xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
172.67.69.220302 Found 0 B URL HTTP/1.1 xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
IP 172.67.69.220:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/5f6580f261e5e63e2c1c7cbc HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Wed, 28 Sep 2022 05:49:36 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ak2WaTYkbyetTF0RIzpTqmVdWRLO%2Bq%2BgPuPrymuvXcdvb0QdBny4wUJYvaEs%2FOmhShRBpocoF%2FOtdhuG2mzgwuP95%2FjuODiZ51t5XkpJdtouX6rR4UIDF%2FOXvUvzSw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 751a325d9cec0b06-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 05:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Ulrt7voYaEbCt0u22mo-ZvGvzw5qinLhAYfWGwJzLl13VVp4d7fk8w==
Age: 2037
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13119
Expires: Wed, 28 Sep 2022 09:28:15 GMT
Date: Wed, 28 Sep 2022 05:49:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Bos8fSBEtnX1-XnkjkSW7d4MLVck8c-XyqBs5h5PjpOwaFMSoQH7MQ==
age: 73523
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
104.26.1.188200 OK 5.4 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP 104.26.1.188:0
File type ASCII text, with very long lines (12210), with no line terminators
Hash 00071c9fbc21890d3d3ae9cd90d00736
d9db9637364a076e3e0badff8d5c80a2af3314a3
5deab3d2fe096ceac0411a22f893a5cbf5ac8d6276c462cdf13f2e1ef97c7248
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-1826d2b92c0"
last-modified: Fri, 05 Aug 2022 08:42:28 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4655117
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTRngAa%2F1H1nkIev6AP%2F9lFomp8DUgW%2F%2F0igg5PYiDb699GLYxdK1NMMCaX6Z4KvplLtIsllOuPhdSRi2%2BWylRK26ee1qyuewHQf1r6zZ%2B138BRtjN%2Bc5fgoKIDcgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261dadcb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 407be3936fecfd367eddf61693f2f323
3c91052b762b2f87269fbbd452bb3d1d99fcc596
87517b56a5370161db3eded9c23cf8a805397dfef44e14e8fa66450e740439f4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 15:14:20 GMT
Expires: Tue, 04 Oct 2022 15:14:19 GMT
Etag: "3c91052b762b2f87269fbbd452bb3d1d99fcc596"
Cache-Control: max-age=551681,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a32625cc8b4e8-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 407be3936fecfd367eddf61693f2f323
3c91052b762b2f87269fbbd452bb3d1d99fcc596
87517b56a5370161db3eded9c23cf8a805397dfef44e14e8fa66450e740439f4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 15:14:20 GMT
Expires: Tue, 04 Oct 2022 15:14:19 GMT
Etag: "3c91052b762b2f87269fbbd452bb3d1d99fcc596"
Cache-Control: max-age=551681,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a32625955b52d-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:49:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Wed, 28 Sep 2022 05:29:33 GMT
Expires: Wed, 28 Sep 2022 06:16:31 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: G78Kgox5jJjVslTrFg3EVaQVG7ysFbC3mORwE2XzqdvoF8WtQ6jkJw==
Age: 1204
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:49:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3656
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:49:37 GMT
Last-Modified: Wed, 28 Sep 2022 04:48:41 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
104.26.1.188200 OK 401 kB URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP 104.26.1.188:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 401 kB (400696 bytes)
Hash de4b4ebbca075239a66d54f1015fad2c
2489e5dce56f0533f23f2bde0254dd40144ffe17
2898ea70adedd16a57e1b0461f34c25fde38b135406c01fde7ba578b18fae8e6
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-1826d2bb0af"
last-modified: Fri, 05 Aug 2022 08:42:36 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4655117
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qC1ac0PhKzNSU6cYI0OJJ1QMaC%2B1ffZtC3A9SY8DM6lmPSwVxoD7n0gstF4lUGStEQhbvrxB%2Flxqst%2Biia302eUTg0DOEr8hbDcNmm%2FIAsoqolTUuVqCWspGZQa75g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261cad1b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J7jF63P3nP_l_GiX_A/w320h240/0.jpeg
188.72.235.186200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J7jF63P3nP_l_GiX_A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 637139377a30b091a7ef74c9766b6e41
e6a3721603f683696d71143b286278f7588940b1
12db98aee71060af0a54cc822319baaf2dbb7a86115b04a2f71dd76d4567578f
GET /thumbnail/J7jF63P3nP_l_GiX_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: image/jpeg
content-length: 9979
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cbnF63Kuyq7vqmmf9g/w320h240/0.jpeg
188.72.235.186200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cbnF63Kuyq7vqmmf9g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 75f24f636fa7a07a94c72655a6cd871c
d30f0d1e95622ddff04cc128bfbf48a8307f2630
d64138f49c3c4d3b8894ace06514a62d7c6129d6c79bfcf51a3cbd384659eb93
GET /thumbnail/cbnF63Kuyq7vqmmf9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: image/jpeg
content-length: 14436
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IuWSvHanzqzqrmmW9g/w320h240/0.jpeg
188.72.235.186200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IuWSvHanzqzqrmmW9g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d3608c6a8ea51172eb8f5cf5b0d08eb9
50b00c79ebe4b9e4b770106b73ccc4330c5597df
93d1a36a7f3b80741c3d5d1826352aac4efcb6b8096b6f0194a5f151e36e8b0d
GET /thumbnail/IuWSvHanzqzqrmmW9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: image/jpeg
content-length: 13896
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:49:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
104.26.1.188200 OK 78 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 104.26.1.188:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 3f60a45848d75c3b8ef284356d6e1987
23ea16dc78dd66cc65a1378bbce3d061b1a41836
e7219f7548ac68853c0bef7eff90edb929c949b9c8161bf2a76c4fb3e571f4a2
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"11cd7-179fb717a09"
last-modified: Fri, 11 Jun 2021 14:19:48 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30801243
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aLLT%2BgUGpD4CFjVN0CfAFcIlI8JQIkHylFGMNDOaWSq9iWkmdLCl4na1IzqRu0KzDUhvjUlIX4Ic19EfNm6j2Cvq%2Fg%2Bz6goM%2F5g%2Fv9Dsr9ZO0n5jxPYVsvsFPs3rPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261dadeb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:49:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/cr-T7iLzwv3o-DWXrg/w320h240/0.jpeg
188.72.235.186200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cr-T7iLzwv3o-DWXrg/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 5d2b8d2a72b38e69995a7a3a626c74a0
