:1662523186;320483:1:1661342695;442019:1:1663736826;419323:1:1661776141;438050:1:1657036135;443007:1:1661388894;445475:1:1662616891;444410:1:1662620118;383700:1:1662671864;438036:1:1657029440;419321:1:1662477203;442673:1:1660504936;427172:1:1661328422;426142:1:1655888030;272913:1:1661284037;434768:1:1656274688;346327:2:1663791482;444565:1:1663112893;419303:1:1662804291;446120:1:1663148405;444360:1:1662446108;419301:1:1663566374;419291:1:1662829503;419293:1:1662883102;422197:1:1661937740;445389:1:1663209970;419295:1:1661224266;410252:1:1662915839;434524:1:1657107027;432801:1:1656295814;445933:1:1662662013;401659:1:1662418246;432805:1:1656295137;435966:1:1656602141;419297:1:1662889803;319611:1:1659066943;424441:1:1662472246;433660:1:1662623802;444311:1:1663771206;384014:1:1658355870;443580:1:1661935629;407186:1:1660140957; max-age=1695408632; path=/
kadASCap=346327:2:1663791482; path=/
kadRPixJ=bnVsbA==; max-age=1695408632; path=/
kadUnP3=CAIQgqCvmQYaDQjzwZkBEAEY+uKtmQYaDQivp/4BEAEYgqCvmQYaDQiC/5MCEAEY+YexmQYiCggBEAEYgqCvmQYiCggDEAEY+YexmQYqDAjE4ycQARj5h7GZBioMCMPpDBABGIKgr5kGKgwIjL0SEAEY+uKtmQY=; max-age=1695408632; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1401), with no line terminators
Hash 3565049c428c8ec9794b9a8f06a0731e
187daf920f13477a0c542e940250cbcbbaf9e31d
9d4d6209b4f545fddc62d4be664cefcdde8e3c92626ab27a59f543add7cad9ef
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1401
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b062c330f0036011c34311e0f49102e29082049000d134b5454544b50515d4b545d554b5754573b555454544a0e1403
200 62 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b062c330f0036011c34311e0f49102e29082049000d134b5454544b50515d4b545d554b5754573b555454544a0e1403
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 750x1000, components 3\012- data
Hash 24bc2ab457bef03ba441e17c81ae7291
6f44f91fcb3467dca7d320358594131dc1ce1418
503f128ac543002545773ea0a81dba8163ddde8c892b3e0e5fb308599dff4acd
GET /viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b062c330f0036011c34311e0f49102e29082049000d134b5454544b50515d4b545d554b5754573b555454544a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Length: 62113
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1364), with no line terminators
Hash 8b3293165bbbd2d4a538871bf30a64d4
bb56af38927f9d867f5dcabc32c37679f55f1c43
ea14c8a88eb74aeb08177e588c99b01fd6de49434114c83be7cff2cd483b8340
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1364
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
chaturbate.com/in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f
302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?track=eroads&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Tue, 27-Sep-2022 18:50:31 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey=eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomwQP7UoPzGlGCRQBOJmlJQUWOnrp+frpSYmZaYU6yXn5+qDZBPT0kDyuYkVFRW5qSmZiUYGhhYgCbCpRoZKtQDgLx82; Domain=.chaturbate.com; expires=Sat, 22-Oct-2022 18:50:31 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Fri, 23-Sep-2022 00:50:31 GMT; Max-Age=21600; Path=/
stcki="pOtSwZ=0\054FqPd9a=0\0546pduSG=0\054aDBbcK=1"; expires=Sat, 22-Oct-2022 18:50:31 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr7fcd42ab-9561-4067-9bdd-fb643839a734:1obRHL:dWeIEeO3JKbT9tH-tslGmhBHH7w; Domain=.chaturbate.com; expires=Tue, 17-Jun-2025 18:50:31 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=MKSx09r6m4kBHr_G9GrPLaM0bpmboE5V67shqhMtsJ8-1663872632-0-AXqd+jTeMbxwq48SE8av//7GCffztkdU6M1/CL32EA/JTjtqJhXvB5ak8JsdrqjeSWJE21XnblwgbVSQLjLisVo=; path=/; expires=Thu, 22-Sep-22 19:20:32 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ed3a0d0dc5fab4-OSL
X-Firefox-Spdy: h2
astonishedmule.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
200 OK 29 kB URL HTTP/1.1 astonishedmule.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 1868f24d82372c16dd585e3983d5fe8b
88ff6fa263fb281abe47244c0bf4a53b0a80ba32
7388aa5b1b3e7fb3aa69767ead5eabade6784e1cbda94c6781a4a3729464bc7b
Analyzer Verdict Alert quad9 Sinkholed
GET /01/b6/49/01b64935b8061c1f61d213a27ce2d729.js HTTP/1.1
Host: astonishedmule.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 29cfe7a48b19de303b14e551070b80c9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
i.jads.co/network/user500/16321-1456773456.gif
200 OK 160 kB URL HTTP/1.1 i.jads.co/network/user500/16321-1456773456.gif
IP
File type GIF image data, version 89a, 160 x 600\012- data
Size 160 kB (159963 bytes)
Hash 7ac0d7682e2a5b0fd95c4d549322268b
383de13eb415d95282f577ed439929b309c29f44
fe6fd88fe1e9747efc40e941057baf8d161b1adaae8a96073ad83b87a955825c
GET /network/user500/16321-1456773456.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:32 GMT
Connection: Keep-Alive
ETag: "1456773457"
Cache-Control: max-age=16840459
Content-Length: 159963
Content-Type: image/gif
Last-Modified: Mon, 29 Feb 2016 19:17:37 GMT
Accept-Ranges: bytes
X-HW: 1663872632.dop017.sk1.t,1663872632.cds263.sk1.c
quarrelaimless.com/watch.1153519982417.js?key=8ebf289c4f46a422ca6a5aed541bd534&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=3290b08a3405f1ef807c1cdae6d10a0b5305b5d00f954764afa2b6a58086fead98d5a5579a64d765ee55c4fedd3d929124169c3a2245d104cbcd526eb42bc0ca2d4a1aeac2ef24099353fc0a1a21a9c605f438&pst=1663872692&rmtc=t
200 OK 1.9 kB URL HTTP/1.1 quarrelaimless.com/watch.1153519982417.js?key=8ebf289c4f46a422ca6a5aed541bd534&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=3290b08a3405f1ef807c1cdae6d10a0b5305b5d00f954764afa2b6a58086fead98d5a5579a64d765ee55c4fedd3d929124169c3a2245d104cbcd526eb42bc0ca2d4a1aeac2ef24099353fc0a1a21a9c605f438&pst=1663872692&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2408)
Hash 286b1502b2857450a8c787c85a30ea82
a6f86a876d3a868a06ac63b8bd1897acaa455008
2c00d7273890c4793d06ea8b45674d53b718b7579643bed76c7d91384caebf25
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1153519982417.js?key=8ebf289c4f46a422ca6a5aed541bd534&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=3290b08a3405f1ef807c1cdae6d10a0b5305b5d00f954764afa2b6a58086fead98d5a5579a64d765ee55c4fedd3d929124169c3a2245d104cbcd526eb42bc0ca2d4a1aeac2ef24099353fc0a1a21a9c605f438&pst=1663872692&rmtc=t HTTP/1.1
Host: quarrelaimless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Cookie: u_pl=16189060; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjE4OTA2MCwiayI6IjhlYmYyODljNGY0NmE0MjJjYTZhNWFlZDU0MWJkNTM0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ3LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyNSwicHQiOjQsInBrIjoidnNjbTAzcDNjZiIsImNwa3MiOnsgIjI4IjoiM2UzMGMyM2ZmMDdhMDNjMzdiZDU2NjQxN2FkNWQ4NmQifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLz95ZXNzZW5pYSJ9fQ.0qIsyZ1U0TwB9QI2LNBJ9jch6wKRkgkcigeTnurhUTk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://gayinleeds.relayblog.com
Access-Control-Allow-Origin: http://gayinleeds.relayblog.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3aabf0ec-865b-4b05-aed3-6ea38f3d9129:1:1; expires=Thu, 29 Sep 2022 18:50:32 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 23 Sep 2022 18:50:32 GMT; secure; SameSite=None
uncs=1; expires=Fri, 23 Sep 2022 18:50:32 GMT; secure; SameSite=None
pdhtkv25=true; expires=Fri, 23 Sep 2022 18:50:32 GMT; secure; SameSite=None
uncs25=1; expires=Fri, 23 Sep 2022 18:50:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b1933fe571101fab086ded036cdc70ee
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1429), with no line terminators
Hash e41a569fcb0aab21552844e71626cac8
1095d78e4b9aee0c73a9bbf83bb0fa410db7d40f
bc7bd4eab27845c6df0565bc4a1b1ee6cdf32b4b9f83f60a17be53c0b7f534a2
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1429
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
reapinject.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
200 OK 29 kB URL HTTP/1.1 reapinject.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash c11e3b3e56d7dc0b454a12a44f208825
5bb4193d216b602b43de8950e9ae6234beb521fb
27000c662bd0b9e2c1d86737ed15e80121b73a7e0a03a2474912ff94709a54d0
Analyzer Verdict Alert quad9 Sinkholed
GET /01/b6/49/01b64935b8061c1f61d213a27ce2d729.js HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: be73ccb447388771ab7b65c3f9eae7a6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4108)
Hash 19c324fc91be7a74d17fe122e523bd27
e3017a0206a8325e70e12db2557309dbb9737768
3f2772c71f9ba40e699651e0d720abe60b7a064ac786e9b1e09d4f21f2f2cb0a
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 2521d4a488941187
Set-Cookie: ts_uid=152e75f8-1237-4294-935e-824e78c9031f; expires=Wed, 22 Mar 2023 18:50:32 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YYNmzAsHGDRhcWIsYUPPhQRJmJCG3MyFEjB4wZMrr0URAQ; expires=Fri, 23 Sep 2022 18:50:32 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
200 OK 610 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (610), with no line terminators
Hash e4015c0e2be1f7c3da6f01aabc115076
faf6179aa73aa1ff633473acebce30ad8a5b3452
e7f7bf0bc5bb3060b7d84b4bff83d2579d7079280686f4da9fc979e5272757b9
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 610
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-201
www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
200 OK 9.8 kB URL HTTP/1.1 www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26976), with no line terminators
Hash 5322b40a05a1157d7e8c6ca8a5ed3562
e3be110f66742bf40a8f887b62b44304d1ab146a
f8c25736e74eb53cace816016d53493e60d72c153c3e88f53a024aa026acd671
GET /3cb5727a16a2f566d5a822edf1d58427/invoke.js HTTP/1.1
Host: www.effectivedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 17793c7be3199e0a63d8958b93c5c54d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
200 OK 663 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (663), with no line terminators
Hash be2224de01c18b59b84edabfc58726d0
6b00801f36933e7c12297a60f91f443aaddf3ebc
8138569a4831009b69a22eb3b8b3ada9433a89c88d0d872365ddf8c49ccc7d4f
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 663
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-202
astonishedmule.com/watch.1520356380914.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 astonishedmule.com/watch.1520356380914.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1520356380914.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1 HTTP/1.1
Host: astonishedmule.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.9
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://gayinleeds.relayblog.com
Access-Control-Allow-Origin: http://gayinleeds.relayblog.com
Access-Control-Allow-Credentials: true
Location: https://astonishedmule.com/watch.1520356380914.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=bc616c80b4bf7a45ff76d20384646fba78f148b128cc8e3d9168c797b0cbdd3da4ea0d02a48b1e36b91fcbb3dce64fe0c8422e20294c9ed3adafd11e31b36a13225d573977ce6720df0c0bde27781fe95dfc3a0a&pst=1663872692&rmtc=t
Set-Cookie: u_pl=16428146; expires=Fri, 23 Sep 2022 18:50:32 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9nYXlpbmxlZWRzLnJlbGF5YmxvZy5jb20vP3llc3NlbmlhIn19.VRcDNm1HhSu8DqsoRv_m9zrgaaqt3tpAobadEemO07A; expires=Thu, 22 Sep 2022 18:51:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cde3661ad7dc2eb3ddc4d0881a1dbfe2
Strict-Transport-Security: max-age=0; includeSubdomains
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4124)
Hash 7aa6c795ada2280b14f36e2a69389ab2
3d0f756d7021decf7b2d991367a409d9e1e4ba7a
be517aff1399f5b41af8377b1a0a45663c54574c1cc013593798872ec821ac58
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: d12909af2be6b8f6
Set-Cookie: ts_uid=dae22763-cefc-4f6e-85b9-9a959c78af22; expires=Wed, 22 Mar 2023 18:50:32 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YYNmzAsHGDRhcWIsYUPPhQRJmJCG3MyFEjB4wZMrr0URAQ; expires=Fri, 23 Sep 2022 18:50:32 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
gayinleeds.relayblog.com/s3/ad_vc_gam2/banner-00203.gif
200 OK 691 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_vc_gam2/banner-00203.gif
IP
File type GIF image data, version 89a, 160 x 600\012- data
Size 691 kB (691218 bytes)
Hash 80290564946ade186cd956c13b79417c
65af1c665e0223c7de457c11189f90af39573711
20cf2660b2f4081877d5733eaaf8d37542f05e0e0a63c9e7df5a6d51963dc2ed
GET /s3/ad_vc_gam2/banner-00203.gif HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Type: image/gif
Content-Length: 691218
Connection: keep-alive
Last-Modified: Mon, 03 May 2021 20:25:00 GMT
ETag: "60905c1c-a8c12"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gzo8U12ylv1qLpy26XbLmT266CtFrHsBpAjBLvJzVI84mFGAYn4HVrRZbUyoZ4Er8sP8KWsmhEHpLb8%2FWVCveiUtwxVTugl6zGHfOQDOY2dbjC1zhd5XuXfNabKdHo0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed16f78c0d3ffd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b5656524b515d5d54535751544b515d5d54535751543b5454553b570106024a0e1403
200 141 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b5656524b515d5d54535751544b515d5d54535751543b5454553b570106024a0e1403
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 1024x683, components 3\012- data
Size 141 kB (141187 bytes)
Hash cf5de43ee34908cfcf05866bad1165d4
cb3a8762ed9ac40372c824647bc59a2e99e10e63
a6f85d2ec2938c99c97926f8190e09b68c7c5ac6a6603e070a29467c9e1052d1
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b5656524b515d5d54535751544b515d5d54535751543b5454553b570106024a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:26 GMT
Content-Length: 141187
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
reapinject.com/watch.1184827146449.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 reapinject.com/watch.1184827146449.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1184827146449.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://gayinleeds.relayblog.com
Access-Control-Allow-Origin: http://gayinleeds.relayblog.com
Access-Control-Allow-Credentials: true
Location: https://reapinject.com/watch.1184827146449.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=4cd2b13bcde0aba5961f3ce0ffdba0f59c91e8227fb17a3c43b40715f04bf5646c76cabe94f5b855a04621931148fe2954bc0af27732e43713933acef9ef1760462e7170f3637db018c9ba75bcbf91efe7f2f752&pst=1663872692&rmtc=t
Set-Cookie: u_pl=16428146; expires=Fri, 23 Sep 2022 18:50:32 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9nYXlpbmxlZWRzLnJlbGF5YmxvZy5jb20vP3llc3NlbmlhIn19.VRcDNm1HhSu8DqsoRv_m9zrgaaqt3tpAobadEemO07A; expires=Thu, 22 Sep 2022 18:51:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9bfad2f7ba4aad1a791a645bb4de09f0
Strict-Transport-Security: max-age=0; includeSubdomains
static.eabids.com/data/bannerpools/94553/22688.jpg
200 OK 16 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/22688.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash fc3b95549cd1b7aa65dbc58126a8325e
b24bff0efd4626592ec2d2b7ff749033e8534c19
a2eca55199886df535be68840acf6a49a8454a2c0ba43ba7dcf477e3c31c7eea
GET /data/bannerpools/94553/22688.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: image/jpeg
Content-Length: 16067
Last-Modified: Thu, 28 Apr 2022 14:45:33 GMT
Connection: keep-alive
ETag: "626aa88d-3ec3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
gayinleeds.relayblog.com/s3/ad_tf2/6392.jpg
200 OK 54 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_tf2/6392.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x1034, components 3\012- data
Hash 203d33830adfbaebe7dc5a02d5f6e3e6
f962a7a787777ee391810d14af380f8b3cfa6809
32fac0698f81e286300c36d8c8653a45ed889dc3b4dc40dca60e97045e13e712
GET /s3/ad_tf2/6392.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Content-Type: image/jpeg
Content-Length: 54390
Connection: keep-alive
Last-Modified: Wed, 21 Apr 2021 16:41:07 GMT
ETag: "608055a3-d476"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z2JcLqcPyKF%2BOYB5DDBtGTBV4Sd07lZHQGKQMOohNcL79czXR2NL%2FLOqxB0pSbVjgEZLt0tGX2sSTGMaW83ws2iOVbJpbygMQVXNF3qht7cxVYvtV2p3%2BWPvp5AVeXo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a106b88a246-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17138369
chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|7017784|no|94553|40900043|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1
301 Moved Permanently 0 B URL HTTP/1.1 chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|7017784|no|94553|40900043|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|7017784|no|94553|40900043|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: https://chaturbate.com:443/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|7017784|no|94553|40900043|5675441|1|0|10|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=NK0Ads8NKRBRbw0mF7rhgZ4bcjchACTm2blzNXuBCEM-1663872632-0-AU6hHNjldKCUTFZjnSzWLUF2XliUB7cujGO68jKOnJODIKMqppa3Ol+g+v9TnXwSu9f8cm1hygoPG1xpdDoSedU=; path=/; expires=Thu, 22-Sep-22 19:20:32 GMT; domain=.chaturbate.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Fhx%2FtuzAUrz3ORqrix6ao4juS7qHqvDWAdabIQ8t9SRI77s5dlGeKgKrse5rRJrdDqdjiICGgXtHbiTrYopH7y5t0aVtqc9GWwyoRCoE4PSrQO6nk%2FFiaifU09m59NP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74ed3a126a29b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
poweredby.jads.co/adshow.php?adzone=941000
200 OK 1.6 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=941000
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (413), with CRLF, LF line terminators
Hash a116a43a51375ee556df07b46d9182e0
79ff8d492cab883baa10e35afa705459be372ecd
5916efe0f25be8dd8b8361b6e0492c815cbe12bb60ae336788760b0bb37a45df
GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=684797848e24addf7748d4395e05ee38; expires=Fri, 22-Sep-2023 18:50:32 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:32 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3NjtpOjE2NjQxMzE4MzI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:32 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:32 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
astonishedmule.com/pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136
200 OK 0 B URL HTTP/1.1 astonishedmule.com/pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: astonishedmule.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
static.eabids.com/data/bannerpools/112022/33944.gif
200 OK 104 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/33944.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Size 104 kB (104351 bytes)
Hash 84853ff25d60bc306e7c78dcab8e8b7e
6b0dccc37088b2b59f97515bfdadfdfb502250f9
19b06533fb9799027cbd9e11e88e3415d2a539eaac8b56eaf97774ef566a0205
GET /data/bannerpools/112022/33944.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: image/gif
Content-Length: 104351
Last-Modified: Thu, 28 Apr 2022 14:46:21 GMT
Connection: keep-alive
ETag: "626aa8bd-1979f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
astonishedmule.com/watch.337341490190.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 astonishedmule.com/watch.337341490190.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.337341490190.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1 HTTP/1.1
Host: astonishedmule.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Cookie: u_pl=16428146; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9nYXlpbmxlZWRzLnJlbGF5YmxvZy5jb20vP3llc3NlbmlhIn19.VRcDNm1HhSu8DqsoRv_m9zrgaaqt3tpAobadEemO07A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.9
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://gayinleeds.relayblog.com
Access-Control-Allow-Origin: http://gayinleeds.relayblog.com
Access-Control-Allow-Credentials: true
Location: https://astonishedmule.com/watch.337341490190.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=0c169890a83b00cc6ece7e107e6b7668d6bf987d6894f167f820eafc7fc91c785f340160dd77d3f5c1c16954e712b7653f9ac43ff9a5624ff8c02050af68c68abcfe2bcca80d4ebd69c7dc6a1c6287a83fe12938bccf4929c2de1c8ee7a6f01f&pst=1663872692&rmtc=t
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLz95ZXNzZW5pYSJ9fQ.4cNYsNFEmcI48zelDR5c45Swn_LuENVTU6LmDxAPWUM; expires=Thu, 22 Sep 2022 18:51:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f542c526c95861e61dea9f2aa3ca6e80
Strict-Transport-Security: max-age=0; includeSubdomains
static.eabids.com/data/bannerpools/94553/59494.jpg
200 OK 17 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/59494.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash cb052a62a62c36e6e2a33972be486be8
91ec7a11937dbd34a64eecbc47ac6bf1654af4fb
835b6d0bff9385d26fa87c8f3e9301e975a18de366cbc6c895da83a7527e0712
GET /data/bannerpools/94553/59494.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: image/jpeg
Content-Length: 16920
Last-Modified: Thu, 28 Apr 2022 14:45:30 GMT
Connection: keep-alive
ETag: "626aa88a-4218"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
200 OK 34 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
File type ASCII text, with very long lines (2401)
Hash 1c070c6c399337b18c3e170515d4cebb
de31418f6d1638b6ead056454f7d9f49b84672db
b9abb286be8685379e8b91149517ff2500968dc4f2aeb5965508938f693f686e
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
gayinleeds.relayblog.com/s3/ad_tf2/2431.jpg
200 OK 45 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_tf2/2431.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x828, components 3\012- data
Hash c638a088e8445119f558a38d640075f5
d03c787eded3ff2cd002e2ec60e8dcec3f359e80
81f277b044053540dd9448ddf39890b56f224f007a079304ea3e2d95d109a5a0
GET /s3/ad_tf2/2431.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Content-Type: image/jpeg
Content-Length: 44936
Connection: keep-alive
Last-Modified: Wed, 21 Apr 2021 16:40:57 GMT
ETag: "60805599-af88"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VH9PMzZbQS9SXBANfFz8eZpBWtRexIbSON6kIXJuYvyggRNLgnCxgDnHW9vFZmQtlyjbZKuWgAYrx4Eq69zGPgomptsctKbJUMFlmUq9divJ4U3ETaLHr3DBAj7Duck%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a1008d254b5-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e326e13ca64ce13b95fdc53b04b17b8e
0d440eca8e3448dfbaf8934f203b080b8fd8892e
cfe5a3556758ad40aa2ce6cdba34afe10dfc4e45803fa31d061446e1fce30c89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE5A3556758AD40AA2CE6CDBA34AFE10DFC4E45803FA31D061446E1FCE30C89"
Last-Modified: Thu, 22 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19588
Expires: Fri, 23 Sep 2022 00:17:00 GMT
Date: Thu, 22 Sep 2022 18:50:32 GMT
Connection: keep-alive
poweredby.jads.co/adshow.php?adzone=830951
200 OK 1.9 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830951
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1591), with CRLF, LF line terminators
Hash 5820a70b367db2a27c4bc80e42e2ff33
edfb4fb6b226e94bbb8b8213df523372a3acfc46
5a146a29b380ac0a453cbed4c9208c977e90fdee6fef209657f76e5d05ff81f6
GET /adshow.php?adzone=830951 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=358d708ef1ea02c1951249ec17a3aa48; expires=Fri, 22-Sep-2023 18:50:31 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTozOntpOjU2NDYzMDtpOjE2NjQxMzE4MzE7aTo1NjQ2Mjk7aToxNjY0MTMxODMxO2k6NTkyOTgxO2k6MTY2NDEzMTgzMTt9; expires=Sun, 25-Sep-2022 18:50:31 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:31 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=830958
200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830958
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (434), with CRLF, LF line terminators
Hash 6ee67d92a5ad9f806118f56d65c52d39
e6ce9961292b6121abb5d90a71854ea557f0f2a0
8113b013380c136155cfdf7339b90aadc07e0de42270306ba30d40457a06d8c9
GET /adshow.php?adzone=830958 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=fe2ae070a602ebd0a0d8f295c7d3324c; expires=Fri, 22-Sep-2023 18:50:30 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps31629=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjc1MDExNTtpOjE2NjQxMzE4MzA7aTo1NjQ2MzA7aToxNjY0MTMxODMwO30%3D; expires=Sun, 25-Sep-2022 18:50:30 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:30 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
cdn.tsyndicate.com/sdk/v1/bi.js
304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 292426
gayinleeds.relayblog.com/s3/ad_tf2/3979.jpg
200 OK 48 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_tf2/3979.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x784, components 3\012- data
Hash 703e8b79cafdf91206ac915cb1cb2d4c
03aeda7eaf2c16d17f31b5cdc7ea1620d1d13f68
d7cec8f574a98bef2aa22696bffab5a14b7a1080bf54c35ba3d8625f4703422b
GET /s3/ad_tf2/3979.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Content-Type: image/jpeg
Content-Length: 48477
Connection: keep-alive
Last-Modified: Wed, 21 Apr 2021 16:41:03 GMT
ETag: "6080559f-bd5d"
X-Cluster: web-cdn2
X-Cache: EXPIRED
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uiT3R%2FLCnkVqMHiGM0YFGFFihAjZfAl1itFCkb5VzFmfibrbulYKplbVOKOQt7ydUKWvbGXpXbNFtS%2FB2yt9VVvcl5gjvuU2Q8ioVeRzyyz2evAbPb%2FihIjCM2TREzY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a109cc5a1ed-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d02c9e77"
X-Request-ID: 747c56af5e34d34870c29f116898e29a
Content-Encoding: gzip
Expires: Thu, 22 Sep 2022 19:50:32 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1353), with no line terminators
Hash c66e4e1e94b250efdec2e10ec5bbeec4
b18f99f919af431f2a0d89575f0dc923e615086b
738cd5b673ebefe2bd607931b5592cfcbac0803efe4bfc138961a2fbec790d7f
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1353
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-202
cdn.tsyndicate.com/sdk/v1/bi.js
304 Not Modified 14 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP
Hash 409d2630c197aad669aa5f725b2095b4
2448049d9dfa39ab355a353782dd63d31dd240fb
5d64e0afb95715c0ff8976c9b6dfa765084f75f014a225834acdf38f92b595bc
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 292426
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17138369
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 22 Sep 2022 18:41:09 GMT
expires: Thu, 22 Sep 2022 20:41:09 GMT
cache-control: public, max-age=7200
age: 563
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 292427
kazanwhoeveryowl.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
200 OK 29 kB URL HTTP/1.1 kazanwhoeveryowl.com/01/b6/49/01b64935b8061c1f61d213a27ce2d729.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash e9643ce8c8197bad7d1a718644ffea24
be25e3bcc8068377345804f609c61ca6a055bfd6
2a979cb59c07c480337a8a0dabce651ca349cc95c87ec6b086005c713b11082b
Analyzer Verdict Alert quad9 Sinkholed
GET /01/b6/49/01b64935b8061c1f61d213a27ce2d729.js HTTP/1.1
Host: kazanwhoeveryowl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 22 Sep 2022 18:50:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5e77b2c95eb1f7af51aaf5a6378230c3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.tsyndicate.com/sdk/v1/bi.js
304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 292427
cdn.tsyndicate.com/sdk/v1/bi.js
304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
If-Modified-Since: Mon, 19 Sep 2022 08:53:30 GMT
If-None-Match: W/"63282e0a-1e1a"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:36:46 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:53:30 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282e0a-1e1a"
Age: 292427
cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d02c9e77"
X-Request-ID: 747c56af5e34d34870c29f116898e29a
Content-Encoding: gzip
Expires: Thu, 22 Sep 2022 19:50:33 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
200 OK 14 kB URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
IP
ASN #39572 DataWeb Global Group B.V.
Hash 3ea889ae54bd37f6bd111668b27adf21
c20afb010154b5eacb26973d915afefc271c7eaa
ca09a2da0b2fb3b77a1f58a1d87c1ba08196e573fe940e39cf2f757d899127ae
GET /i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d02c9e77"
X-Request-ID: 747c56af5e34d34870c29f116898e29a
Content-Encoding: gzip
Expires: Thu, 22 Sep 2022 19:50:33 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?
200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4068)
Hash 8508001e0f279ed217f923b134898dd0
44b4d077cfba8d95c73721f56576266bb520b934
7f1f62029dceb7e3bc7f3c77bb29110989cd2bf4cf2da8477e2dd5d504b565b0
GET /iframes2/663422ed4341433597d6546506d00321.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: dd532714ed1834c6
Set-Cookie: ts_uid=b9629f0e-5a29-4b0c-aa07-c298a2e1a387; expires=Wed, 22 Mar 2023 18:50:33 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d02c9e77"
X-Request-ID: 5f03747e6d3fbb98ec6e3c78cbb604dd
Content-Encoding: gzip
Expires: Thu, 22 Sep 2022 19:50:33 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
static.eabids.com/data/bannerpools/112022/33929.gif
200 OK 144 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/33929.gif
IP
Size 144 kB (144152 bytes)
Hash 4d38d167220ca98c712440830747b37d
73dc07f95e2450a7f23b6cd9b6b91ec33216c136
48a490f846a9750d930d2f65981029173c887505b3579f257d116862d9b1cc67
GET /data/bannerpools/112022/33929.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: image/gif
Content-Length: 129611
Last-Modified: Thu, 28 Apr 2022 14:46:27 GMT
Connection: keep-alive
ETag: "626aa8c3-1fa4b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3Dy91LkdLvO5YHIwMpUbDm9nTSN15iKZDTlykEhlp5Ya58JEFZ51mCiJxNWcda87v7cKAUpBdYBaFxAe34PcUMj4l3YP-pCn2BBMBoi9M_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
200 OK 3.8 kB URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3Dy91LkdLvO5YHIwMpUbDm9nTSN15iKZDTlykEhlp5Ya58JEFZ51mCiJxNWcda87v7cKAUpBdYBaFxAe34PcUMj4l3YP-pCn2BBMBoi9M_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
IP
File type JSON data\012- , ASCII text
Hash c5e5f9b52e22cf5371408ac2ab2c14ae
348b45bcd87ddfcacbb01113c9c25a743d132e30
6a081ddb5163ccefc1b09527984219ae2d3e516d5a5169657acbd6fc0041dc25
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26masterSmartpopId%3D0%26memberId%3Dy91LkdLvO5YHIwMpUbDm9nTSN15iKZDTlykEhlp5Ya58JEFZ51mCiJxNWcda87v7cKAUpBdYBaFxAe34PcUMj4l3YP-pCn2BBMBoi9M_gUIDRUi%26p1%3D3844273%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D226440%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460 HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Thu, 22 Sep 2022 18:50:31 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeSF4mw3pyDiW7pyEfbeTqx9KGUU; SameSite=None; Secure; path=/; expires=Fri, 23-Sep-22 17:50:31 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a0b8b980afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gayinleeds.relayblog.com/s3/ad_tube/c147.jpg
200 OK 34 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_tube/c147.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x427, components 3\012- data
Hash 22dceab9b20b918822a41c785e1940ce
587a105e1d381982eda8f2b791d52a9f61f1fb44
e7a447c9fb756e01a7def2b9d56d398f6f3b3fb4b90b4fa66816ef207dd33012
GET /s3/ad_tube/c147.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Content-Type: image/jpeg
Content-Length: 34499
Connection: keep-alive
Last-Modified: Sun, 10 Jan 2021 15:25:52 GMT
ETag: "5ffb1c80-86c3"
X-Cluster: web-cdn2
X-Cache: EXPIRED
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ubi8K178TbnXmTSzIGYJES%2B4j1tW6EteXJlrwmknITArzrSNJ%2BlYCOn8xUwrEadq%2B1yyGrzJsDilGb5Najax9OldULF99tLkfCQDzFd3qsMuiYdGSB9oXRLyzyWYXxE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a12bc784003-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
200 OK 662 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (662), with no line terminators
Hash 297489c5d676b7a590a64b0af2b2f79b
e635ab45d7be69995c7863525ab67061841f20d8
a1e44e38ad99c86941b2c46e31c48443b3879863818e5f78da987f7c4ec31621
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 662
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-201
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
200 OK 663 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (663), with no line terminators
Hash be2224de01c18b59b84edabfc58726d0
6b00801f36933e7c12297a60f91f443aaddf3ebc
8138569a4831009b69a22eb3b8b3ada9433a89c88d0d872365ddf8c49ccc7d4f
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 663
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
go.eabids.com/banner.go?spaceid=5205655&keywords=&maincat=
200 OK 1.4 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5205655&keywords=&maincat=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1364), with no line terminators
Hash 7f2c4024f3eb9ed121a17178f906add8
8c024f23db118de378712432e7719b245f8696a0
0640952847e1a31032bcca18815b25242d968e44263b56b147e347d93edf0be9
GET /banner.go?spaceid=5205655&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1364
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
precedentadministrator.com/pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136
200 OK 0 B URL HTTP/1.1 precedentadministrator.com/pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: precedentadministrator.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5455544b5653574b5454554b5550525656555651554b4c095901491d0505231505054d4c090c59353520303515153e3523032a511408054d0b160d030d0a05083b5550525656555651554a0e1403
200 60 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5455544b5653574b5454554b5550525656555651554b4c095901491d0505231505054d4c090c59353520303515153e3523032a511408054d0b160d030d0a05083b5550525656555651554a0e1403
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 575x383, components 3\012- data
Hash cd2418aea9f0c4825d356a918b192a12
148a99cc258117af1db4f3e17503ccb130bdd141
8ec163e2f495622425afa62323c5bf124056b56d8cd1258b640a87e21720719d
GET /viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5455544b5653574b5454554b5550525656555651554b4c095901491d0505231505054d4c090c59353520303515153e3523032a511408054d0b160d030d0a05083b5550525656555651554a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Content-Length: 60283
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
astonishedmule.com/watch.1520356380914.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=bc616c80b4bf7a45ff76d20384646fba78f148b128cc8e3d9168c797b0cbdd3da4ea0d02a48b1e36b91fcbb3dce64fe0c8422e20294c9ed3adafd11e31b36a13225d573977ce6720df0c0bde27781fe95dfc3a0a&pst=1663872692&rmtc=t
200 OK 2.4 kB URL HTTP/1.1 astonishedmule.com/watch.1520356380914.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=bc616c80b4bf7a45ff76d20384646fba78f148b128cc8e3d9168c797b0cbdd3da4ea0d02a48b1e36b91fcbb3dce64fe0c8422e20294c9ed3adafd11e31b36a13225d573977ce6720df0c0bde27781fe95dfc3a0a&pst=1663872692&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (3033)
Hash 52d14745f217f9590c143cde78eaacf9
af86d8605580d0be2024b1d33fc3442f6539eb09
1d8a075bc35705117f752e1f2ce45980e2c6c433be96637386517e3a3533d134
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1520356380914.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=bc616c80b4bf7a45ff76d20384646fba78f148b128cc8e3d9168c797b0cbdd3da4ea0d02a48b1e36b91fcbb3dce64fe0c8422e20294c9ed3adafd11e31b36a13225d573977ce6720df0c0bde27781fe95dfc3a0a&pst=1663872692&rmtc=t HTTP/1.1
Host: astonishedmule.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Cookie: u_pl=16428146; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLz95ZXNzZW5pYSJ9fQ.4cNYsNFEmcI48zelDR5c45Swn_LuENVTU6LmDxAPWUM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://gayinleeds.relayblog.com
Access-Control-Allow-Origin: http://gayinleeds.relayblog.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3aabf0ec-865b-4b05-aed3-6ea38f3d9129:1:1; expires=Thu, 29 Sep 2022 18:50:33 GMT; secure; SameSite=None
iprc734395721a19f4aec8625df83e1466e5=2060092; expires=Thu, 06 Oct 2022 18:50:33 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
uncs=1; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aabe8a305aebfa32a819f870219b6fe3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
gayinleeds.relayblog.com/s3/ad_oct20/0009.gif
200 OK 48 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_oct20/0009.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Hash 47abfabf0713117b5d55b5853b499c2c
b564f788076c9956ca9038a5ca1711991064909e
63d07e26344dc8067c60d3edea27097c17f955593712a1260c6d69667e41b302
GET /s3/ad_oct20/0009.gif HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Content-Type: image/gif
Content-Length: 47642
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:06:27 GMT
ETag: "5f80c2c3-ba1a"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u8ITiYqHHmXTolytq51g1So1Q9mhs9dtT1mCkeiHTV7oYIVK%2FhzKALKAyiiyEqgpVmSJ9upK4I6jf1hq5zWJnrHwLg1mN7h8XjGuqgsgz3B%2BeotYZTJDNhRmkJW9qUQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 74eb7dee6ec7a1f9-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b0656250a173b101e3b015055140b3e512d05530a2c354b5454544b5052504b57535d4b5052533b555454544a0e1403
200 167 B URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b0656250a173b101e3b015055140b3e512d05530a2c354b5454544b5052504b57535d4b5052533b555454544a0e1403
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b0656250a173b101e3b015055140b3e512d05530a2c354b5454544b5052504b57535d4b5052533b555454544a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-CORE: core4
X-LB: core4
poweredby.jads.co/adshow.php?adzone=910226
200 OK 1.9 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=910226
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (436), with CRLF, LF line terminators
Hash 618bf884e7b3f8420e7c7e785ea02ff6
19b61226dfcb4dd7a9a877996803fdd33a7d967b
2374903f2a63b3da3c4503e5f683936919fac9e2fb7146dd0ed4379cbbca676c
GET /adshow.php?adzone=910226 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=fe2ae070a602ebd0a0d8f295c7d3324c; expires=Fri, 22-Sep-2023 18:50:30 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps29764=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:31 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTo1OntpOjU5Mjk3ODtpOjE2NjQxMzE4MzA7aToxMTk2NzE4O2k6MTY2NDEzMTgzMDtpOjY5NjM0NDtpOjE2NjQxMzE4MzA7aToxMTk2OTQzO2k6MTY2NDEzMTgzMDtpOjU5Mjk3NDtpOjE2NjQxMzE4MzA7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:30 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:30 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17138370
lcdn.tsyndicate.com/error/banner.html
200 OK 355 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8b1f15be621db10926fe9a4cf5e065a7
cbf25705dce9a6cdc92fca1b42924c31a4325b09
0a9c708f0537719d5a20bfaa8343363a0283320fb1776657d913a6a4f2030287
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 00:07:36 GMT
Content-Type: text/html
Content-Length: 355
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 1795377
Accept-Ranges: bytes
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b2b105d1c26332b5c3130002f0f032c085221170650354b5454544b5053524b5d52504b545c513b555454544a0e1403
200 167 B URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b2b105d1c26332b5c3130002f0f032c085221170650354b5454544b5053524b5d52504b545c513b555454544a0e1403
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b2b105d1c26332b5c3130002f0f032c085221170650354b5454544b5053524b5d52504b545c513b555454544a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1
200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-243
Content-Encoding: gzip
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
200 OK 7.0 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
File type ASCII text, with very long lines (2401)
Hash 751708f81e10848d13a3df6d94f0e596
1580cbaf4ca0e4f6e7e807dcba795faf0b17d200
06bb09b5df378f64a606f8fa85228ab22abef62330f92c353a1ac85007b4bff2
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: application/javascript
vary: Accept-Encoding
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
reapinject.com/watch.1184827146449.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=4cd2b13bcde0aba5961f3ce0ffdba0f59c91e8227fb17a3c43b40715f04bf5646c76cabe94f5b855a04621931148fe2954bc0af27732e43713933acef9ef1760462e7170f3637db018c9ba75bcbf91efe7f2f752&pst=1663872692&rmtc=t
200 OK 2.4 kB URL HTTP/1.1 reapinject.com/watch.1184827146449.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=4cd2b13bcde0aba5961f3ce0ffdba0f59c91e8227fb17a3c43b40715f04bf5646c76cabe94f5b855a04621931148fe2954bc0af27732e43713933acef9ef1760462e7170f3637db018c9ba75bcbf91efe7f2f752&pst=1663872692&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (3089)
Hash 43c4128e5fc9b981b59a399acc19a648
bc2cb982072740d293319a73e7e855f341cf073e
d2c84ef591f44037730924cd7bae91d4bcc19c4f011d4ccac2bdf4ceb020a6ae
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1184827146449.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=4cd2b13bcde0aba5961f3ce0ffdba0f59c91e8227fb17a3c43b40715f04bf5646c76cabe94f5b855a04621931148fe2954bc0af27732e43713933acef9ef1760462e7170f3637db018c9ba75bcbf91efe7f2f752&pst=1663872692&rmtc=t HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Cookie: u_pl=16428146; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9nYXlpbmxlZWRzLnJlbGF5YmxvZy5jb20vP3llc3NlbmlhIn19.VRcDNm1HhSu8DqsoRv_m9zrgaaqt3tpAobadEemO07A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://gayinleeds.relayblog.com
Access-Control-Allow-Origin: http://gayinleeds.relayblog.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3aabf0ec-865b-4b05-aed3-6ea38f3d9129:1:1; expires=Thu, 29 Sep 2022 18:50:33 GMT; secure; SameSite=None
iprcd142baed9b0e13a678749de3efc419fd=3569681; expires=Thu, 22 Sep 2022 22:50:33 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
uncs=1; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 133367d2cf6c05c178dd66b6385feea0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b5553554b52535c56515c55574b52535c56515c55573b5454553b055c56024a0e1403
200 132 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b5553554b52535c56515c55574b52535c56515c55573b5454553b055c56024a0e1403
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 683x1024, components 3\012- data
Size 132 kB (132393 bytes)
Hash a0ace0473bab2646f2b2b8d9c630649a
3fcc8dae86b7976d18ce062d6737eb3d10219314
7e140fb1455bc2b069be276a7f8bd57e99c5127c37004cebd04934aad3988f1d
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b5553554b52535c56515c55574b52535c56515c55573b5454553b055c56024a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Content-Length: 132393
Connection: keep-alive
Cache-Control: max-age=31418383
gayinleeds.relayblog.com/loadeactrl?pid=41442&siteid=47820&spaceid=5141684
200 OK 43 kB URL HTTP/1.1 gayinleeds.relayblog.com/loadeactrl?pid=41442&siteid=47820&spaceid=5141684
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash dee3bc30f7736ec5e6508e0d4af70a86
39f31d9fbd829beb3a24b6d6fa216970f6fd7034
0b3736493f6b3f5c9904e13e7dba43c38badd2f6541f09e06c86349c91cced36
GET /loadeactrl?pid=41442&siteid=47820&spaceid=5141684 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Content-Type: application/javascript
Content-Length: 42884
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token,X-CSRFToken, Authorization
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: us1-web125-222
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b320e0255082b3e1300363c2721010b133e032d280d134b5454544b5052514b5c53534b555d513b555454544a0e1403
200 94 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b320e0255082b3e1300363c2721010b133e032d280d134b5454544b5052514b5c53534b555d513b555454544a0e1403
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 454x928, components 3\012- data
Hash 98e5336223380a5fa3f8988cf7c0dedd
8c36b8cd38c9deafb6781e496f4303cadf6f986d
6221a9fda1016d5f16a1d4132bf25a3dcc8b20163f8e7e39b369d6d78dbb614f
GET /viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b320e0255082b3e1300363c2721010b133e032d280d134b5454544b5052514b5c53534b555d513b555454544a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:27 GMT
Content-Length: 93595
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 813663596283e21d
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4144)
Hash da94fd36ed936b04f662551424d53840
b7941786aa4b23e6ee2304cc8d5d1f1a9e14aa59
7ad610d925e0fd1bb1f43de60b7e6ba9d4dc570249766691c152dde3920e89ee
GET /iframes2/663422ed4341433597d6546506d00321.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 23caaa5fda0edeb6
Set-Cookie: ts_uid=a7c2d654-c90a-4056-bb1b-26d7c95b3b1a; expires=Wed, 22 Mar 2023 18:50:33 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
refutationtiptoe.com/pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136
200 OK 0 B URL HTTP/1.1 refutationtiptoe.com/pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: refutationtiptoe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tsyndicate.com/iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4228)
Hash 9687543aba69cb2b05e35585e81dfe2b
4e3ad0ae30f128e7ba4f77ed953f719ba90a381f
7bc179b86613216f4629cfd34ae430072a2e42f6448e5175206130ca8c9fca42
GET /iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: b907a7687c427302
Set-Cookie: ts_uid=10da9eff-56d5-40b9-8742-08ba66b5ab49; expires=Wed, 22 Mar 2023 18:50:33 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A32%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
200 OK 3.9 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A32%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3951), with CRLF, LF line terminators
Hash a490b002019b7b9b52f3698084913714
759b90ce5d1e9db757c98173164241df035ff417
7d2ac38ef5ccc538dca0b0a328eaaebf289fed3cd85de8cdc5e93c5d1ef28f20
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A32%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Thu, 22 Sep 2022 18:50:32 UTC
expires: Thu, 22 Sep 2022 18:50:32 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=941000
200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=941000
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (413), with CRLF, LF line terminators
Hash a2ce3b0d8ab751643cc20512f6226a06
5df523995ceb76736f3cbf2284a13f39700a8aa6
63232c0ef1b72c838b973f049ce56fc0242c6bc86bab35ae7825b6b580a7c51a
GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=684797848e24addf7748d4395e05ee38; expires=Fri, 22-Sep-2023 18:50:32 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:33 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3NjtpOjE2NjQxMzE4MzI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:32 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:32 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=gYguL5CFaLLQLUBvwn0ndAmNlBWXBw1dKNZXHIL2UjzMnFSB8yn04NW9ZpTmdv7ZJRKJH-yHHoFjOughg7nwf2ve0EbWh7UfKy8uA5M_gUIDRUi&p1=3844273
301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=gYguL5CFaLLQLUBvwn0ndAmNlBWXBw1dKNZXHIL2UjzMnFSB8yn04NW9ZpTmdv7ZJRKJH-yHHoFjOughg7nwf2ve0EbWh7UfKy8uA5M_gUIDRUi&p1=3844273
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=gYguL5CFaLLQLUBvwn0ndAmNlBWXBw1dKNZXHIL2UjzMnFSB8yn04NW9ZpTmdv7ZJRKJH-yHHoFjOughg7nwf2ve0EbWh7UfKy8uA5M_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 18:50:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 19:50:33 GMT
Location: https://go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=gYguL5CFaLLQLUBvwn0ndAmNlBWXBw1dKNZXHIL2UjzMnFSB8yn04NW9ZpTmdv7ZJRKJH-yHHoFjOughg7nwf2ve0EbWh7UfKy8uA5M_gUIDRUi&p1=3844273
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ed3a171ed6b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 53746a54a0a8ee29
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
astonishedmule.com/watch.337341490190.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=0c169890a83b00cc6ece7e107e6b7668d6bf987d6894f167f820eafc7fc91c785f340160dd77d3f5c1c16954e712b7653f9ac43ff9a5624ff8c02050af68c68abcfe2bcca80d4ebd69c7dc6a1c6287a83fe12938bccf4929c2de1c8ee7a6f01f&pst=1663872692&rmtc=t
200 OK 2.4 kB URL HTTP/1.1 astonishedmule.com/watch.337341490190.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=0c169890a83b00cc6ece7e107e6b7668d6bf987d6894f167f820eafc7fc91c785f340160dd77d3f5c1c16954e712b7653f9ac43ff9a5624ff8c02050af68c68abcfe2bcca80d4ebd69c7dc6a1c6287a83fe12938bccf4929c2de1c8ee7a6f01f&pst=1663872692&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2950)
Hash e91242e3d7aa249bf6664a74ca339c8b
65c7d73da20ec106f653aec608221a0be2910504
a60e596e75706b21971d1ca89d460dcef175c15a5d53959e882ccc25e10fff35
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.337341490190.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=0c169890a83b00cc6ece7e107e6b7668d6bf987d6894f167f820eafc7fc91c785f340160dd77d3f5c1c16954e712b7653f9ac43ff9a5624ff8c02050af68c68abcfe2bcca80d4ebd69c7dc6a1c6287a83fe12938bccf4929c2de1c8ee7a6f01f&pst=1663872692&rmtc=t HTTP/1.1
Host: astonishedmule.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Cookie: u_pl=16428146; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLz95ZXNzZW5pYSJ9fQ.4cNYsNFEmcI48zelDR5c45Swn_LuENVTU6LmDxAPWUM; uid_id2=3aabf0ec-865b-4b05-aed3-6ea38f3d9129:1:1; iprc734395721a19f4aec8625df83e1466e5=2060092; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://gayinleeds.relayblog.com
Access-Control-Allow-Origin: http://gayinleeds.relayblog.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3aabf0ec-865b-4b05-aed3-6ea38f3d9129:1:1; expires=Thu, 29 Sep 2022 18:50:33 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
uncs=1; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 45f06a11118aaefdf1927bffe328bf77
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tsyndicate.com/iframes2/4cac9064b352472ab0c635df56b56283.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
200 OK 3.5 kB URL HTTP/1.1 tsyndicate.com/iframes2/4cac9064b352472ab0c635df56b56283.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5805)
Hash dee9cd6ac6767690c73d0bf83da7a3de
89c3d709fc178e1597622dea576afc3487e9738a
f1e538233fb5e1a7f1ea7cd045f75fec63656964630f06d372a56cdda896c291
GET /iframes2/4cac9064b352472ab0c635df56b56283.html?keywords=Best,porn,sites,sorted,categories,and,quality,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,powered,genevieve,pictures,twilight,desna,wikipedia,panties,bitoni,boyfriend,classic,shooting,legal,alexa,pink,watching,smurfs,waist,clip,parker,montaina,free,change,bailey,school,flv,and,gallery,0288,casting,fuck,xxx,getting,big,cayenne,irish,his,hobby,longest,average,forbidden,spanked,world,websites,acuff,island,server,maids,carter,penal,1980,galleries,sean,alyssa,gabbie,amazing,alian,orgasm,amanda,queens,breasts,gold,blackberry,striptease,double,desk,student,furry,mpegs,214,while,baby,tom,exoctic,lesbian,dick,case,show,look,european,parody,voyeur,locker,reality,first,mpeg,videos,boys,blonde,party,lang,toon,movies,kencaddel,teens,stories,lick,mom,picthunter,bitch,club,p&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/images/f/b/2c0e713c0761c4c20a0af89a5bd30389f9ee28/300x250.jpg>; rel=preload; as=image
X-Request-Id: 848277d909f56cb0
Set-Cookie: ts_uid=2242d3b5-1667-4184-aa90-70a505628ae3; expires=Wed, 22 Mar 2023 18:50:33 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOGzAkEHjRhcWIsYU3BLjoYgyE2PYsDEjR40cMGbM6NJH; expires=Fri, 23 Sep 2022 18:50:33 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
10945-2.s.cdn15.com/creatives/247/186312/407125_66cc3.gif
200 OK 274 kB URL HTTP/2 10945-2.s.cdn15.com/creatives/247/186312/407125_66cc3.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Size 274 kB (273818 bytes)
Hash 7889d9075c71a7a91eb1b0c21f358d60
b5ff9e00cb865c5a18a1299ec200e38050b0b14c
53d4f5c9cd11b9687be47aaa8a2846354d7591b3ec80fcf7b163239755681144
GET /creatives/247/186312/407125_66cc3.gif HTTP/1.1
Host: 10945-2.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ucdn/1.22.0
date: Thu, 22 Sep 2022 18:50:33 GMT
content-type: image/gif
content-length: 273818
last-modified: Fri, 22 Oct 2021 12:00:43 GMT
etag: "7889d9075c71a7a91eb1b0c21f358d60"
x-timestamp: 1634904042.92462
x-trans-id: tx23b9db92b2784beca77b3-0062c803bb
x-openstack-request-id: tx23b9db92b2784beca77b3-0062c803bb
x-ureq-id: OoAmJoUAEw59+t5vrupjSbz60UPs5sF04GI6b3V5Zjg=
x-served-from: l1
expires: Sun, 18 Dec 2022 18:00:34 GMT
cache-control: max-age=7513801
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 90, 20856
accept-ranges: bytes
X-Firefox-Spdy: h2
gayinleeds.relayblog.com/s3/mx-wide/p12.jpg
200 OK 120 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/mx-wide/p12.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Macintosh), datetime=2016:09:06 11:11:55], baseline, precision 8, 728x90, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 17260-29268, spot sensor temperature 4323621993986912157696.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 1156999415638757504318439424.000000\012- data
Size 120 kB (120331 bytes)
Hash 30afb93cb0f7e11edda0b75d79963dee
d0f9dfd7f3a35eda14a176b671904d072456496d
54e5dbd84f99eaa2bf72e078b1c647ac43bad8a589c52389d27185df28b66e9d
GET /s3/mx-wide/p12.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:28 GMT
Content-Type: image/jpeg
Content-Length: 120331
Connection: keep-alive
Last-Modified: Mon, 21 Sep 2020 19:51:52 GMT
ETag: "5f690458-1d60b"
X-Cluster: web-cdn2
X-Cache: EXPIRED
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KCHAQbTVmNBGc0rPsVFf1l7CAxV2PHOBt1FsE0%2BckCY69L3K9UWnz9D%2BL8tILKOVjZ6DLBDkzsn4437dThi7F9A3uJFw60qYX1xttO4coD%2BU72xRITW9M5bO1V3%2F4Oc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 74eceae0f9b653e3-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
i.jads.co/network/user500/22340-1505050812.gif
200 OK 366 kB URL HTTP/1.1 i.jads.co/network/user500/22340-1505050812.gif
IP
File type GIF image data, version 89a, 250 x 250\012- data
Size 366 kB (365951 bytes)
Hash 9d846e215d3ce2c6afccb260428e7290
ee571a5209505cc276bcd48571d80e62c12662ad
9f85d1c49424a6566c51b87d369fe43617c4a476696f7181578a338efd429fba
GET /network/user500/22340-1505050812.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Connection: Keep-Alive
ETag: "1505050813"
Cache-Control: max-age=16800271
Content-Length: 365951
Content-Type: image/gif
Last-Modified: Sun, 10 Sep 2017 13:40:13 GMT
Accept-Ranges: bytes
X-HW: 1663872633.dop001.sk1.t,1663872633.cds245.sk1.c
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
200 OK 20 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
File type ASCII text, with very long lines (2401)
Hash df5acbcb02eefd03050db6f753c26ad1
79b70c23f748cec75d89c8ec9ffe83213b02cd96
4bda69095fe43cc9015c1dd84b31ecc212592de83ce80d16b6d4d4173c09b915
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
kazanwhoeveryowl.com/watch.675656806154.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=f8657c46d5dc41ac71663af214bc29549b5f16a701f4b84604a1a6de378b68391539a776d19aa4c318ddf3ba7ab15ca584e93e3ef27f9f2ce131c1f848c410c60b1f5b8d3984d6d7ccba3116aef31b36495e587abc3d78d181f52c7b990ec6&pst=1663872693&rmtc=t
200 OK 2.0 kB URL HTTP/1.1 kazanwhoeveryowl.com/watch.675656806154.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=f8657c46d5dc41ac71663af214bc29549b5f16a701f4b84604a1a6de378b68391539a776d19aa4c318ddf3ba7ab15ca584e93e3ef27f9f2ce131c1f848c410c60b1f5b8d3984d6d7ccba3116aef31b36495e587abc3d78d181f52c7b990ec6&pst=1663872693&rmtc=t
IP
File type HTML document, ASCII text, with very long lines (2476)
Hash 7147fb9cc0aba94ad0935195d84c8be8
e4bd3c304232874d815a05391e857402ccadd585
e484d3a8b22923e7f747031120a048cdb6776c5fec21478fb1b106a168792407
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.675656806154.js?key=3cb5727a16a2f566d5a822edf1d58427&kw=%5B%22hot%22%2C%22sexy%22%2C%22tubes%22%5D&refer=http%3A%2F%2Fgayinleeds.relayblog.com%2F%3Fyessenia&tz=0&dev=r&res=12.29&uuid=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1&shu=f8657c46d5dc41ac71663af214bc29549b5f16a701f4b84604a1a6de378b68391539a776d19aa4c318ddf3ba7ab15ca584e93e3ef27f9f2ce131c1f848c410c60b1f5b8d3984d6d7ccba3116aef31b36495e587abc3d78d181f52c7b990ec6&pst=1663872693&rmtc=t HTTP/1.1
Host: kazanwhoeveryowl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Cookie: u_pl=16428146; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyODE0NiwiayI6IjNjYjU3MjdhMTZhMmY1NjZkNWE4MjJlZGYxZDU4NDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJtZWdwcnVuMGNpIiwiY3BrcyI6eyAiMjgiOiIwMWI2NDkzNWI4MDYxYzFmNjFkMjEzYTI3Y2UyZDcyOSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9nYXlpbmxlZWRzLnJlbGF5YmxvZy5jb20vP3llc3NlbmlhIn19.VRcDNm1HhSu8DqsoRv_m9zrgaaqt3tpAobadEemO07A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://gayinleeds.relayblog.com
Access-Control-Allow-Origin: http://gayinleeds.relayblog.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3aabf0ec-865b-4b05-aed3-6ea38f3d9129:1:1; expires=Thu, 29 Sep 2022 18:50:33 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
uncs=1; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 23 Sep 2022 18:50:33 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 16c7ec911505565e0df37f2b9c0684ec
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=S-KTH8CCxxDzeoYH-E2D_ze3O5R4ou_SR3zUT-DSDsyLI45Gq5Agg3JLk2zmILVC_mfJE8CgyJ0kbfZs3lmcdBlTqAt7syXR8iapBgQ_gUIDRUi&p1=3844273
301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=S-KTH8CCxxDzeoYH-E2D_ze3O5R4ou_SR3zUT-DSDsyLI45Gq5Agg3JLk2zmILVC_mfJE8CgyJ0kbfZs3lmcdBlTqAt7syXR8iapBgQ_gUIDRUi&p1=3844273
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=S-KTH8CCxxDzeoYH-E2D_ze3O5R4ou_SR3zUT-DSDsyLI45Gq5Agg3JLk2zmILVC_mfJE8CgyJ0kbfZs3lmcdBlTqAt7syXR8iapBgQ_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 18:50:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 19:50:33 GMT
Location: https://go.xxxijmp.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226440&memberId=S-KTH8CCxxDzeoYH-E2D_ze3O5R4ou_SR3zUT-DSDsyLI45Gq5Agg3JLk2zmILVC_mfJE8CgyJ0kbfZs3lmcdBlTqAt7syXR8iapBgQ_gUIDRUi&p1=3844273
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ed3a18388cb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
go.eroadvertising.com/eactrl.go
200 OK 1.4 kB URL HTTP/1.1 go.eroadvertising.com/eactrl.go
IP
File type JSON data\012- , ASCII text, with very long lines (2481), with no line terminators
Hash ba64c37399864293f70a546275c64f24
4ede2dc7d32e59505bfcc121acab772982347ed6
4db6186303a4120ad8b691cd5bd6052ca58ebefd6a703dc1cb5e83d7d5f403f7
POST /eactrl.go HTTP/1.1
Host: go.eroadvertising.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 978
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 1417
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: http://gayinleeds.relayblog.com
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token,X-CSRFToken, Authorization
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-201
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
200 OK 336 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
File type ASCII text, with very long lines (2401)
Size 336 kB (335586 bytes)
Hash c58dc8c5efbc9a2e95c7b6214f900c19
5765406380189f1a2e273ccd717c3ef1ab260df5
32926835796b6993a44fbd479e9ebc8918dbd6eda0d146fd752ff9e036346b32
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:33 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
i.jads.co/network/user500/22340-1505050866.jpg
200 OK 95 kB URL HTTP/1.1 i.jads.co/network/user500/22340-1505050866.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x600, components 3\012- data
Hash 8747f3a714da73b9c7df64d9f3b22811
aa3844b7d6c0d66e4e01b5ea5be883624821caa1
4a0b3b26c25ea6006a00c75ebd284082dc90c0fbb088d530d5dc5818d790a0e9
GET /network/user500/22340-1505050866.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Connection: Keep-Alive
ETag: "1505050866"
Cache-Control: max-age=16833084
Content-Length: 94590
Content-Type: image/jpeg
Last-Modified: Sun, 10 Sep 2017 13:41:06 GMT
Accept-Ranges: bytes
X-HW: 1663872633.dop017.sk1.t,1663872633.cds251.sk1.c
peeredgerman.com/pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136
200 OK 0 B URL HTTP/1.1 peeredgerman.com/pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3625&rd=3625&fd=604&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: peeredgerman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
js-agent.newrelic.com/nr-spa-1216.min.js
200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 22 Sep 2022 18:50:33 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 162
x-timer: S1663872634.661416,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
static.eabids.com/data/bannerpools/112022/33956.jpg
200 OK 25 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/33956.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 8031354b97bdbf903cd4a5ad85317925
ba68a9295f406f25ebb26853cb249852e40089c7
3e1d218111f687d8370c0ebe158520b5637c852a0eb145ba5e5252032676cddb
GET /data/bannerpools/112022/33956.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: image/jpeg
Content-Length: 24669
Last-Modified: Thu, 28 Apr 2022 14:46:24 GMT
Connection: keep-alive
ETag: "626aa8c0-605d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
i.jads.co/network/user22416/31627-1553293848-0993153001553293848.gif
200 OK 407 kB URL HTTP/1.1 i.jads.co/network/user22416/31627-1553293848-0993153001553293848.gif
IP
File type GIF image data, version 89a, 160 x 600\012- data
Size 407 kB (407017 bytes)
Hash f27b33052fcee42206dfac4b4cb66732
66f8abcb68379cda62195e0de71535641d9e6ce7
f48d6d2f59381092deb2abc5b05d235ee128359e06b4f3edad451470977e0eb2
GET /network/user22416/31627-1553293848-0993153001553293848.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Connection: Keep-Alive
ETag: "1553293849"
Cache-Control: max-age=24884543
Content-Length: 407017
Content-Type: image/gif
Last-Modified: Fri, 22 Mar 2019 22:30:49 GMT
Accept-Ranges: bytes
X-HW: 1663872633.dop001.sk1.t,1663872633.cds020.sk1.c
cdn.tubecorp.com/b/tcbanner.js?v=21
200 OK 18 kB URL HTTP/1.1 cdn.tubecorp.com/b/tcbanner.js?v=21
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (50685), with no line terminators
Hash cdf1ca2de3be908c01fc475c284bd396
41d93ac6b9d836e4ee2317d00b977bc4edd6a294
14b531a858232cd186a0a4c7070ddde07e950a8e7adf0940835f6adf86600590
GET /b/tcbanner.js?v=21 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:35 GMT
ETag: W/"61989abb-c604"
Cache-Control: max-age=3600
X-Request-ID: 6f1daecf978b48536956fdbfd14a730e
Content-Encoding: gzip
Expires: Thu, 22 Sep 2022 19:50:33 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
i.jads.co/ads/user500/ad1705568-1611902991.jpg
200 OK 21 kB URL HTTP/1.1 i.jads.co/ads/user500/ad1705568-1611902991.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x600, components 3\012- data
Hash 8228a3401e9302175f92af14a982b89a
419941c516fd40de61d22677b38982f2fd4f26e3
394f7a1b569cbddb72185dc4f5b512d43115f6ddd7f84d6bb41f433ffb67324d
GET /ads/user500/ad1705568-1611902991.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Connection: Keep-Alive
ETag: "1611902991"
Cache-Control: max-age=24870613
Content-Length: 20655
Content-Type: image/jpeg
Last-Modified: Fri, 29 Jan 2021 06:49:51 GMT
Accept-Ranges: bytes
X-HW: 1663872633.dop017.sk1.t,1663872633.cds224.sk1.c
i.jads.co/1x1.gif
200 OK 43 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Connection: Keep-Alive
ETag: "1457030838"
Cache-Control: max-age=23352633
Content-Length: 43
Content-Type: image/gif
Last-Modified: Thu, 03 Mar 2016 18:47:18 GMT
Accept-Ranges: bytes
X-HW: 1663872633.dop226.sk1.t,1663872633.cds217.sk1.c
poweredby.jads.co/adshow.php?adzone=941000
200 OK 3.9 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=941000
IP
Hash f0001a7dee0dd97f2457cf7595f50462
b7fddef03a138e3bbc5125650c708a75a1742421
1b4e6afe4291c82f19379d457a0ce6b427ac221280b28a4b681fd6b72fb6f43c
GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=684797848e24addf7748d4395e05ee38; expires=Fri, 22-Sep-2023 18:50:32 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:33 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3NjtpOjE2NjQxMzE4MzI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:32 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:32 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
gayinleeds.relayblog.com/s3/ad_wc1_v_01/3315.jpg
200 OK 24 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_wc1_v_01/3315.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x450, components 3\012- data
Hash 983682d95b6a64c5e7194ea5b2a4ced3
808db9bf8c41ed7c62786d0f8ecea0271465a0a0
f6ecda1866cd422b6163ed025cab72b8821bfff2156a838b88753cc49f455eb2
GET /s3/ad_wc1_v_01/3315.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:28 GMT