79535d5fc66450ff320a1c126ca5a7fcd4c397b5
197da4d0cb5837fbcd3ddbbf2163778493414adba21acdd08833d8ce6313c859
GET /thumbnail/cr-T7iLzwv3o-DWXrg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: image/jpeg
content-length: 13670
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 555329
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 555329
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:14:12 GMT
expires: Mon, 25 Sep 2023 18:14:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 214525
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:49:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:49:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/static/xf-small.png
104.26.1.188200 OK 1.2 kB URL HTTP/2 xfantazy.com/static/xf-small.png
IP 104.26.1.188:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 73788af337ff4a5e7c8d8ea19dba155f
e0bd72878475603f40ebd05077c626816ed3285c
be4a320fd44fdaaced2a2056ff7a4c0765a6ed0996c9b4c94a0cb2458967e8df
GET /static/xf-small.png HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: image/png
content-length: 1153
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Sun, 18 Sep 2022 10:07:53 GMT
etag: W/"481-18350119794"
cf-cache-status: HIT
age: 6447
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6yLvyuYrcIrprRWAlr%2F9tdUJolN8bCDjKV46b1EVz0XyNYqzZSfXUK6w8Xhrovs9qRUlkoAhY0wyy4gJ8%2FWTjhtc07lbVXI7adZnh%2B%2BbzA0qPxaDgYA812NoQdx3%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3264ee01b512-OSL
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.80.175.197101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.80.175.197:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lwv9bZdBsGGn6WQhd+F9tg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7Fn53JKM14AB1G5jJbvtOvkeEVU=
static-cache.k2s.cc/thumbnail/d31355889999e/main/0.jpeg
188.72.235.186200 OK 65 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d31355889999e/main/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, baseline, precision 8, 1920x1080, components 3\012- data
Hash 0f005c9f97449e92b5aeac9028433d4a
ff91317f70ef27e68762a80b279046df2a63bb04
e16e45f33c45eaa42a26f5596744fd90b1a3825cab9db592180942d13d587c27
GET /thumbnail/d31355889999e/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: image/jpeg
content-length: 65160
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: MISS
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 28 Sep 2022 04:41:09 GMT
expires: Wed, 28 Sep 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 4108
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.85.229200 OK 84 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 5df383641efa0a3ba4302c7fec8d6394
f0cec22d20f41110ab644ee246201cb8787379b0
10fb3cdc6d2cbc33aa86bd81a8325449c04d227555a8a9f504deb8cfb0f16e91
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.245.0
x-jsd-version-type: version
etag: W/"33a2f-8LAWo/m1uPKVR6/desBN4giRHHM"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 28 Sep 2022 05:49:37 GMT
age: 31122
x-served-by: cache-fra19130-FRA, cache-bma1628-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 83822
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 4f32bf6c33823b202c71cd82ec201a23
3df6c6e84559fd60850a74918570e2646f184eed
23bdcf5884664de550f811e69115ed9e90c4230a142cd809a99ef8bd9036eb5b
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:37 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "435A7A7DCFD8CE57DCA201D7EDE7C4994F18EF1A"
Expires: Wed, 28 Sep 2022 17:00:00 GMT
Last-Modified: Wed, 28 Sep 2022 05:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 346
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 751a326679f20b61-OSL
xfantazy.com/api/events/user/videoOpened
104.26.1.188200 OK 2 B URL HTTP/2 xfantazy.com/api/events/user/videoOpened
IP 104.26.1.188:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /api/events/user/videoOpened HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Content-Type: application/x-www-form-urlencoded
Origin: https://xfantazy.com
Content-Length: 81
Connection: keep-alive
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: text/plain; charset=utf-8
content-length: 2
vary: Origin
access-control-allow-origin: https://b.xfantazy.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4C9e0BVmE%2BhIhffRfhslLx2sj5%2FheiNtSR0TuYuFGwqrsG65TVEuTy%2BCLvfF0YlN3VuIIztdiP%2FzXp3Y3wG7m%2FAw94R64ASd%2BV98j6Yeog3RrvhpfOWNqSnI71Kthw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a32670ff3b512-OSL
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/51.21792104df3f91cda445.js
104.26.1.188200 OK 1.6 kB URL HTTP/2 xfantazy.com/_next/static/chunks/51.21792104df3f91cda445.js
IP 104.26.1.188:0
File type ASCII text, with very long lines (3301), with no line terminators
Hash 4973591acd0442614083d61ad71de2f6
a050ff8c14f9ab93bc380d45ed83fd5ca9203d39
dd568b1a5d115abf90f2daa5b4652d5ace1048c64033529e882a4268ac1b426f
GET /_next/static/chunks/51.21792104df3f91cda445.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"ce5-181397f9e59"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9790426
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iPzR6UwtJS0UHys5XB6IMnKQ02ChuLTsB4lpYu9tuJvDT8qA0rQC7t%2B%2BdFKsbj3G0aJ1VPDumHE8iDg2ADKatRNT3mPRYAgJxsSpQJ43vvGSIXGCb9lcCmhzUN9fkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3266dfb6b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/zRdVuw7.js
135.181.208.216200 OK 34 kB URL HTTP/2 a.focusde.info/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (37787), with NEL line terminators
Hash 0bfc926c8717a33d199bd68e1b75af88
8cf397d588f3f00adc9606838b33df88646c38a8
e0a1a633931c7aa2cb79662bdd9c0a78ab87132ca6e549ec64366cf6095e146e
GET /zRdVuw7.js HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript
content-length: 34358
expires: Fri, 22 Sep 2023 14:13:59 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 14:12:29 GMT
etag: "632c6d4d-8636"
cache-control: max-age=315360000, public
x-hw: 1663856039.dop129.am5.t,1663856039.cds267.am5.c
access-control-allow-origin: *
x-frame-options: DENY
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
a.focusde.info/5qpfbg7.js
135.181.208.216200 OK 34 kB URL HTTP/2 a.focusde.info/5qpfbg7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (37787), with NEL line terminators
Hash 0bfc926c8717a33d199bd68e1b75af88
8cf397d588f3f00adc9606838b33df88646c38a8
e0a1a633931c7aa2cb79662bdd9c0a78ab87132ca6e549ec64366cf6095e146e
GET /5qpfbg7.js HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript
content-length: 34358
expires: Fri, 22 Sep 2023 14:13:59 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 14:12:29 GMT
etag: "632c6d4d-8636"
cache-control: max-age=315360000, public
x-hw: 1663856039.dop129.am5.t,1663856039.cds267.am5.c
access-control-allow-origin: *
x-frame-options: DENY
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
xfantazy.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664337600
104.26.1.188200 OK 14 kB URL HTTP/2 xfantazy.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664337600
IP 104.26.1.188:0
File type ASCII text, with very long lines (37625), with no line terminators
Hash 409471c6fed2f10f16b829b9d526021e
db7903484b40e94e26cd19f2504260b64bb87165
6a973008a68a8affca00735f868467ae411a67b1972841e83941c598028ba967
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664337600 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript; charset=UTF-8
x-control-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIesAJ0Pn03%2BA%2FBVZGIT%2FDTxjs375ioPTS8HompffDIKfg1dHPgljnAso9c5%2FfwZZ6pZa5JMbU5OoZ07CTn8F6KmWt4oZYWsMN80TUd9F2gdZeyL4TmgCAE0lNCNew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3263ecb4b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/category.js
104.26.1.188200 OK 1.4 kB URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/category.js
IP 104.26.1.188:0
File type ASCII text, with very long lines (2072), with no line terminators
Hash 8f8870258fbf1d0e29a552d59f785ac4
86786ce81cd13589134e6e1bdc2633a3a7cab8ea
06d528dac3d75d8f88a6a90d8f555b0903673e19487bbc0658fa1a3a1bdd37b3
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/category.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIzYzllM2E3NDllZjk2IiwiaWF0IjoxNjY0MzQ0MTc3LCJleHAiOjE2NjQ5NDg5Nzd9.oKuwPeAUyHFRh_ghkBpsVLft5NhhrehUtqKrhPsywmg; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiZWZjM2RhYWZjOWE1MiIsImlhdCI6MTY2NDM0NDE3NywiZXhwIjoxNjY2OTM2MTc3fQ.wXwQ9TR1iS5JGUBoZt6M9kuO6t8gvZBjbidE1UgEivU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"818-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 847248
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yfWtDEoLcMQ2iZd%2FgskReT%2FHat%2F389jj2W92%2BsD8j4y1df2L91cXdUbhridsEw4Ma8r7RqrUR%2B3CcyIef693jemUlzfBY4JpOPpVK6jQM8eeaOho2VGP6mvJIWEEoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3268696bb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/top.js
104.26.1.188200 OK 681 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/top.js
IP 104.26.1.188:0
File type ASCII text, with very long lines (1410), with no line terminators
Hash 3e03209aa96c5fcd35ba34ba00bacddc
cf2909c741c35f17b4372d9ff015fefcc820ec98
a207885a1fda7132f08ada12648c1f4ffe5c2bc9761911ce871d7b32a2f6f19b
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/top.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIzYzllM2E3NDllZjk2IiwiaWF0IjoxNjY0MzQ0MTc3LCJleHAiOjE2NjQ5NDg5Nzd9.oKuwPeAUyHFRh_ghkBpsVLft5NhhrehUtqKrhPsywmg; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiZWZjM2RhYWZjOWE1MiIsImlhdCI6MTY2NDM0NDE3NywiZXhwIjoxNjY2OTM2MTc3fQ.wXwQ9TR1iS5JGUBoZt6M9kuO6t8gvZBjbidE1UgEivU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"582-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 847904
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1jTcAtpgjCJgdSZsj7Jv67ZnIiTYqf0QIMZQsbzZDMyny5Z2LWdGl1oRnNNfyQV5VU84SwC17CXyrrhs4ckbV0cvPeKoEekN%2FSbULqYCAWJOtuPJI%2FRoVHfB9vOzbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3268595eb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:49:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash be00902334cbd1b79889e8c9f9f52735
43f1e56d497b5e8f449cabf26f25cedf2e77c463
074054ea3e3d8ea787a665fa8169e4b64473ff058241f251247ade034f7ea87a
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:38 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Sun, 02 Oct 2022 03:58:11 GMT
ETag: "43f1e56d497b5e8f449cabf26f25cedf2e77c463"
Last-Modified: Wed, 28 Sep 2022 03:58:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 738
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 751a326a2cf30b61-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 056b28d226579ffc3e7f0f256e553dad
219a7900911c018af3a2cfbd59c75a1e137f5b0e
48ec0b8e6478757fb7780c5f013d2527f713e20e8e441ee05501dba23ddec362
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48EC0B8E6478757FB7780C5F013D2527F713E20E8E441EE05501DBA23DDEC362"
Last-Modified: Tue, 27 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14831
Expires: Wed, 28 Sep 2022 09:56:49 GMT
Date: Wed, 28 Sep 2022 05:49:38 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1034%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054935%3Aet%3A1664344176%3Ac%3A1%3Arn%3A298793342%3Arqn%3A1%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C279%2C0%2C332%2C0%2C%2C243%2C9%2C%2C%2C%2C1031%3Ans%3A1664344173803%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664344176%3At%3ANinja%20Girl%20%7C%20fetish%20%7C%20fetish%20porn%20white%20socks%20fetish%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1034%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054935%3Aet%3A1664344176%3Ac%3A1%3Arn%3A298793342%3Arqn%3A1%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C279%2C0%2C332%2C0%2C%2C243%2C9%2C%2C%2C%2C1031%3Ans%3A1664344173803%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664344176%3At%3ANinja%20Girl%20%7C%20fetish%20%7C%20fetish%20porn%20white%20socks%20fetish%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash d3d56942eeff3c14d9d511039435eae6
ffc50a43fcb41ca43da5b410637479622c57c07f
2d2a34dd0d474cedd534c2c94920ce76fff85689aa60b12caaa99cb0e3fa09ff
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1034%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054935%3Aet%3A1664344176%3Ac%3A1%3Arn%3A298793342%3Arqn%3A1%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C279%2C0%2C332%2C0%2C%2C243%2C9%2C%2C%2C%2C1031%3Ans%3A1664344173803%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664344176%3At%3ANinja%20Girl%20%7C%20fetish%20%7C%20fetish%20porn%20white%20socks%20fetish%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1034%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054935%3Aet%3A1664344176%3Ac%3A1%3Arn%3A298793342%3Arqn%3A1%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C20%2C279%2C0%2C332%2C0%2C%2C243%2C9%2C%2C%2C%2C1031%3Ans%3A1664344173803%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664344176%3At%3ANinja%20Girl%20%7C%20fetish%20%7C%20fetish%20porn%20white%20socks%20fetish%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 28 Sep 2022 05:49:38 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=661695671664344178; Expires=Thu, 28-Sep-2023 05:49:38 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=661695671664344178; Expires=Thu, 28-Sep-2023 05:49:38 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=476628421664344178; Path=/; SameSite=None; Secure