Content-Type: image/jpeg
Content-Length: 24243
Connection: keep-alive
Last-Modified: Fri, 02 Apr 2021 18:05:59 GMT
ETag: "60675d07-5eb3"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3keQV6fl6ZL3jV33GGfA%2BZ8yCvu5anJfKujlptFHROoqZ8AU0YPXSNSQcCd9Q7MaCU31Z%2Brn5b%2FKemiPLpTP5AhvGZC6O62bGG12u9uedyhM0L%2Bh2yq9RPUGAoa%2FLrU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a163b8ccacc-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
static.eabids.com/data/bannerpools/94553/23583.gif
200 OK 22 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/23583.gif
IP
File type GIF image data, version 89a, 120 x 600\012- data
Hash 3fae52bda7f67c5e6041fdb7f308eee0
ffa0ac823f79c854ba96342900a858ddbad670ab
fa3937016d2968c241f76ba60acb9daf97dd445de6caa6d67e9314f17d77671c
GET /data/bannerpools/94553/23583.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: image/gif
Content-Length: 21811
Last-Modified: Thu, 28 Apr 2022 14:45:41 GMT
Connection: keep-alive
ETag: "626aa895-5533"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|113814|no|1|40694670|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1
200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|113814|no|1|40694670|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|113814|no|1|40694670|5675443|1|0|10|50304|,,,,,|4|0|0|1,6,24|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-243
Content-Encoding: gzip
gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5454514b5d505d4b5756554b5c535d54555055554b4c095901491d0505231505054d4c090c59032f5d510f221227493134150c1c33324d0b160d030d0a05083b5c535d54555055554a0e1403
200 59 kB URL HTTP/1.1 gayinleeds.relayblog.com/viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5454514b5d505d4b5756554b5c535d54555055554b4c095901491d0505231505054d4c090c59032f5d510f221227493134150c1c33324d0b160d030d0a05083b5c535d54555055554a0e1403
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 500x625, components 3\012- data
Hash 439bcd301b217d1e163202bbbf7f367e
1edff73c32b2a5db1be5d79343b66f22d8440ecd
cfc7327841904b84c632fa6d3a47af567a5327228a154f964ca7505b01e78904
GET /viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5454514b5d505d4b5756554b5c535d54555055554b4c095901491d0505231505054d4c090c59032f5d510f221227493134150c1c33324d0b160d030d0a05083b5c535d54555055554a0e1403 HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200
Server: nginx
Date: Thu, 22 Sep 2022 18:50:28 GMT
Content-Length: 58793
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
10945-2.s.cdn15.com/creatives/247/186312/407108_3a045.gif
200 OK 90 kB URL HTTP/2 10945-2.s.cdn15.com/creatives/247/186312/407108_3a045.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Hash 5af236d21a6c534a2dfbdfe7268a0e27
e9198710d462656d2da30e2e1f017a90b50b0e6e
cc5bbc447adba5ba154e8d92e897be49ef6524ae70d7f97be5b912af1675e703
GET /creatives/247/186312/407108_3a045.gif HTTP/1.1
Host: 10945-2.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ucdn/1.22.0
date: Thu, 22 Sep 2022 18:50:33 GMT
content-type: image/gif
content-length: 89956
last-modified: Fri, 22 Oct 2021 11:51:40 GMT
etag: "5af236d21a6c534a2dfbdfe7268a0e27"
x-timestamp: 1634903499.06322
x-trans-id: tx7d8c3fe385944a0fafebe-0062e0e472
x-openstack-request-id: tx7d8c3fe385944a0fafebe-0062e0e472
expires: Fri, 06 Jan 2023 14:53:45 GMT
cache-control: max-age=9144192
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsrP7jnHS8YSuPjrkuTCVphp3Po01lWaZGDM/AfE/Qdo6al6rDOZz1zoddCAgTNgNdg=
x-served-from: l1
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 175, 20809
accept-ranges: bytes
X-Firefox-Spdy: h2
go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1
200 OK 391 B URL HTTP/1.1 go.goaserv.com/banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (578), with no line terminators
Hash b5cea021c69179b3a906b68d132937d5
50bef11a02d2713cf710c9213a0a8c06e8e694c0
359d63df21f5eae413bd3947259aa7b468d73969848c31192dba46bbd1916f58
GET /banner.go?spaceid=1090934&subid=2|163520|449252|no|1|40694670|5675445|1|0|10|50304|,,,,,|4|0|0|21,4,25|0|0|en|1 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 22 09 2022 18:50:33 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-go-web-242
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=940998
200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=940998
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (413), with CRLF, LF line terminators
Hash 6879800351f27afb96fa1309cc6a5706
e931e563342f85c54a2c885e97fba10512cb15c7
21b2a9010d7c781af3060b1c2012d179e637410e6d6db618340a2dbc60686861
GET /adshow.php?adzone=940998 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=d90054244e2f3a3d4fe3879047bdcd00; expires=Fri, 22-Sep-2023 18:50:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:33 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3NjtpOjE2NjQxMzE4MzM7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 471 B IP
Hash d42f2291100fe0703a7eebdc6de8acc3
6b03000e82ddf4dad3af2236ff1943ca40054fc3
6b2dc77e7380de5c977c4185321775d078038f2e48f7c8feb7cbcc6f3cb444e8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:33 GMT
Last-Modified: Thu, 22 Sep 2022 17:51:08 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
biptolyla.com/aOW.ZPyQPR3-BT1UcV2Wh_aYbZ2a5bl-SdWeQf9gN_DiEj4kMlj-kn0oNpCq0_0sMtTugvy-OxTyQz1AJ_nCpDvEbFm-VHJIZJDK0_0MMNTOgPy-ORTSQT0UL_TWQXxYOZD-Ib5cNdDeU_?iframeId=reaezt
200 OK 837 B URL HTTP/2 biptolyla.com/aOW.ZPyQPR3-BT1UcV2Wh_aYbZ2a5bl-SdWeQf9gN_DiEj4kMlj-kn0oNpCq0_0sMtTugvy-OxTyQz1AJ_nCpDvEbFm-VHJIZJDK0_0MMNTOgPy-ORTSQT0UL_TWQXxYOZD-Ib5cNdDeU_?iframeId=reaezt
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (713)
Hash 3345b37ff6ee7a44ca5d41d36e883875
f5428fbc31976816c46560b319399f0bb28361f2
0f074b7bf17d767f1fe66840f92ee2926eb4463fe837c346f9c1de921c183955
GET /aOW.ZPyQPR3-BT1UcV2Wh_aYbZ2a5bl-SdWeQf9gN_DiEj4kMlj-kn0oNpCq0_0sMtTugvy-OxTyQz1AJ_nCpDvEbFm-VHJIZJDK0_0MMNTOgPy-ORTSQT0UL_TWQXxYOZD-Ib5cNdDeU_?iframeId=reaezt HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:33 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Thu, 22 Sep 2022 18:50:33 GMT
set-cookie: kadCCap=210190:1:1662153287;199455:1:1662011125;168401:1:1663017409;194136:1:1663118711;180343:1:1656296307;210565:1:1660883596;132751:1:1663300715;211845:1:1661388894;199507:1:1655888030; max-age=1695408633; path=/
kadACap=383700:1:1662671864;435966:1:1656602141;419321:1:1662477203;446120:1:1663148405;424441:1:1662472246;401659:1:1662418246;432805:1:1656295137;422197:1:1661937740;319611:1:1659066943;346327:2:1663791482;433660:1:1662623802;426142:1:1655888030;419291:1:1662829503;410252:1:1662915839;443580:1:1661935629;384014:1:1658355870;442673:1:1660504936;438036:1:1657029440;419293:1:1662883102;445475:1:1662616891;444565:1:1663112893;444311:1:1663771206;419303:1:1662804291;434768:1:1656274688;272913:1:1661284037;442019:1:1663736826;432801:1:1656295814;407186:1:1660140957;419295:1:1661224266;445389:1:1663209970;320483:1:1661342695;419323:1:1661776141;419301:1:1663566374;444410:1:1662620118;419299:1:1662523186;438050:1:1657036135;443007:1:1661388894;444360:1:1662446108;427172:1:1661328422;445933:1:1662662013;419297:1:1662889803;434524:1:1657107027; max-age=1695408633; path=/
kadASCap=346327:2:1663791482; path=/
kadRPixJ=bnVsbA==; max-age=1695408633; path=/
kadUnP3=CAIQgqCvmQYaDQjzwZkBEAEY+uKtmQYaDQivp/4BEAEYgqCvmQYaDQiC/5MCEAEY+YexmQYiCggBEAEYgqCvmQYiCggDEAEY+YexmQYqDAjD6QwQARiCoK+ZBioMCIy9EhABGPrirZkGKgwIxOMnEAEY+YexmQY=; max-age=1695408633; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
i.jads.co/network/user500/22340-1505050832.jpg
200 OK 27 kB URL HTTP/1.1 i.jads.co/network/user500/22340-1505050832.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 125x125, components 3\012- data
Hash bed7929bdf7525a5b1c67f4ba1379f86
aec311c85ab8b39878a25a4d76a25e3a1c2f4249
7b0975c9d2c93e1b595753bc0fc6b3cff54d9d3a5d9bcbd2da0fc2d2eea25f0c
GET /network/user500/22340-1505050832.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Connection: Keep-Alive
ETag: "1505050832"
Cache-Control: max-age=16817154
Content-Length: 26560
Content-Type: image/jpeg
Last-Modified: Sun, 10 Sep 2017 13:40:32 GMT
Accept-Ranges: bytes
X-HW: 1663872633.dop001.sk1.t,1663872633.cds239.sk1.c
10945-2.s.cdn15.com/creatives/152327/199277/425838_d9e44.gif
200 OK 829 kB URL HTTP/2 10945-2.s.cdn15.com/creatives/152327/199277/425838_d9e44.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Size 829 kB (828741 bytes)
Hash d7675115f28acab821f472c0bf12c83b
5716e2f4797ce29daded4d0a5f2e6a473cbf430f
8f42b09b56fb194ac109a0f2ff764ce2a43feba1b85a1ec8f2cffbc5d150823a
GET /creatives/152327/199277/425838_d9e44.gif HTTP/1.1
Host: 10945-2.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ucdn/1.22.0
date: Thu, 22 Sep 2022 18:50:33 GMT
content-type: image/gif
content-length: 828741
last-modified: Fri, 01 Apr 2022 16:14:39 GMT
etag: "d7675115f28acab821f472c0bf12c83b"
x-timestamp: 1648829678.08301
x-trans-id: tx9bb30b133ec0456ea5e53-00631e76fb
x-openstack-request-id: tx9bb30b133ec0456ea5e53-00631e76fb
expires: Wed, 22 Feb 2023 07:47:14 GMT
cache-control: max-age=13179401
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsrP7jnHS8YSuPjrkuTCVphpOep5ZtMQ/BuVATeWDB/wTal6rDOZz1zoddCAgTNgNdg=
x-served-from: l1
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 106, 20805
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash d42f2291100fe0703a7eebdc6de8acc3
6b03000e82ddf4dad3af2236ff1943ca40054fc3
6b2dc77e7380de5c977c4185321775d078038f2e48f7c8feb7cbcc6f3cb444e8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:33 GMT
Last-Modified: Thu, 22 Sep 2022 17:51:08 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
gayinleeds.relayblog.com/s3/ad_amt1_h_01/446.jpg
200 OK 22 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_amt1_h_01/446.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 768x60, components 3\012- data
Hash fa76604fb93dc94830c9bf7a08dee3e6
357c734f2fe7a6cdd5f4d673f02c56fd858a3d3c
a26ee625409e1457acadf861418d58f712751451bee4d10b683fa21a22dbc4cd
GET /s3/ad_amt1_h_01/446.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:28 GMT
Content-Type: image/jpeg
Content-Length: 22476
Connection: keep-alive
Last-Modified: Fri, 02 Apr 2021 20:38:55 GMT
ETag: "606780df-57cc"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RJLiXeLtbbvjtw1LH6EZQiKLhaWdlZiEnF2S9%2BrF5XsljpwzS6Ubard3NSYbqy0QVcLTD9CJio6%2FSPUr%2FTimB1BRYcPautM7ZgLuW7rLiSDP0xdbS%2BW3r%2BiQIzq%2B6ZI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a17192ba22c-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
i.jads.co/network/user1037/1-1620069847-0968771001620069847.gif
200 OK 50 kB URL HTTP/1.1 i.jads.co/network/user1037/1-1620069847-0968771001620069847.gif
IP
File type GIF image data, version 89a, 125 x 125\012- data
Hash 21892ef883fe75929e3423c0658aa2e6
fff21726101b8ec646dae1dde41917a8275c9fd4
7d1d01037bbb70b1c3a52399183d14f158b4ba1d8beeb8154ca766f44a59cab6
GET /network/user1037/1-1620069847-0968771001620069847.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Connection: Keep-Alive
ETag: "1620069847"
Cache-Control: max-age=19321770
Content-Length: 50338
Content-Type: image/gif
Last-Modified: Mon, 03 May 2021 19:24:07 GMT
Accept-Ranges: bytes
X-HW: 1663872633.dop017.sk1.t,1663872633.cds003.sk1.c
i.jads.co/network/user22416/29763-1538682380-0923459001538682380.jpg
200 OK 37 kB URL HTTP/1.1 i.jads.co/network/user22416/29763-1538682380-0923459001538682380.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=250, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=300], baseline, precision 8, 125x125, components 3\012- data
Hash 369813a5ee86fd02f057c92e5cd27cdf
e6cce1299ccb14e7fca031f7878e665f406d41eb
cbbbde7f4ff7d55967a136083a38c2771f932d609f1d739b3787388f2f875310
GET /network/user22416/29763-1538682380-0923459001538682380.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Connection: Keep-Alive
ETag: "1538682380"
Cache-Control: max-age=23353283
Content-Length: 36553
Content-Type: image/jpeg
Last-Modified: Thu, 04 Oct 2018 19:46:20 GMT
Accept-Ranges: bytes
X-HW: 1663872633.dop226.sk1.t,1663872633.cds204.sk1.c
biptolyla.com/aEW.ZFyGPH3-BJ1KcL2Mh_aObP2Q5Rl-STWUQV9WN_DYEZ4aMbj-kd0eNfCg0_0iMjTkgly-OnToQp1qJ_nsptvubvm-VxJyZzDA0_0CMDTEgFy-OHTIQJ0KL_TMQNxOOPD-IR5SNTDUU_?iframeId=vdfmex
200 OK 23 kB URL HTTP/2 biptolyla.com/aEW.ZFyGPH3-BJ1KcL2Mh_aObP2Q5Rl-STWUQV9WN_DYEZ4aMbj-kd0eNfCg0_0iMjTkgly-OnToQp1qJ_nsptvubvm-VxJyZzDA0_0CMDTEgFy-OHTIQJ0KL_TMQNxOOPD-IR5SNTDUU_?iframeId=vdfmex
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (713)
Hash 883c8e97b8b24332cdbcd924349697c9
0449c66a96484ce17503d9735f55f11322fa98b1
5f29f71cde5b40577f39e524c9240be807668acf825e6a81c3f58e5019d8c3ce
GET /aEW.ZFyGPH3-BJ1KcL2Mh_aObP2Q5Rl-STWUQV9WN_DYEZ4aMbj-kd0eNfCg0_0iMjTkgly-OnToQp1qJ_nsptvubvm-VxJyZzDA0_0CMDTEgFy-OHTIQJ0KL_TMQNxOOPD-IR5SNTDUU_?iframeId=vdfmex HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:33 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Thu, 22 Sep 2022 18:50:33 GMT
set-cookie: kadCCap=168401:1:1663017409;199507:1:1655888030;210190:1:1662153287;199455:1:1662011125;211845:1:1661388894;210565:1:1660883596;132751:1:1663300715;194136:1:1663118711;180343:1:1656296307; max-age=1695408633; path=/
kadACap=346327:2:1663791482;419297:1:1662889803;442673:1:1660504936;419299:1:1662523186;383700:1:1662671864;446120:1:1663148405;444565:1:1663112893;419295:1:1661224266;434524:1:1657107027;422197:1:1661937740;272913:1:1661284037;419293:1:1662883102;433660:1:1662623802;419323:1:1661776141;419291:1:1662829503;434768:1:1656274688;444311:1:1663771206;384014:1:1658355870;419301:1:1663566374;432801:1:1656295814;432805:1:1656295137;438050:1:1657036135;445389:1:1663209970;444410:1:1662620118;438036:1:1657029440;424441:1:1662472246;445475:1:1662616891;445933:1:1662662013;407186:1:1660140957;419321:1:1662477203;443007:1:1661388894;419303:1:1662804291;401659:1:1662418246;443580:1:1661935629;319611:1:1659066943;426142:1:1655888030;442019:1:1663736826;410252:1:1662915839;435966:1:1656602141;444360:1:1662446108;427172:1:1661328422;320483:1:1661342695; max-age=1695408633; path=/
kadASCap=346327:2:1663791482; path=/
kadRPixJ=bnVsbA==; max-age=1695408633; path=/
kadUnP3=CAIQgqCvmQYaDQjzwZkBEAEY+uKtmQYaDQivp/4BEAEYgqCvmQYaDQiC/5MCEAEY+YexmQYiCggDEAEY+YexmQYiCggBEAEYgqCvmQYqDAjD6QwQARiCoK+ZBioMCIy9EhABGPrirZkGKgwIxOMnEAEY+YexmQY=; max-age=1695408633; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/backup.banner.js
200 OK 1.5 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP
Hash 41c4cad32c135165ef2649a12205155e
ec54722ab0997833a69d0017509e8a2f9a7e5ef2
fbd26da273c51e844f8ed3c8b578485f360c56e4b47b019875eddc2dd5efb16a
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 09:04:07 GMT
Content-Type: application/javascript
Content-Length: 1142
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:52:46 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"63282dde-b00"
Age: 294386
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17138370
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17138370
28980.weednewspro.com/v2/a/na/if/203282
200 OK 364 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364), with no line terminators
Hash c64529578fdecd3831f4afd6a4e4be4e
672ae6efe0d189c4ed3c332dc57f44f569f48455
7abf8e5dd0e1976987a64aa4ae1f517dad66aba028acfe1df4d59b03f024256f
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:33 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17138370
gayinleeds.relayblog.com/s3/ad_tf1/6566.jpg
200 OK 46 kB URL HTTP/1.1 gayinleeds.relayblog.com/s3/ad_tf1/6566.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x891, components 3\012- data
Hash 59086afbe558a6896994cde5f0851a3f
1a00345f97100771b1748c1d4242b311daa660ba
fe8a55090186cbdd2f9e7a1a4b9d515b75a0e4f7d1664d619bcc53213d2fecb3
GET /s3/ad_tf1/6566.jpg HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:28 GMT
Content-Type: image/jpeg
Content-Length: 45474
Connection: keep-alive
Last-Modified: Tue, 20 Apr 2021 20:23:31 GMT
ETag: "607f3843-b1a2"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7%2BBNPdTxVavxzEyZOrL%2B4%2FdSwsVlG314zbOVwVyFV37Il8IfLF%2FAzEo2AmPhBpB2BbjAeNzNRmpy0IZ3IitVWdmyEjr22HLxSlPjClSUlIesTlv2UvnResfT9as%2F2w%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 74ed3a168ff9a244-YYZ
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=KnsxgpmvMJTaHyLj30gr7MHwo1oB4dTwNkbdz_CfDf6HXGLLJQUu_lNFtgmYHqySl7viP3brBsUezAlr0PIJDSPFCHkVTr1q7XANbmc_gUIDRUi&p1=3844240
301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=KnsxgpmvMJTaHyLj30gr7MHwo1oB4dTwNkbdz_CfDf6HXGLLJQUu_lNFtgmYHqySl7viP3brBsUezAlr0PIJDSPFCHkVTr1q7XANbmc_gUIDRUi&p1=3844240
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=KnsxgpmvMJTaHyLj30gr7MHwo1oB4dTwNkbdz_CfDf6HXGLLJQUu_lNFtgmYHqySl7viP3brBsUezAlr0PIJDSPFCHkVTr1q7XANbmc_gUIDRUi&p1=3844240 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 18:50:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 19:50:33 GMT
Location: https://go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=KnsxgpmvMJTaHyLj30gr7MHwo1oB4dTwNkbdz_CfDf6HXGLLJQUu_lNFtgmYHqySl7viP3brBsUezAlr0PIJDSPFCHkVTr1q7XANbmc_gUIDRUi&p1=3844240
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ed3a1a7c25b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
i.jads.co/network/user47819/8605-1644854922-0370568001644854922.gif
200 OK 765 kB URL HTTP/1.1 i.jads.co/network/user47819/8605-1644854922-0370568001644854922.gif
IP
Size 765 kB (765378 bytes)
Hash 07e7092f7632761cf2b5ed54c989767f
47fc7debfa214e359d40136c29709cf01abbe032
02e5ac9fba06f33f01d635a962f97962979cd2912d453dae1fbcfef9a000a92a
GET /network/user47819/8605-1644854922-0370568001644854922.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:33 GMT
Connection: Keep-Alive
ETag: "1644854922"
Cache-Control: max-age=29575818
Content-Length: 765372
Content-Type: image/gif
Last-Modified: Mon, 14 Feb 2022 16:08:42 GMT
Accept-Ranges: bytes
X-HW: 1663872633.dop001.sk1.t,1663872633.cds226.sk1.c
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2241&ck=1&ref=https://chaturbate.com/tours/3/&ap=38&be=833&fe=1969&dc=1296&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631114,%22n%22:0,%22f%22:410,%22dn%22:410,%22dne%22:410,%22c%22:410,%22s%22:410,%22ce%22:410,%22rq%22:419,%22rp%22:629,%22rpe%22:630,%22dl%22:777,%22di%22:1108,%22ds%22:1295,%22de%22:1299,%22dc%22:1968,%22l%22:1968,%22le%22:1970%7D,%22navigation%22:%7B%7D%7D&fcp=1338&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVQKBFtTAgIEDRh4Yy8TFUMhJTshCU0XAwZWHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwpWUwECVAcJGFgHBFMUVVJXUk4ECgNaHFgHWFhTBV1UVgxTDxNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cNEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2241&ck=1&ref=https://chaturbate.com/tours/3/&ap=38&be=833&fe=1969&dc=1296&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631114,%22n%22:0,%22f%22:410,%22dn%22:410,%22dne%22:410,%22c%22:410,%22s%22:410,%22ce%22:410,%22rq%22:419,%22rp%22:629,%22rpe%22:630,%22dl%22:777,%22di%22:1108,%22ds%22:1295,%22de%22:1299,%22dc%22:1968,%22l%22:1968,%22le%22:1970%7D,%22navigation%22:%7B%7D%7D&fcp=1338&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVQKBFtTAgIEDRh4Yy8TFUMhJTshCU0XAwZWHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwpWUwECVAcJGFgHBFMUVVJXUk4ECgNaHFgHWFhTBV1UVgxTDxNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cNEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
IP
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2241&ck=1&ref=https://chaturbate.com/tours/3/&ap=38&be=833&fe=1969&dc=1296&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631114,%22n%22:0,%22f%22:410,%22dn%22:410,%22dne%22:410,%22c%22:410,%22s%22:410,%22ce%22:410,%22rq%22:419,%22rp%22:629,%22rpe%22:630,%22dl%22:777,%22di%22:1108,%22ds%22:1295,%22de%22:1299,%22dc%22:1968,%22l%22:1968,%22le%22:1970%7D,%22navigation%22:%7B%7D%7D&fcp=1338&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVQKBFtTAgIEDRh4Yy8TFUMhJTshCU0XAwZWHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwpWUwECVAcJGFgHBFMUVVJXUk4ECgNaHFgHWFhTBV1UVgxTDxNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cNEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:34 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74ed3a19da151c16-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=1dd7683dbe9cd53; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1942&ck=1&ref=https://chaturbate.com/tours/3/&ap=49&be=783&fe=1679&dc=1264&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631421,%22n%22:0,%22f%22:290,%22dn%22:290,%22dne%22:290,%22c%22:290,%22s%22:290,%22ce%22:290,%22rq%22:330,%22rp%22:538,%22rpe%22:544,%22dl%22:730,%22di%22:1126,%22ds%22:1263,%22de%22:1268,%22dc%22:1678,%22l%22:1678,%22le%22:1679%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVcBWQACBlZWDxh2Yi0TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1pTV1UFVF8BGFoAUFMUVVtRB04HWFRYHAMEWFcDAV0ABVhQWxNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1942&ck=1&ref=https://chaturbate.com/tours/3/&ap=49&be=783&fe=1679&dc=1264&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631421,%22n%22:0,%22f%22:290,%22dn%22:290,%22dne%22:290,%22c%22:290,%22s%22:290,%22ce%22:290,%22rq%22:330,%22rp%22:538,%22rpe%22:544,%22dl%22:730,%22di%22:1126,%22ds%22:1263,%22de%22:1268,%22dc%22:1678,%22l%22:1678,%22le%22:1679%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVcBWQACBlZWDxh2Yi0TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1pTV1UFVF8BGFoAUFMUVVtRB04HWFRYHAMEWFcDAV0ABVhQWxNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
IP
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1942&ck=1&ref=https://chaturbate.com/tours/3/&ap=49&be=783&fe=1679&dc=1264&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631421,%22n%22:0,%22f%22:290,%22dn%22:290,%22dne%22:290,%22c%22:290,%22s%22:290,%22ce%22:290,%22rq%22:330,%22rp%22:538,%22rpe%22:544,%22dl%22:730,%22di%22:1126,%22ds%22:1263,%22de%22:1268,%22dc%22:1678,%22l%22:1678,%22le%22:1679%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVcBWQACBlZWDxh2Yi0TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1pTV1UFVF8BGFoAUFMUVVtRB04HWFRYHAMEWFcDAV0ABVhQWxNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:34 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74ed3a1a2c1bb505-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=4b3086f410b23802; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 17138371
ocsp.sectigo.com/
200 OK 472 B IP
Hash dc73e9101ccb87a614785d70b0910c53
17d447e5e984a5c6e103eac541ad4138161e2213
7a599023a769663870439b5c6f0f1c144d39cf06ad997e8f54fed566f14253a4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 03:56:18 GMT
Expires: Wed, 28 Sep 2022 03:56:17 GMT
Etag: "17d447e5e984a5c6e103eac541ad4138161e2213"
Cache-Control: max-age=464142,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ed3a1b4c2f1c16-OSL
lcdn.tsyndicate.com/images/f/b/2c0e713c0761c4c20a0af89a5bd30389f9ee28/300x250.jpg
200 OK 7.8 kB URL HTTP/2 lcdn.tsyndicate.com/images/f/b/2c0e713c0761c4c20a0af89a5bd30389f9ee28/300x250.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 229x250, components 3\012- data
Hash 38d8bb3766d048711203d048c4f82c9d
d54ae2d1410942fd72ec7426d5f0c9ed4fbede7b
25554360d5cd0016ffaad2e4ba38fb603a6ba929c300f47500ad95d454873812
GET /images/f/b/2c0e713c0761c4c20a0af89a5bd30389f9ee28/300x250.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:34 GMT
content-type: image/jpeg
content-length: 7774
last-modified: Tue, 05 Jul 2022 07:44:37 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"62c3ebe5-1eed"
age: 6865295
accept-ranges: bytes
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=830958
200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830958
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (434), with CRLF, LF line terminators
Hash 5e24da5d2f1f1bd744b26e68ed08fdcc
cebc88fadaa178e9de789b4bca44b57abfbc1172
7d2ed5417749c10699afae0d6ef9b2b2ae1b8ceb88978db910ce2f640c21c27e
GET /adshow.php?adzone=830958 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=d90054244e2f3a3d4fe3879047bdcd00; expires=Fri, 22-Sep-2023 18:50:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps31629=1; expires=Fri, 23-Sep-2022 18:50:33 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:33 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjc1MDExNTtpOjE2NjQxMzE4MzM7aTo1NjQ2MzA7aToxNjY0MTMxODMzO30%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/bannerNativeTrackImpression.js
200 OK 372 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/bannerNativeTrackImpression.js
IP
File type ASCII text, with very long lines (520)
Hash be3cdbe4d0f092fee1683f527459600b
de2cd939e706b5c99516e9acafc4652ae03faba2
b241f4702289d99b4d0a65deb39e088243abf1c7c21a4957130089c720ff6a50
GET /sdk/v1/bannerNativeTrackImpression.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Sat, 04 Jun 2022 22:52:58 GMT
Content-Type: application/javascript
Content-Length: 372
Connection: keep-alive
Last-Modified: Wed, 01 Jun 2022 12:19:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62975939-28f"
Age: 9489456
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/n.css
200 OK 19 kB URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/n.css
IP
File type ASCII text, with very long lines (19411), with no line terminators
Hash f0c8bad08999a9d413b61c81c0e2a606
ebb86ba43d0f2386f2f3cdbb57f4746a1d8bcaf5
79ebc0f15cd767ec1f7e624730bedc0fdac746e41dbb8b2fbf1a1d1ec3b6877d
GET /sdk/v1/n.css HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 09:31:22 GMT
Content-Type: text/css
Content-Length: 19411
Connection: keep-alive
ETag: "63282dde-4bd3"
Last-Modified: Mon, 19 Sep 2022 08:52:46 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Age: 292752
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/native-banner-default.css
200 OK 4.0 kB URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/native-banner-default.css
IP
File type ASCII text, with very long lines (4026), with no line terminators
Hash 1df9f39a5a093634d0eb36a0c05bdecd
6c296914236f24256018fdd02dccb5f0ec5af9be
16933ec5edea2ccaa38e2d5913406da7d00513d7ff6b1e967e6f19190be0643c
GET /sdk/v1/native-banner-default.css HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Fri, 10 Jun 2022 13:42:23 GMT
Content-Type: text/css
Content-Length: 4026
Connection: keep-alive
ETag: "62975939-fba"
Last-Modified: Wed, 01 Jun 2022 12:19:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Age: 9004091
Accept-Ranges: bytes
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2504&ck=1&ref=https://chaturbate.com/tours/3/&ap=54&be=1134&fe=2161&dc=1760&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631116,%22n%22:0,%22f%22:641,%22dn%22:641,%22dne%22:641,%22c%22:641,%22s%22:641,%22ce%22:641,%22rq%22:644,%22rp%22:859,%22rpe%22:866,%22dl%22:1067,%22di%22:1645,%22ds%22:1760,%22de%22:1766,%22dc%22:2159,%22l%22:2159,%22le%22:2160%7D,%22navigation%22:%7B%7D%7D&fcp=1524&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVcAWQZVBlZWDxh4Yy8TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1tXVlJUWl4LGApVVAgUVVRVUk5eCVRaHFVQCVlaWlUBAwpWDRNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
200 OK 72 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2504&ck=1&ref=https://chaturbate.com/tours/3/&ap=54&be=1134&fe=2161&dc=1760&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631116,%22n%22:0,%22f%22:641,%22dn%22:641,%22dne%22:641,%22c%22:641,%22s%22:641,%22ce%22:641,%22rq%22:644,%22rp%22:859,%22rpe%22:866,%22dl%22:1067,%22di%22:1645,%22ds%22:1760,%22de%22:1766,%22dc%22:2159,%22l%22:2159,%22le%22:2160%7D,%22navigation%22:%7B%7D%7D&fcp=1524&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVcAWQZVBlZWDxh4Yy8TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1tXVlJUWl4LGApVVAgUVVRVUk5eCVRaHFVQCVlaWlUBAwpWDRNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
IP
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2504&ck=1&ref=https://chaturbate.com/tours/3/&ap=54&be=1134&fe=2161&dc=1760&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631116,%22n%22:0,%22f%22:641,%22dn%22:641,%22dne%22:641,%22c%22:641,%22s%22:641,%22ce%22:641,%22rq%22:644,%22rp%22:859,%22rpe%22:866,%22dl%22:1067,%22di%22:1645,%22ds%22:1760,%22de%22:1766,%22dc%22:2159,%22l%22:2159,%22le%22:2160%7D,%22navigation%22:%7B%7D%7D&fcp=1524&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVcAWQZVBlZWDxh4Yy8TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1tXVlJUWl4LGApVVAgUVVRVUk5eCVRaHFVQCVlaWlUBAwpWDRNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:34 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74ed3a1b4c321c16-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=780c3c39485a8c0a; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
cdn.tsyndicate.com/imges/backup/banner/300x250.png
200 OK 35 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Date: Wed, 22 Jun 2022 09:39:46 GMT
Content-Type: image/png
Content-Length: 102388
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62b2dfdb-18fbf"
Age: 7981848
Accept-Ranges: bytes
lcdn.tsyndicate.com/error/banner.html
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 1795378
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2336&ck=1&ref=https://chaturbate.com/tours/3/&ap=63&be=911&fe=1996&dc=1619&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631354,%22n%22:0,%22f%22:362,%22dn%22:362,%22dne%22:362,%22c%22:362,%22s%22:362,%22ce%22:362,%22rq%22:396,%22rp%22:628,%22rpe%22:637,%22dl%22:835,%22di%22:1489,%22ds%22:1617,%22de%22:1622,%22dc%22:1995,%22l%22:1995,%22le%22:1996%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVcBWQAABlZWDxh2Yi0TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwEHB1EHW1QKGFoJU1MUVQNTV04EAVFdHANVWlIGVAIGVF8EXBNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cKEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
200 OK 72 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2336&ck=1&ref=https://chaturbate.com/tours/3/&ap=63&be=911&fe=1996&dc=1619&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631354,%22n%22:0,%22f%22:362,%22dn%22:362,%22dne%22:362,%22c%22:362,%22s%22:362,%22ce%22:362,%22rq%22:396,%22rp%22:628,%22rpe%22:637,%22dl%22:835,%22di%22:1489,%22ds%22:1617,%22de%22:1622,%22dc%22:1995,%22l%22:1995,%22le%22:1996%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVcBWQAABlZWDxh2Yi0TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwEHB1EHW1QKGFoJU1MUVQNTV04EAVFdHANVWlIGVAIGVF8EXBNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cKEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
IP
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2336&ck=1&ref=https://chaturbate.com/tours/3/&ap=63&be=911&fe=1996&dc=1619&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872631354,%22n%22:0,%22f%22:362,%22dn%22:362,%22dne%22:362,%22c%22:362,%22s%22:362,%22ce%22:362,%22rq%22:396,%22rp%22:628,%22rpe%22:637,%22dl%22:835,%22di%22:1489,%22ds%22:1617,%22de%22:1622,%22dc%22:1995,%22l%22:1995,%22le%22:1996%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUVcBWQAABlZWDxh2Yi0TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwEHB1EHW1QKGFoJU1MUVQNTV04EAVFdHANVWlIGVAIGVF8EXBNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cKEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:34 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74ed3a1bbeaeb505-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=440eb3b1accadc6d; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=u79z3Pj_n95ZF8IDbAISZkrT2txksL8cG2uU2EaLTOv_fuWGCUD_t8vpmrtLNi34qTBYF6AOST7boK7KwJLBUT3qlHxoHShp2NwmnBQ_gUIDRUi&p1=3841229
301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=u79z3Pj_n95ZF8IDbAISZkrT2txksL8cG2uU2EaLTOv_fuWGCUD_t8vpmrtLNi34qTBYF6AOST7boK7KwJLBUT3qlHxoHShp2NwmnBQ_gUIDRUi&p1=3841229
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=u79z3Pj_n95ZF8IDbAISZkrT2txksL8cG2uU2EaLTOv_fuWGCUD_t8vpmrtLNi34qTBYF6AOST7boK7KwJLBUT3qlHxoHShp2NwmnBQ_gUIDRUi&p1=3841229 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 18:50:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 19:50:34 GMT
Location: https://go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=u79z3Pj_n95ZF8IDbAISZkrT2txksL8cG2uU2EaLTOv_fuWGCUD_t8vpmrtLNi34qTBYF6AOST7boK7KwJLBUT3qlHxoHShp2NwmnBQ_gUIDRUi&p1=3841229
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ed3a1cdf2d0b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
lcdn.tsyndicate.com/error/banner.html
304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 1795378
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=80DEB7xtEmMC1b0E3OO4mEiD3lk6EpVnu7Du-ja4skgTfwhpQukagQfDgtVPdtkZQhsXhdMs7U_wMyNfyyFzmOgXjMnaVYeS5SE11Vw_gUIDRUi&p1=3844240
301 Moved Permanently 11 kB URL HTTP/1.1 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=80DEB7xtEmMC1b0E3OO4mEiD3lk6EpVnu7Du-ja4skgTfwhpQukagQfDgtVPdtkZQhsXhdMs7U_wMyNfyyFzmOgXjMnaVYeS5SE11Vw_gUIDRUi&p1=3844240
IP
Hash a92de555ecb22f75f1dd8ecd7e0cc634
d0637a71171135bbd060ea995fcbc3cb6409e177
a385c88c99335f94f793d06bbe9c1b01256051fa0a06e3e76d1cf9d93cbf6335
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=80DEB7xtEmMC1b0E3OO4mEiD3lk6EpVnu7Du-ja4skgTfwhpQukagQfDgtVPdtkZQhsXhdMs7U_wMyNfyyFzmOgXjMnaVYeS5SE11Vw_gUIDRUi&p1=3844240 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 18:50:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 19:50:34 GMT
Location: https://go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=80DEB7xtEmMC1b0E3OO4mEiD3lk6EpVnu7Du-ja4skgTfwhpQukagQfDgtVPdtkZQhsXhdMs7U_wMyNfyyFzmOgXjMnaVYeS5SE11Vw_gUIDRUi&p1=3844240
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ed3a1cf8a4b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
biptolyla.com/avWwZ.yxP-3zBA1BcC2_hEaFbG2H5-lJSKWLQM9_NODPEQ4RM-jTkU0VNWC_0Y0ZMaTbg-ydOeTfQg1_Jinjpkvlb-mnVoJpZqD_0s0tMuTvg-yxOyTzQA0_LCTDQExFO-DHII5JNKD_UM?iframeId=hshuoz
200 OK 42 kB URL HTTP/2 biptolyla.com/avWwZ.yxP-3zBA1BcC2_hEaFbG2H5-lJSKWLQM9_NODPEQ4RM-jTkU0VNWC_0Y0ZMaTbg-ydOeTfQg1_Jinjpkvlb-mnVoJpZqD_0s0tMuTvg-yxOyTzQA0_LCTDQExFO-DHII5JNKD_UM?iframeId=hshuoz
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (713)
Hash 9aff2a00be3699c75bfe31fe8a06f8cc
d54af1831d72aa01735f9514d374cfb3ab0254d7
3a2bafb8d0398b1e792628f978126e1a07c9c4be1082a328b2e740289a192c27
GET /avWwZ.yxP-3zBA1BcC2_hEaFbG2H5-lJSKWLQM9_NODPEQ4RM-jTkU0VNWC_0Y0ZMaTbg-ydOeTfQg1_Jinjpkvlb-mnVoJpZqD_0s0tMuTvg-yxOyTzQA0_LCTDQExFO-DHII5JNKD_UM?iframeId=hshuoz HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:33 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
last-modified: Thu, 22 Sep 2022 18:50:33 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: kadCCap=210565:1:1660883596;132751:1:1663300715;194136:1:1663118711;180343:1:1656296307;168401:1:1663017409;199507:1:1655888030;210190:1:1662153287;199455:1:1662011125;211845:1:1661388894; max-age=1695408633; path=/
kadACap=427172:1:1661328422;442673:1:1660504936;434524:1:1657107027;419301:1:1663566374;438036:1:1657029440;445475:1:1662616891;443007:1:1661388894;444565:1:1663112893;419295:1:1661224266;422197:1:1661937740;438050:1:1657036135;407186:1:1660140957;434768:1:1656274688;444311:1:1663771206;432805:1:1656295137;424441:1:1662472246;433660:1:1662623802;426142:1:1655888030;442019:1:1663736826;419321:1:1662477203;401659:1:1662418246;435966:1:1656602141;419299:1:1662523186;272913:1:1661284037;384014:1:1658355870;445389:1:1663209970;444410:1:1662620118;444360:1:1662446108;319611:1:1659066943;346327:2:1663791482;383700:1:1662671864;419323:1:1661776141;419291:1:1662829503;432801:1:1656295814;419297:1:1662889803;419293:1:1662883102;443580:1:1661935629;446120:1:1663148405;445933:1:1662662013;419303:1:1662804291;410252:1:1662915839;320483:1:1661342695; max-age=1695408633; path=/
kadASCap=346327:2:1663791482; path=/
kadRPixJ=bnVsbA==; max-age=1695408633; path=/
kadUnP3=CAIQgqCvmQYaDQjzwZkBEAEY+uKtmQYaDQivp/4BEAEYgqCvmQYaDQiC/5MCEAEY+YexmQYiCggBEAEYgqCvmQYiCggDEAEY+YexmQYqDAjE4ycQARj5h7GZBioMCMPpDBABGIKgr5kGKgwIjL0SEAEY+uKtmQY=; max-age=1695408633; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/if/203282
200 OK 15 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP
ASN #39572 DataWeb Global Group B.V.
Hash 1c695164bdd1839f74881cf932138d97
5aecd36c4e30f664c5af404e6ba6925a942252e3
326f352ab44c2591ed983432f9117e30a1c9beaf4da8111e47e548337e6cc2b9
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:34 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
10945-2.s.cdn15.com/creatives/247/186312/407111_c711f.gif
200 OK 97 kB URL HTTP/2 10945-2.s.cdn15.com/creatives/247/186312/407111_c711f.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Hash 71baae4fd6784d5db36f5297882ced14
fe0e93f7ababd12e729a30ab323b1cafd528da3e
c9d5ed94f02e753c8c3e500d2cd6f815d964410be73520eaec157a230f31d845
GET /creatives/247/186312/407111_c711f.gif HTTP/1.1
Host: 10945-2.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ucdn/1.22.0
date: Thu, 22 Sep 2022 18:50:34 GMT
content-type: image/gif
content-length: 97083
last-modified: Fri, 22 Oct 2021 11:53:13 GMT
etag: "71baae4fd6784d5db36f5297882ced14"
x-timestamp: 1634903592.91075
x-trans-id: txc9641b5dc7b9402aa306c-0062e0da4d
x-openstack-request-id: txc9641b5dc7b9402aa306c-0062e0da4d
expires: Fri, 06 Jan 2023 14:10:28 GMT
cache-control: max-age=9141594
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsrP7jnHS8YSuPjrkuTCVphp3Po01lWaZGDM/AfE/Qdo6al6rDOZz1zoddCAgTNgNdg=
x-served-from: l1
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 136, 21671
accept-ranges: bytes
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/if/203282
200 OK 364 B URL HTTP/2 28980.weednewspro.com/v2/a/na/if/203282
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364), with no line terminators
Hash c64529578fdecd3831f4afd6a4e4be4e
672ae6efe0d189c4ed3c332dc57f44f569f48455
7abf8e5dd0e1976987a64aa4ae1f517dad66aba028acfe1df4d59b03f024256f
GET /v2/a/na/if/203282 HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:34 GMT
content-type: text/html; charset=UTF-8
content-length: 364
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=gayinleeds.relayblog.com&et=110
200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=gayinleeds.relayblog.com&et=110
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=gayinleeds.relayblog.com&et=110 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:34 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
poweredby.jads.co/adshow.php?adzone=962240
200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=962240
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (413), with CRLF, LF line terminators
Hash b82e790d41e21cfed0ecef70de0a8fed
c17f82cfbce04ab779269ee2eb56d74cc0c19680
497999f0e4e3b1695954b3e80ae9275d07ac799c1d4fb42270e3ca4992617bad
GET /adshow.php?adzone=962240 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=d90054244e2f3a3d4fe3879047bdcd00; expires=Fri, 22-Sep-2023 18:50:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:33 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:33 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjU2NDYzMDtpOjE2NjQxMzE4MzM7aTo1NjQ2Mjg7aToxNjY0MTMxODMzO30%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
gayinleeds.relayblog.com/static/5.ico
200 OK 14 kB URL HTTP/1.1 gayinleeds.relayblog.com/static/5.ico
IP
Hash 50cc5a0106b5b63ff6330c2b92b25b2b
161c9336ebe7798dc78178df5d271edd10f1ae50
224f58c5366d4fb8aeeb91c9d6ba142f022aefeae4a077a99becd32328c9f092
GET /static/5.ico HTTP/1.1
Host: gayinleeds.relayblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/?yessenia
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=3aabf0ec-865b-4b05-aed3-6ea38f3d9129%3A1%3A1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=941000
200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=941000
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1591), with CRLF, LF line terminators
Hash dd4b0adc259a8486c5b6e27e07ee2f8e
7c0da5bab21d5e1c39ef9380bc9d40d8fdb22fbd
4d587ac4f5fcf333ed44c2f7750b859e1e807404a3222e2899b0700f330349bc
GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=d90054244e2f3a3d4fe3879047bdcd00; expires=Fri, 22-Sep-2023 18:50:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:33 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3NjtpOjE2NjQxMzE4MzM7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
cdn.tsyndicate.com/sdk/v1/backup.banner.js
304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Mon, 19 Sep 2022 08:52:46 GMT
If-None-Match: W/"63282dde-b00"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:04:07 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:52:46 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282dde-b00"
Age: 294387
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=4cac9064b352472ab0c635df56b56283&hn=gayinleeds.relayblog.com&et=252
200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=4cac9064b352472ab0c635df56b56283&hn=gayinleeds.relayblog.com&et=252
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20250x150&sc=4cac9064b352472ab0c635df56b56283&hn=gayinleeds.relayblog.com&et=252 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQsHEjBw0yNcS0qCFDBo4WNEKSaYGDRpgZLcLcGCMGhw0YM1ySGSPiYZg6PHWIuEGGRo4wN8ugvGEmzFIyMlqIoTHDqRkZHM0QlXEDhxkbPSGSsUOxZQ4cD-HUEbPQRowYN3zCgUNxhseHc-BM1DGjJQ2uMx6OaUNXR0kbNGjA8EnGDMWHYty4oWjjJkcaD9u4wchwRsnFIuBo5myjBo2KIurEyIiGDh04c3S8eHHmjQs8uNOoIexizJs2L-a0CSPn9Rs4L2KYhCEjR1cbZsSUIZMDehkcOHDOgCFGDAwcM8qMGVPmdBnlMsSE-V6G69sc38WM8ZgjvJkZNsAn_lFnDsIkZPQwHQ1l5GSUDMyFkVgYTeEQwwwNwXBDGDmQoVwYMcxngwyexWATDOWJYcZ4MoSBoRgzVOUhDs6JkRQXdcDAnA1zvFGHHOQB2MNhicEAo4xYtVFGG9LJoeMXSUxxBhVIQIGDEEtAEUMScNRgxRVWvIEHDkHYYAUZM5hhhRxqxOGGElQ8AYcdR8wxxxRF0EFDFG0MUUQaUGBhBB11EEHHejQIMcYNU9yRBw5JtNCGHVE4IcMVbzSBRRtI1PEFHF-McQUSc8jAhBJGtFCFDWqIEQMbY-AQRRY0fHFGFUkQIUUVafw4Ixwx9NBXYoCFRcZvGZ0RRh5puMFGGdPN4YIcZbAxrBhsvHFGb8AKFsZeW0DYBWSO6QCDCzCgJocdhW33UB11pJERGWG0x5UNMJE3IkpfKYVDSDm0cFQONeQwKA4MlhRWGoWJkEMMLsDnwl8uNERDWHJ8QXBGByf8LcMOh1VHGBk18YYeabDh7As1gAsCCli8tQMITBRbBx4gbGnDF4itPK4O1YGbAghHiLfGGy8gGIOMQ8cAghFpMGuGli_kDENY42XkxBNhvRFx1EJNHRaqGRXhhK9l2PEFs2xQVMMNXeGXHWhynDGZYTXgEJcIB4kthhwLYfdQ3V-08QYZC5nk1t5yvLFQYCK8oZBhaRWORx4LYSaC0qy5BodstA1b7LHJLtvss9FO6xtwYc0xbkaF_0mH1S3U4UYadLQQQw4u7KScr0HRXcYXtssQFh1tUAav3Fh5ZlEbvjNUWV83FI9VDTYwNnYZeX1xrfDMO_9Q2NYfW9zi2dKwLURi7KV7U3WwMVFaXHsrGGcw9KFAQA%3D%3D&s=d367e2d3221a49e44ad1a7eb5315d0a4da5306fce9a8367c1f7d8bd9d99ca2761663872632&w=t&r=1&d=1360&priv=false
200 OK 349 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQsHEjBw0yNcS0qCFDBo4WNEKSaYGDRpgZLcLcGCMGhw0YM1ySGSPiYZg6PHWIuEGGRo4wN8ugvGEmzFIyMlqIoTHDqRkZHM0QlXEDhxkbPSGSsUOxZQ4cD-HUEbPQRowYN3zCgUNxhseHc-BM1DGjJQ2uMx6OaUNXR0kbNGjA8EnGDMWHYty4oWjjJkcaD9u4wchwRsnFIuBo5myjBo2KIurEyIiGDh04c3S8eHHmjQs8uNOoIexizJs2L-a0CSPn9Rs4L2KYhCEjR1cbZsSUIZMDehkcOHDOgCFGDAwcM8qMGVPmdBnlMsSE-V6G69sc38WM8ZgjvJkZNsAn_lFnDsIkZPQwHQ1l5GSUDMyFkVgYTeEQwwwNwXBDGDmQoVwYMcxngwyexWATDOWJYcZ4MoSBoRgzVOUhDs6JkRQXdcDAnA1zvFGHHOQB2MNhicEAo4xYtVFGG9LJoeMXSUxxBhVIQIGDEEtAEUMScNRgxRVWvIEHDkHYYAUZM5hhhRxqxOGGElQ8AYcdR8wxxxRF0EFDFG0MUUQaUGBhBB11EEHHejQIMcYNU9yRBw5JtNCGHVE4IcMVbzSBRRtI1PEFHF-McQUSc8jAhBJGtFCFDWqIEQMbY-AQRRY0fHFGFUkQIUUVafw4Ixwx9NBXYoCFRcZvGZ0RRh5puMFGGdPN4YIcZbAxrBhsvHFGb8AKFsZeW0DYBWSO6QCDCzCgJocdhW33UB11pJERGWG0x5UNMJE3IkpfKYVDSDm0cFQONeQwKA4MlhRWGoWJkEMMLsDnwl8uNERDWHJ8QXBGByf8LcMOh1VHGBk18YYeabDh7As1gAsCCli8tQMITBRbBx4gbGnDF4itPK4O1YGbAghHiLfGGy8gGIOMQ8cAghFpMGuGli_kDENY42XkxBNhvRFx1EJNHRaqGRXhhK9l2PEFs2xQVMMNXeGXHWhynDGZYTXgEJcIB4kthhwLYfdQ3V-08QYZC5nk1t5yvLFQYCK8oZBhaRWORx4LYSaC0qy5BodstA1b7LHJLtvss9FO6xtwYc0xbkaF_0mH1S3U4UYadLQQQw4u7KScr0HRXcYXtssQFh1tUAav3Fh5ZlEbvjNUWV83FI9VDTYwNnYZeX1xrfDMO_9Q2NYfW9zi2dKwLURi7KV7U3WwMVFaXHsrGGcw9KFAQA%3D%3D&s=d367e2d3221a49e44ad1a7eb5315d0a4da5306fce9a8367c1f7d8bd9d99ca2761663872632&w=t&r=1&d=1360&priv=false
IP
ASN #24940 Hetzner Online GmbH
Hash c7e35620381c8987d16e3daa75a716f3
34d66c9d875106b76650018c5866e2868a002a9f
761d09df2daa8e22cc92ad4f5643aa214f6f0874aa5bf341de1fccd08b7299d6
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQsHEjBw0yNcS0qCFDBo4WNEKSaYGDRpgZLcLcGCMGhw0YM1ySGSPiYZg6PHWIuEGGRo4wN8ugvGEmzFIyMlqIoTHDqRkZHM0QlXEDhxkbPSGSsUOxZQ4cD-HUEbPQRowYN3zCgUNxhseHc-BM1DGjJQ2uMx6OaUNXR0kbNGjA8EnGDMWHYty4oWjjJkcaD9u4wchwRsnFIuBo5myjBo2KIurEyIiGDh04c3S8eHHmjQs8uNOoIexizJs2L-a0CSPn9Rs4L2KYhCEjR1cbZsSUIZMDehkcOHDOgCFGDAwcM8qMGVPmdBnlMsSE-V6G69sc38WM8ZgjvJkZNsAn_lFnDsIkZPQwHQ1l5GSUDMyFkVgYTeEQwwwNwXBDGDmQoVwYMcxngwyexWATDOWJYcZ4MoSBoRgzVOUhDs6JkRQXdcDAnA1zvFGHHOQB2MNhicEAo4xYtVFGG9LJoeMXSUxxBhVIQIGDEEtAEUMScNRgxRVWvIEHDkHYYAUZM5hhhRxqxOGGElQ8AYcdR8wxxxRF0EFDFG0MUUQaUGBhBB11EEHHejQIMcYNU9yRBw5JtNCGHVE4IcMVbzSBRRtI1PEFHF-McQUSc8jAhBJGtFCFDWqIEQMbY-AQRRY0fHFGFUkQIUUVafw4Ixwx9NBXYoCFRcZvGZ0RRh5puMFGGdPN4YIcZbAxrBhsvHFGb8AKFsZeW0DYBWSO6QCDCzCgJocdhW33UB11pJERGWG0x5UNMJE3IkpfKYVDSDm0cFQONeQwKA4MlhRWGoWJkEMMLsDnwl8uNERDWHJ8QXBGByf8LcMOh1VHGBk18YYeabDh7As1gAsCCli8tQMITBRbBx4gbGnDF4itPK4O1YGbAghHiLfGGy8gGIOMQ8cAghFpMGuGli_kDENY42XkxBNhvRFx1EJNHRaqGRXhhK9l2PEFs2xQVMMNXeGXHWhynDGZYTXgEJcIB4kthhwLYfdQ3V-08QYZC5nk1t5yvLFQYCK8oZBhaRWORx4LYSaC0qy5BodstA1b7LHJLtvss9FO6xtwYc0xbkaF_0mH1S3U4UYadLQQQw4u7KScr0HRXcYXtssQFh1tUAav3Fh5ZlEbvjNUWV83FI9VDTYwNnYZeX1xrfDMO_9Q2NYfW9zi2dKwLURi7KV7U3WwMVFaXHsrGGcw9KFAQA%3D%3D&s=d367e2d3221a49e44ad1a7eb5315d0a4da5306fce9a8367c1f7d8bd9d99ca2761663872632&w=t&r=1&d=1360&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
cdn.tsyndicate.com/sdk/v1/backup.banner.js
304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Mon, 19 Sep 2022 08:52:46 GMT
If-None-Match: W/"63282dde-b00"
HTTP/1.1 304 Not Modified
Date: Mon, 19 Sep 2022 09:04:07 GMT
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:52:46 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63282dde-b00"
Age: 294388
cdn.tsyndicate.com/imges/backup/banner/300x250.png
304 Not Modified 2.8 kB URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP
Hash 14008b77308d57a667689e52b7b60c7f
e22d9e0e658ba1da18ef1c240c3f6ae80f5d66e1
38880738d6261a335826a7467338c6a36a464000d35fc4e34ab61fba9446116d
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Wed, 22 Jun 2022 09:24:43 GMT
If-None-Match: W/"62b2dfdb-18fbf"
HTTP/1.1 304 Not Modified
Date: Wed, 22 Jun 2022 09:39:46 GMT
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62b2dfdb-18fbf"
Age: 7981849
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2317&ck=1&ref=https://chaturbate.com/tours/3/&ap=62&be=1109&fe=2061&dc=1644&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872632149,%22n%22:0,%22f%22:231,%22dn%22:231,%22dne%22:231,%22c%22:231,%22s%22:231,%22ce%22:231,%22rq%22:233,%22rp%22:462,%22rpe%22:463,%22dl%22:966,%22di%22:1549,%22ds%22:1643,%22de%22:1649,%22dc%22:2060,%22l%22:2060,%22le%22:2061%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUAIBBFEGBlZWDxh4Yy8TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE19WBlBUBVIJGA1QU1MUVVdWXU5fXwZfHFEJDVVTAQcBU11UABNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
200 OK 72 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2317&ck=1&ref=https://chaturbate.com/tours/3/&ap=62&be=1109&fe=2061&dc=1644&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872632149,%22n%22:0,%22f%22:231,%22dn%22:231,%22dne%22:231,%22c%22:231,%22s%22:231,%22ce%22:231,%22rq%22:233,%22rp%22:462,%22rpe%22:463,%22dl%22:966,%22di%22:1549,%22ds%22:1643,%22de%22:1649,%22dc%22:2060,%22l%22:2060,%22le%22:2061%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUAIBBFEGBlZWDxh4Yy8TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE19WBlBUBVIJGA1QU1MUVVdWXU5fXwZfHFEJDVVTAQcBU11UABNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
IP
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2317&ck=1&ref=https://chaturbate.com/tours/3/&ap=62&be=1109&fe=2061&dc=1644&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872632149,%22n%22:0,%22f%22:231,%22dn%22:231,%22dne%22:231,%22c%22:231,%22s%22:231,%22ce%22:231,%22rq%22:233,%22rp%22:462,%22rpe%22:463,%22dl%22:966,%22di%22:1549,%22ds%22:1643,%22de%22:1649,%22dc%22:2060,%22l%22:2060,%22le%22:2061%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUAIBBFEGBlZWDxh4Yy8TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE19WBlBUBVIJGA1QU1MUVVdWXU5fXwZfHFEJDVVTAQcBU11UABNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74ed3a2099d01c16-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=b45b2a10ae7b3c20; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=782873
200 OK 2.0 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=782873
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1591), with CRLF, LF line terminators
Hash f276ca4b06b4a504ce04cb7c34649219
817e200593fb14e8eaa73f24ac10729f911e3f23
d9dea528aa20766f70274921b4278df2784877a09ed18369fbc5c3b02471479c
GET /adshow.php?adzone=782873 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=d90054244e2f3a3d4fe3879047bdcd00; expires=Fri, 22-Sep-2023 18:50:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps32597=1; expires=Fri, 23-Sep-2022 18:50:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps32597=1; expires=Fri, 23-Sep-2022 18:50:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps30216=1; expires=Fri, 23-Sep-2022 18:50:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTozOntpOjEyMTY3MzM7aToxNjY0MTMxODMzO2k6NzY2ODg1O2k6MTY2NDEzMTgzMztpOjc2NzMyMjtpOjE2NjQxMzE4MzM7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2411&ck=1&ref=https://chaturbate.com/tours/3/&ap=32&be=1294&fe=2212&dc=1909&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872632172,%22n%22:0,%22f%22:311,%22dn%22:311,%22dne%22:311,%22c%22:311,%22s%22:311,%22ce%22:311,%22rq%22:442,%22rp%22:634,%22rpe%22:635,%22dl%22:1164,%22di%22:1719,%22ds%22:1908,%22de%22:1913,%22dc%22:2211,%22l%22:2211,%22le%22:2213%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUAVfWVZQBlZWDxh2Yi0TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwgDBAAGAgMJGAwBWQcUVVpTVE5eDwIOHFkBAAQBVwJSUloCCxNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2411&ck=1&ref=https://chaturbate.com/tours/3/&ap=32&be=1294&fe=2212&dc=1909&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872632172,%22n%22:0,%22f%22:311,%22dn%22:311,%22dne%22:311,%22c%22:311,%22s%22:311,%22ce%22:311,%22rq%22:442,%22rp%22:634,%22rpe%22:635,%22dl%22:1164,%22di%22:1719,%22ds%22:1908,%22de%22:1913,%22dc%22:2211,%22l%22:2211,%22le%22:2213%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUAVfWVZQBlZWDxh2Yi0TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwgDBAAGAgMJGAwBWQcUVVpTVE5eDwIOHFkBAAQBVwJSUloCCxNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
IP
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2411&ck=1&ref=https://chaturbate.com/tours/3/&ap=32&be=1294&fe=2212&dc=1909&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872632172,%22n%22:0,%22f%22:311,%22dn%22:311,%22dne%22:311,%22c%22:311,%22s%22:311,%22ce%22:311,%22rq%22:442,%22rp%22:634,%22rpe%22:635,%22dl%22:1164,%22di%22:1719,%22ds%22:1908,%22de%22:1913,%22dc%22:2211,%22l%22:2211,%22le%22:2213%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUAVfWVZQBlZWDxh2Yi0TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwgDBAAGAgMJGAwBWQcUVVpTVE5eDwIOHFkBAAQBVwJSUloCCxNNE0sEBAYWBhQbDxtZFUVJW01MAwxIXFRbWAVCFwINDktBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgdXCAUBBllTCVNaAUZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsvASIdNjobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74ed3a2148d3b505-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=f47c277e49ca75db; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=962241
200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=962241
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (417), with CRLF, LF line terminators
Hash 471ac86df616229dc0a944486cf89aeb
5a460d3c3b65e615f5c9c549ccc5e66e8d46c40d
6b3e1a74d34ae45e3725defd4330c88c9e52d4503db98e733d78787132de0475
GET /adshow.php?adzone=962241 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=d90054244e2f3a3d4fe3879047bdcd00; expires=Fri, 22-Sep-2023 18:50:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Fri, 23-Sep-2022 18:50:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY5NjY7aToxNjY0MTMxODMzO30%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XEMJOjjBgZMHK0GCOjjEgaN8jQaIFjDA4cLcTQmEEmJZkwNmLIGCPiYZg6PHWIuEEjhg0xZm7UaFETaQsaMkq2CCMmh8iPZsLQCANSjJgaNnpCJGOHIg4aOXA8hFNHzMKcMW74hAOHIowbRh_OgTNRx4yzUGnAeDimTV0dUW3MzOGTjJm3FUWIceOGog0bMGzcmPGwjRuMDGdEHSwCjmfQNmoUfVgnRkY0dOjAmaPjxYszb1zg2Z1GjWEXY960eTGnTRg5st_AeTFmRtYZKGXggFHjBg6TMMJ0xEE1Rhkb0mGMgVFmRs4aMmiQaRiDzBik373WEHNDhvMyJlGOKfPyR505CCVBRg9lqFQeDWiBJINWW2WFQwwzNHSXdustGMMYOYAnWgw4YFYGDUiNQVIYYcQgxgwzlPhSDjeI4SEXdcAAgww2zPFGHXLsJ2APiS0Go4w0tlFGG2IEOKAYa9xRBxtIGMHEGnWkkUUYedTAhA3NaXGXGURI4YYeTCQhhhVTyIGEGVOUgcUQRhghhh1jGKGGFEsgUQYadeQxhhp4JBHcF08wEQQdSt0xgxhn3IFDHTk0kQYScIwRRhZnKEFDHEbkwQYMd3xBh0xWttGEDUUIYd0XZ1SRRJdVpPHjjDbAEUMPfyGYHgxikSFcRmdQmYYbbOBHxhwuyFEGG1SKwcYbZwC3K2Fh9LXFDV08hNRCMLgAQ2Ry2HHYDKTVEWVGVYGXgxnktVADVyeJId5UYdw1kgxpcVVGDGH8dYNYaRwmQg4xuJBDtlC50BANYsnxRb8ZASwwwTIYrJpYdYSRURNv6JEGG8i-UIO2IKCARQwx7AACE7_WgQcIeHT4hWImd6tDhtqmAMIRZYyxxhsvgBSDjD_HAIIRaRhrxht4vEAzroQFJYITT4j1hsIiZgS1WGw4XYQTuZZhxxfGskFRddaZNx1pcpxRGWI14CCXCAd9LYYcC730UNxftPEGGQtJl9PdcryxEGcivKEQYmsFjkceC9HwkNGvxQZHbbf5CqywxIad7LLNBjecWHN0m1HgdEQ7dQt1uJEGHS3YMIML7umUq9MHfRG7DGLR0YZlrrtNI4oWtYE7Q5fp-zu46TUGdhl7fREt78a7TrjXzgeL3OFbQFctRGL0BXcZWS050VpZY0sYaDD0oUBA&s=559870d9128670902614679eec96708a43023879ee9da5683d1f82399bd75d361663872633&w=t&r=1&d=1311&priv=false
200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XEMJOjjBgZMHK0GCOjjEgaN8jQaIFjDA4cLcTQmEEmJZkwNmLIGCPiYZg6PHWIuEEjhg0xZm7UaFETaQsaMkq2CCMmh8iPZsLQCANSjJgaNnpCJGOHIg4aOXA8hFNHzMKcMW74hAOHIowbRh_OgTNRx4yzUGnAeDimTV0dUW3MzOGTjJm3FUWIceOGog0bMGzcmPGwjRuMDGdEHSwCjmfQNmoUfVgnRkY0dOjAmaPjxYszb1zg2Z1GjWEXY960eTGnTRg5st_AeTFmRtYZKGXggFHjBg6TMMJ0xEE1Rhkb0mGMgVFmRs4aMmiQaRiDzBik373WEHNDhvMyJlGOKfPyR505CCVBRg9lqFQeDWiBJINWW2WFQwwzNHSXdustGMMYOYAnWgw4YFYGDUiNQVIYYcQgxgwzlPhSDjeI4SEXdcAAgww2zPFGHXLsJ2APiS0Go4w0tlFGG2IEOKAYa9xRBxtIGMHEGnWkkUUYedTAhA3NaXGXGURI4YYeTCQhhhVTyIGEGVOUgcUQRhghhh1jGKGGFEsgUQYadeQxhhp4JBHcF08wEQQdSt0xgxhn3IFDHTk0kQYScIwRRhZnKEFDHEbkwQYMd3xBh0xWttGEDUUIYd0XZ1SRRJdVpPHjjDbAEUMPfyGYHgxikSFcRmdQmYYbbOBHxhwuyFEGG1SKwcYbZwC3K2Fh9LXFDV08hNRCMLgAQ2Ry2HHYDKTVEWVGVYGXgxnktVADVyeJId5UYdw1kgxpcVVGDGH8dYNYaRwmQg4xuJBDtlC50BANYsnxRb8ZASwwwTIYrJpYdYSRURNv6JEGG8i-UIO2IKCARQwx7AACE7_WgQcIeHT4hWImd6tDhtqmAMIRZYyxxhsvgBSDjD_HAIIRaRhrxht4vEAzroQFJYITT4j1hsIiZgS1WGw4XYQTuZZhxxfGskFRddaZNx1pcpxRGWI14CCXCAd9LYYcC730UNxftPEGGQtJl9PdcryxEGcivKEQYmsFjkceC9HwkNGvxQZHbbf5CqywxIad7LLNBjecWHN0m1HgdEQ7dQt1uJEGHS3YMIML7umUq9MHfRG7DGLR0YZlrrtNI4oWtYE7Q5fp-zu46TUGdhl7fREt78a7TrjXzgeL3OFbQFctRGL0BXcZWS050VpZY0sYaDD0oUBA&s=559870d9128670902614679eec96708a43023879ee9da5683d1f82399bd75d361663872633&w=t&r=1&d=1311&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XEMJOjjBgZMHK0GCOjjEgaN8jQaIFjDA4cLcTQmEEmJZkwNmLIGCPiYZg6PHWIuEEjhg0xZm7UaFETaQsaMkq2CCMmh8iPZsLQCANSjJgaNnpCJGOHIg4aOXA8hFNHzMKcMW74hAOHIowbRh_OgTNRx4yzUGnAeDimTV0dUW3MzOGTjJm3FUWIceOGog0bMGzcmPGwjRuMDGdEHSwCjmfQNmoUfVgnRkY0dOjAmaPjxYszb1zg2Z1GjWEXY960eTGnTRg5st_AeTFmRtYZKGXggFHjBg6TMMJ0xEE1Rhkb0mGMgVFmRs4aMmiQaRiDzBik373WEHNDhvMyJlGOKfPyR505CCVBRg9lqFQeDWiBJINWW2WFQwwzNHSXdustGMMYOYAnWgw4YFYGDUiNQVIYYcQgxgwzlPhSDjeI4SEXdcAAgww2zPFGHXLsJ2APiS0Go4w0tlFGG2IEOKAYa9xRBxtIGMHEGnWkkUUYedTAhA3NaXGXGURI4YYeTCQhhhVTyIGEGVOUgcUQRhghhh1jGKGGFEsgUQYadeQxhhp4JBHcF08wEQQdSt0xgxhn3IFDHTk0kQYScIwRRhZnKEFDHEbkwQYMd3xBh0xWttGEDUUIYd0XZ1SRRJdVpPHjjDbAEUMPfyGYHgxikSFcRmdQmYYbbOBHxhwuyFEGG1SKwcYbZwC3K2Fh9LXFDV08hNRCMLgAQ2Ry2HHYDKTVEWVGVYGXgxnktVADVyeJId5UYdw1kgxpcVVGDGH8dYNYaRwmQg4xuJBDtlC50BANYsnxRb8ZASwwwTIYrJpYdYSRURNv6JEGG8i-UIO2IKCARQwx7AACE7_WgQcIeHT4hWImd6tDhtqmAMIRZYyxxhsvgBSDjD_HAIIRaRhrxht4vEAzroQFJYITT4j1hsIiZgS1WGw4XYQTuZZhxxfGskFRddaZNx1pcpxRGWI14CCXCAd9LYYcC730UNxftPEGGQtJl9PdcryxEGcivKEQYmsFjkceC9HwkNGvxQZHbbf5CqywxIad7LLNBjecWHN0m1HgdEQ7dQt1uJEGHS3YMIML7umUq9MHfRG7DGLR0YZlrrtNI4oWtYE7Q5fp-zu46TUGdhl7fREt78a7TrjXzgeL3OFbQFctRGL0BXcZWS050VpZY0sYaDD0oUBA&s=559870d9128670902614679eec96708a43023879ee9da5683d1f82399bd75d361663872633&w=t&r=1&d=1311&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
28980.weednewspro.com/v2/a/na/js/203282?container=c
200 OK 515 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/js/203282?container=c
IP
ASN #39572 DataWeb Global Group B.V.
Size 515 kB (515001 bytes)
Hash b8bb5fd793163a24136ec3864ed3740f
c6062245443e3739360c2cef5965318a969376f9
798d5f5a8229bbb382ae44b294eecb08b4d2164afb5fcec99ec1a2ce320c78ce
GET /v2/a/na/js/203282?container=c HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:35 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/js/203282?container=c
200 OK 106 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/js/203282?container=c
IP
ASN #39572 DataWeb Global Group B.V.
Size 106 kB (106110 bytes)
Hash ad1e548d9dfc4702842052ebe1a0afcb
a1876b50451793760871198ee7a868ed146fa20a
9b6d2beb83b83ed6e8ab9106c80825a639426c83b44e51d83ebbc2f62f98ba99
GET /v2/a/na/js/203282?container=c HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/js/203282?container=c
200 OK 34 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/js/203282?container=c
IP
ASN #39572 DataWeb Global Group B.V.
Hash b653ac294ccea09794ca00047315ae89
4b457545cbbd52600262498369103940311412b6
e20908ab3e8de49f2c057fbcc952be45b16b718a671523f45a7b175f3ce79213
GET /v2/a/na/js/203282?container=c HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:35 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=961909
200 OK 1.6 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=961909
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (421), with CRLF, LF line terminators
Hash 84a5a950bba8f83d6b140a87af520f9c
f748d73d400dd08dba7d712a352ff5d0eeb6d6a8
cab2908d0566c9cc4ae959d86fd77ea78fe1734efd4bb7e60d5c1a52302ab6c9
GET /adshow.php?adzone=961909 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=d90054244e2f3a3d4fe3879047bdcd00; expires=Fri, 22-Sep-2023 18:50:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps43654=1; expires=Fri, 23-Sep-2022 18:50:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 23-Sep-2022 18:50:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjEyMDQzNDE7aToxNjY0MTMxODMzO2k6NTkyOTgxO2k6MTY2NDEzMTgzMzt9; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 25-Sep-2022 18:50:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=gayinleeds.relayblog.com&et=110
200 OK 396 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=gayinleeds.relayblog.com&et=110
IP
ASN #24940 Hetzner Online GmbH
Hash d8974168fcb0297823f3b6f0389c443c
9581527e671be8f1548d91f7e461aac4df4eb05b
f876cc9473923eb476e97a4aa2cc63b59f3e2ae81d4e6adb8a286216b99ce5e2
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=gayinleeds.relayblog.com&et=110 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WYyZEjjBgZNW60wAGDjI0WNGrEMNMiR8qTMmDIuEHmhpkwOHGIEfEwTJ0xGW2QqQHDRgwxMFqUoSEDB0obQluIsYGDRksbNGBMJTOmhhgcNnhCJGOHYtUcOB7CqbNTh9EYN3rCgUNxhsuHc-BM1DGjagwZMnI8HNOGrg7AWO32JGNmodGHYty4oQi16I0ZD9u4wchwBmAYajVztlGDRkURdWJkREOHDpw5Ol68OPPGBZ7badQUdjHmTZsXc9qEkeP6DZwXY2bcnEHjRlMYIXGUyQEjTI4yODzGKGPj-RgYZWYYrSGDBpmGMbiKMcNdjBivzpWXmd58DHYcP-rMQZiETI8yZNAQHg005BCTDGEQGMZNOMQwQ0Mw3GDdeQjGMEYO3XkWA1jg0bDeGGMgGMZRM8wwIg445HDDVOBxUQcMMtkwxxt1yGFffz0gRoNdLsIogw1tlNGGGPz59wYOUggRhB5hEHEDGk3AsQQbRxiBgxpX6BHEEVikcUcOWFSxxA13DEHGFcwJwcQMWMjwRhBayAGHE0gooQaUbpQBR3ZWjKHFEkHIUUQVRMhwxBDu1SEFDllQkcMSZczhxg1Y1HHHGTHokcOLNFTxxVRv0KEkGmjA8MUZVSRBhBRVpNFjjHDE0ENfpgGWg1hk-JbRGWHkkYYbbMxHxhwuyFEGG72KwcYbZ_Cm62Bh7LVFRZjRwIJDcaX1FwsOcmttDDawIMMMXUDWmA4wuADDaXLYYdgMoKFWRxoZxVCSdWWYwVINQtWAklY5jHQDUy3AoFMYUL3nUYFipWGYCDnE4AJ1LjDlQkM0iCXHFw5nFPHE6VqMsVh1hJFRE2_okQYbyL5Qg7ogoIBFDDHsAAITv9aBBwh4gPUFVja3qwOG6qYAwhFljLHGGy_EZO-664JgRBrGmvEGHi8QDYNYIGbkxBNivbFx1zqI8LVYbABVdhFO4FqGHV8YywZFId2Ag3gkxSvHGZMdVgMOcYlwENxiyLEQig8N_kUbb5CxUFOPCS7HGwthJsIbCh2m1uR45LGQtSJUvVprcMQ2W6-_BgsgsXInu2yzvf0m1h31PicWGvXKlDFe7WY0OR3Rit1CHW6kQUcLRLnA1V-4qi14GV8sL4NYdLRBmQ19OYe95dVPzxBU2f9YYlagGxR3pHB8Ee314W__0NvqB0tc5lswVy5EYuz1_E11sDGRWmlbSLzGwBkY9EEBAQE%3D&s=da99e4a208636803e9569f870b637ec05e2ecde5c4934ea5ac81bf4b02c1ab061663872633&w=t&r=1&d=1439&priv=false
200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WYyZEjjBgZNW60wAGDjI0WNGrEMNMiR8qTMmDIuEHmhpkwOHGIEfEwTJ0xGW2QqQHDRgwxMFqUoSEDB0obQluIsYGDRksbNGBMJTOmhhgcNnhCJGOHYtUcOB7CqbNTh9EYN3rCgUNxhsuHc-BM1DGjagwZMnI8HNOGrg7AWO32JGNmodGHYty4oQi16I0ZD9u4wchwBmAYajVztlGDRkURdWJkREOHDpw5Ol68OPPGBZ7badQUdjHmTZsXc9qEkeP6DZwXY2bcnEHjRlMYIXGUyQEjTI4yODzGKGPj-RgYZWYYrSGDBpmGMbiKMcNdjBivzpWXmd58DHYcP-rMQZiETI8yZNAQHg005BCTDGEQGMZNOMQwQ0Mw3GDdeQjGMEYO3XkWA1jg0bDeGGMgGMZRM8wwIg445HDDVOBxUQcMMtkwxxt1yGFffz0gRoNdLsIogw1tlNGGGPz59wYOUggRhB5hEHEDGk3AsQQbRxiBgxpX6BHEEVikcUcOWFSxxA13DEHGFcwJwcQMWMjwRhBayAGHE0gooQaUbpQBR3ZWjKHFEkHIUUQVRMhwxBDu1SEFDllQkcMSZczhxg1Y1HHHGTHokcOLNFTxxVRv0KEkGmjA8MUZVSRBhBRVpNFjjHDE0ENfpgGWg1hk-JbRGWHkkYYbbMxHxhwuyFEGG72KwcYbZ_Cm62Bh7LVFRZjRwIJDcaX1FwsOcmttDDawIMMMXUDWmA4wuADDaXLYYdgMoKFWRxoZxVCSdWWYwVINQtWAklY5jHQDUy3AoFMYUL3nUYFipWGYCDnE4AJ1LjDlQkM0iCXHFw5nFPHE6VqMsVh1hJFRE2_okQYbyL5Qg7ogoIBFDDHsAAITv9aBBwh4gPUFVja3qwOG6qYAwhFljLHGGy_EZO-664JgRBrGmvEGHi8QDYNYIGbkxBNivbFx1zqI8LVYbABVdhFO4FqGHV8YywZFId2Ag3gkxSvHGZMdVgMOcYlwENxiyLEQig8N_kUbb5CxUFOPCS7HGwthJsIbCh2m1uR45LGQtSJUvVprcMQ2W6-_BgsgsXInu2yzvf0m1h31PicWGvXKlDFe7WY0OR3Rit1CHW6kQUcLRLnA1V-4qi14GV8sL4NYdLRBmQ19OYe95dVPzxBU2f9YYlagGxR3pHB8Ee314W__0NvqB0tc5lswVy5EYuz1_E11sDGRWmlbSLzGwBkY9EEBAQE%3D&s=da99e4a208636803e9569f870b637ec05e2ecde5c4934ea5ac81bf4b02c1ab061663872633&w=t&r=1&d=1439&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WYyZEjjBgZNW60wAGDjI0WNGrEMNMiR8qTMmDIuEHmhpkwOHGIEfEwTJ0xGW2QqQHDRgwxMFqUoSEDB0obQluIsYGDRksbNGBMJTOmhhgcNnhCJGOHYtUcOB7CqbNTh9EYN3rCgUNxhsuHc-BM1DGjagwZMnI8HNOGrg7AWO32JGNmodGHYty4oQi16I0ZD9u4wchwBmAYajVztlGDRkURdWJkREOHDpw5Ol68OPPGBZ7badQUdjHmTZsXc9qEkeP6DZwXY2bcnEHjRlMYIXGUyQEjTI4yODzGKGPj-RgYZWYYrSGDBpmGMbiKMcNdjBivzpWXmd58DHYcP-rMQZiETI8yZNAQHg005BCTDGEQGMZNOMQwQ0Mw3GDdeQjGMEYO3XkWA1jg0bDeGGMgGMZRM8wwIg445HDDVOBxUQcMMtkwxxt1yGFffz0gRoNdLsIogw1tlNGGGPz59wYOUggRhB5hEHEDGk3AsQQbRxiBgxpX6BHEEVikcUcOWFSxxA13DEHGFcwJwcQMWMjwRhBayAGHE0gooQaUbpQBR3ZWjKHFEkHIUUQVRMhwxBDu1SEFDllQkcMSZczhxg1Y1HHHGTHokcOLNFTxxVRv0KEkGmjA8MUZVSRBhBRVpNFjjHDE0ENfpgGWg1hk-JbRGWHkkYYbbMxHxhwuyFEGG72KwcYbZ_Cm62Bh7LVFRZjRwIJDcaX1FwsOcmttDDawIMMMXUDWmA4wuADDaXLYYdgMoKFWRxoZxVCSdWWYwVINQtWAklY5jHQDUy3AoFMYUL3nUYFipWGYCDnE4AJ1LjDlQkM0iCXHFw5nFPHE6VqMsVh1hJFRE2_okQYbyL5Qg7ogoIBFDDHsAAITv9aBBwh4gPUFVja3qwOG6qYAwhFljLHGGy_EZO-664JgRBrGmvEGHi8QDYNYIGbkxBNivbFx1zqI8LVYbABVdhFO4FqGHV8YywZFId2Ag3gkxSvHGZMdVgMOcYlwENxiyLEQig8N_kUbb5CxUFOPCS7HGwthJsIbCh2m1uR45LGQtSJUvVprcMQ2W6-_BgsgsXInu2yzvf0m1h31PicWGvXKlDFe7WY0OR3Rit1CHW6kQUcLRLnA1V-4qi14GV8sL4NYdLRBmQ19OYe95dVPzxBU2f9YYlagGxR3pHB8Ee314W__0NvqB0tc5lswVy5EYuz1_E11sDGRWmlbSLzGwBkY9EEBAQE%3D&s=da99e4a208636803e9569f870b637ec05e2ecde5c4934ea5ac81bf4b02c1ab061663872633&w=t&r=1&d=1439&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
cbjpeg.stream.highwebmedia.com/stream?room=minarocket_&f=0.1806708167947103
200 OK 26 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=minarocket_&f=0.1806708167947103
IP
ASN #50389 Phoenix Nap, LLC.