i=le5hhqV1UA96n0vf6XQT84CH76Rb/hR0dbPGhEkcdVmxjKWpHPF7LCj1k+DT8LNqn511Z6muy7/C8MJWUyw0UXJGsLc=; Expires=Sat, 25-Sep-2032 05:49:37 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1695880178.yrts.1664344178#1695880178.yrtsi.1664344178; Expires=Thu, 28-Sep-2023 05:49:38 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:49:38 GMT
last-modified: Wed, 28-Sep-2022 05:49:38 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:49:38 GMT
access-control-allow-origin: *
etag: "632d6d03-2b"
expires: Wed, 28 Sep 2022 06:49:38 GMT
accept-ranges: bytes
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
192.243.59.13200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37145), with no line terminators
Hash fdd669845ad62e56a65cd4bd5515ba49
fd2101ebcedb28570d46c0a30e43eb1790c625a2
ed6d31547202ea4bfa63e45d12d2c09fbc97a2a9a50a7574515a75d5e5b6c0fb
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:49:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6a37a1fc0307c8791d90798e960cf468
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/categories.js
104.26.1.188200 OK 3.9 kB URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/categories.js
IP 104.26.1.188:0
File type ASCII text, with very long lines (9227), with no line terminators
Hash caf6d0901226455c8a7510f70bd7ff73
8451cdaa17274be40636bf0d52f6a03129d845b1
1e5e2e7a66175dbc15a749e900a427cb0818c28c7a04249cc66fae875dc8d5fe
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/categories.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIzYzllM2E3NDllZjk2IiwiaWF0IjoxNjY0MzQ0MTc3LCJleHAiOjE2NjQ5NDg5Nzd9.oKuwPeAUyHFRh_ghkBpsVLft5NhhrehUtqKrhPsywmg; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiZWZjM2RhYWZjOWE1MiIsImlhdCI6MTY2NDM0NDE3NywiZXhwIjoxNjY2OTM2MTc3fQ.wXwQ9TR1iS5JGUBoZt6M9kuO6t8gvZBjbidE1UgEivU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"240b-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 847904
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ncN9t5zzTx0ltkRTyS0E0cn%2F%2Buh58XCOLX1zW%2B0ss2X8YaZ1xxnfZrbnd%2F0SZdk0ZbESD8jZ5D%2BIni%2B%2F8ei2qa7chDo%2BJJbQefmoBtn87C4cv6T7zV9n4R25vz%2F%2BSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a32686966b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash b3d6b07e3998c6d4341acb2b263e609e
12e3561297d635de3fbd5212e2ae66a6e91ac673
534a36edebee87dbf492d6b5895e47385e65849b261348ab3623a8e17dc323cc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 05:49:38 GMT
Last-Modified: Wed, 28 Sep 2022 04:15:12 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LRZICTkGzu7GjI5Y_EdqHfijWQgwubnewWYZt-Y2pdAeNIHjKpiMlw==
Age: 5666
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11422
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 05:49:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11422
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 05:49:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11422
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 05:49:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 0ceafc65-764c-4367-b031-257061eb65d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF00oAMFUpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-0d46481b7394081b14a81131;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ve8l6PxpMuBLt5BxwywNpqM2ISt0zy2r_gweYnVw4X65PBEhpMbckg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:00 GMT
age: 29018
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 3a89e9d9e3875a1fa2028fd83cb6fda4
9d171d81eec501c192caaf4f6174b47394f01b28
a357d428e1350df6e74e16e6c6295348e501f4e874db15af2f59b57d6f8187df
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:38 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=3017ec54-6293-4d7c-a5a1-dda3733615b0:3:1; expires=Sat, 25 Sep 2032 05:49:38 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc892aae9-4381-46ed-9dd8-bd581d7389ee.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc892aae9-4381-46ed-9dd8-bd581d7389ee.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59163c799f3d48e74abdd285ee615119
883e61d46ef6c09013724aa7b8f560272ee08574
e1bafc575ff4274b210bee481a8e73c065de5bc14ddf46c269ef91eda0df8d84
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc892aae9-4381-46ed-9dd8-bd581d7389ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8621
x-amzn-requestid: 5a828651-41c2-4aa0-931d-6522098a8438
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZASUWEYvIAMFUJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ffdb5-5ace75523a98a9237fabca8f;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 07:05:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2a-Ip86QEcmn31zRYLuD9dtCXduTOd0OZO0JdpfbTvJK7Z7wRGxEaQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:21:35 GMT
age: 26883
etag: "883e61d46ef6c09013724aa7b8f560272ee08574"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb17f4e8-cf01-41dc-8d4d-247daf3e0160.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb17f4e8-cf01-41dc-8d4d-247daf3e0160.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d039db0b842a4cbbaefdaab98bc6722b
78b1a603c4f7f2d6fbad15d7a4cd1397554339e9
65a3c7b0515cfd2a723f3bc3147cb98f3dd75ce1ecfce915c7c8e9ba5ae0bf2d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb17f4e8-cf01-41dc-8d4d-247daf3e0160.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14018
x-amzn-requestid: fb0f02e7-1ce0-4861-9446-13d60df06f24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3xSEhCIAMFWkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336cd4-79f482493d204a1208fad00f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZAov4fpWAjIBhHfeYEwu39wJTG58HnW7ebekpIoNSgA7PLIs5b7sSg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:28:52 GMT
age: 26446
etag: "78b1a603c4f7f2d6fbad15d7a4cd1397554339e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/styles.77acb212b856be16971e.js
104.26.1.188200 OK 10 kB URL HTTP/2 xfantazy.com/_next/static/chunks/styles.77acb212b856be16971e.js
IP 104.26.1.188:0
File type ASCII text, with no line terminators
Hash 9e3be3ebae5be432e0e9c8419e23512d
a2ae2a92ad33a713f280e49528a96f8ede333c75
df0716abe09f260d7784fc4fb3a6527504e498b767a5ffde69cc9458f9e6d037
GET /_next/static/chunks/styles.77acb212b856be16971e.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"55-1835016572f"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1073
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1j4WKD1BClHsoJNSCpMp0aFBwWjyqwFZ62gX2e5WSokEOCCclHKuX5KkXibNMIHGrXy3nPz8qZTaI0urRMaBM2i3U%2FZd41PnvEpLEPrvqqOP6BZCGq52m8%2B4FdOTwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a32660f1eb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea3890e460356d6ecc3ba4e405ac2e9e
b383135e2ebc23fe80eb0d594b198cb8c89327a5
8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yprErfM7s7P7jJPJT-HQZ2Z_AAN4946Tjwyn1g4r7yiA6IF0yLdQTQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 07:35:49 GMT
age: 80029
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43d7c0db2af42ad4d0095324b2691f6c
1a1139cff14aff6755b9e43ff4ef8c9ece1102c1
42073c84e0c215109b54ab55a53cce9e6cce44f4619f5988fa4e2776ff70b362
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9780
x-amzn-requestid: 9938422e-12cd-4aab-9e58-c26b8fee53b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UOH3DoAMFZRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-37105d923f19437025abec71;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Halsx09hxT_sMRc2jy-fJA0tE85F6Bgz9P9Trx02Z9aMfIZVLkLW4g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:57:42 GMT
age: 28316
etag: "1a1139cff14aff6755b9e43ff4ef8c9ece1102c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3abd787e77629e21daa6606aeae67118
18be3a2080869ae7cde7053504d2ed5188406fda
bb630a804424bd198b8b534ab48c40a42c7b9e3996676523aaab0d8e0e3b1233
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2169
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:49:38 GMT
Last-Modified: Wed, 28 Sep 2022 05:13:29 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A287197953%3Arqn%3A3%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(3)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A287197953%3Arqn%3A3%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(3)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A287197953%3Arqn%3A3%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(3)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:49:39 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:49:39 GMT
last-modified: Wed, 28-Sep-2022 05:49:39 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A842073249%3Arqn%3A5%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(5)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A842073249%3Arqn%3A5%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(5)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A842073249%3Arqn%3A5%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(5)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:49:39 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:49:39 GMT
last-modified: Wed, 28-Sep-2022 05:49:39 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A900123131%3Arqn%3A2%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A900123131%3Arqn%3A2%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A900123131%3Arqn%3A2%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:49:39 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:49:39 GMT
last-modified: Wed, 28-Sep-2022 05:49:39 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A866257655%3Arqn%3A4%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(4)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A866257655%3Arqn%3A4%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(4)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A866257655%3Arqn%3A4%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(4)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 108
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:49:39 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:49:39 GMT
last-modified: Wed, 28-Sep-2022 05:49:39 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A1042847771%3Arqn%3A6%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(6)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A1042847771%3Arqn%3A6%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(6)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A1042847771%3Arqn%3A6%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(6)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:49:39 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:49:39 GMT
last-modified: Wed, 28-Sep-2022 05:49:39 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A970043388%3Arqn%3A7%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(7)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A970043388%3Arqn%3A7%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(7)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5f6580f261e5e63e2c1c7cbc&charset=utf-8&hittoken=1664344178_40069f356f47eb91ca791a63e42381e03ed88346a0ab687a3c98dc849fbfd142&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1288200511183%3Ahid%3A165419687%3Az%3A0%3Ai%3A20220928054936%3Aet%3A1664344177%3Ac%3A1%3Arn%3A970043388%3Arqn%3A7%3Au%3A16643441761012028547%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344173803%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344177&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(7)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:49:39 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:49:39 GMT
last-modified: Wed, 28-Sep-2022 05:49:39 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0fc75051e565c146221c672a81acaf9b
495ab7020de0f4d36fedbe299b55e59208873585
c32bb7797983bc31f79381513a9127523ecb1e37db6f7a7ba9bdf26b3204a68a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C32BB7797983BC31F79381513A9127523ECB1E37DB6F7A7BA9BDF26B3204A68A"
Last-Modified: Mon, 26 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11908
Expires: Wed, 28 Sep 2022 09:08:07 GMT
Date: Wed, 28 Sep 2022 05:49:39 GMT
Connection: keep-alive
dictatepantry.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
192.243.59.13200 OK 29 kB URL HTTP/1.1 dictatepantry.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 70e4d708428201380c7dea5d917a2d42
3e61ffea99f256c3d23c65663dda15d0dbf603ac
4bf0b475ed03fd5e5fcf764013b2cc95d0669b250f84e663f0dfea74f163590f
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:49:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c2497b7762f56df2674136f4831d148
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2917b8abe74403bc4f20b2eed1ac39a2
8421735ad0b1729a0f3467a5fb0fe06db7a6a5fc
6389a79fa621d32138dab9c0fab190c515288ef534b023cc909a156979fcef39