Hash 7348fe25f9c1a91d216fa7b8298a9ed4
ec0c846474d1c38095a7d048cc826320c0a3c55c
ad83b58cb3ffd63784903bc8999ead8f4d1b6cef11e8f15a754944b2c839d2fc
GET /stream?room=minarocket_&f=0.1806708167947103 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=octWM0G.da9q1RAOUuO0gjLLqG3RVXehsBjyc9uOXcw-1663872632506-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:35 GMT
content-type: image/jpeg
content-length: 25461
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMmWFmo4wZN1rIKHOwBQ0cNsK0yBFDjI0WN2jISCnDTBkbNcSQEfEwTJ0xGcmYmUHGhhkYIWXmoGGyzIwZLcLkgAFVDAyZY8iQwSGURg2eEMnYoYiDRg4cD-HUEbPQRowYN3rCgUMRaQwbD-fAmahjRlmZNGA8HNOGrg4ZM2nMyNFTaNuKIsS4cUPRhg0YNm7MeNjGDUaGMxALFgGn82ecNCDXiZERDR06cOboePHizBsXeHKnUVPYxZg3bV7MaRNGDuw3cF5sNBNmBo0bMnDAqHEDR5mpUsvgCCMmxs3oMMbAcOq2hgwaZBrGIDNGjE0bYsTkhM6xzPXnY7Tj-FFnDsIkZPRAEg1O0WCWDDDIEIaBYTCHQwwzNISUVOkpGMMYOdjwkQwxoDQeDe6NMYaCYbT0VIk44JDDDS6Nx0UdMCRowxxv1CFHfgD2gJgNiuXwYowztVFGG2L8F2AMOcjRhBtKiNEEFHAEUcUbSxBhQxpp4DHGUGnk8cUYaTghBBVtaEFEEUPYgEYcYzAhQxBHnMHGEXbg4IQbUWghRxhOkDEHEmq0YAQMVahxw09IXplFC2pGpMcVNGQRhxV5lEEHE3qgkcYMS-hxxBJfIIFEGkmcwUQQX5xRRRJESFFFGj_KCEcMPfhl4HkwgEUGcBmdEUYeabjBhn1-uiBHGWz8KgYbb5zhG6-DhcHXFjd08ZB7C8HgAgyQyWGHYTOMVkcdaWQUxg0jFlUDUxjCoFJgNbwUX0si2UAGujnkNEN3YYCVhmEisOTCVC7I5EJDNIAlxxf_ZiQwwQYjDFYd_eogQhNv6JEGG8m-UMO2IKCAxVs7gMBEsHXgAQIeKH3BY8ne6pDhtimAcEQZY6zxxgsIxhCjzzGAYEQax5rxBh4vzJzrYEBZ7MQTYL2xsIgZPQ0WG02LUIQTupZhxxfHskERddXNYIN0o8lxBmWH1YBDXCIc9LUYciyU4kNyf9HGGzsdhhJkZMjxxkKbifCGQoelJTgeeSxEw0NFt_YaHLPV9muww5I0h7HIKsuss78FB9YdGcUAHlholJ5gwnl5m5HgdEgrdQt1uJEGHS1E6AJ7puua9UFf8C4DWHS0UZkNfkGHfOHFD8-QZcnP9NRij4cFdhl6fSHt8dEv_5DX2g9rHOJbOGctRGLwFXcZzNXBxkRpYZ3tYJ_B0IcCAQE%3D&s=688ef758afe8417526f52f56b6c8714d5d4dc0eae5db48ffa40ad51e768950711663872633&w=t&r=1&d=1499&priv=false
200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMmWFmo4wZN1rIKHOwBQ0cNsK0yBFDjI0WN2jISCnDTBkbNcSQEfEwTJ0xGcmYmUHGhhkYIWXmoGGyzIwZLcLkgAFVDAyZY8iQwSGURg2eEMnYoYiDRg4cD-HUEbPQRowYN3rCgUMRaQwbD-fAmahjRlmZNGA8HNOGrg4ZM2nMyNFTaNuKIsS4cUPRhg0YNm7MeNjGDUaGMxALFgGn82ecNCDXiZERDR06cOboePHizBsXeHKnUVPYxZg3bV7MaRNGDuw3cF5sNBNmBo0bMnDAqHEDR5mpUsvgCCMmxs3oMMbAcOq2hgwaZBrGIDNGjE0bYsTkhM6xzPXnY7Tj-FFnDsIkZPRAEg1O0WCWDDDIEIaBYTCHQwwzNISUVOkpGMMYOdjwkQwxoDQeDe6NMYaCYbT0VIk44JDDDS6Nx0UdMCRowxxv1CFHfgD2gJgNiuXwYowztVFGG2L8F2AMOcjRhBtKiNEEFHAEUcUbSxBhQxpp4DHGUGnk8cUYaTghBBVtaEFEEUPYgEYcYzAhQxBHnMHGEXbg4IQbUWghRxhOkDEHEmq0YAQMVahxw09IXplFC2pGpMcVNGQRhxV5lEEHE3qgkcYMS-hxxBJfIIFEGkmcwUQQX5xRRRJESFFFGj_KCEcMPfhl4HkwgEUGcBmdEUYeabjBhn1-uiBHGWz8KgYbb5zhG6-DhcHXFjd08ZB7C8HgAgyQyWGHYTOMVkcdaWQUxg0jFlUDUxjCoFJgNbwUX0si2UAGujnkNEN3YYCVhmEisOTCVC7I5EJDNIAlxxf_ZiQwwQYjDFYd_eogQhNv6JEGG8m-UMO2IKCAxVs7gMBEsHXgAQIeKH3BY8ne6pDhtimAcEQZY6zxxgsIxhCjzzGAYEQax5rxBh4vzJzrYEBZ7MQTYL2xsIgZPQ0WG02LUIQTupZhxxfHskERddXNYIN0o8lxBmWH1YBDXCIc9LUYciyU4kNyf9HGGzsdhhJkZMjxxkKbifCGQoelJTgeeSxEw0NFt_YaHLPV9muww5I0h7HIKsuss78FB9YdGcUAHlholJ5gwnl5m5HgdEgrdQt1uJEGHS1E6AJ7puua9UFf8C4DWHS0UZkNfkGHfOHFD8-QZcnP9NRij4cFdhl6fSHt8dEv_5DX2g9rHOJbOGctRGLwFXcZzNXBxkRpYZ3tYJ_B0IcCAQE%3D&s=688ef758afe8417526f52f56b6c8714d5d4dc0eae5db48ffa40ad51e768950711663872633&w=t&r=1&d=1499&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMmWFmo4wZN1rIKHOwBQ0cNsK0yBFDjI0WN2jISCnDTBkbNcSQEfEwTJ0xGcmYmUHGhhkYIWXmoGGyzIwZLcLkgAFVDAyZY8iQwSGURg2eEMnYoYiDRg4cD-HUEbPQRowYN3rCgUMRaQwbD-fAmahjRlmZNGA8HNOGrg4ZM2nMyNFTaNuKIsS4cUPRhg0YNm7MeNjGDUaGMxALFgGn82ecNCDXiZERDR06cOboePHizBsXeHKnUVPYxZg3bV7MaRNGDuw3cF5sNBNmBo0bMnDAqHEDR5mpUsvgCCMmxs3oMMbAcOq2hgwaZBrGIDNGjE0bYsTkhM6xzPXnY7Tj-FFnDsIkZPRAEg1O0WCWDDDIEIaBYTCHQwwzNISUVOkpGMMYOdjwkQwxoDQeDe6NMYaCYbT0VIk44JDDDS6Nx0UdMCRowxxv1CFHfgD2gJgNiuXwYowztVFGG2L8F2AMOcjRhBtKiNEEFHAEUcUbSxBhQxpp4DHGUGnk8cUYaTghBBVtaEFEEUPYgEYcYzAhQxBHnMHGEXbg4IQbUWghRxhOkDEHEmq0YAQMVahxw09IXplFC2pGpMcVNGQRhxV5lEEHE3qgkcYMS-hxxBJfIIFEGkmcwUQQX5xRRRJESFFFGj_KCEcMPfhl4HkwgEUGcBmdEUYeabjBhn1-uiBHGWz8KgYbb5zhG6-DhcHXFjd08ZB7C8HgAgyQyWGHYTOMVkcdaWQUxg0jFlUDUxjCoFJgNbwUX0si2UAGujnkNEN3YYCVhmEisOTCVC7I5EJDNIAlxxf_ZiQwwQYjDFYd_eogQhNv6JEGG8m-UMO2IKCAxVs7gMBEsHXgAQIeKH3BY8ne6pDhtimAcEQZY6zxxgsIxhCjzzGAYEQax5rxBh4vzJzrYEBZ7MQTYL2xsIgZPQ0WG02LUIQTupZhxxfHskERddXNYIN0o8lxBmWH1YBDXCIc9LUYciyU4kNyf9HGGzsdhhJkZMjxxkKbifCGQoelJTgeeSxEw0NFt_YaHLPV9muww5I0h7HIKsuss78FB9YdGcUAHlholJ5gwnl5m5HgdEgrdQt1uJEGHS1E6AJ7puua9UFf8C4DWHS0UZkNfkGHfOHFD8-QZcnP9NRij4cFdhl6fSHt8dEv_5DX2g9rHOJbOGctRGLwFXcZzNXBxkRpYZ3tYJ_B0IcCAQE%3D&s=688ef758afe8417526f52f56b6c8714d5d4dc0eae5db48ffa40ad51e768950711663872633&w=t&r=1&d=1499&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=gayinleeds.relayblog.com&et=132
200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=gayinleeds.relayblog.com&et=132
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=gayinleeds.relayblog.com&et=132 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 18:50:35 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiI2OTA4NTUwMDExMGIxYzMyNGIzMzhhMDdkM2E3ZGVhMSJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzQ4MTB9fQ==
200 OK 171 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiI2OTA4NTUwMDExMGIxYzMyNGIzMzhhMDdkM2E3ZGVhMSJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzQ4MTB9fQ==
IP
ASN #24940 Hetzner Online GmbH
Size 171 kB (170727 bytes)
Hash a5c0d8153b8701c57207132d5ac41f57
5de3451f70d545b691dbbdd64087ada7c3eeb128
c1ac2a4b0350aac893f9b1929cb1ad04379ffe8c251efa957b41724209bcbe6b
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiI2OTA4NTUwMDExMGIxYzMyNGIzMzhhMDdkM2E3ZGVhMSJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzQ4MTB9fQ== HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 18:50:35 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
i.jads.co/network/user500/30216-1558114437-0786966001558114437.gif
200 OK 140 kB URL HTTP/1.1 i.jads.co/network/user500/30216-1558114437-0786966001558114437.gif
IP
Size 140 kB (140042 bytes)
Hash b2438088d26c7fc98700136aab7f16a2
b629efcc6124b192df776cd0a4e9d5bfdab33519
5fa6f86cdf567ff1d7d93c692a070ec11127520329a418a0adc9082b9fc4c447
GET /network/user500/30216-1558114437-0786966001558114437.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:35 GMT
Connection: Keep-Alive
ETag: "1558114437"
Cache-Control: max-age=23029552
Content-Length: 111624
Content-Type: image/gif
Last-Modified: Fri, 17 May 2019 17:33:57 GMT
Accept-Ranges: bytes
X-HW: 1663872635.dop226.sk1.t,1663872635.cds072.sk1.c
i.jads.co/network/user500/32597-1558022728-0679189001558022728.gif
200 OK 1.1 MB URL HTTP/1.1 i.jads.co/network/user500/32597-1558022728-0679189001558022728.gif
IP
File type GIF image data, version 89a, 160 x 600\012- data
Size 1.1 MB (1060967 bytes)
Hash d57fad950091686fd5dfee86c2177123
1f0d51f37585097113d85805868970f4dd0befd0
07b58cd82ccda15e06f8ae4f72b383cc39659dbd8df5ff5dcf6a7ee0d473b3d5
GET /network/user500/32597-1558022728-0679189001558022728.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:35 GMT
Connection: Keep-Alive
ETag: "1558022728"
Cache-Control: max-age=15714598
Content-Length: 1060967
Content-Type: image/gif
Last-Modified: Thu, 16 May 2019 16:05:28 GMT
Accept-Ranges: bytes
X-HW: 1663872635.dop017.sk1.t,1663872635.cds225.sk1.c
rtbrennab.com/banner/in/show/?mid=452749912&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fgayinleeds.relayblog.com%252F%26katds_labels%3D%26btype%3D0%26score%3D74&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=452749912&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fgayinleeds.relayblog.com%252F%26katds_labels%3D%26btype%3D0%26score%3D74&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=452749912&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fgayinleeds.relayblog.com%252F%26katds_labels%3D%26btype%3D0%26score%3D74&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 22 Sep 2022 18:50:35 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiIwMmY2NmQwMDFhNjA5YzM3OWMxODE5YjA5OWYzY2YwZCJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzUyMTF9fQ==
200 OK 974 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiIwMmY2NmQwMDFhNjA5YzM3OWMxODE5YjA5OWYzY2YwZCJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzUyMTF9fQ==
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1310)
Hash fbe415ae2c03adec30387e44f7a199ba
cd0842c1bb705d8bbfc85ce6c06435cfa43f6f9d
baf9b478e38a7eeb1effa3544bbe27be288ee568becbeebebbbdd6c244e69d3d
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiIwMmY2NmQwMDFhNjA5YzM3OWMxODE5YjA5OWYzY2YwZCJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzUyMTF9fQ== HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 18:50:35 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74
302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Cookie: 912.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Fri, 23 Sep 2022 18:50:36 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=1753568658&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=12774&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-5&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3Dy9q467Ct2vCqO1MCciO7RBHR8QB2_IMyqBYBY0leIzFyrScIyfuseeHfXUa3muY3TExoK98fEAVJPZy3qj8mcxs5VD9wGk9xhWFIB79Hc5UAVeQ84LAXRbdjPfMNZKd6Efvbgeo7XEr2gXoJKFbWJ_qCoBZ7fEJ5K1oMLHLI8EcwdyJNbLwuq0_S7KM19henPYTCJ8meR2zVNbul-bmxloLzY6Jey5MhZ5JUoC-NiMPparImfwdoX8phQbr7_05uOcVSSbjfYR9AOLzJj4JT3AMSDRVKwljZDSf5DvWQPEGT0AUXiG5oJyCu7hK6JHf8WOcLtSvonRE1tkrQ8uKUMJXtmBdRcjjVwKBvu82rsYqkJiBpsSC4WC9KOWY9WwGUgG9AI9cGjrTC89vERCmdwxJzTaMVZ6TJRi9VG4Q5K4zIxvZdwItol6gLy1VntYMR-MZgcwGH4DziNkae3HbWRUk8XVdpW_heAwdzv7gb4LS_Wq0eJ0BRX-GVqA7zSLKUZjGXNmMwVifiuvH2KZ2XyZDX0VyeNAFwkkc-E1O9wL29kdPjRuSnycbsiStXNHpDrezuxB4h6Sc4KCnBvbVKb6n_b1EGSACjXAQ4WlzgNKBbYRa6MspcovJ5CJanJT__3R2yBczKQVrBaoG9vam8Pw8097Zic0NEtkajJ7lxYvq_aM05ELwDA2P3SXMYLZZMuH5Z0hP4xW9kstl8xawa0rirFsKY1EAvOFF2ZvKZjBqNju_j-PHRjhKzgIR9VJ62MfIPQdnIsrkoUIttgAPBo9KTqFL3vV2a5XDSuaHodEZ_Hn_hG4D1X88giuHGxXV9uD0aur20Cc7nOl2GUuQjC9wNZmxLVUiPxuomBhGshQulwhz6uXTDefSyMIrAr-sUD3IFwaAJwzsgRtNuBoz3Eb5kUFjR9CEcfsnKkLUhzslGYM5xLwQiK2QbPlvWjrpxA9tjD20sUYhzRHCN7fwH_k4VoVTp4AYiVAU0vx-dyJ8KIdnNk5V3Wem_474wnAw996A2GOcM5Vx6P3yIN_xTkRdVDsgiq9DzcNPm3zwPO_Tv-YahIyZJu5AhCozK0U3WFhSCTCWvW2edSG-s_D6RaCvzI2EuvpEubP7TR_hPXfAECDeoEav3YiaVqRaA3IZ8iLb8GdwCpEnXq9jkx2KBTZ36FARabWPzu3eI9T26rn4ZLBXQnE3ZlrYumc0x484mBxQbQzeYqVojtB753gdp52BTPtEUguSr4IjjVZDOgB5c6Nc-XkrtcQYETJK6IbCArkZ94t0P14AAZxIULVMQxAZNFZnb_m-CwXHZofhaliM28V8o_DPhxZlM5AmOucTWP89hXjH82C1wOeDkfujR7T4qzCgJk4NFpDP3bpioYTI-NQcij6aNlu6cVeau_Ae_VAaLgD3OMDE9or-1EkBp5vvEwMaQce58YbXgpwUax1g3jfFhxI7VySkqM00t7ecwQSdmcrD0g33rOcH-wvfa0GoxBptocwignBjBFdwbA-1VtjafxBc__8Y0iKSfWhrWTcVdaRTVDvy4Tsn6cNBVhq6xRDdp4XjdqCldvbMS3N-djElKjZgOgXMPyk9tt3727Eiwzg1hFnB5W8mrGcMYYMTZIDL4UkjqEBND883I87wctCW4mBs_wQ5W-OaLbxXBoOn8WcFBDz9usK8TrXQlz-rpHhG8hbsIwOR90TJtqdjhwbEAFoTINz_cy26QfHV8enlmiFKLs6V6m63vWv__C432LUeMhhdD59VM_NPuWLsSdkbpX6KFo8PikGgfRQv8S102iIBiOxQcMYZLuP6g9jqS_AWwN7i67rBhdHmdeVz2OZmAAbFKNNnvm-O5C3VDeMkmlWh0Sq_GfFuzzMENJIhN9Rag4LzRos8BKLFi6_ZjzdHETaBbFZnUfh5bfprWSLWQkpjURcG2SA-0Kl5dXG29BIp2HwDoUerS0qI7aqHitdg1CqT5xDJyKuE0M5cn-qyM7iSL9C5yrpAFB-BzLdasbrt0kPSOYwkCdpT7LhckL_FNvWRjoiVEk1IeXcEGpIbZZWY2V0hTenmlmr9iULk0RmTikaiG6Ppq5HAbrHyzvfU%26sp%3D%24%7BSECOND_PRICE%7D&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=1753568658&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=12774&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-5&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3Dy9q467Ct2vCqO1MCciO7RBHR8QB2_IMyqBYBY0leIzFyrScIyfuseeHfXUa3muY3TExoK98fEAVJPZy3qj8mcxs5VD9wGk9xhWFIB79Hc5UAVeQ84LAXRbdjPfMNZKd6Efvbgeo7XEr2gXoJKFbWJ_qCoBZ7fEJ5K1oMLHLI8EcwdyJNbLwuq0_S7KM19henPYTCJ8meR2zVNbul-bmxloLzY6Jey5MhZ5JUoC-NiMPparImfwdoX8phQbr7_05uOcVSSbjfYR9AOLzJj4JT3AMSDRVKwljZDSf5DvWQPEGT0AUXiG5oJyCu7hK6JHf8WOcLtSvonRE1tkrQ8uKUMJXtmBdRcjjVwKBvu82rsYqkJiBpsSC4WC9KOWY9WwGUgG9AI9cGjrTC89vERCmdwxJzTaMVZ6TJRi9VG4Q5K4zIxvZdwItol6gLy1VntYMR-MZgcwGH4DziNkae3HbWRUk8XVdpW_heAwdzv7gb4LS_Wq0eJ0BRX-GVqA7zSLKUZjGXNmMwVifiuvH2KZ2XyZDX0VyeNAFwkkc-E1O9wL29kdPjRuSnycbsiStXNHpDrezuxB4h6Sc4KCnBvbVKb6n_b1EGSACjXAQ4WlzgNKBbYRa6MspcovJ5CJanJT__3R2yBczKQVrBaoG9vam8Pw8097Zic0NEtkajJ7lxYvq_aM05ELwDA2P3SXMYLZZMuH5Z0hP4xW9kstl8xawa0rirFsKY1EAvOFF2ZvKZjBqNju_j-PHRjhKzgIR9VJ62MfIPQdnIsrkoUIttgAPBo9KTqFL3vV2a5XDSuaHodEZ_Hn_hG4D1X88giuHGxXV9uD0aur20Cc7nOl2GUuQjC9wNZmxLVUiPxuomBhGshQulwhz6uXTDefSyMIrAr-sUD3IFwaAJwzsgRtNuBoz3Eb5kUFjR9CEcfsnKkLUhzslGYM5xLwQiK2QbPlvWjrpxA9tjD20sUYhzRHCN7fwH_k4VoVTp4AYiVAU0vx-dyJ8KIdnNk5V3Wem_474wnAw996A2GOcM5Vx6P3yIN_xTkRdVDsgiq9DzcNPm3zwPO_Tv-YahIyZJu5AhCozK0U3WFhSCTCWvW2edSG-s_D6RaCvzI2EuvpEubP7TR_hPXfAECDeoEav3YiaVqRaA3IZ8iLb8GdwCpEnXq9jkx2KBTZ36FARabWPzu3eI9T26rn4ZLBXQnE3ZlrYumc0x484mBxQbQzeYqVojtB753gdp52BTPtEUguSr4IjjVZDOgB5c6Nc-XkrtcQYETJK6IbCArkZ94t0P14AAZxIULVMQxAZNFZnb_m-CwXHZofhaliM28V8o_DPhxZlM5AmOucTWP89hXjH82C1wOeDkfujR7T4qzCgJk4NFpDP3bpioYTI-NQcij6aNlu6cVeau_Ae_VAaLgD3OMDE9or-1EkBp5vvEwMaQce58YbXgpwUax1g3jfFhxI7VySkqM00t7ecwQSdmcrD0g33rOcH-wvfa0GoxBptocwignBjBFdwbA-1VtjafxBc__8Y0iKSfWhrWTcVdaRTVDvy4Tsn6cNBVhq6xRDdp4XjdqCldvbMS3N-djElKjZgOgXMPyk9tt3727Eiwzg1hFnB5W8mrGcMYYMTZIDL4UkjqEBND883I87wctCW4mBs_wQ5W-OaLbxXBoOn8WcFBDz9usK8TrXQlz-rpHhG8hbsIwOR90TJtqdjhwbEAFoTINz_cy26QfHV8enlmiFKLs6V6m63vWv__C432LUeMhhdD59VM_NPuWLsSdkbpX6KFo8PikGgfRQv8S102iIBiOxQcMYZLuP6g9jqS_AWwN7i67rBhdHmdeVz2OZmAAbFKNNnvm-O5C3VDeMkmlWh0Sq_GfFuzzMENJIhN9Rag4LzRos8BKLFi6_ZjzdHETaBbFZnUfh5bfprWSLWQkpjURcG2SA-0Kl5dXG29BIp2HwDoUerS0qI7aqHitdg1CqT5xDJyKuE0M5cn-qyM7iSL9C5yrpAFB-BzLdasbrt0kPSOYwkCdpT7LhckL_FNvWRjoiVEk1IeXcEGpIbZZWY2V0hTenmlmr9iULk0RmTikaiG6Ppq5HAbrHyzvfU%26sp%3D%24%7BSECOND_PRICE%7D&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=1753568658&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=12774&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-5&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3Dy9q467Ct2vCqO1MCciO7RBHR8QB2_IMyqBYBY0leIzFyrScIyfuseeHfXUa3muY3TExoK98fEAVJPZy3qj8mcxs5VD9wGk9xhWFIB79Hc5UAVeQ84LAXRbdjPfMNZKd6Efvbgeo7XEr2gXoJKFbWJ_qCoBZ7fEJ5K1oMLHLI8EcwdyJNbLwuq0_S7KM19henPYTCJ8meR2zVNbul-bmxloLzY6Jey5MhZ5JUoC-NiMPparImfwdoX8phQbr7_05uOcVSSbjfYR9AOLzJj4JT3AMSDRVKwljZDSf5DvWQPEGT0AUXiG5oJyCu7hK6JHf8WOcLtSvonRE1tkrQ8uKUMJXtmBdRcjjVwKBvu82rsYqkJiBpsSC4WC9KOWY9WwGUgG9AI9cGjrTC89vERCmdwxJzTaMVZ6TJRi9VG4Q5K4zIxvZdwItol6gLy1VntYMR-MZgcwGH4DziNkae3HbWRUk8XVdpW_heAwdzv7gb4LS_Wq0eJ0BRX-GVqA7zSLKUZjGXNmMwVifiuvH2KZ2XyZDX0VyeNAFwkkc-E1O9wL29kdPjRuSnycbsiStXNHpDrezuxB4h6Sc4KCnBvbVKb6n_b1EGSACjXAQ4WlzgNKBbYRa6MspcovJ5CJanJT__3R2yBczKQVrBaoG9vam8Pw8097Zic0NEtkajJ7lxYvq_aM05ELwDA2P3SXMYLZZMuH5Z0hP4xW9kstl8xawa0rirFsKY1EAvOFF2ZvKZjBqNju_j-PHRjhKzgIR9VJ62MfIPQdnIsrkoUIttgAPBo9KTqFL3vV2a5XDSuaHodEZ_Hn_hG4D1X88giuHGxXV9uD0aur20Cc7nOl2GUuQjC9wNZmxLVUiPxuomBhGshQulwhz6uXTDefSyMIrAr-sUD3IFwaAJwzsgRtNuBoz3Eb5kUFjR9CEcfsnKkLUhzslGYM5xLwQiK2QbPlvWjrpxA9tjD20sUYhzRHCN7fwH_k4VoVTp4AYiVAU0vx-dyJ8KIdnNk5V3Wem_474wnAw996A2GOcM5Vx6P3yIN_xTkRdVDsgiq9DzcNPm3zwPO_Tv-YahIyZJu5AhCozK0U3WFhSCTCWvW2edSG-s_D6RaCvzI2EuvpEubP7TR_hPXfAECDeoEav3YiaVqRaA3IZ8iLb8GdwCpEnXq9jkx2KBTZ36FARabWPzu3eI9T26rn4ZLBXQnE3ZlrYumc0x484mBxQbQzeYqVojtB753gdp52BTPtEUguSr4IjjVZDOgB5c6Nc-XkrtcQYETJK6IbCArkZ94t0P14AAZxIULVMQxAZNFZnb_m-CwXHZofhaliM28V8o_DPhxZlM5AmOucTWP89hXjH82C1wOeDkfujR7T4qzCgJk4NFpDP3bpioYTI-NQcij6aNlu6cVeau_Ae_VAaLgD3OMDE9or-1EkBp5vvEwMaQce58YbXgpwUax1g3jfFhxI7VySkqM00t7ecwQSdmcrD0g33rOcH-wvfa0GoxBptocwignBjBFdwbA-1VtjafxBc__8Y0iKSfWhrWTcVdaRTVDvy4Tsn6cNBVhq6xRDdp4XjdqCldvbMS3N-djElKjZgOgXMPyk9tt3727Eiwzg1hFnB5W8mrGcMYYMTZIDL4UkjqEBND883I87wctCW4mBs_wQ5W-OaLbxXBoOn8WcFBDz9usK8TrXQlz-rpHhG8hbsIwOR90TJtqdjhwbEAFoTINz_cy26QfHV8enlmiFKLs6V6m63vWv__C432LUeMhhdD59VM_NPuWLsSdkbpX6KFo8PikGgfRQv8S102iIBiOxQcMYZLuP6g9jqS_AWwN7i67rBhdHmdeVz2OZmAAbFKNNnvm-O5C3VDeMkmlWh0Sq_GfFuzzMENJIhN9Rag4LzRos8BKLFi6_ZjzdHETaBbFZnUfh5bfprWSLWQkpjURcG2SA-0Kl5dXG29BIp2HwDoUerS0qI7aqHitdg1CqT5xDJyKuE0M5cn-qyM7iSL9C5yrpAFB-BzLdasbrt0kPSOYwkCdpT7LhckL_FNvWRjoiVEk1IeXcEGpIbZZWY2V0hTenmlmr9iULk0RmTikaiG6Ppq5HAbrHyzvfU%26sp%3D%24%7BSECOND_PRICE%7D&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 22 Sep 2022 18:50:36 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: //in16.zog.link/in/tishow/?katds_ep=y9q467Ct2vCqO1MCciO7RBHR8QB2_IMyqBYBY0leIzFyrScIyfuseeHfXUa3muY3TExoK98fEAVJPZy3qj8mcxs5VD9wGk9xhWFIB79Hc5UAVeQ84LAXRbdjPfMNZKd6Efvbgeo7XEr2gXoJKFbWJ_qCoBZ7fEJ5K1oMLHLI8EcwdyJNbLwuq0_S7KM19henPYTCJ8meR2zVNbul-bmxloLzY6Jey5MhZ5JUoC-NiMPparImfwdoX8phQbr7_05uOcVSSbjfYR9AOLzJj4JT3AMSDRVKwljZDSf5DvWQPEGT0AUXiG5oJyCu7hK6JHf8WOcLtSvonRE1tkrQ8uKUMJXtmBdRcjjVwKBvu82rsYqkJiBpsSC4WC9KOWY9WwGUgG9AI9cGjrTC89vERCmdwxJzTaMVZ6TJRi9VG4Q5K4zIxvZdwItol6gLy1VntYMR-MZgcwGH4DziNkae3HbWRUk8XVdpW_heAwdzv7gb4LS_Wq0eJ0BRX-GVqA7zSLKUZjGXNmMwVifiuvH2KZ2XyZDX0VyeNAFwkkc-E1O9wL29kdPjRuSnycbsiStXNHpDrezuxB4h6Sc4KCnBvbVKb6n_b1EGSACjXAQ4WlzgNKBbYRa6MspcovJ5CJanJT__3R2yBczKQVrBaoG9vam8Pw8097Zic0NEtkajJ7lxYvq_aM05ELwDA2P3SXMYLZZMuH5Z0hP4xW9kstl8xawa0rirFsKY1EAvOFF2ZvKZjBqNju_j-PHRjhKzgIR9VJ62MfIPQdnIsrkoUIttgAPBo9KTqFL3vV2a5XDSuaHodEZ_Hn_hG4D1X88giuHGxXV9uD0aur20Cc7nOl2GUuQjC9wNZmxLVUiPxuomBhGshQulwhz6uXTDefSyMIrAr-sUD3IFwaAJwzsgRtNuBoz3Eb5kUFjR9CEcfsnKkLUhzslGYM5xLwQiK2QbPlvWjrpxA9tjD20sUYhzRHCN7fwH_k4VoVTp4AYiVAU0vx-dyJ8KIdnNk5V3Wem_474wnAw996A2GOcM5Vx6P3yIN_xTkRdVDsgiq9DzcNPm3zwPO_Tv-YahIyZJu5AhCozK0U3WFhSCTCWvW2edSG-s_D6RaCvzI2EuvpEubP7TR_hPXfAECDeoEav3YiaVqRaA3IZ8iLb8GdwCpEnXq9jkx2KBTZ36FARabWPzu3eI9T26rn4ZLBXQnE3ZlrYumc0x484mBxQbQzeYqVojtB753gdp52BTPtEUguSr4IjjVZDOgB5c6Nc-XkrtcQYETJK6IbCArkZ94t0P14AAZxIULVMQxAZNFZnb_m-CwXHZofhaliM28V8o_DPhxZlM5AmOucTWP89hXjH82C1wOeDkfujR7T4qzCgJk4NFpDP3bpioYTI-NQcij6aNlu6cVeau_Ae_VAaLgD3OMDE9or-1EkBp5vvEwMaQce58YbXgpwUax1g3jfFhxI7VySkqM00t7ecwQSdmcrD0g33rOcH-wvfa0GoxBptocwignBjBFdwbA-1VtjafxBc__8Y0iKSfWhrWTcVdaRTVDvy4Tsn6cNBVhq6xRDdp4XjdqCldvbMS3N-djElKjZgOgXMPyk9tt3727Eiwzg1hFnB5W8mrGcMYYMTZIDL4UkjqEBND883I87wctCW4mBs_wQ5W-OaLbxXBoOn8WcFBDz9usK8TrXQlz-rpHhG8hbsIwOR90TJtqdjhwbEAFoTINz_cy26QfHV8enlmiFKLs6V6m63vWv__C432LUeMhhdD59VM_NPuWLsSdkbpX6KFo8PikGgfRQv8S102iIBiOxQcMYZLuP6g9jqS_AWwN7i67rBhdHmdeVz2OZmAAbFKNNnvm-O5C3VDeMkmlWh0Sq_GfFuzzMENJIhN9Rag4LzRos8BKLFi6_ZjzdHETaBbFZnUfh5bfprWSLWQkpjURcG2SA-0Kl5dXG29BIp2HwDoUerS0qI7aqHitdg1CqT5xDJyKuE0M5cn-qyM7iSL9C5yrpAFB-BzLdasbrt0kPSOYwkCdpT7LhckL_FNvWRjoiVEk1IeXcEGpIbZZWY2V0hTenmlmr9iULk0RmTikaiG6Ppq5HAbrHyzvfU&sp=${SECOND_PRICE}
X-Firefox-Spdy: h2
i.jads.co/network/user500/25313-1554995760-0859497001554995760.gif
200 OK 117 kB URL HTTP/1.1 i.jads.co/network/user500/25313-1554995760-0859497001554995760.gif
IP
File type GIF image data, version 89a, 160 x 600\012- data
Size 117 kB (117287 bytes)
Hash d13289d10605ad302b8c643832d4567c
9b9decc0a227cc5ccc2ecb3ca8c83ee856b4e3e6
b8c9c4902f2894e97114868fbb83c2cf77a9b3d57586b116b5f462c71e13f3b4
GET /network/user500/25313-1554995760-0859497001554995760.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:36 GMT
Connection: Keep-Alive
ETag: "1554995760"
Cache-Control: max-age=9784368
Content-Length: 117287
Content-Type: image/gif
Last-Modified: Thu, 11 Apr 2019 15:16:00 GMT
Accept-Ranges: bytes
X-HW: 1663872636.dop017.sk1.t,1663872636.cds263.sk1.c
rtbrennab.com/banner/in/show/?mid=1042698190&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-5&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fgayinleeds.relayblog.com%252F%26katds_labels%3D%26btype%3D0%26score%3D74&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=1042698190&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-5&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fgayinleeds.relayblog.com%252F%26katds_labels%3D%26btype%3D0%26score%3D74&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=1042698190&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=gayinleeds.relayblog.com&hostname=auc-banner-hz-5&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=74&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fgayinleeds.relayblog.com%252F%26katds_labels%3D%26btype%3D0%26score%3D74&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 22 Sep 2022 18:50:36 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74
302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Cookie: 912.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Fri, 23 Sep 2022 18:50:36 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJhMjNmOGJmODNiNzQxOGM3MDg2ZjczNGJiYWRjNzA1YSJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzQ2MDl9fQ==
200 OK 6.2 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJhMjNmOGJmODNiNzQxOGM3MDg2ZjczNGJiYWRjNzA1YSJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzQ2MDl9fQ==
IP
ASN #24940 Hetzner Online GmbH
Hash 5ecc3998ee9f7bf0bec9f69994497cad
594c640b2d436fff9c5ff94000c3d4013fefc36d
73543648ed6ecf216cc0be4563b52b442177d4ff41484ff1e58924b7424a00fb
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJhMjNmOGJmODNiNzQxOGM3MDg2ZjczNGJiYWRjNzA1YSJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzQ2MDl9fQ== HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 18:50:35 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A34%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
200 OK 2.6 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A34%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP
ASN #39572 DataWeb Global Group B.V.