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6389A79FA621D32138DAB9C0FAB190C515288EF534B023CC909A156979FCEF39"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12805
Expires: Wed, 28 Sep 2022 09:23:04 GMT
Date: Wed, 28 Sep 2022 05:49:39 GMT
Connection: keep-alive
a.focusde.info/api/spots/395190?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/395190?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/395190?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:39 GMT
content-length: 0
set-cookie: nauid=vVCrGK2JguCi8vqXIiuf; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
dictatepantry.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=3017ec54-6293-4d7c-a5a1-dda3733615b0%3A3%3A1
192.243.59.13200 OK 4.1 kB URL HTTP/1.1 dictatepantry.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=3017ec54-6293-4d7c-a5a1-dda3733615b0%3A3%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5803), with no line terminators
Hash f88f4caa1a547b6d0857ef1101161300
1dd50fc59271a07dea38fb126e2732ace120092a
3113771ddbaa373a2f07c7f677939091dedc9284fb5a18f0c2561178cc3c39a0
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=3017ec54-6293-4d7c-a5a1-dda3733615b0%3A3%3A1 HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:49:39 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Thu, 29 Sep 2022 05:49:39 GMT; secure; SameSite=None
uid_id2=3017ec54-6293-4d7c-a5a1-dda3733615b0:3:1; expires=Wed, 05 Oct 2022 05:49:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 29 Sep 2022 05:49:39 GMT; secure; SameSite=None
uncs=1; expires=Thu, 29 Sep 2022 05:49:39 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 29 Sep 2022 05:49:39 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 29 Sep 2022 05:49:39 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3688735]; expires=Wed, 28 Sep 2022 05:49:44 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 18e34b8b87cbceabac5ed7be38bf5083
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
addresseepaper.com/sfp.js
172.64.100.4200 OK 28 kB URL HTTP/2 addresseepaper.com/sfp.js
IP 172.64.100.4:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash d0b431de01b18548c72b8a5153194db7
4d5010d27b18fb48296c9610421e5ad7a1fbd84f
f952a7e7806ea6de54f955086fc7da3da1f1c9a7b4060976211a086411bed8b6
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:39 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 44c110376e2536db90f4b585f0d99e69
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 28 Sep 2022 05:49:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2%2FWBYIwplZHC9oOSvyQ%2FIj0mDpu1e3R7hq%2F5ERP5bdOm5v45i%2FSSY0q%2FsTMdNLE%2BhzoEcTC4yt9HMb%2FXTBVK9RYYOANcRYYlVw%2FncbWpNnI%2F7ahoiJPjFxZIuQ1F8myk4EAn94%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751a327229cc7198-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dictatepantry.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidbXJBcACUC0IFHzgAIs7Orr1r00NFKakiQlu1ILih2Zm1M2R2ZzWz63WMkKJWQj06%2F8HmOWkERBVInJCokFOJQyRQzSkHwo8%2FgAtSr0V2Iwzf5Xtv3zu8fd98vlucEhcFO7n8nh5IpdhKs%2B7WXv2I0gu1dZkW%2FVq%2FFXwcNC7UTO%2FNdlB3X6tdifmmXvFc6rrUpbVVaeKO7q9MRcjssE3rbbfe8Oq02UDf%2FJ%2FbwoFlDkTvlDwPKSaLD5wlSD5Gmnx9Obabuc7eeCcpFMu1QU8cfJBuprpMkcxhxzjopAdnbmj7cPU%2BdLo%2Fiwvd%2B9cYyQlxfryPKD04C4motzfLGSnEKSLxNMreGLEaQ7IxuL4NKR4SgAtcvYY0uXtVm5JtPVHZVJ2QxUd%2FQ5YTsvjrEtLk3iUl%2B7WbWhW51KlFv1NB9seQ3TGy4gj54BxkeQSe34IUP5GVR%2BtIk71rVmlIcfKK79Iw5s3GcuC1%2FeWGCPkyazK6LATzQ98PaDNyZwVJOYbsjKHiIZhdQGEdFNJB0XFQZA4ScVLjlNLQFZy5rTbnvgjjKBAuZWGHMuoGLRR8%2Bg9D5NkQXA3BzTYys41NuTMh5NYeTPED7EYFKxzYnKAnKpQxQWkJSkZQSoIyJyh71b5Q1rPVXaFsEdGz7Z1tvxrpvLvL9nXejVOym52S52bt%2FfXMd9iMT2rM67Tbboe6jTBwA8pD2haUU8Z85sVceLCygrTnwKyDgZyQpRf%2FRDa96GePEbEjWHUELp8FK86DlaPQc8E2Ro2Wi0F62O%2BwNGeDrTrXCYSukOWLyLecXXVKXpjlaK29jJgfX%2Fx28MeVe0ufgpsKmanwiXxA0FV3Rjd0SfZu6NKSb65luUzkgE0vfDNnebzw5bvxVqmNWLtsh1%2B8xafCFB6%2BH9t8naVCpl1LvrokhYjNqjY8Jt%2Bv2Q%2Fj6HphNy4VJi2y9etvr64lmYmtlTodg8kJITu%2FgcsJeerxudnjPf%2Fz65BmDFNUSIpjcjaQ%2Bgg824bN5vmtXoBRc0%2BUOSiLamS8aP5RSQIVzzmLKtj%2F8GiOd%2B0ddM1LYPltpEmFnqnQUxWYGsIWC6M8M8cXf%2FFng0g5o0gZZy9SRu08KdfKk1ro%2By4L2k0ahiwOo4bX6gRUMOY1Ai8ImI%2FcTrj%2Fu%2F0HAAD%2F%2FwEAAP%2F%2FwysQRocEAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 dictatepantry.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidbXJBcACUC0IFHzgAIs7Orr1r00NFKakiQlu1ILih2Zm1M2R2ZzWz63WMkKJWQj06%2F8HmOWkERBVInJCokFOJQyRQzSkHwo8%2FgAtSr0V2Iwzf5Xtv3zu8fd98vlucEhcFO7n8nh5IpdhKs%2B7WXv2I0gu1dZkW%2FVq%2FFXwcNC7UTO%2FNdlB3X6tdifmmXvFc6rrUpbVVaeKO7q9MRcjssE3rbbfe8Oq02UDf%2FJ%2FbwoFlDkTvlDwPKSaLD5wlSD5Gmnx9Obabuc7eeCcpFMu1QU8cfJBuprpMkcxhxzjopAdnbmj7cPU%2BdLo%2Fiwvd%2B9cYyQlxfryPKD04C4motzfLGSnEKSLxNMreGLEaQ7IxuL4NKR4SgAtcvYY0uXtVm5JtPVHZVJ2QxUd%2FQ5YTsvjrEtLk3iUl%2B7WbWhW51KlFv1NB9seQ3TGy4gj54BxkeQSe34IUP5GVR%2BtIk71rVmlIcfKK79Iw5s3GcuC1%2FeWGCPkyazK6LATzQ98PaDNyZwVJOYbsjKHiIZhdQGEdFNJB0XFQZA4ScVLjlNLQFZy5rTbnvgjjKBAuZWGHMuoGLRR8%2Bg9D5NkQXA3BzTYys41NuTMh5NYeTPED7EYFKxzYnKAnKpQxQWkJSkZQSoIyJyh71b5Q1rPVXaFsEdGz7Z1tvxrpvLvL9nXejVOym52S52bt%2FfXMd9iMT2rM67Tbboe6jTBwA8pD2haUU8Z85sVceLCygrTnwKyDgZyQpRf%2FRDa96GePEbEjWHUELp8FK86DlaPQc8E2Ro2Wi0F62O%2BwNGeDrTrXCYSukOWLyLecXXVKXpjlaK29jJgfX%2Fx28MeVe0ufgpsKmanwiXxA0FV3Rjd0SfZu6NKSb65luUzkgE0vfDNnebzw5bvxVqmNWLtsh1%2B8xafCFB6%2BH9t8naVCpl1LvrokhYjNqjY8Jt%2Bv2Q%2Fj6HphNy4VJi2y9etvr64lmYmtlTodg8kJITu%2FgcsJeerxudnjPf%2Fz65BmDFNUSIpjcjaQ%2Bgg824bN5vmtXoBRc0%2BUOSiLamS8aP5RSQIVzzmLKtj%2F8GiOd%2B0ddM1LYPltpEmFnqnQUxWYGsIWC6M8M8cXf%2FFng0g5o0gZZy9SRu08KdfKk1ro%2By4L2k0ahiwOo4bX6gRUMOY1Ai8ImI%2FcTrj%2Fu%2F0HAAD%2F%2FwEAAP%2F%2FwysQRocEAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidbXJBcACUC0IFHzgAIs7Orr1r00NFKakiQlu1ILih2Zm1M2R2ZzWz63WMkKJWQj06%2F8HmOWkERBVInJCokFOJQyRQzSkHwo8%2FgAtSr0V2Iwzf5Xtv3zu8fd98vlucEhcFO7n8nh5IpdhKs%2B7WXv2I0gu1dZkW%2FVq%2FFXwcNC7UTO%2FNdlB3X6tdifmmXvFc6rrUpbVVaeKO7q9MRcjssE3rbbfe8Oq02UDf%2FJ%2FbwoFlDkTvlDwPKSaLD5wlSD5Gmnx9Obabuc7eeCcpFMu1QU8cfJBuprpMkcxhxzjopAdnbmj7cPU%2BdLo%2Fiwvd%2B9cYyQlxfryPKD04C4motzfLGSnEKSLxNMreGLEaQ7IxuL4NKR4SgAtcvYY0uXtVm5JtPVHZVJ2QxUd%2FQ5YTsvjrEtLk3iUl%2B7WbWhW51KlFv1NB9seQ3TGy4gj54BxkeQSe34IUP5GVR%2BtIk71rVmlIcfKK79Iw5s3GcuC1%2FeWGCPkyazK6LATzQ98PaDNyZwVJOYbsjKHiIZhdQGEdFNJB0XFQZA4ScVLjlNLQFZy5rTbnvgjjKBAuZWGHMuoGLRR8%2Bg9D5NkQXA3BzTYys41NuTMh5NYeTPED7EYFKxzYnKAnKpQxQWkJSkZQSoIyJyh71b5Q1rPVXaFsEdGz7Z1tvxrpvLvL9nXejVOym52S52bt%2FfXMd9iMT2rM67Tbboe6jTBwA8pD2haUU8Z85sVceLCygrTnwKyDgZyQpRf%2FRDa96GePEbEjWHUELp8FK86DlaPQc8E2Ro2Wi0F62O%2BwNGeDrTrXCYSukOWLyLecXXVKXpjlaK29jJgfX%2Fx28MeVe0ufgpsKmanwiXxA0FV3Rjd0SfZu6NKSb65luUzkgE0vfDNnebzw5bvxVqmNWLtsh1%2B8xafCFB6%2BH9t8naVCpl1LvrokhYjNqjY8Jt%2Bv2Q%2Fj6HphNy4VJi2y9etvr64lmYmtlTodg8kJITu%2FgcsJeerxudnjPf%2Fz65BmDFNUSIpjcjaQ%2Bgg824bN5vmtXoBRc0%2BUOSiLamS8aP5RSQIVzzmLKtj%2F8GiOd%2B0ddM1LYPltpEmFnqnQUxWYGsIWC6M8M8cXf%2FFng0g5o0gZZy9SRu08KdfKk1ro%2By4L2k0ahiwOo4bX6gRUMOY1Ai8ImI%2FcTrj%2Fu%2F0HAAD%2F%2FwEAAP%2F%2FwysQRocEAAA%3D HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=3017ec54-6293-4d7c-a5a1-dda3733615b0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688735]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:49:39 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8bdd301932679a8a5f6ef76b6fb2c153
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eeaf400c970fa942e9b23fe0aa1a4538
6abdc0419a2ed2faa1a13c34e7350925cd19c46e
75f990711f04bce6bdf99e45d4a836cae317387ff360e7e5b5bf2d6a6a85cd48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75F990711F04BCE6BDF99E45D4A836CAE317387FF360E7E5B5BF2D6A6A85CD48"
Last-Modified: Mon, 26 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3781
Expires: Wed, 28 Sep 2022 06:52:40 GMT
Date: Wed, 28 Sep 2022 05:49:39 GMT
Connection: keep-alive
precedentadministrator.com/pixel/purst?dl=0&th=0&sc=0&rs=3257&rd=3257&fd=833&bv=22.8.v.2&tmpl=136
192.243.61.227200 OK 0 B URL HTTP/1.1 precedentadministrator.com/pixel/purst?dl=0&th=0&sc=0&rs=3257&rd=3257&fd=833&bv=22.8.v.2&tmpl=136
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=3257&rd=3257&fd=833&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: precedentadministrator.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 28 Sep 2022 05:49:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 60eb1758175320a24926288a2b33cd16
014fffa4ecc7c98c2753e9667bc972527a6c5c17
d744b389b51cbfd427e404f20921da0863330fa9d9c176c7c7d4b6df6e48eb52
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D744B389B51CBFD427E404F20921DA0863330FA9D9C176C7C7D4B6DF6E48EB52"
Last-Modified: Tue, 27 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17925
Expires: Wed, 28 Sep 2022 10:48:25 GMT
Date: Wed, 28 Sep 2022 05:49:40 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
45.133.44.4200 OK 8.4 kB URL HTTP/2 cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash 13d08c009166dcebbf4da2134dcc653e
5eba16c8a4b616ae1c5e15a5765597ff9dd8a37b
2fa18a3d1f9075086cd31a89767194fc6c29d18f6089ed558ac8d8c8b1e8def7
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 08:56:26 GMT
etag: W/"6321973a-6ef"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 28 Sep 2022 06:49:40 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JO6UuHOuyK29qW6U9w/w320h240/0.jpeg
188.72.235.186200 OK 8.3 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JO6UuHOuyK29qW6U9w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 332febd133229fdfafc975fea67399ac
ef8dc77a9ec1b0675e7c664ccf29c1d6b0ffc6ce
5255bc47431688790eeb263ea76c48e492c2c5faefbc24b30e1877bf32c3c70c
GET /thumbnail/JO6UuHOuyK29qW6U9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: image/jpeg
content-length: 8268
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JujG73b3yPzuqj6f_A/w320h240/0.jpeg
188.72.235.186200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JujG73b3yPzuqj6f_A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d9b36412bc93765a2757d07e8d3f69bf
9cbaf6e218b275fa1c0670519c93e53ea368ae5f
cfa85c7f20492a774221ae2e582e752bd39b49d9cb5af942376aea4c866c61fd
GET /thumbnail/JujG73b3yPzuqj6f_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: image/jpeg
content-length: 12351
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/channels.js
104.26.1.188200 OK 12 kB URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/channels.js
IP 104.26.1.188:0
File type ASCII text, with very long lines (2421), with no line terminators
Hash 36cca6827cef7f689baf96d3097367a9
e0981b7bffa006f5bda5ad5c0cb185c69137db32
63ca9d2006c16a05df9e981af39d01740b1474083e19411671f73036d2aaf8db
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/channels.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIzYzllM2E3NDllZjk2IiwiaWF0IjoxNjY0MzQ0MTc3LCJleHAiOjE2NjQ5NDg5Nzd9.oKuwPeAUyHFRh_ghkBpsVLft5NhhrehUtqKrhPsywmg; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiZWZjM2RhYWZjOWE1MiIsImlhdCI6MTY2NDM0NDE3NywiZXhwIjoxNjY2OTM2MTc3fQ.wXwQ9TR1iS5JGUBoZt6M9kuO6t8gvZBjbidE1UgEivU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"975-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 847905
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vm3DEyxx5dCOc82EBj0F310GgmJc1YEQdvybeeIJ%2BMS2OuhvkAPttaba521GKvnMH2%2FWlAYG3VI08tgSrPOhBW76jFP96WUn5mrr75DwDoFKrJKqFw42g8bl26rdJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a32686969b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I7yWvXTzyabt_j2Tqg/w320h240/0.jpeg
188.72.235.186200 OK 9.1 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I7yWvXTzyabt_j2Tqg/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 48078a265fc3c531cb1ad3b1b6439a1c
63845eabbe81898d31b4aad454420a6b08a9fda0
6906dbeb49e092fe65f52dde5f091c056062becc0f168624db75ebf1ab38a0f7
GET /thumbnail/I7yWvXTzyabt_j2Tqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: image/jpeg
content-length: 9116
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 10 kB IP 104.18.32.68:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c19a7af5d6bde69f683f81fe53e760d6
b4d1ed554c995ab79b248484da17cfc1f51bea9e
b60cf7c70c1d40490607a3dc5d748b36be3f926cf5b51e2c68ac057d1e08a228
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 15:14:20 GMT
Expires: Tue, 04 Oct 2022 15:14:19 GMT
Etag: "3c91052b762b2f87269fbbd452bb3d1d99fcc596"
Cache-Control: max-age=551681,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a32625b45b511-OSL
static-cache.k2s.cc/thumbnail/LeyQ7yCuy63srj-f_g/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LeyQ7yCuy63srj-f_g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 27e28a6778d0482cd016c1d53e5c3b53
391a183198d805c426106242ab7feaef22b6faa7
cb4730f4f7474c0cf521e513883c32a1d680b567a0ae58e6d709ad38cd1026f1
GET /thumbnail/LeyQ7yCuy63srj-f_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: image/jpeg
content-length: 10805
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ceSWtX_yyafp-znBqg/w320h240/0.jpeg
188.72.235.186200 OK 7.9 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ceSWtX_yyafp-znBqg/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 3270e5f40f80a42d442d5a9e34323e12
5dc196cb231156613643aaa201226dbab131d51f
ab6b02ea8108f2ae26afa4fb2e4a8de9f6684b56fd14d1adcf6a48c65ee0a691
GET /thumbnail/ceSWtX_yyafp-znBqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: image/jpeg
content-length: 7874