Hash db32a4bcf1e1c70365e6183c64a79a65
4c3c275463f6118b26f71ab6e9c21908fa915c54
8fc5da3f1b55bdd12e7b0ba516876558cf7fe8d0fe88b717335b535c6d748fe9
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A34%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Thu, 22 Sep 2022 18:50:36 UTC
expires: Thu, 22 Sep 2022 18:50:36 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74
302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fgayinleeds.relayblog.com%2F&katds_labels=&btype=0&score=74 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Cookie: 912.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Fri, 23 Sep 2022 18:50:35 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
in16.zog.link/in/tishow/?katds_ep=y9q467Ct2vCqO1MCciO7RBHR8QB2_IMyqBYBY0leIzFyrScIyfuseeHfXUa3muY3TExoK98fEAVJPZy3qj8mcxs5VD9wGk9xhWFIB79Hc5UAVeQ84LAXRbdjPfMNZKd6Efvbgeo7XEr2gXoJKFbWJ_qCoBZ7fEJ5K1oMLHLI8EcwdyJNbLwuq0_S7KM19henPYTCJ8meR2zVNbul-bmxloLzY6Jey5MhZ5JUoC-NiMPparImfwdoX8phQbr7_05uOcVSSbjfYR9AOLzJj4JT3AMSDRVKwljZDSf5DvWQPEGT0AUXiG5oJyCu7hK6JHf8WOcLtSvonRE1tkrQ8uKUMJXtmBdRcjjVwKBvu82rsYqkJiBpsSC4WC9KOWY9WwGUgG9AI9cGjrTC89vERCmdwxJzTaMVZ6TJRi9VG4Q5K4zIxvZdwItol6gLy1VntYMR-MZgcwGH4DziNkae3HbWRUk8XVdpW_heAwdzv7gb4LS_Wq0eJ0BRX-GVqA7zSLKUZjGXNmMwVifiuvH2KZ2XyZDX0VyeNAFwkkc-E1O9wL29kdPjRuSnycbsiStXNHpDrezuxB4h6Sc4KCnBvbVKb6n_b1EGSACjXAQ4WlzgNKBbYRa6MspcovJ5CJanJT__3R2yBczKQVrBaoG9vam8Pw8097Zic0NEtkajJ7lxYvq_aM05ELwDA2P3SXMYLZZMuH5Z0hP4xW9kstl8xawa0rirFsKY1EAvOFF2ZvKZjBqNju_j-PHRjhKzgIR9VJ62MfIPQdnIsrkoUIttgAPBo9KTqFL3vV2a5XDSuaHodEZ_Hn_hG4D1X88giuHGxXV9uD0aur20Cc7nOl2GUuQjC9wNZmxLVUiPxuomBhGshQulwhz6uXTDefSyMIrAr-sUD3IFwaAJwzsgRtNuBoz3Eb5kUFjR9CEcfsnKkLUhzslGYM5xLwQiK2QbPlvWjrpxA9tjD20sUYhzRHCN7fwH_k4VoVTp4AYiVAU0vx-dyJ8KIdnNk5V3Wem_474wnAw996A2GOcM5Vx6P3yIN_xTkRdVDsgiq9DzcNPm3zwPO_Tv-YahIyZJu5AhCozK0U3WFhSCTCWvW2edSG-s_D6RaCvzI2EuvpEubP7TR_hPXfAECDeoEav3YiaVqRaA3IZ8iLb8GdwCpEnXq9jkx2KBTZ36FARabWPzu3eI9T26rn4ZLBXQnE3ZlrYumc0x484mBxQbQzeYqVojtB753gdp52BTPtEUguSr4IjjVZDOgB5c6Nc-XkrtcQYETJK6IbCArkZ94t0P14AAZxIULVMQxAZNFZnb_m-CwXHZofhaliM28V8o_DPhxZlM5AmOucTWP89hXjH82C1wOeDkfujR7T4qzCgJk4NFpDP3bpioYTI-NQcij6aNlu6cVeau_Ae_VAaLgD3OMDE9or-1EkBp5vvEwMaQce58YbXgpwUax1g3jfFhxI7VySkqM00t7ecwQSdmcrD0g33rOcH-wvfa0GoxBptocwignBjBFdwbA-1VtjafxBc__8Y0iKSfWhrWTcVdaRTVDvy4Tsn6cNBVhq6xRDdp4XjdqCldvbMS3N-djElKjZgOgXMPyk9tt3727Eiwzg1hFnB5W8mrGcMYYMTZIDL4UkjqEBND883I87wctCW4mBs_wQ5W-OaLbxXBoOn8WcFBDz9usK8TrXQlz-rpHhG8hbsIwOR90TJtqdjhwbEAFoTINz_cy26QfHV8enlmiFKLs6V6m63vWv__C432LUeMhhdD59VM_NPuWLsSdkbpX6KFo8PikGgfRQv8S102iIBiOxQcMYZLuP6g9jqS_AWwN7i67rBhdHmdeVz2OZmAAbFKNNnvm-O5C3VDeMkmlWh0Sq_GfFuzzMENJIhN9Rag4LzRos8BKLFi6_ZjzdHETaBbFZnUfh5bfprWSLWQkpjURcG2SA-0Kl5dXG29BIp2HwDoUerS0qI7aqHitdg1CqT5xDJyKuE0M5cn-qyM7iSL9C5yrpAFB-BzLdasbrt0kPSOYwkCdpT7LhckL_FNvWRjoiVEk1IeXcEGpIbZZWY2V0hTenmlmr9iULk0RmTikaiG6Ppq5HAbrHyzvfU&sp=${SECOND_PRICE}
302 Found 0 B URL HTTP/2 in16.zog.link/in/tishow/?katds_ep=y9q467Ct2vCqO1MCciO7RBHR8QB2_IMyqBYBY0leIzFyrScIyfuseeHfXUa3muY3TExoK98fEAVJPZy3qj8mcxs5VD9wGk9xhWFIB79Hc5UAVeQ84LAXRbdjPfMNZKd6Efvbgeo7XEr2gXoJKFbWJ_qCoBZ7fEJ5K1oMLHLI8EcwdyJNbLwuq0_S7KM19henPYTCJ8meR2zVNbul-bmxloLzY6Jey5MhZ5JUoC-NiMPparImfwdoX8phQbr7_05uOcVSSbjfYR9AOLzJj4JT3AMSDRVKwljZDSf5DvWQPEGT0AUXiG5oJyCu7hK6JHf8WOcLtSvonRE1tkrQ8uKUMJXtmBdRcjjVwKBvu82rsYqkJiBpsSC4WC9KOWY9WwGUgG9AI9cGjrTC89vERCmdwxJzTaMVZ6TJRi9VG4Q5K4zIxvZdwItol6gLy1VntYMR-MZgcwGH4DziNkae3HbWRUk8XVdpW_heAwdzv7gb4LS_Wq0eJ0BRX-GVqA7zSLKUZjGXNmMwVifiuvH2KZ2XyZDX0VyeNAFwkkc-E1O9wL29kdPjRuSnycbsiStXNHpDrezuxB4h6Sc4KCnBvbVKb6n_b1EGSACjXAQ4WlzgNKBbYRa6MspcovJ5CJanJT__3R2yBczKQVrBaoG9vam8Pw8097Zic0NEtkajJ7lxYvq_aM05ELwDA2P3SXMYLZZMuH5Z0hP4xW9kstl8xawa0rirFsKY1EAvOFF2ZvKZjBqNju_j-PHRjhKzgIR9VJ62MfIPQdnIsrkoUIttgAPBo9KTqFL3vV2a5XDSuaHodEZ_Hn_hG4D1X88giuHGxXV9uD0aur20Cc7nOl2GUuQjC9wNZmxLVUiPxuomBhGshQulwhz6uXTDefSyMIrAr-sUD3IFwaAJwzsgRtNuBoz3Eb5kUFjR9CEcfsnKkLUhzslGYM5xLwQiK2QbPlvWjrpxA9tjD20sUYhzRHCN7fwH_k4VoVTp4AYiVAU0vx-dyJ8KIdnNk5V3Wem_474wnAw996A2GOcM5Vx6P3yIN_xTkRdVDsgiq9DzcNPm3zwPO_Tv-YahIyZJu5AhCozK0U3WFhSCTCWvW2edSG-s_D6RaCvzI2EuvpEubP7TR_hPXfAECDeoEav3YiaVqRaA3IZ8iLb8GdwCpEnXq9jkx2KBTZ36FARabWPzu3eI9T26rn4ZLBXQnE3ZlrYumc0x484mBxQbQzeYqVojtB753gdp52BTPtEUguSr4IjjVZDOgB5c6Nc-XkrtcQYETJK6IbCArkZ94t0P14AAZxIULVMQxAZNFZnb_m-CwXHZofhaliM28V8o_DPhxZlM5AmOucTWP89hXjH82C1wOeDkfujR7T4qzCgJk4NFpDP3bpioYTI-NQcij6aNlu6cVeau_Ae_VAaLgD3OMDE9or-1EkBp5vvEwMaQce58YbXgpwUax1g3jfFhxI7VySkqM00t7ecwQSdmcrD0g33rOcH-wvfa0GoxBptocwignBjBFdwbA-1VtjafxBc__8Y0iKSfWhrWTcVdaRTVDvy4Tsn6cNBVhq6xRDdp4XjdqCldvbMS3N-djElKjZgOgXMPyk9tt3727Eiwzg1hFnB5W8mrGcMYYMTZIDL4UkjqEBND883I87wctCW4mBs_wQ5W-OaLbxXBoOn8WcFBDz9usK8TrXQlz-rpHhG8hbsIwOR90TJtqdjhwbEAFoTINz_cy26QfHV8enlmiFKLs6V6m63vWv__C432LUeMhhdD59VM_NPuWLsSdkbpX6KFo8PikGgfRQv8S102iIBiOxQcMYZLuP6g9jqS_AWwN7i67rBhdHmdeVz2OZmAAbFKNNnvm-O5C3VDeMkmlWh0Sq_GfFuzzMENJIhN9Rag4LzRos8BKLFi6_ZjzdHETaBbFZnUfh5bfprWSLWQkpjURcG2SA-0Kl5dXG29BIp2HwDoUerS0qI7aqHitdg1CqT5xDJyKuE0M5cn-qyM7iSL9C5yrpAFB-BzLdasbrt0kPSOYwkCdpT7LhckL_FNvWRjoiVEk1IeXcEGpIbZZWY2V0hTenmlmr9iULk0RmTikaiG6Ppq5HAbrHyzvfU&sp=${SECOND_PRICE}
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/tishow/?katds_ep=y9q467Ct2vCqO1MCciO7RBHR8QB2_IMyqBYBY0leIzFyrScIyfuseeHfXUa3muY3TExoK98fEAVJPZy3qj8mcxs5VD9wGk9xhWFIB79Hc5UAVeQ84LAXRbdjPfMNZKd6Efvbgeo7XEr2gXoJKFbWJ_qCoBZ7fEJ5K1oMLHLI8EcwdyJNbLwuq0_S7KM19henPYTCJ8meR2zVNbul-bmxloLzY6Jey5MhZ5JUoC-NiMPparImfwdoX8phQbr7_05uOcVSSbjfYR9AOLzJj4JT3AMSDRVKwljZDSf5DvWQPEGT0AUXiG5oJyCu7hK6JHf8WOcLtSvonRE1tkrQ8uKUMJXtmBdRcjjVwKBvu82rsYqkJiBpsSC4WC9KOWY9WwGUgG9AI9cGjrTC89vERCmdwxJzTaMVZ6TJRi9VG4Q5K4zIxvZdwItol6gLy1VntYMR-MZgcwGH4DziNkae3HbWRUk8XVdpW_heAwdzv7gb4LS_Wq0eJ0BRX-GVqA7zSLKUZjGXNmMwVifiuvH2KZ2XyZDX0VyeNAFwkkc-E1O9wL29kdPjRuSnycbsiStXNHpDrezuxB4h6Sc4KCnBvbVKb6n_b1EGSACjXAQ4WlzgNKBbYRa6MspcovJ5CJanJT__3R2yBczKQVrBaoG9vam8Pw8097Zic0NEtkajJ7lxYvq_aM05ELwDA2P3SXMYLZZMuH5Z0hP4xW9kstl8xawa0rirFsKY1EAvOFF2ZvKZjBqNju_j-PHRjhKzgIR9VJ62MfIPQdnIsrkoUIttgAPBo9KTqFL3vV2a5XDSuaHodEZ_Hn_hG4D1X88giuHGxXV9uD0aur20Cc7nOl2GUuQjC9wNZmxLVUiPxuomBhGshQulwhz6uXTDefSyMIrAr-sUD3IFwaAJwzsgRtNuBoz3Eb5kUFjR9CEcfsnKkLUhzslGYM5xLwQiK2QbPlvWjrpxA9tjD20sUYhzRHCN7fwH_k4VoVTp4AYiVAU0vx-dyJ8KIdnNk5V3Wem_474wnAw996A2GOcM5Vx6P3yIN_xTkRdVDsgiq9DzcNPm3zwPO_Tv-YahIyZJu5AhCozK0U3WFhSCTCWvW2edSG-s_D6RaCvzI2EuvpEubP7TR_hPXfAECDeoEav3YiaVqRaA3IZ8iLb8GdwCpEnXq9jkx2KBTZ36FARabWPzu3eI9T26rn4ZLBXQnE3ZlrYumc0x484mBxQbQzeYqVojtB753gdp52BTPtEUguSr4IjjVZDOgB5c6Nc-XkrtcQYETJK6IbCArkZ94t0P14AAZxIULVMQxAZNFZnb_m-CwXHZofhaliM28V8o_DPhxZlM5AmOucTWP89hXjH82C1wOeDkfujR7T4qzCgJk4NFpDP3bpioYTI-NQcij6aNlu6cVeau_Ae_VAaLgD3OMDE9or-1EkBp5vvEwMaQce58YbXgpwUax1g3jfFhxI7VySkqM00t7ecwQSdmcrD0g33rOcH-wvfa0GoxBptocwignBjBFdwbA-1VtjafxBc__8Y0iKSfWhrWTcVdaRTVDvy4Tsn6cNBVhq6xRDdp4XjdqCldvbMS3N-djElKjZgOgXMPyk9tt3727Eiwzg1hFnB5W8mrGcMYYMTZIDL4UkjqEBND883I87wctCW4mBs_wQ5W-OaLbxXBoOn8WcFBDz9usK8TrXQlz-rpHhG8hbsIwOR90TJtqdjhwbEAFoTINz_cy26QfHV8enlmiFKLs6V6m63vWv__C432LUeMhhdD59VM_NPuWLsSdkbpX6KFo8PikGgfRQv8S102iIBiOxQcMYZLuP6g9jqS_AWwN7i67rBhdHmdeVz2OZmAAbFKNNnvm-O5C3VDeMkmlWh0Sq_GfFuzzMENJIhN9Rag4LzRos8BKLFi6_ZjzdHETaBbFZnUfh5bfprWSLWQkpjURcG2SA-0Kl5dXG29BIp2HwDoUerS0qI7aqHitdg1CqT5xDJyKuE0M5cn-qyM7iSL9C5yrpAFB-BzLdasbrt0kPSOYwkCdpT7LhckL_FNvWRjoiVEk1IeXcEGpIbZZWY2V0hTenmlmr9iULk0RmTikaiG6Ppq5HAbrHyzvfU&sp=${SECOND_PRICE} HTTP/1.1
Host: in16.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Thu, 22 Sep 2022 18:50:36 GMT
content-length: 0
location: https://12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{ __OS_FAMILY__ }}&__OS_TYPE__={{ __OS_TYPE__ }}&__GEOIP_COUNTRY_SHORT__={{ __GEOIP_COUNTRY_SHORT__ }}&__IP2L_MOBILE__={{ __IP2L_MOBILE__ }}&__BROWSER_FAMILY__={{ __BROWSER_FAMILY__ }}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=gayinleeds.relayblog.com&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=6af0d1b8-1759-4b6a-b5b9-b85331177319&id_zone=[idzone]&site={{ site }}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=6af0d1b8-1759-4b6a-b5b9-b85331177319&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
vary: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: 2325.0=1; expires=Fri, 23 Sep 2022 18:50:36 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 509 B IP
ASN #20940 Akamai International B.V.
Hash 0b92933f4d8bc0c7dc0c4ddb15274eac
9ccdcad35a78f7d0c5567b36e120f9cc116aa2ef
69327596e8a4c41c4a45a75a2b80e8b6333ffc7fb01bf5204fd42fb1bd244a1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7FB25157B57260F005F881592C80DBC15874236C984F7D4BDDE7F2ED2B1FFB8D"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13039
Expires: Thu, 22 Sep 2022 22:27:55 GMT
Date: Thu, 22 Sep 2022 18:50:36 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash 1a35ad623c9566f856784c035cafcfe5
d8285c7497a9665514373d337a214bcd8d810dcd
2128003121c194bebce6a1cea5946b6c0f3b16380409d1df7ea4f16922f90544
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6306
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:36 GMT
Last-Modified: Thu, 22 Sep 2022 17:05:30 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
biptolyla.com/aeWfZ.ygP_3iBj1kcl2-hnaobp2q5_lsStWuQv9-NxDyEz4AM_jCkD0ENFC-0H0IMJTKg_yMONTOQP1-JRnSpTvUb_mWVXJYZZD-0b0cMdTeg_ygOhTiQj0-LlTmQnxoO_DqIr5sNtD-Uv?iframeId=jpnorq
200 OK 1.1 kB URL HTTP/2 biptolyla.com/aeWfZ.ygP_3iBj1kcl2-hnaobp2q5_lsStWuQv9-NxDyEz4AM_jCkD0ENFC-0H0IMJTKg_yMONTOQP1-JRnSpTvUb_mWVXJYZZD-0b0cMdTeg_ygOhTiQj0-LlTmQnxoO_DqIr5sNtD-Uv?iframeId=jpnorq
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (713)
Hash 1f50051d45f0ca5c39d197b5b06c8a33
5eb5bb935a42c7c9461040539fcd2f841e1268d0
a0001461a6571c4cba56df2b535327bb2eb28774d7e68d1f373b4451c2bf8ae8
GET /aeWfZ.ygP_3iBj1kcl2-hnaobp2q5_lsStWuQv9-NxDyEz4AM_jCkD0ENFC-0H0IMJTKg_yMONTOQP1-JRnSpTvUb_mWVXJYZZD-0b0cMdTeg_ygOhTiQj0-LlTmQnxoO_DqIr5sNtD-Uv?iframeId=jpnorq HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Thu, 22 Sep 2022 18:50:32 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: kadCCap=210190:1:1662153287;199455:1:1662011125;168401:1:1663017409;194136:1:1663118711;180343:1:1656296307;211845:1:1661388894;210565:1:1660883596;132751:1:1663300715;199507:1:1655888030; max-age=1695408632; path=/
kadACap=419299:1:1662523186;383700:1:1662671864;438036:1:1657029440;434768:1:1656274688;410252:1:1662915839;432801:1:1656295814;435966:1:1656602141;407186:1:1660140957;419321:1:1662477203;272913:1:1661284037;446120:1:1663148405;419293:1:1662883102;424441:1:1662472246;445475:1:1662616891;444565:1:1663112893;401659:1:1662418246;443580:1:1661935629;419295:1:1661224266;432805:1:1656295137;444311:1:1663771206;384014:1:1658355870;438050:1:1657036135;443007:1:1661388894;346327:2:1663791482;419303:1:1662804291;444360:1:1662446108;427172:1:1661328422;445389:1:1663209970;445933:1:1662662013;419297:1:1662889803;433660:1:1662623802;320483:1:1661342695;419323:1:1661776141;444410:1:1662620118;426142:1:1655888030;419301:1:1663566374;419291:1:1662829503;422197:1:1661937740;442019:1:1663736826;442673:1:1660504936;434524:1:1657107027;319611:1:1659066943; max-age=1695408632; path=/
kadASCap=346327:2:1663791482; path=/
kadRPixJ=bnVsbA==; max-age=1695408632; path=/
kadUnP3=CAIQgqCvmQYaDQiC/5MCEAEY+YexmQYaDQjzwZkBEAEY+uKtmQYaDQivp/4BEAEYgqCvmQYiCggBEAEYgqCvmQYiCggDEAEY+YexmQYqDAjE4ycQARj5h7GZBioMCMPpDBABGIKgr5kGKgwIjL0SEAEY+uKtmQY=; max-age=1695408632; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 1a35ad623c9566f856784c035cafcfe5
d8285c7497a9665514373d337a214bcd8d810dcd
2128003121c194bebce6a1cea5946b6c0f3b16380409d1df7ea4f16922f90544
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6306
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:36 GMT
Last-Modified: Thu, 22 Sep 2022 17:05:30 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
img.strpst.com/thumbs/1663872039/37882473
200 OK 24 kB URL HTTP/2 img.strpst.com/thumbs/1663872039/37882473
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 8fa9e8f5d89d8a0da00370ad4680009c
2c06676d7b27425c5d09f8ba9176258f79e75f76
57e27c5cb1c3b91adda495fc568bc701dd8b4b517e0b9eec2a4b69e74f6aa050
GET /thumbs/1663872039/37882473 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: image/jpeg
content-length: 23778
cf-bgj: imgq:100,h2pri
cf-polished: origSize=24856, status=webp_bigger
etag: "34cad625b1adec22baff8d6f1f102315"
last-modified: Thu, 22 Sep 2022 18:41:06 GMT
cf-cache-status: HIT
age: 245
expires: Thu, 22 Sep 2022 18:55:36 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a299a13b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1663872021/87386015
200 OK 30 kB URL HTTP/2 img.strpst.com/thumbs/1663872021/87386015
IP
Hash 20219a5cb2654d2248bc7e4491a7dcfe
452a4ceb46329c3090fa9d68aa9e83014ffc22d8
620fc0e1eca572d14420b65bee72cf9db9fb657c89e76139f8f946961abb76a7
GET /thumbs/1663872021/87386015 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: image/jpeg
content-length: 29392
cf-bgj: imgq:100,h2pri
cf-polished: origSize=31041, status=webp_bigger
etag: "96e84143e47636bac1455bfe11e24f92"
last-modified: Thu, 22 Sep 2022 18:40:11 GMT
cf-cache-status: HIT
age: 250
expires: Thu, 22 Sep 2022 18:55:36 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a299a11b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1663872052/33888186
200 OK 23 kB URL HTTP/2 img.strpst.com/thumbs/1663872052/33888186
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 064d9f7b0127d9ac57fce5f4def9f8e2
f80f92bddc3f58e91caa882d47a24c42aa35a18e
6319c8e39d3bfd347ca85f54af536fca0507cc1ca88b15e6f3de158d55e32e1d
GET /thumbs/1663872052/33888186 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: image/jpeg
content-length: 23100
cf-bgj: imgq:100,h2pri
cf-polished: origSize=24133, status=webp_bigger
etag: "48495e419b2fe8a8e9c41772f2315b72"
last-modified: Thu, 22 Sep 2022 18:41:05 GMT
cf-cache-status: HIT
age: 480
expires: Thu, 22 Sep 2022 18:55:36 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a299a17b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1663872032/71595940
200 OK 46 kB URL HTTP/2 img.strpst.com/thumbs/1663872032/71595940
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash fea3dad4ae730ac67c297e1799816419
6481ac03608764215aa6503a15acdb78f82e27ed
e14a7056415fd26a96d876ec9460dca7fc2c78c004980fe244854c12ea5387d5
GET /thumbs/1663872032/71595940 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: image/jpeg
content-length: 46377
cf-bgj: imgq:100,h2pri
cf-polished: origSize=47968, status=webp_bigger
etag: "e663aee54956b916c2b376c8c0b80dcf"
last-modified: Thu, 22 Sep 2022 18:40:37 GMT
cf-cache-status: HIT
age: 501
expires: Thu, 22 Sep 2022 18:55:36 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a299a15b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1663872041/85364341
200 OK 29 kB URL HTTP/2 img.strpst.com/thumbs/1663872041/85364341
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 148ea5cb7a531ec2a1f702ac63f6d709
fe0cd3821d39f3038f7551f9e0e880da2e2d561e
89cfb01c25ebc029abe7c32e2dec3cd01d12dc5474f75865b32ef3e839b31cf6
GET /thumbs/1663872041/85364341 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: image/jpeg
content-length: 28727
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29729, status=webp_bigger
etag: "6332a3f4009a6be588ee6eb2b1ba429b"
last-modified: Thu, 22 Sep 2022 18:40:37 GMT
cf-cache-status: HIT
age: 502
expires: Thu, 22 Sep 2022 18:55:36 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a29ca56b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1663872032/87210366
200 OK 17 kB URL HTTP/2 img.strpst.com/thumbs/1663872032/87210366
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 7ecf8fb1ce81c9eec444d5dab2bdcf7c
fe90b62e5d1671395af8b526e1605f0f4db300e9
f9eb8e9349b78ffbe1ce91d7ab72e5d3bb787c2f9d55766c8129cf9906610663
GET /thumbs/1663872032/87210366 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: image/jpeg
content-length: 17075
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17926, status=webp_bigger
etag: "5ce6befdf65cac81152c9519533a1695"
last-modified: Thu, 22 Sep 2022 18:40:51 GMT
cf-cache-status: HIT
age: 532
expires: Thu, 22 Sep 2022 18:55:36 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a29da6cb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3615&ck=1&ref=https://chaturbate.com/embed/minarocket_/&ap=144&be=1621&fe=3273&dc=2696&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872632194,%22n%22:0,%22f%22:605,%22dn%22:605,%22dne%22:605,%22c%22:605,%22s%22:605,%22ce%22:605,%22rq%22:614,%22rp%22:939,%22rpe%22:942,%22dl%22:1517,%22di%22:2556,%22ds%22:2695,%22de%22:2706,%22dc%22:3272,%22l%22:3272,%22le%22:3276%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUAcLWAdRBlZWDxh4Yy8TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlwIX1gTDQAPBhJmGhsdQ0ZVPgoMFxdEAxdaWQBFTBMAAhAGSFpaVBNNE0oIFgY7CgIbDwgdQ0JQFQc8AAwLWFxXE1sTWgkDFxERBFhBXB8CXlRDTkEWBhdMUEpFPllWEhZBXkEFUVRNRBNTWBUHTQcMCxsZG1MTXk4SBxE7CgIbDxsIUgcBVlVSU05VDwEOHFUFDAdPW11RBRQNCwNYBlxWVlVdUFQbGRtDBFdcEwcRRllEUUFNQVseFgYNTQECBFBRSh8CXlROQE9GEQNIQFxCFW5UBBYLCwdEAxd%2BdDUTFUMSGhALCVdqT1QTQlAODEFeQVUXAhsdQ0RYPgYGEgoFXGpfUAxYVRhAWUYsElFQSxNNE0wAPQcBFQ9aUGZFGEFcQ1hBAAYVUkFWQUMdGxQDPAsQOV9UVFgNSBtbQC8NDRNBFxUTFFBmDhE8EgYUSlxWX0MLG0NOQRECOVtHVkYSVEs%2BBAIJCgpAFwMTJ1hLBAQMHEFKG0BYbgNDVhYRBhY8EFxHSlgOXxtbQFpSTVYbGRtEAG5KFRAKCgREAxd0XhtYVQ0DTFFNVhkdYQBQChktCw0RG0ZBDQ9uVwUCQRAVXlpQFwUQESZUWgoNTFZTVwkFCAFQEX8IEAYCDB4WDA8fURMVQwUKEDwFVlhUWBUTA0MGUlVTXg4NWwFTCVtDTkEUAhRYWEoTWxNCPUAJCwoIZlpPVBNdWBg%2BQV5DOhsEZRNNEWVDFgwRETobDxltQ1VtDFI/Rk9GZRdaUAxBWAgFDThBXBlpG2BTUms0PkFIQzobUVBCAFNVBD0QCxYIXWkbC0FtG1A%2BQUhDOhtYVlMIXVwzBwcNEQNaQWUTWxFlQwMWEAw6GxkZbUNUVAMHBzsVD11QVm4OX1UYPkFeQzobBGUTTRFlQwsHOEFcGWkbAx0AD1VbVFwfUQkEDgZZBUUPDR9dV1MMBkUFUQgJUVJXVx9TDwIMBVUARVAeUxhSVkUACQJRBUVNTk9ITxoNSQlNUU0ITVBPV09QFQQLHVACFVBbT1ZSSgsDRQEdAUUEDB9VP0REFxUTBF1QBgsBCAY5SkVVWBVuTQQRFxdBXBsVfUICR0sjU0MgEAVPR3sDQXVKAhQRJlBGfUZaRxNzDUEvESgIMlFmS0VVEXQTLggwCzVLQQwRLEN1CjYLNxESDxUbHUNUVQgFCgYPA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEEPDBYGOVVcUlQ%2BQlYTFgYAQ0QVF1hSFVhPBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NTERtNQAIHFw9PUGZCEV1QFT0XARASSmpXQkMLG0EGChcACU9QS0g%2BQVgGB0NGT0RaVFRuFVBeQ1hBFBYEVVxaE00TWg4ODBY8C1ZRXBNbE1UIBQsQDgldUBsdQ0NWDg88FxcHTUBKE1sTVQgUBkYeGw%3D%3D&jsonp=NREUM.setToken
200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3615&ck=1&ref=https://chaturbate.com/embed/minarocket_/&ap=144&be=1621&fe=3273&dc=2696&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872632194,%22n%22:0,%22f%22:605,%22dn%22:605,%22dne%22:605,%22c%22:605,%22s%22:605,%22ce%22:605,%22rq%22:614,%22rp%22:939,%22rpe%22:942,%22dl%22:1517,%22di%22:2556,%22ds%22:2695,%22de%22:2706,%22dc%22:3272,%22l%22:3272,%22le%22:3276%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUAcLWAdRBlZWDxh4Yy8TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlwIX1gTDQAPBhJmGhsdQ0ZVPgoMFxdEAxdaWQBFTBMAAhAGSFpaVBNNE0oIFgY7CgIbDwgdQ0JQFQc8AAwLWFxXE1sTWgkDFxERBFhBXB8CXlRDTkEWBhdMUEpFPllWEhZBXkEFUVRNRBNTWBUHTQcMCxsZG1MTXk4SBxE7CgIbDxsIUgcBVlVSU05VDwEOHFUFDAdPW11RBRQNCwNYBlxWVlVdUFQbGRtDBFdcEwcRRllEUUFNQVseFgYNTQECBFBRSh8CXlROQE9GEQNIQFxCFW5UBBYLCwdEAxd%2BdDUTFUMSGhALCVdqT1QTQlAODEFeQVUXAhsdQ0RYPgYGEgoFXGpfUAxYVRhAWUYsElFQSxNNE0wAPQcBFQ9aUGZFGEFcQ1hBAAYVUkFWQUMdGxQDPAsQOV9UVFgNSBtbQC8NDRNBFxUTFFBmDhE8EgYUSlxWX0MLG0NOQRECOVtHVkYSVEs%2BBAIJCgpAFwMTJ1hLBAQMHEFKG0BYbgNDVhYRBhY8EFxHSlgOXxtbQFpSTVYbGRtEAG5KFRAKCgREAxd0XhtYVQ0DTFFNVhkdYQBQChktCw0RG0ZBDQ9uVwUCQRAVXlpQFwUQESZUWgoNTFZTVwkFCAFQEX8IEAYCDB4WDA8fURMVQwUKEDwFVlhUWBUTA0MGUlVTXg4NWwFTCVtDTkEUAhRYWEoTWxNCPUAJCwoIZlpPVBNdWBg%2BQV5DOhsEZRNNEWVDFgwRETobDxltQ1VtDFI/Rk9GZRdaUAxBWAgFDThBXBlpG2BTUms0PkFIQzobUVBCAFNVBD0QCxYIXWkbC0FtG1A%2BQUhDOhtYVlMIXVwzBwcNEQNaQWUTWxFlQwMWEAw6GxkZbUNUVAMHBzsVD11QVm4OX1UYPkFeQzobBGUTTRFlQwsHOEFcGWkbAx0AD1VbVFwfUQkEDgZZBUUPDR9dV1MMBkUFUQgJUVJXVx9TDwIMBVUARVAeUxhSVkUACQJRBUVNTk9ITxoNSQlNUU0ITVBPV09QFQQLHVACFVBbT1ZSSgsDRQEdAUUEDB9VP0REFxUTBF1QBgsBCAY5SkVVWBVuTQQRFxdBXBsVfUICR0sjU0MgEAVPR3sDQXVKAhQRJlBGfUZaRxNzDUEvESgIMlFmS0VVEXQTLggwCzVLQQwRLEN1CjYLNxESDxUbHUNUVQgFCgYPA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEEPDBYGOVVcUlQ%2BQlYTFgYAQ0QVF1hSFVhPBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NTERtNQAIHFw9PUGZCEV1QFT0XARASSmpXQkMLG0EGChcACU9QS0g%2BQVgGB0NGT0RaVFRuFVBeQ1hBFBYEVVxaE00TWg4ODBY8C1ZRXBNbE1UIBQsQDgldUBsdQ0NWDg88FxcHTUBKE1sTVQgUBkYeGw%3D%3D&jsonp=NREUM.setToken
IP
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3615&ck=1&ref=https://chaturbate.com/embed/minarocket_/&ap=144&be=1621&fe=3273&dc=2696&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663872632194,%22n%22:0,%22f%22:605,%22dn%22:605,%22dne%22:605,%22c%22:605,%22s%22:605,%22ce%22:605,%22rq%22:614,%22rp%22:939,%22rpe%22:942,%22dl%22:1517,%22di%22:2556,%22ds%22:2695,%22de%22:2706,%22dc%22:3272,%22l%22:3272,%22le%22:3276%7D,%22navigation%22:%7B%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJcUQpQUAcLWAdRBlZWDxh4Yy8TFUMhJTshCU0XAwlSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlwIX1gTDQAPBhJmGhsdQ0ZVPgoMFxdEAxdaWQBFTBMAAhAGSFpaVBNNE0oIFgY7CgIbDwgdQ0JQFQc8AAwLWFxXE1sTWgkDFxERBFhBXB8CXlRDTkEWBhdMUEpFPllWEhZBXkEFUVRNRBNTWBUHTQcMCxsZG1MTXk4SBxE7CgIbDxsIUgcBVlVSU05VDwEOHFUFDAdPW11RBRQNCwNYBlxWVlVdUFQbGRtDBFdcEwcRRllEUUFNQVseFgYNTQECBFBRSh8CXlROQE9GEQNIQFxCFW5UBBYLCwdEAxd%2BdDUTFUMSGhALCVdqT1QTQlAODEFeQVUXAhsdQ0RYPgYGEgoFXGpfUAxYVRhAWUYsElFQSxNNE0wAPQcBFQ9aUGZFGEFcQ1hBAAYVUkFWQUMdGxQDPAsQOV9UVFgNSBtbQC8NDRNBFxUTFFBmDhE8EgYUSlxWX0MLG0NOQRECOVtHVkYSVEs%2BBAIJCgpAFwMTJ1hLBAQMHEFKG0BYbgNDVhYRBhY8EFxHSlgOXxtbQFpSTVYbGRtEAG5KFRAKCgREAxd0XhtYVQ0DTFFNVhkdYQBQChktCw0RG0ZBDQ9uVwUCQRAVXlpQFwUQESZUWgoNTFZTVwkFCAFQEX8IEAYCDB4WDA8fURMVQwUKEDwFVlhUWBUTA0MGUlVTXg4NWwFTCVtDTkEUAhRYWEoTWxNCPUAJCwoIZlpPVBNdWBg%2BQV5DOhsEZRNNEWVDFgwRETobDxltQ1VtDFI/Rk9GZRdaUAxBWAgFDThBXBlpG2BTUms0PkFIQzobUVBCAFNVBD0QCxYIXWkbC0FtG1A%2BQUhDOhtYVlMIXVwzBwcNEQNaQWUTWxFlQwMWEAw6GxkZbUNUVAMHBzsVD11QVm4OX1UYPkFeQzobBGUTTRFlQwsHOEFcGWkbAx0AD1VbVFwfUQkEDgZZBUUPDR9dV1MMBkUFUQgJUVJXVx9TDwIMBVUARVAeUxhSVkUACQJRBUVNTk9ITxoNSQlNUU0ITVBPV09QFQQLHVACFVBbT1ZSSgsDRQEdAUUEDB9VP0REFxUTBF1QBgsBCAY5SkVVWBVuTQQRFxdBXBsVfUICR0sjU0MgEAVPR3sDQXVKAhQRJlBGfUZaRxNzDUEvESgIMlFmS0VVEXQTLggwCzVLQQwRLEN1CjYLNxESDxUbHUNUVQgFCgYPA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEEPDBYGOVVcUlQ%2BQlYTFgYAQ0QVF1hSFVhPBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NTERtNQAIHFw9PUGZCEV1QFT0XARASSmpXQkMLG0EGChcACU9QS0g%2BQVgGB0NGT0RaVFRuFVBeQ1hBFBYEVVxaE00TWg4ODBY8C1ZRXBNbE1UIBQsQDgldUBsdQ0NWDg88FxcHTUBKE1sTVQgUBkYeGw%3D%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:36 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74ed3a28fbe6b505-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=9a97aa50ffb697f; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
img.strpst.com/thumbs/1663872052/13971979
200 OK 42 kB URL HTTP/2 img.strpst.com/thumbs/1663872052/13971979
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash dc21a31377df64c89af2634933c1de43
77219237c9912d336b37fd1c8b09320833683731
dfc2623c9a29297532dc9fd615254b524b9fb8f1acb5204521a4038d68437350
GET /thumbs/1663872052/13971979 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: image/jpeg
content-length: 42035
cf-bgj: imgq:100,h2pri
cf-polished: origSize=43691, status=webp_bigger
etag: "7a79dd720d467be18c0f8697f5b689e2"
last-modified: Thu, 22 Sep 2022 18:41:01 GMT
cf-cache-status: HIT
age: 502
expires: Thu, 22 Sep 2022 18:55:36 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a29da6db4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xxxvjmp.com/widgets/v4/MobileSlider?buttonColor=%23930606&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&isFace=1&iterationId=28473&liveBadgeColor=%23ff0707&masterSmartpopId=0&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&ruleId=0&showButton=1&showModelName=1&showTitle=1&smartpopId=1547&sourceId=226437&tag=females&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=21696
200 OK 34 kB URL HTTP/2 creative.xxxvjmp.com/widgets/v4/MobileSlider?buttonColor=%23930606&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&isFace=1&iterationId=28473&liveBadgeColor=%23ff0707&masterSmartpopId=0&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&ruleId=0&showButton=1&showModelName=1&showTitle=1&smartpopId=1547&sourceId=226437&tag=females&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=21696
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5650c20ede15af7280e0e936e476ebb4
2c16bb21f625028ce5349a8912d7fe37314fa3fc
2615958e52ddc21c5e4b89d3e6d23b47c645870a66b02675176dec8eddbf7d4e
GET /widgets/v4/MobileSlider?buttonColor=%23930606&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=997f08b15bff1ccf97a2e581116e84ed0333dda2fd147f124f274ed42d459cc1&hideModelNameOnSmallSpots=1&hideTitleOnSmallSpots=1&isFace=1&iterationId=28473&liveBadgeColor=%23ff0707&masterSmartpopId=0&memberId=X07W3NJaQSRVqqYlqTCg2PcIMztRn9P6mATKkV54VPDt0MFv9WSjzZ9Tc4Kj59PYXdyZ2voyxNstyMXisdSe9L9DhMxjFPfafzqs16w_gUIDRUi&p1=3684770&ruleId=0&showButton=1&showModelName=1&showTitle=1&smartpopId=1547&sourceId=226437&tag=females&trackOff=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=21696 HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: text/html
last-modified: Mon, 19 Sep 2022 11:33:35 GMT
expires: Thu, 22 Sep 2022 18:50:28 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 4
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a09dfb51c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1663872052/49265666
200 OK 25 kB URL HTTP/2 img.strpst.com/thumbs/1663872052/49265666
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 81e9a34b3dbe15efc6583d8064f8d8e8
e30946e6631dabf86adac1d7b4c111f98a648390
1748c4e431d6cbe6f7dd863f11d22818011804c644da2874cff52de7fae0f71b
GET /thumbs/1663872052/49265666 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xxxvjmp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: image/jpeg
content-length: 25000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=26591, status=webp_bigger
etag: "dfde1e7e150829bf4d8fd0f431c463f6"
last-modified: Thu, 22 Sep 2022 18:40:45 GMT
cf-cache-status: HIT
age: 471
expires: Thu, 22 Sep 2022 18:55:36 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ed3a29ea7eb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 1a35ad623c9566f856784c035cafcfe5
d8285c7497a9665514373d337a214bcd8d810dcd
2128003121c194bebce6a1cea5946b6c0f3b16380409d1df7ea4f16922f90544
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6306
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:36 GMT
Last-Modified: Thu, 22 Sep 2022 17:05:30 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4809&ck=1&ref=https://chaturbate.com/tours/3/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4809&ck=1&ref=https://chaturbate.com/tours/3/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4809&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1906
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:36 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74ed3a29cc151c16-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiIyZDJjMGYyMjBiNjBkZTRiNmM5NjkxOTViOWFkYzU4YSJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzUzNTF9fQ==
200 OK 29 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiIyZDJjMGYyMjBiNjBkZTRiNmM5NjkxOTViOWFkYzU4YSJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzUzNTF9fQ==
IP
ASN #24940 Hetzner Online GmbH
Hash a695226e63c11b64f5b40d482a470a42
eca9309a94d9d1feb598c02d0b243dbef05a0562
2848d0fcc716f25857ae8d12072bed1346249183db00cfad174e1086c8c3e384
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vZ2F5aW5sZWVkcy5yZWxheWJsb2cuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiIyZDJjMGYyMjBiNjBkZTRiNmM5NjkxOTViOWFkYzU4YSJ9LCJleHQiOnsiZHQiOjE2NjM4NzI2MzUzNTF9fQ== HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 18:50:35 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
200 OK 2.5 kB URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3720)
Hash 6c3a5235c13a46835ee6377a8114c045
8b67d8497d1cc0693aac7565b8ef9c199eaddf13
d067b95a7f0b0d794cfb0b5914ee4af999cf800788d3e8ee10262e1161b610e4
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}} HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 0dcdf274fb435af1
set-cookie: ts_uid=b1f107f9-54da-4931-8de7-450196a1d562; expires=Wed, 22 Mar 2023 18:50:36 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZN3LIkEFDRhcWIsYU3BLjoYgyE2PYsDEjR40cMGbY6NJH; expires=Fri, 23 Sep 2022 18:50:36 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=gayinleeds.relayblog.com&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=6af0d1b8-1759-4b6a-b5b9-b85331177319&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=6af0d1b8-1759-4b6a-b5b9-b85331177319&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
200 OK 863 B URL HTTP/2 12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=gayinleeds.relayblog.com&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=6af0d1b8-1759-4b6a-b5b9-b85331177319&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=6af0d1b8-1759-4b6a-b5b9-b85331177319&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8c350b3ce5cde45ce43129d6451d0ffd
0163ba9cc9d2d0958d173c90782b6926f9997893
ec6c5f2ad0b6c6d63e935f6fc7c20e8547e4cd8ea198c38061a540c702a47233
GET /m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=gayinleeds.relayblog.com&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=6af0d1b8-1759-4b6a-b5b9-b85331177319&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=6af0d1b8-1759-4b6a-b5b9-b85331177319&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0 HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: text/html; charset=utf-8
server: nginx/1.12.2
last-modified: Wed, 02 Sep 2020 10:48:37 GMT
etag: W/"5f4f7885-7e9"
content-encoding: gzip
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: MISS
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A35%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
200 OK 4.6 kB URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A35%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3829)
Hash b7b311c0388587c9031cd41a2f696953
3ec683ca561529f811e7b3d017683ac61b0a848f
14f232d16e9a46885c0d2e040ec799328f205638e4c52bbd063d55475136025c
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A35%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Thu, 22 Sep 2022 18:50:36 UTC
expires: Thu, 22 Sep 2022 18:50:36 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4793&ck=1&ref=https://chaturbate.com/tours/3/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4793&ck=1&ref=https://chaturbate.com/tours/3/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4793&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1905
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:36 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74ed3a2b8ff8b505-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
ocsp.sectigo.com/
200 OK 471 B IP
Hash 1ffe5ea280c9ed9cb07f625ef7e13484
25dc97c595333dfb68656b5a016358f14b6a280c
e2f1d4e3dd7d6d321ad9ae8fb3dd8e5336d68d4a3845a5848f74020d4343fbfd
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 17:56:21 GMT
Expires: Mon, 26 Sep 2022 17:56:20 GMT
Etag: "25dc97c595333dfb68656b5a016358f14b6a280c"
Cache-Control: max-age=341743,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ed3a2acd2b1c16-OSL
in16.zog.link/in/show/?__OS_FAMILY__=%7B%7B%20__OS_FAMILY__%20%7D%7D&__OS_TYPE__=%7B%7B%20__OS_TYPE__%20%7D%7D&__GEOIP_COUNTRY_SHORT__=%7B%7B%20__GEOIP_COUNTRY_SHORT__%20%7D%7D&__IP2L_MOBILE__=%7B%7B%20__IP2L_MOBILE__%20%7D%7D&__BROWSER_FAMILY__=%7B%7B%20__BROWSER_FAMILY__%20%7D%7D&OS_FAMILY=%5BOS_FAMILY%5D&OS_TYPE=%5BOS_TYPE%5D&COUNTRY_ISO_CODE=%5BCOUNTRY_ISO_CODE%5D&MOBILE_BRAND=%5BMOBILE_BRAND%5D&BROWSER_FAMILY=%5BBROWSER_FAMILY%5D&DOMAIN=gayinleeds.relayblog.com&PRICE=0.0050&PRICING_MODEL=%5BPRICING_MODEL%5D&CAMPAIGN_ID=6435&CLICK_ID=6af0d1b8-1759-4b6a-b5b9-b85331177319&id_zone=%5Bidzone%5D&site=%7B%7B%20site%20%7D%7D&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=6af0d1b8-1759-4b6a-b5b9-b85331177319&priority=%5BPRIORITY%5D&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0&banner_id=4190&banner_creative_id=8920
200 OK 2 B URL HTTP/2 in16.zog.link/in/show/?__OS_FAMILY__=%7B%7B%20__OS_FAMILY__%20%7D%7D&__OS_TYPE__=%7B%7B%20__OS_TYPE__%20%7D%7D&__GEOIP_COUNTRY_SHORT__=%7B%7B%20__GEOIP_COUNTRY_SHORT__%20%7D%7D&__IP2L_MOBILE__=%7B%7B%20__IP2L_MOBILE__%20%7D%7D&__BROWSER_FAMILY__=%7B%7B%20__BROWSER_FAMILY__%20%7D%7D&OS_FAMILY=%5BOS_FAMILY%5D&OS_TYPE=%5BOS_TYPE%5D&COUNTRY_ISO_CODE=%5BCOUNTRY_ISO_CODE%5D&MOBILE_BRAND=%5BMOBILE_BRAND%5D&BROWSER_FAMILY=%5BBROWSER_FAMILY%5D&DOMAIN=gayinleeds.relayblog.com&PRICE=0.0050&PRICING_MODEL=%5BPRICING_MODEL%5D&CAMPAIGN_ID=6435&CLICK_ID=6af0d1b8-1759-4b6a-b5b9-b85331177319&id_zone=%5Bidzone%5D&site=%7B%7B%20site%20%7D%7D&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=6af0d1b8-1759-4b6a-b5b9-b85331177319&priority=%5BPRIORITY%5D&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0&banner_id=4190&banner_creative_id=8920
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /in/show/?__OS_FAMILY__=%7B%7B%20__OS_FAMILY__%20%7D%7D&__OS_TYPE__=%7B%7B%20__OS_TYPE__%20%7D%7D&__GEOIP_COUNTRY_SHORT__=%7B%7B%20__GEOIP_COUNTRY_SHORT__%20%7D%7D&__IP2L_MOBILE__=%7B%7B%20__IP2L_MOBILE__%20%7D%7D&__BROWSER_FAMILY__=%7B%7B%20__BROWSER_FAMILY__%20%7D%7D&OS_FAMILY=%5BOS_FAMILY%5D&OS_TYPE=%5BOS_TYPE%5D&COUNTRY_ISO_CODE=%5BCOUNTRY_ISO_CODE%5D&MOBILE_BRAND=%5BMOBILE_BRAND%5D&BROWSER_FAMILY=%5BBROWSER_FAMILY%5D&DOMAIN=gayinleeds.relayblog.com&PRICE=0.0050&PRICING_MODEL=%5BPRICING_MODEL%5D&CAMPAIGN_ID=6435&CLICK_ID=6af0d1b8-1759-4b6a-b5b9-b85331177319&id_zone=%5Bidzone%5D&site=%7B%7B%20site%20%7D%7D&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=6af0d1b8-1759-4b6a-b5b9-b85331177319&priority=%5BPRIORITY%5D&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0&banner_id=4190&banner_creative_id=8920 HTTP/1.1
Host: in16.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://12112336.pix-cdn.org
Connection: keep-alive
Referer: https://12112336.pix-cdn.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: https://12112336.pix-cdn.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
set-cookie: 770.0=1; expires=Fri, 23 Sep 2022 18:50:36 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
bcdn.clickaine.com/21361/05e979a0-5672-11eb-98b3-8aec4f8692d5.jpg
200 OK 66 kB URL HTTP/2 bcdn.clickaine.com/21361/05e979a0-5672-11eb-98b3-8aec4f8692d5.jpg
IP
ASN #199524 G-Core Labs S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash d288a6ed4b8f20f81f74fdd10bcc319d
d365c878f58f2f47dead8ad9f86bdb43b84bce94
5b373e6234344873acab9c286f06515dacae12b9d0d1aa5ca3577dfc2d69a408
GET /21361/05e979a0-5672-11eb-98b3-8aec4f8692d5.jpg HTTP/1.1
Host: bcdn.clickaine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: image/jpeg
content-length: 66255
last-modified: Thu, 14 Jan 2021 14:08:49 GMT
etag: "60005071-102cf"
cache: HIT
x-cached-since: 2022-09-19T11:10:33+00:00
x-id: sto5-up-gc10
accept-ranges: bytes
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=5223&ck=1&ref=https://chaturbate.com/tours/3/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=5223&ck=1&ref=https://chaturbate.com/tours/3/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=5223&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1906
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:37 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74ed3a2c4eaf1c16-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=5020&ck=1&ref=https://chaturbate.com/tours/3/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=5020&ck=1&ref=https://chaturbate.com/tours/3/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=5020&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1904
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:37 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74ed3a2c79abb505-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDn5nDsR5TXYElQdUh7bVsUFw7uhP_LsJLOxDAwe0j4nF5cBouysKoL1PYZhcxDLksPqU7x3znRrdiTRYrBztUcm74a0NTscJLrFJlYADK5H_0rrlq4TwiBCj2FFaIJYpP2UYGrTBQTa4viDefy09nkmFlSKIc7F8N38_BB-tQAktwGd0Nhb6KtNEcq-tpoCEsKQhrjlf31zq-UMHe29PCzJUQNFVDoLTUOk3UQEdpC2Ka6L2UfG6HO3LBNr9uAonFNgOiI3RPrDMe0h9IGLZQFd5iRcJ8BijwD7E67iWtL5Q9gxsm_ekRH1bpjJsIgQ4sO3zFvDgGUGaFoKUVmeO5BAnuTYt5IFmoL5Y598WS2Ywkp7NVIiyoKdAZHGmUa2Hivw9tV6G8PwIpa9bwxlCnGhc0Nw_z9dDSbuenR-NuxSlZq1xZEJvHMxbVl-brHgHNPiNN4jG0UoYSgUlcHtFaUViUS1m2m4ZPPU9qQjc-WN-IjTVlT568jxxivE7icdpmwf95RbX1Yir4iGgeKAwRCn-8AbU_2st2gCuRQIOT_vHky_cFbeFcLiMn6UBizRoL0cV0AYQbme14tn3yAimnUPbiGP3MJcAEHumdFGLYWshY3rcOxITX1wrkio3pvs-D6GtF8Y0UPRkwcJVAEAlb6LI4zcjM3aTqeDGM_GdRjuZAOZmDgGV4uHuHljJD-UF9W4cvCHEi-3Y0dRLvoepYzkIiGJO8rkGaEs2f-8OV380DCP_oiCIWvgpTVD_S9y3dQm9KpSSAxBW8NUHOvzpwgDXS-IQqqA7owsXk85kX7MsM2_XnyleGSGQ5ZaKipU9x-3JByyG0KJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJf_amH7N94b7O1e05h7MJO1au0iBYkeMCeVK1cRw
200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDn5nDsR5TXYElQdUh7bVsUFw7uhP_LsJLOxDAwe0j4nF5cBouysKoL1PYZhcxDLksPqU7x3znRrdiTRYrBztUcm74a0NTscJLrFJlYADK5H_0rrlq4TwiBCj2FFaIJYpP2UYGrTBQTa4viDefy09nkmFlSKIc7F8N38_BB-tQAktwGd0Nhb6KtNEcq-tpoCEsKQhrjlf31zq-UMHe29PCzJUQNFVDoLTUOk3UQEdpC2Ka6L2UfG6HO3LBNr9uAonFNgOiI3RPrDMe0h9IGLZQFd5iRcJ8BijwD7E67iWtL5Q9gxsm_ekRH1bpjJsIgQ4sO3zFvDgGUGaFoKUVmeO5BAnuTYt5IFmoL5Y598WS2Ywkp7NVIiyoKdAZHGmUa2Hivw9tV6G8PwIpa9bwxlCnGhc0Nw_z9dDSbuenR-NuxSlZq1xZEJvHMxbVl-brHgHNPiNN4jG0UoYSgUlcHtFaUViUS1m2m4ZPPU9qQjc-WN-IjTVlT568jxxivE7icdpmwf95RbX1Yir4iGgeKAwRCn-8AbU_2st2gCuRQIOT_vHky_cFbeFcLiMn6UBizRoL0cV0AYQbme14tn3yAimnUPbiGP3MJcAEHumdFGLYWshY3rcOxITX1wrkio3pvs-D6GtF8Y0UPRkwcJVAEAlb6LI4zcjM3aTqeDGM_GdRjuZAOZmDgGV4uHuHljJD-UF9W4cvCHEi-3Y0dRLvoepYzkIiGJO8rkGaEs2f-8OV380DCP_oiCIWvgpTVD_S9y3dQm9KpSSAxBW8NUHOvzpwgDXS-IQqqA7owsXk85kX7MsM2_XnyleGSGQ5ZaKipU9x-3JByyG0KJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJf_amH7N94b7O1e05h7MJO1au0iBYkeMCeVK1cRw
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPemZXerDn5nDsR5TXYElQdUh7bVsUFw7uhP_LsJLOxDAwe0j4nF5cBouysKoL1PYZhcxDLksPqU7x3znRrdiTRYrBztUcm74a0NTscJLrFJlYADK5H_0rrlq4TwiBCj2FFaIJYpP2UYGrTBQTa4viDefy09nkmFlSKIc7F8N38_BB-tQAktwGd0Nhb6KtNEcq-tpoCEsKQhrjlf31zq-UMHe29PCzJUQNFVDoLTUOk3UQEdpC2Ka6L2UfG6HO3LBNr9uAonFNgOiI3RPrDMe0h9IGLZQFd5iRcJ8BijwD7E67iWtL5Q9gxsm_ekRH1bpjJsIgQ4sO3zFvDgGUGaFoKUVmeO5BAnuTYt5IFmoL5Y598WS2Ywkp7NVIiyoKdAZHGmUa2Hivw9tV6G8PwIpa9bwxlCnGhc0Nw_z9dDSbuenR-NuxSlZq1xZEJvHMxbVl-brHgHNPiNN4jG0UoYSgUlcHtFaUViUS1m2m4ZPPU9qQjc-WN-IjTVlT568jxxivE7icdpmwf95RbX1Yir4iGgeKAwRCn-8AbU_2st2gCuRQIOT_vHky_cFbeFcLiMn6UBizRoL0cV0AYQbme14tn3yAimnUPbiGP3MJcAEHumdFGLYWshY3rcOxITX1wrkio3pvs-D6GtF8Y0UPRkwcJVAEAlb6LI4zcjM3aTqeDGM_GdRjuZAOZmDgGV4uHuHljJD-UF9W4cvCHEi-3Y0dRLvoepYzkIiGJO8rkGaEs2f-8OV380DCP_oiCIWvgpTVD_S9y3dQm9KpSSAxBW8NUHOvzpwgDXS-IQqqA7owsXk85kX7MsM2_XnyleGSGQ5ZaKipU9x-3JByyG0KJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJf_amH7N94b7O1e05h7MJO1au0iBYkeMCeVK1cRw HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUkR1jNHsrpgkuaxHzSVEcs-Vz6qNUMTA4RhRfmmJ3Jj5jVku4B05LZldznjTK9TZihh-nNqrp8hQuscb0Woj6XsCHv8bflRWXnqQVP3FO4ckpvDaQtEE2uOXaTGq1fIeF80WZBz-PQJWrsfIsMFsk_Etj2hp8d8_LnB4d-k4aivwtq23FmPSRQq5VnCUFwuAQSOAWxKmoXLYgLYDxqwmbGJRw0zFY780czBPVXlXK_JgwMIH6jY7Vwkxu5ZA1VHrJu9wNNNfdgS2TmfTYfwd0KNHt9v9kJMxbrjU-zAAUA_fzuZaxQL8562iFe2zSLWnVYzIPLonMRRk-HQq6GPRRBckVN4g3y0HoWrYnU1ZtBWx6tHICuKX4GPSRTtujC_JdXpeK8-vSuvy7YAlSB6WwT4tMrY37j3HC1_pfMzpWd-kDJEDmeH3h13OdCPmUdC7kTwb_lY-gYmRmUBzMsboI0gvJ0SkpfnBIMzjSft2Ax0go2H-T4DeJK0XZzy6tClVMQQsL8bE5EtvLm1gXk0C1iBa_CUDHfzbY0BHDeJMtpNWiftGL7YVawa5qsrKc3xJoeq4cQ5LJm4wbVUbVgKwcmy4KdRJpYy0dWIxPEzZ3I7sgqNqPBhBBKL52FRtYKo2-KUjDB5tGlJxIysOAsZ-f80YrEmJlbJGWF3_f0ga0S2Kmsr92j34imT1yx_bjXEBH2VM1RcNyLky13IeFSL66Ib-kbFVgs6RaIoRZcsnwi6QmKG2kQmW8E65LvCFEPamX54i6FGJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7M_b1K27lsqObOUfRf3WE-4I83kqQ
200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUkR1jNHsrpgkuaxHzSVEcs-Vz6qNUMTA4RhRfmmJ3Jj5jVku4B05LZldznjTK9TZihh-nNqrp8hQuscb0Woj6XsCHv8bflRWXnqQVP3FO4ckpvDaQtEE2uOXaTGq1fIeF80WZBz-PQJWrsfIsMFsk_Etj2hp8d8_LnB4d-k4aivwtq23FmPSRQq5VnCUFwuAQSOAWxKmoXLYgLYDxqwmbGJRw0zFY780czBPVXlXK_JgwMIH6jY7Vwkxu5ZA1VHrJu9wNNNfdgS2TmfTYfwd0KNHt9v9kJMxbrjU-zAAUA_fzuZaxQL8562iFe2zSLWnVYzIPLonMRRk-HQq6GPRRBckVN4g3y0HoWrYnU1ZtBWx6tHICuKX4GPSRTtujC_JdXpeK8-vSuvy7YAlSB6WwT4tMrY37j3HC1_pfMzpWd-kDJEDmeH3h13OdCPmUdC7kTwb_lY-gYmRmUBzMsboI0gvJ0SkpfnBIMzjSft2Ax0go2H-T4DeJK0XZzy6tClVMQQsL8bE5EtvLm1gXk0C1iBa_CUDHfzbY0BHDeJMtpNWiftGL7YVawa5qsrKc3xJoeq4cQ5LJm4wbVUbVgKwcmy4KdRJpYy0dWIxPEzZ3I7sgqNqPBhBBKL52FRtYKo2-KUjDB5tGlJxIysOAsZ-f80YrEmJlbJGWF3_f0ga0S2Kmsr92j34imT1yx_bjXEBH2VM1RcNyLky13IeFSL66Ib-kbFVgs6RaIoRZcsnwi6QmKG2kQmW8E65LvCFEPamX54i6FGJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7M_b1K27lsqObOUfRf3WE-4I83kqQ
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56k6TWoLdYF0lXJX75dq5jkxDbkgPrUkR1jNHsrpgkuaxHzSVEcs-Vz6qNUMTA4RhRfmmJ3Jj5jVku4B05LZldznjTK9TZihh-nNqrp8hQuscb0Woj6XsCHv8bflRWXnqQVP3FO4ckpvDaQtEE2uOXaTGq1fIeF80WZBz-PQJWrsfIsMFsk_Etj2hp8d8_LnB4d-k4aivwtq23FmPSRQq5VnCUFwuAQSOAWxKmoXLYgLYDxqwmbGJRw0zFY780czBPVXlXK_JgwMIH6jY7Vwkxu5ZA1VHrJu9wNNNfdgS2TmfTYfwd0KNHt9v9kJMxbrjU-zAAUA_fzuZaxQL8562iFe2zSLWnVYzIPLonMRRk-HQq6GPRRBckVN4g3y0HoWrYnU1ZtBWx6tHICuKX4GPSRTtujC_JdXpeK8-vSuvy7YAlSB6WwT4tMrY37j3HC1_pfMzpWd-kDJEDmeH3h13OdCPmUdC7kTwb_lY-gYmRmUBzMsboI0gvJ0SkpfnBIMzjSft2Ax0go2H-T4DeJK0XZzy6tClVMQQsL8bE5EtvLm1gXk0C1iBa_CUDHfzbY0BHDeJMtpNWiftGL7YVawa5qsrKc3xJoeq4cQ5LJm4wbVUbVgKwcmy4KdRJpYy0dWIxPEzZ3I7sgqNqPBhBBKL52FRtYKo2-KUjDB5tGlJxIysOAsZ-f80YrEmJlbJGWF3_f0ga0S2Kmsr92j34imT1yx_bjXEBH2VM1RcNyLky13IeFSL66Ib-kbFVgs6RaIoRZcsnwi6QmKG2kQmW8E65LvCFEPamX54i6FGJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7M_b1K27lsqObOUfRf3WE-4I83kqQ HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56UJTCpvA8F2jfr90bDq5jkxDbkgPrcrx1jNHsrpgkuaxHzSVEcs-Vz6qNUMTA4RhRfmmJ3Jj5jVku4B05LZldzniTGyj4ggvJhlCRy_7elmlQ5Dwwyxp86WOUVYxvVnqQXAcaQyu3eenCs1XxMQl9i4AbNQdcZ5szi5YVZZi62X52SJ6jyLz2yXIEecY_lTHVqrODl3fC-MaA-nRlLStPJbKXIG0DHenQ8D7eHZNsdkGSdrI6A6xtZ52TPnQoD9KThjUNwTm8jTSc1st0FAIHkUJ-jCJ4O1qCkKQNRGX0fNaAANP8BjyHHsCCGLpo7tokNnbMkLGeDJDxL_2CS1mKqFlvdoSjqYPIvzhhFUZqYz3r_vSiRzWHZk0F222XT7jgSHl7t4cbjdHICmL44HvQRTtujC_JdVqSBE82p8KuysqMOzslMFy2uAPseWu05pFlldFqvuqJVpAMU08wKSo4uKBIqv5SSBOef7z5ZvBEorc-gf8BCVP7A76GTW7y2NyjSfu1AxEAo2L-jn_eJK0XZzy-Kt-Rnd1EICoeOzAQkfNU9rsy3EowL0i6n63uJSJVJyumkkKBdzUp1QUBnXOWLnAIxdcgJG4dSJbXuxbXbVUbVgKwcmy42VdWJYO0dSIBPI7iDVmid6dB1SG5BKL52FRtYKo2_FN4g_nQws4WIzrtDAcHTkEhZ0SJtf4uDT7n1VGRS9643mhSd1nSQAUtb4E6-y1cEGw5qG5qOK8E6sP-FPw_H3XTpRZpacdUMv6LVSyDSar6eO7rUh2gGg_klAHdeDRJwS7PumOJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7NI9ZwjUe25v6Jgwh5HLfVhMvv6gg
200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56UJTCpvA8F2jfr90bDq5jkxDbkgPrcrx1jNHsrpgkuaxHzSVEcs-Vz6qNUMTA4RhRfmmJ3Jj5jVku4B05LZldzniTGyj4ggvJhlCRy_7elmlQ5Dwwyxp86WOUVYxvVnqQXAcaQyu3eenCs1XxMQl9i4AbNQdcZ5szi5YVZZi62X52SJ6jyLz2yXIEecY_lTHVqrODl3fC-MaA-nRlLStPJbKXIG0DHenQ8D7eHZNsdkGSdrI6A6xtZ52TPnQoD9KThjUNwTm8jTSc1st0FAIHkUJ-jCJ4O1qCkKQNRGX0fNaAANP8BjyHHsCCGLpo7tokNnbMkLGeDJDxL_2CS1mKqFlvdoSjqYPIvzhhFUZqYz3r_vSiRzWHZk0F222XT7jgSHl7t4cbjdHICmL44HvQRTtujC_JdVqSBE82p8KuysqMOzslMFy2uAPseWu05pFlldFqvuqJVpAMU08wKSo4uKBIqv5SSBOef7z5ZvBEorc-gf8BCVP7A76GTW7y2NyjSfu1AxEAo2L-jn_eJK0XZzy-Kt-Rnd1EICoeOzAQkfNU9rsy3EowL0i6n63uJSJVJyumkkKBdzUp1QUBnXOWLnAIxdcgJG4dSJbXuxbXbVUbVgKwcmy42VdWJYO0dSIBPI7iDVmid6dB1SG5BKL52FRtYKo2_FN4g_nQws4WIzrtDAcHTkEhZ0SJtf4uDT7n1VGRS9643mhSd1nSQAUtb4E6-y1cEGw5qG5qOK8E6sP-FPw_H3XTpRZpacdUMv6LVSyDSar6eO7rUh2gGg_klAHdeDRJwS7PumOJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7NI9ZwjUe25v6Jgwh5HLfVhMvv6gg
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9TcqEjTypQ7-DcZVW0GAto-H2GwWee56UJTCpvA8F2jfr90bDq5jkxDbkgPrcrx1jNHsrpgkuaxHzSVEcs-Vz6qNUMTA4RhRfmmJ3Jj5jVku4B05LZldzniTGyj4ggvJhlCRy_7elmlQ5Dwwyxp86WOUVYxvVnqQXAcaQyu3eenCs1XxMQl9i4AbNQdcZ5szi5YVZZi62X52SJ6jyLz2yXIEecY_lTHVqrODl3fC-MaA-nRlLStPJbKXIG0DHenQ8D7eHZNsdkGSdrI6A6xtZ52TPnQoD9KThjUNwTm8jTSc1st0FAIHkUJ-jCJ4O1qCkKQNRGX0fNaAANP8BjyHHsCCGLpo7tokNnbMkLGeDJDxL_2CS1mKqFlvdoSjqYPIvzhhFUZqYz3r_vSiRzWHZk0F222XT7jgSHl7t4cbjdHICmL44HvQRTtujC_JdVqSBE82p8KuysqMOzslMFy2uAPseWu05pFlldFqvuqJVpAMU08wKSo4uKBIqv5SSBOef7z5ZvBEorc-gf8BCVP7A76GTW7y2NyjSfu1AxEAo2L-jn_eJK0XZzy-Kt-Rnd1EICoeOzAQkfNU9rsy3EowL0i6n63uJSJVJyumkkKBdzUp1QUBnXOWLnAIxdcgJG4dSJbXuxbXbVUbVgKwcmy42VdWJYO0dSIBPI7iDVmid6dB1SG5BKL52FRtYKo2_FN4g_nQws4WIzrtDAcHTkEhZ0SJtf4uDT7n1VGRS9643mhSd1nSQAUtb4E6-y1cEGw5qG5qOK8E6sP-FPw_H3XTpRZpacdUMv6LVSyDSar6eO7rUh2gGg_klAHdeDRJwS7PumOJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7NI9ZwjUe25v6Jgwh5HLfVhMvv6gg HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9dfYEhSnxAUINPdcEu1yqxvx2BrSBCBroyo6Xi6Knz5-XrenpAbnwKNJwlj8eXtJOke3wkbSY9PGCC-yd8-Vz6qNUMTA8RhR_mqJ3Jj5jVku4B05LYlFznhTDKiYigvPh1CRy_7elmVQ5Dwwyxp86WOUVYwPTniRVAcaQyuHfcnCsFX1MQl9i4AbPQdceVui_FOYxJw3v7W84wThrN4t10keG8Hn9yahHWXtLyb087jAohBFbB9nfJUI75BNsyzdVsm4nyCMISm46Mu83Oge4kGT3QWLRVtc6f-OF1cAEsLQEh6aRnAZRrcaNcuJAWFsmHhOrXZz0XzNtLXq_kr9MmEpRBpeYnquYGpqgSBQ33Sk3PqJTMjKqJYWpouG0IY64kqeeaYnrpwhAKO35s8FGPqk9syaKC2tWNxkda4rwC-aFesWwGI8uNhMT6wzMgSEII_JM4IlZNLNFNf6feaLUFvBS-ibsGyKBAsFI5Ivetn6WeE3h9vBbCPmVdC7UU2FwXXLO9dkVz2gXohS6U6Gudm9U5cmDGTQnLa9f8ttDoRPqBrumrjuKl2ZtClVqUz00Z2Cn6SiA-ASzSVyv6l5YYc8q4m1D0ZHPUCMLnM_9hxx0u8fkDo-65erqKn94yjqaoKGaFIGwGSlkseohtX_Ehvgc4HyQl9o6bVAPOdL-CH_jPWdiVOkA9AiQkbFFqF-2fnewsaUADKtDAUHjmYhpqp5mnwyPEW6En0uuXSaEQ6CgfSsHqdFgiAYYMm7AXemL-XDOJRerZJURPxAbmAj0tgTg9cYvvCzSB1JUaMvmHFR1DTMzoxe4OJsl7CW_E8U3waJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7PX2fuVDnpqBdrRRVCt_vWpWATsEQ
200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9dfYEhSnxAUINPdcEu1yqxvx2BrSBCBroyo6Xi6Knz5-XrenpAbnwKNJwlj8eXtJOke3wkbSY9PGCC-yd8-Vz6qNUMTA8RhR_mqJ3Jj5jVku4B05LYlFznhTDKiYigvPh1CRy_7elmVQ5Dwwyxp86WOUVYwPTniRVAcaQyuHfcnCsFX1MQl9i4AbPQdceVui_FOYxJw3v7W84wThrN4t10keG8Hn9yahHWXtLyb087jAohBFbB9nfJUI75BNsyzdVsm4nyCMISm46Mu83Oge4kGT3QWLRVtc6f-OF1cAEsLQEh6aRnAZRrcaNcuJAWFsmHhOrXZz0XzNtLXq_kr9MmEpRBpeYnquYGpqgSBQ33Sk3PqJTMjKqJYWpouG0IY64kqeeaYnrpwhAKO35s8FGPqk9syaKC2tWNxkda4rwC-aFesWwGI8uNhMT6wzMgSEII_JM4IlZNLNFNf6feaLUFvBS-ibsGyKBAsFI5Ivetn6WeE3h9vBbCPmVdC7UU2FwXXLO9dkVz2gXohS6U6Gudm9U5cmDGTQnLa9f8ttDoRPqBrumrjuKl2ZtClVqUz00Z2Cn6SiA-ASzSVyv6l5YYc8q4m1D0ZHPUCMLnM_9hxx0u8fkDo-65erqKn94yjqaoKGaFIGwGSlkseohtX_Ehvgc4HyQl9o6bVAPOdL-CH_jPWdiVOkA9AiQkbFFqF-2fnewsaUADKtDAUHjmYhpqp5mnwyPEW6En0uuXSaEQ6CgfSsHqdFgiAYYMm7AXemL-XDOJRerZJURPxAbmAj0tgTg9cYvvCzSB1JUaMvmHFR1DTMzoxe4OJsl7CW_E8U3waJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7PX2fuVDnpqBdrRRVCt_vWpWATsEQ
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9dfYEhSnxAUINPdcEu1yqxvx2BrSBCBroyo6Xi6Knz5-XrenpAbnwKNJwlj8eXtJOke3wkbSY9PGCC-yd8-Vz6qNUMTA8RhR_mqJ3Jj5jVku4B05LYlFznhTDKiYigvPh1CRy_7elmVQ5Dwwyxp86WOUVYwPTniRVAcaQyuHfcnCsFX1MQl9i4AbPQdceVui_FOYxJw3v7W84wThrN4t10keG8Hn9yahHWXtLyb087jAohBFbB9nfJUI75BNsyzdVsm4nyCMISm46Mu83Oge4kGT3QWLRVtc6f-OF1cAEsLQEh6aRnAZRrcaNcuJAWFsmHhOrXZz0XzNtLXq_kr9MmEpRBpeYnquYGpqgSBQ33Sk3PqJTMjKqJYWpouG0IY64kqeeaYnrpwhAKO35s8FGPqk9syaKC2tWNxkda4rwC-aFesWwGI8uNhMT6wzMgSEII_JM4IlZNLNFNf6feaLUFvBS-ibsGyKBAsFI5Ivetn6WeE3h9vBbCPmVdC7UU2FwXXLO9dkVz2gXohS6U6Gudm9U5cmDGTQnLa9f8ttDoRPqBrumrjuKl2ZtClVqUz00Z2Cn6SiA-ASzSVyv6l5YYc8q4m1D0ZHPUCMLnM_9hxx0u8fkDo-65erqKn94yjqaoKGaFIGwGSlkseohtX_Ehvgc4HyQl9o6bVAPOdL-CH_jPWdiVOkA9AiQkbFFqF-2fnewsaUADKtDAUHjmYhpqp5mnwyPEW6En0uuXSaEQ6CgfSsHqdFgiAYYMm7AXemL-XDOJRerZJURPxAbmAj0tgTg9cYvvCzSB1JUaMvmHFR1DTMzoxe4OJsl7CW_E8U3waJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7PX2fuVDnpqBdrRRVCt_vWpWATsEQ HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDn5nDsR9TcqEjTypQ7-DcZVW00y26zX2Bq0OeobNV52lbzU8qwONWh9c99jkxDLkgPrcrx1jNH0rpgkuKyHzSVEcs-VzaqNUKVAkHoyRsZzAc3MYsrxvbSAqxHlvoSyqYvFyRl-nNqrp8hQuscb0Woj-XsCHv8bftR1VnqQXAcaQyu3eW0Ap9mf2-NXaTGqpQZcZ5gzi5YV9RDh9OnjHyvmgXhA9IQgAQk_lTHVqrODl3fC-MaA-nRlLStPI7KXIH0DHemw8D6uqbxa3xeqvob9mJ8s4mCgmzzF5nM3QMnm-wTlHsn6mTSnxMCKm_ExegZdbIu_qwKwlc1FreJ5aA_0GFYXIouismRSDvOg40SZQAEm3ZYOICWiNp5E3y6uZPFQmmml6nFVF0ZqYz3rGoZzudQZd9yh_8izrB2R5hA_saN-7hmUO2eQ46ls_KIygyMBOZsku09QEW3eUeIp9a5p9tfbktWCJjF5UypXM6ZmIC09PpUwe_Qtkvffi6_yRkX2L6yK5SXzE611B_zThV1ikIgUxaVEPh7xfyr-ZZu28xKcXSMOwdqgUX3JpHBKn1ysgjNjcJpl4Et__pJAbf-xlwHMFnXVL91iQ9ocT8uXAzz8h-RXG7LOWScxFDuSxfMYFFXsEAd4FhGeMCtm7t6onZ6LmMYcWmkzhKcHUHCKY7AESL27rwAQdumOtUdTKRv5z66pGu4ns8j6Q7qEdxroaOQTO8LkGZNGONH_f0jVMe24_oiGIWvHpTVB_S_y3dQm9KrSSQxAW-N0PHO6P6ZgKIaAA4LDtMphV2oR5TTmhS6QoAYecAONBe7R84hpNBfREEZUwUiJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJf_amH7N94b7MOHxFmbSfOGZrUYgJg-yMZM2bJwg
200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDn5nDsR9TcqEjTypQ7-DcZVW00y26zX2Bq0OeobNV52lbzU8qwONWh9c99jkxDLkgPrcrx1jNH0rpgkuKyHzSVEcs-VzaqNUKVAkHoyRsZzAc3MYsrxvbSAqxHlvoSyqYvFyRl-nNqrp8hQuscb0Woj-XsCHv8bftR1VnqQXAcaQyu3eW0Ap9mf2-NXaTGqpQZcZ5gzi5YV9RDh9OnjHyvmgXhA9IQgAQk_lTHVqrODl3fC-MaA-nRlLStPI7KXIH0DHemw8D6uqbxa3xeqvob9mJ8s4mCgmzzF5nM3QMnm-wTlHsn6mTSnxMCKm_ExegZdbIu_qwKwlc1FreJ5aA_0GFYXIouismRSDvOg40SZQAEm3ZYOICWiNp5E3y6uZPFQmmml6nFVF0ZqYz3rGoZzudQZd9yh_8izrB2R5hA_saN-7hmUO2eQ46ls_KIygyMBOZsku09QEW3eUeIp9a5p9tfbktWCJjF5UypXM6ZmIC09PpUwe_Qtkvffi6_yRkX2L6yK5SXzE611B_zThV1ikIgUxaVEPh7xfyr-ZZu28xKcXSMOwdqgUX3JpHBKn1ysgjNjcJpl4Et__pJAbf-xlwHMFnXVL91iQ9ocT8uXAzz8h-RXG7LOWScxFDuSxfMYFFXsEAd4FhGeMCtm7t6onZ6LmMYcWmkzhKcHUHCKY7AESL27rwAQdumOtUdTKRv5z66pGu4ns8j6Q7qEdxroaOQTO8LkGZNGONH_f0jVMe24_oiGIWvHpTVB_S_y3dQm9KrSSQxAW-N0PHO6P6ZgKIaAA4LDtMphV2oR5TTmhS6QoAYecAONBe7R84hpNBfREEZUwUiJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJf_amH7N94b7MOHxFmbSfOGZrUYgJg-yMZM2bJwg
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPemZXerDn5nDsR9TcqEjTypQ7-DcZVW00y26zX2Bq0OeobNV52lbzU8qwONWh9c99jkxDLkgPrcrx1jNH0rpgkuKyHzSVEcs-VzaqNUKVAkHoyRsZzAc3MYsrxvbSAqxHlvoSyqYvFyRl-nNqrp8hQuscb0Woj-XsCHv8bftR1VnqQXAcaQyu3eW0Ap9mf2-NXaTGqpQZcZ5gzi5YV9RDh9OnjHyvmgXhA9IQgAQk_lTHVqrODl3fC-MaA-nRlLStPI7KXIH0DHemw8D6uqbxa3xeqvob9mJ8s4mCgmzzF5nM3QMnm-wTlHsn6mTSnxMCKm_ExegZdbIu_qwKwlc1FreJ5aA_0GFYXIouismRSDvOg40SZQAEm3ZYOICWiNp5E3y6uZPFQmmml6nFVF0ZqYz3rGoZzudQZd9yh_8izrB2R5hA_saN-7hmUO2eQ46ls_KIygyMBOZsku09QEW3eUeIp9a5p9tfbktWCJjF5UypXM6ZmIC09PpUwe_Qtkvffi6_yRkX2L6yK5SXzE611B_zThV1ikIgUxaVEPh7xfyr-ZZu28xKcXSMOwdqgUX3JpHBKn1ysgjNjcJpl4Et__pJAbf-xlwHMFnXVL91iQ9ocT8uXAzz8h-RXG7LOWScxFDuSxfMYFFXsEAd4FhGeMCtm7t6onZ6LmMYcWmkzhKcHUHCKY7AESL27rwAQdumOtUdTKRv5z66pGu4ns8j6Q7qEdxroaOQTO8LkGZNGONH_f0jVMe24_oiGIWvHpTVB_S_y3dQm9KrSSQxAW-N0PHO6P6ZgKIaAA4LDtMphV2oR5TTmhS6QoAYecAONBe7R84hpNBfREEZUwUiJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJf_amH7N94b7MOHxFmbSfOGZrUYgJg-yMZM2bJwg HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9dfYEhSnxAUINPdcEu1yqxvx2BrSBCBrRGhgW6YWOyUvECB0gQXnwKNJwlj8SQdJOke3wkbSY9PGCC-yd8-Vz6qNUMTA8RhR_mqJ3Jj5jVku4B05LYlFzniTG1T4ihj9nNqrp8hQusEb0Woj6XsCHv8bftR1VniRVP3FO4csGNPiQNEM2uOXaTGqxfIeK001i5YV9RFiNOrjH6tmAnhA9IQBecJflTHVqrODi20pmlW2d_JTQdsZMu3oKfy7-DW3w8w9qLxa3xeqvko_EnGc1j5G6MhO7gMqie3JiLFuvhg0-2GAHMBI50HTrGjTCvNxJWvYpCO4FTJICTExIE6z75kqONNcdvnBVghMcy1CaS_xIw3q6Y8jFXMAIKhm14YatQ686NT_YnfndzyEwP0vrqPi9sxzDKD-FZ9WVYGxxi-aFeMUQII8uNhMT6wzMkR4Ij-QDzlQxsb1Q-XhUlAiCOC8It1MXqCS2DqyfkGNRwO-Gwp27EH8gYMN7pvBF-udkeRyVoDZJOKUxRv8W48oExbAKgUgE2IonJa1f8qVToSPWSXumrjuKl2Z-1J3fyBAE-pncBk5XK8ImV5quhyTFfyTc52Wpt7Da1DGZ4uJSe_qLMOaBafCSTkbRcOnwknDYITjTzb8w2SlkseohtX_7vifk4LyQm9s6ZUPxFEYxeA1EcujiVOkA9AiQkZF1bkU2fnewsYWIzrlCAWF-Ur74OZvumAzPEXGEurGfErc_amBIWvHpTVBfU5KwIPyl-iDFtJZQqSf9JpopsvkVDqbxruEzojQsU6_doE9oc2_klXPwIYAf74AnbRfvudqNyrvSUSJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7Mr0Xqk2_NuSrZxJtJeUX8icfqBCg
200 OK 68 B URL HTTP/2 28980.weednewspro.com/v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9dfYEhSnxAUINPdcEu1yqxvx2BrSBCBrRGhgW6YWOyUvECB0gQXnwKNJwlj8SQdJOke3wkbSY9PGCC-yd8-Vz6qNUMTA8RhR_mqJ3Jj5jVku4B05LYlFzniTG1T4ihj9nNqrp8hQusEb0Woj6XsCHv8bftR1VniRVP3FO4csGNPiQNEM2uOXaTGqxfIeK001i5YV9RFiNOrjH6tmAnhA9IQBecJflTHVqrODi20pmlW2d_JTQdsZMu3oKfy7-DW3w8w9qLxa3xeqvko_EnGc1j5G6MhO7gMqie3JiLFuvhg0-2GAHMBI50HTrGjTCvNxJWvYpCO4FTJICTExIE6z75kqONNcdvnBVghMcy1CaS_xIw3q6Y8jFXMAIKhm14YatQ686NT_YnfndzyEwP0vrqPi9sxzDKD-FZ9WVYGxxi-aFeMUQII8uNhMT6wzMkR4Ij-QDzlQxsb1Q-XhUlAiCOC8It1MXqCS2DqyfkGNRwO-Gwp27EH8gYMN7pvBF-udkeRyVoDZJOKUxRv8W48oExbAKgUgE2IonJa1f8qVToSPWSXumrjuKl2Z-1J3fyBAE-pncBk5XK8ImV5quhyTFfyTc52Wpt7Da1DGZ4uJSe_qLMOaBafCSTkbRcOnwknDYITjTzb8w2SlkseohtX_7vifk4LyQm9s6ZUPxFEYxeA1EcujiVOkA9AiQkZF1bkU2fnewsYWIzrlCAWF-Ur74OZvumAzPEXGEurGfErc_amBIWvHpTVBfU5KwIPyl-iDFtJZQqSf9JpopsvkVDqbxruEzojQsU6_doE9oc2_klXPwIYAf74AnbRfvudqNyrvSUSJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7Mr0Xqk2_NuSrZxJtJeUX8icfqBCg
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPemZXerDnJnDsR9dfYEhSnxAUINPdcEu1yqxvx2BrSBCBrRGhgW6YWOyUvECB0gQXnwKNJwlj8SQdJOke3wkbSY9PGCC-yd8-Vz6qNUMTA8RhR_mqJ3Jj5jVku4B05LYlFzniTG1T4ihj9nNqrp8hQusEb0Woj6XsCHv8bftR1VniRVP3FO4csGNPiQNEM2uOXaTGqxfIeK001i5YV9RFiNOrjH6tmAnhA9IQBecJflTHVqrODi20pmlW2d_JTQdsZMu3oKfy7-DW3w8w9qLxa3xeqvko_EnGc1j5G6MhO7gMqie3JiLFuvhg0-2GAHMBI50HTrGjTCvNxJWvYpCO4FTJICTExIE6z75kqONNcdvnBVghMcy1CaS_xIw3q6Y8jFXMAIKhm14YatQ686NT_YnfndzyEwP0vrqPi9sxzDKD-FZ9WVYGxxi-aFeMUQII8uNhMT6wzMkR4Ij-QDzlQxsb1Q-XhUlAiCOC8It1MXqCS2DqyfkGNRwO-Gwp27EH8gYMN7pvBF-udkeRyVoDZJOKUxRv8W48oExbAKgUgE2IonJa1f8qVToSPWSXumrjuKl2Z-1J3fyBAE-pncBk5XK8ImV5quhyTFfyTc52Wpt7Da1DGZ4uJSe_qLMOaBafCSTkbRcOnwknDYITjTzb8w2SlkseohtX_7vifk4LyQm9s6ZUPxFEYxeA1EcujiVOkA9AiQkZF1bkU2fnewsYWIzrlCAWF-Ur74OZvumAzPEXGEurGfErc_amBIWvHpTVBfU5KwIPyl-iDFtJZQqSf9JpopsvkVDqbxruEzojQsU6_doE9oc2_klXPwIYAf74AnbRfvudqNyrvSUSJ3O59I4YSi-XSW84cD8cxRAg04zqGL50d0mfJpAMOSppSI0cEiAuJ8CqUPZ9aySZtRh_QEGORPsEWayo4YPy_nwFRkNBKoJPJvvRjZ1l4AGpIHSVKiHJXqHGoUfqJx1AQ51siPuAuc6vyWy1_jiqsJlgxth6X0WRDFE-prquk4CH29tQSysBG-W5kHdmbVgyu7xkwnoWZY4dhIIOaIm-jpmP2YMacVnnvsl0GBaJfHaiH6N94b7Mr0Xqk2_NuSrZxJtJeUX8icfqBCg HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=b1f107f9-54da-4931-8de7-450196a1d562; bfq=APeIECNCxxYZN3LIkEFDRhcWIsYU3BLjoYgyE2PYsDEjR40cMGbY6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 17138374
accept-ranges: bytes
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=b1f107f9-54da-4931-8de7-450196a1d562; bfq=APeIECNCxxYZN3LIkEFDRhcWIsYU3BLjoYgyE2PYsDEjR40cMGbY6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Thu, 22 Sep 2022 18:50:37 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 17138374
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=b1f107f9-54da-4931-8de7-450196a1d562; bfq=APeIECNCxxYZN3LIkEFDRhcWIsYU3BLjoYgyE2PYsDEjR40cMGbY6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Thu, 22 Sep 2022 18:50:37 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 17138374
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 314 B IP
Hash 8f371d9cb57aeef4ce6b53cda2d1aeb1
531eaacee0925a20c4b8e4d3e4a2694294877136
06d07cf30e6a3a230b97d3aeb1dc648e6dad9b2ebb8fdb6036e75535cbac3e6c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6054
Cache-Control: max-age=168678
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:37 GMT
Etag: "632c86bd-13a"
Expires: Sat, 24 Sep 2022 17:41:55 GMT
Last-Modified: Thu, 22 Sep 2022 16:01:01 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
200 OK 314 B IP
Hash 8f371d9cb57aeef4ce6b53cda2d1aeb1
531eaacee0925a20c4b8e4d3e4a2694294877136
06d07cf30e6a3a230b97d3aeb1dc648e6dad9b2ebb8fdb6036e75535cbac3e6c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 525
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:37 GMT
Last-Modified: Thu, 22 Sep 2022 18:41:53 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
200 OK 314 B IP
Hash 8f371d9cb57aeef4ce6b53cda2d1aeb1
531eaacee0925a20c4b8e4d3e4a2694294877136
06d07cf30e6a3a230b97d3aeb1dc648e6dad9b2ebb8fdb6036e75535cbac3e6c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3578
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 18:50:37 GMT
Last-Modified: Thu, 22 Sep 2022 17:50:59 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 314
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4863&ck=1&ref=https://chaturbate.com/tours/3/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4863&ck=1&ref=https://chaturbate.com/tours/3/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4863&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1904
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:37 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74ed3a307bd61c16-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4848&ck=1&ref=https://chaturbate.com/tours/3/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4848&ck=1&ref=https://chaturbate.com/tours/3/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4848&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1904
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:37 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74ed3a309fbbb505-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4295&ck=1&ref=https://chaturbate.com/tours/3/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4295&ck=1&ref=https://chaturbate.com/tours/3/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=4295&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1903
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:37 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74ed3a30e9f2b517-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
cbjpeg.stream.highwebmedia.com/stream?room=minarocket_&f=0.026993371529480892
200 OK 25 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=minarocket_&f=0.026993371529480892
IP
ASN #50389 Phoenix Nap, LLC.
Hash 433f5c057ef1a2eee98ee63bfd714d22
3e9d25934ec6eb561bacaca8cf633c130c0efe06
c40f87a480defcc5bd0f4e76aa2cecd61675359695fca3676a9718e18a48f32c
GET /stream?room=minarocket_&f=0.026993371529480892 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=octWM0G.da9q1RAOUuO0gjLLqG3RVXehsBjyc9uOXcw-1663872632506-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: image/jpeg
content-length: 25096
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
a.adtng.com/get/10005363?time=1592491455431&atc=445506&apb=YrDvI56hpN3c05iswBQSM3ixLsQQUamzprfbcRN2clJg4AaBamU9uFSr-QWISkqoBV0E6wgMkhnhxAY93RcNHntvQPzo9zu02kCuRJliLz9b29CzFAxaXJ6G_gUIDRUi
200 OK 14 kB URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=445506&apb=YrDvI56hpN3c05iswBQSM3ixLsQQUamzprfbcRN2clJg4AaBamU9uFSr-QWISkqoBV0E6wgMkhnhxAY93RcNHntvQPzo9zu02kCuRJliLz9b29CzFAxaXJ6G_gUIDRUi
IP
Hash f1c79b49d03d5a986c595d9d853419f8
14d1e58bef2a053fb828474b9b5ef6245c36be2c
9a7c6c492674b245e7fad91257713fa5c6688523a3fdc1bb8f59572c792b13c3
GET /get/10005363?time=1592491455431&atc=445506&apb=YrDvI56hpN3c05iswBQSM3ixLsQQUamzprfbcRN2clJg4AaBamU9uFSr-QWISkqoBV0E6wgMkhnhxAY93RcNHntvQPzo9zu02kCuRJliLz9b29CzFAxaXJ6G_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KHmMsrn0wCHb1RfX/Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7078; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 632CAE7D-42FE72AB01BB8614-32407E9D
X-Firefox-Spdy: h2
a.adtng.com/get/10005363?time=1592491455431&atc=423524&apb=hX6tl5QOShL5haOXGRyD4-bnxO286ZzJU1Up8WUIyGjgQ2ZvK3qirLq-M48O75SgBLLiEBEHgjSap2TAD4wh_3yv2dpLZVe_nZAglIBgWWw4JWc2dDVXNpnv_gUIDRUi
200 OK 12 kB URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=423524&apb=hX6tl5QOShL5haOXGRyD4-bnxO286ZzJU1Up8WUIyGjgQ2ZvK3qirLq-M48O75SgBLLiEBEHgjSap2TAD4wh_3yv2dpLZVe_nZAglIBgWWw4JWc2dDVXNpnv_gUIDRUi
IP
Hash 49676c46a7da3f7770e7566a40ff5113
727989b526a1cca78484cbd3886d7da555fbfe53
887c52ab8fc5ce5560f9b1f8dd77a4600c0d72bc96ddbc9329194768f9e79bc5
GET /get/10005363?time=1592491455431&atc=423524&apb=hX6tl5QOShL5haOXGRyD4-bnxO286ZzJU1Up8WUIyGjgQ2ZvK3qirLq-M48O75SgBLLiEBEHgjSap2TAD4wh_3yv2dpLZVe_nZAglIBgWWw4JWc2dDVXNpnv_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KAmMsrn0BxANSBLjxAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded6973; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 632CAE7D-42FE72AB01BB8614-32407E9E
X-Firefox-Spdy: h2
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:38 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10491323
X-HW: 1663872637.dop223.sk1.t,1663872638.cds218.sk1.shn,1663872638.cds218.sk1.c
Access-Control-Allow-Origin: *
a.adtng.com/get/10005363?time=1592491455431&atc=423524&apb=NXxT-mr0VLnNWs_lZJfQD0Qf0Hiua6-h4SYfpMGFH4FEcwAuXfdE8HyuF9A0R6PMyviERB_dxAOvmadc5O-0W6bbXofA6AduOTiIllpwd4azTCN20nXLUDQ9_gUIDRUi
200 OK 15 kB URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=423524&apb=NXxT-mr0VLnNWs_lZJfQD0Qf0Hiua6-h4SYfpMGFH4FEcwAuXfdE8HyuF9A0R6PMyviERB_dxAOvmadc5O-0W6bbXofA6AduOTiIllpwd4azTCN20nXLUDQ9_gUIDRUi
IP
Hash 5b6197a5653d17dff9e968e961f9e0b1
515b1b6b87e7ece70d8f4de462e49ded88f514e1
ce7e2506681e2f6148b2d05478f91951b06819a58ee7c02194a81e54f561bf17
GET /get/10005363?time=1592491455431&atc=423524&apb=NXxT-mr0VLnNWs_lZJfQD0Qf0Hiua6-h4SYfpMGFH4FEcwAuXfdE8HyuF9A0R6PMyviERB_dxAOvmadc5O-0W6bbXofA6AduOTiIllpwd4azTCN20nXLUDQ9_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 18:50:37 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KFmMsrn1d52Nxl1+nAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7040; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 632CAE7D-42FE72AB01BB8614-32407EA0
X-Firefox-Spdy: h2
biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
200 OK 0 B URL HTTP/2 biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
IP
GET /aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: application/javascript
vary: Accept-Encoding
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 422591
expires: Sat, 22 Oct 2022 18:50:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kAtQ3rM3NdDeIi%2FHFCg4EIwqNjGRt%2FZp%2F7skJfrQlIaXjlo2D1e4HBnwqWeGDvWbA0J0FjZy%2FyasqKpb37ZBFgzl1wAxLVI16Su5fJvgqobQaUDIj6MgIwpcFmG1SjxLCvcKe%2F1DoloNDDOpIwb5ow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=cs6peSeBC2EzknI7jOueQIwZqxfqKQyEI9.W80Ri6SI-1663872632497-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74ed3a110cafb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A34%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
200 OK 0 B URL HTTP/2 28980.weednewspro.com/v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A34%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP
ASN #39572 DataWeb Global Group B.V.
GET /v2/a/na/203282?subId=&pageUri=https%3A%2F%2F28980.weednewspro.com%2Fv2%2Fa%2Fna%2Fif%2F203282&referer=http%3A%2F%2Fgo.goaserv.com%2F&av=1&abl=0&kws=&rtg=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%22300%22%2C%22250%22%2C%22300%22%2C%22250%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Sep%2022%202022%2018%3A50%3A34%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:36 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Thu, 22 Sep 2022 18:50:36 UTC
expires: Thu, 22 Sep 2022 18:50:36 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootswatch/3.3.7/sandstone/bootstrap.min.css
200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootswatch/3.3.7/sandstone/bootstrap.min.css
IP
GET /bootswatch/3.3.7/sandstone/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:30 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"193a9c738b1f86bbb65f69ffa04f3bd8"
last-modified: Mon, 25 Jan 2021 22:04:28 GMT
cdn-cachedat: 08/20/2022 09:02:21
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 56e33131e144ac9f958d83f2f087958e
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ed3a046ecb0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
28980.weednewspro.com/v2/a/na/js/203282?container=c
200 OK 0 B URL HTTP/2 28980.weednewspro.com/v2/a/na/js/203282?container=c
IP
ASN #39572 DataWeb Global Group B.V.
GET /v2/a/na/js/203282?container=c HTTP/1.1
Host: 28980.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28980.weednewspro.com/v2/a/na/if/203282
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
i.jads.co/network/user1037/131-1573234880-0093291001573234880.gif
200 OK 0 B URL HTTP/1.1 i.jads.co/network/user1037/131-1573234880-0093291001573234880.gif
IP
GET /network/user1037/131-1573234880-0093291001573234880.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 18:50:35 GMT
Connection: Keep-Alive
ETag: "1573234880"
Cache-Control: max-age=24892245
Content-Length: 53401
Content-Type: image/gif
Last-Modified: Fri, 08 Nov 2019 17:41:20 GMT
Accept-Ranges: bytes
X-HW: 1663872635.dop213.sk1.t,1663872635.cds235.sk1.c
static-assets.highwebmedia.com/CACHE/css/output.5c1e955e3832.css
200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.5c1e955e3832.css
IP
GET /CACHE/css/output.5c1e955e3832.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:32 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=63849
etag: W/"03c072147fa475d9bd57bcc9b73d3260"
last-modified: Thu, 22 Sep 2022 16:22:00 GMT
x-amz-id-2: src6WemkBrmxeGDZVP+4ipre01PPVsPb7jxfzfVQ0ssDy7l2IzQ439zT3Wf7YWS5u4ixFo+mPb4=
x-amz-meta-s3cmd-attrs: md5:03c072147fa475d9bd57bcc9b73d3260
x-amz-request-id: 12Q62S61BDK4RBY8
cf-cache-status: HIT
age: 8732
expires: Sat, 22 Oct 2022 18:50:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V0oafJxBIZKjZrz9T4ATwI%2FDOZ%2BkMndWoQWKtjfcFv22rjQAl%2Fb%2BUXwxn%2BM5CG%2Fp0%2FqH%2F0ZrFwGUB9Dwfkwuw0JZbcSrM5IgvWUP0xWOV3fQ%2Fi683HBhKHp7kajlRziCzPY2%2BuWAJxFay4iGXRvR3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=A4p8IcD2sAwCsYLcJTX8RU7063LPc5mOn.htd0ANOe0-1663872632490-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74ed3a110c9fb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
biptolyla.com/a.W-ZTyUPV3WB_1YcZ2ahba-bd2e5flgS_WiQj9kNlD-En4oMpjqk_0sNtCu0v0-MxTygzyAO_TCQD1EJFn-pHvIbJmKV_JMZNDO0P0-MRTSgTyUO_TWQX0YLZT-QbxcOdDeI_5gNhDiUj?iframeId=zuyquy
200 OK 0 B URL HTTP/2 biptolyla.com/a.W-ZTyUPV3WB_1YcZ2ahba-bd2e5flgS_WiQj9kNlD-En4oMpjqk_0sNtCu0v0-MxTygzyAO_TCQD1EJFn-pHvIbJmKV_JMZNDO0P0-MRTSgTyUO_TWQX0YLZT-QbxcOdDeI_5gNhDiUj?iframeId=zuyquy
IP
GET /a.W-ZTyUPV3WB_1YcZ2ahba-bd2e5flgS_WiQj9kNlD-En4oMpjqk_0sNtCu0v0-MxTygzyAO_TCQD1EJFn-pHvIbJmKV_JMZNDO0P0-MRTSgTyUO_TWQX0YLZT-QbxcOdDeI_5gNhDiUj?iframeId=zuyquy HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Thu, 22 Sep 2022 18:50:31 GMT
set-cookie: kadCCap=199507:1:1655888030;168401:1:1663017409;211845:1:1661388894;194136:1:1663118711;210565:1:1660883596;180343:1:1656296307;132751:1:1663300715;210190:1:1662153287;199455:1:1662011125; max-age=1695408631; path=/
kadACap=444360:1:1662446108;444410:1:1662620118;410252:1:1662915839;435966:1:1656602141;419297:1:1662889803;272913:1:1661284037;419301:1:1663566374;319611:1:1659066943;419299:1:1662523186;419291:1:1662829503;424441:1:1662472246;433660:1:1662623802;438036:1:1657029440;434524:1:1657107027;432801:1:1656295814;444311:1:1663771206;384014:1:1658355870;419321:1:1662477203;419293:1:1662883102;320483:1:1661342695;445933:1:1662662013;442673:1:1660504936;422197:1:1661937740;432805:1:1656295137;401659:1:1662418246;383700:1:1662671864;443580:1:1661935629;427172:1:1661328422;442019:1:1663736826;434768:1:1656274688;445389:1:1663209970;443007:1:1661388894;346327:2:1663791482;444565:1:1663112893;419303:1:1662804291;407186:1:1660140957;419323:1:1661776141;446120:1:1663148405;419295:1:1661224266;445475:1:1662616891;438050:1:1657036135;426142:1:1655888030; max-age=1695408631; path=/
kadASCap=346327:2:1663791482; path=/
kadRPixJ=bnVsbA==; max-age=1695408631; path=/
kadUnP3=CAIQgqCvmQYaDQjzwZkBEAEY+uKtmQYaDQivp/4BEAEYgqCvmQYaDQiC/5MCEAEY+YexmQYiCggBEAEYgqCvmQYiCggDEAEY+YexmQYqDAjD6QwQARiCoK+ZBioMCIy9EhABGPrirZkGKgwIxOMnEAEY+YexmQY=; max-age=1695408631; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
IP
GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:30 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"2f624089c65f12185e79925bc5a7fc42"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 08/20/2022 02:31:07
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 601
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 4b20605ebefa8639192608403ea3b8ee
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ed3a044ead0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:30 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"4fbd15cb6047af93373f4f895639c8bf"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 08/20/2022 02:39:36
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 632
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: bf8ed47778b1c068fc3c5faf207e1b5f
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ed3a046ec80b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
IP
GET /bootstrap/3.3.6/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gayinleeds.relayblog.com
Connection: keep-alive
Referer: http://gayinleeds.relayblog.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 18:50:30 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"c5b5b2fa19bd66ff23211d9f844e0131"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 08/20/2022 02:30:10
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 17844530b12c4164ac3290b405240860
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ed3a046ece0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wideeyedlady.pro/crDt9v6.b-2i5IlcSTWEQ/9zNZD/I-2TNJzGMr4YNMgH
200 OK 0 B URL HTTP/2 wideeyedlady.pro/crDt9v6.b-2i5IlcSTWEQ/9zNZD/I-2TNJzGMr4YNMgH
IP
GET /crDt9v6.b-2i5IlcSTWEQ/9zNZD/I-2TNJzGMr4YNMgH HTTP/1.1
Host: wideeyedlady.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gayinleeds.relayblog.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 18:50:31 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
last-modified: Thu, 22 Sep 2022 18:50:31 GMT
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
set-cookie: kadSlcJ=eyJ0aW1lU3RhbXAiOjE2NjM4NjcxMjYsInpvbmVzIjp7IjQyNjczODYiOls0MjY3Mzg2LDEsMTY2Mzg3MjYzMV0sIjQ0MjcwMzciOls0NDI3MDM3LDIsMTY2MzgxNzA1NF0sIjQ0MzUyMDkiOls0NDM1MjA5LDEsMTY2Mzg2NzEyNl0sIjQ1MzkwNzIiOls0NTM5MDcyLDEsMTY2Mzc5NTAwOF19fQ==; max-age=1695408631; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
137.74.197.13
104.18.42.40
143.204.55.35
148.251.120.78
93.184.220.29
185.18.187.89
95.211.229.246
23.36.77.32
192.99.154.176
92.223.97.97
151.101.86.137