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IOnFuCL3yqft-z6W9g/w320h240/0.jpeg
188.72.235.186200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IOnFuCL3yqft-z6W9g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7a8df53e29ca9f10331c8f0dacc71e72
2103a4e1011f957065a05ab91f1ae38fc16a6b19
a0f6d6887b216c1a12be114b1285e9379357b9d06c9d6b6657f9a4b5ce4882de
GET /thumbnail/IOnFuCL3yqft-z6W9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: image/jpeg
content-length: 10000
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 18cf22b4e3cc429a7729bcf4525947ab
aa55e230bd256b7d93ade17a174ceadae789dca5
38edbe70f90ed5a050c0b2c954a5ff5982facd46318e891035925b96b3eddf21
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "38EDBE70F90ED5A050C0B2C954A5FF5982FACD46318E891035925B96B3EDDF21"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2661
Expires: Wed, 28 Sep 2022 06:34:01 GMT
Date: Wed, 28 Sep 2022 05:49:40 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 18cf22b4e3cc429a7729bcf4525947ab
aa55e230bd256b7d93ade17a174ceadae789dca5
38edbe70f90ed5a050c0b2c954a5ff5982facd46318e891035925b96b3eddf21
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "38EDBE70F90ED5A050C0B2C954A5FF5982FACD46318E891035925B96B3EDDF21"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2661
Expires: Wed, 28 Sep 2022 06:34:01 GMT
Date: Wed, 28 Sep 2022 05:49:40 GMT
Connection: keep-alive
dictatepantry.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2F79%2Fb6%2F2979b6cd81afad6251e222515b2d8311%2F1663145782.html&l=1775&fd=416
192.243.59.13200 OK 0 B URL HTTP/1.1 dictatepantry.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2F79%2Fb6%2F2979b6cd81afad6251e222515b2d8311%2F1663145782.html&l=1775&fd=416
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2F79%2Fb6%2F2979b6cd81afad6251e222515b2d8311%2F1663145782.html&l=1775&fd=416 HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=3017ec54-6293-4d7c-a5a1-dda3733615b0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688735]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:49:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
172.64.201.2200 OK 5.2 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
IP 172.64.201.2:0
Hash 007a07a4873a199aad75b48cf658c530
8ea9fea85712ebb578f36d38d64448bb0454f131
49eae6906ed09342a12774edb7fb44ea940619deededc60f3dbec347e2c8768b
GET /sb/ssp/notifications/text_bubble/2/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 10:56:21 GMT
etag: W/"62cd5355-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1198342
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l12GJ7WP8gofSb7MSXC2Se6%2Fgk7imGy8%2B34KkRsVvmaaQyKChdVwizetAU5S1tdZduZQcRp8aPylTaecqOZTzrxSzkJQO%2F4kTcmzBjpo3b6xqN%2F%2FKLW5R8fGhcvcw7Phs3E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751a32779fae7725-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
media.aso1.net/js/ifr.html
104.21.234.222200 OK 665 B URL HTTP/2 media.aso1.net/js/ifr.html
IP 104.21.234.222:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3697209092332e6efe700a51ca307453
88ec1d2ce0eab02648e75aa4fb910b4f6a78c9d2
e69326eb6b42ad44bc24d8e9638b551553cf4eb7eac5fee4a2eb8d29c1c33f38
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: text/html
last-modified: Mon, 29 Aug 2022 13:18:49 GMT
etag: W/"630cbcb9-6ea"
expires: Fri, 02 Sep 2022 06:53:13 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 839516
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KTEKPoQjT4LvErj7G7z4S%2FU1HEwZIyT9qaHdCT8WOWf8XEUGsFasMLQd8IX3IVfTA3LbIx%2B3fMG1JaDn94v0DEfXt82KEY0Wi6N7jsWHrIeFGPCOu%2B1HGRTv5g78xa4TBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751a32775f3871db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.focusde.info/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 9.6 kB URL HTTP/2 a.focusde.info/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash ecdf36ed1b173bc51d7a18e24beb53b2
c8e825bc6431ac9ea3d92d2aea734d13edd91844
6d99258363c2434bdfe1831972413d14f3b2f05c7b00073a0ca6a8f5cdedb754
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=vVCrGK2JguCi8vqXIiuf
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
dictatepantry.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fanimate.css&l=79249&fd=125
192.243.59.13200 OK 0 B URL HTTP/1.1 dictatepantry.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fanimate.css&l=79249&fd=125
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fanimate.css&l=79249&fd=125 HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=3017ec54-6293-4d7c-a5a1-dda3733615b0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688735]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:49:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
dictatepantry.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fstyle.css&l=9193&fd=129
192.243.59.13200 OK 0 B URL HTTP/1.1 dictatepantry.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fstyle.css&l=9193&fd=129
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fstyle.css&l=9193&fd=129 HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=3017ec54-6293-4d7c-a5a1-dda3733615b0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688735]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:49:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/style.css
172.64.201.2200 OK 2.7 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/style.css
IP 172.64.201.2:0
Hash 38f0997bd44cdbafbf86c407e33ccc35
8c634e71319e9e065744a0696d669d8fcdadfd00
9bce10367767f926e0c0476ddd14772a415bf067c647abc3813838d822ed3024
GET /sb/ssp/notifications/text_bubble/2/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 11:09:04 GMT
etag: W/"62cd5650-23e9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1198342
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hc0xpcXAgvdr%2BBmSPDyfD4iBcUhe1%2Be8XehfFN9%2FdrdNcF%2FAlLsSufSbrLent7m91A2Fl28QvrjL8FbU9LsynMLbR2vmrld9KtWy7qQriFUcofl%2BJvJSf1%2FqupmIdxJWEbw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751a32779fb07725-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 20 kB URL HTTP/2 a.focusde.info/api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 845d3ea47867b1af0860b56ccd834fcc
468f2c58a99763d76be85f03b60e39f14d1338ea
e2980f30f9ba51f1e49cd1d10c6cad9f5bd0f45154d6a48665ead090397e4d95
GET /api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:39 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=JJLmOQYiQ13OcGN9GDEi; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.10200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.10:0
Hash 5e1b3c35aa4978ecde4661cdcf9cb9cd
d5ab7ffbc6e22f44fb4e9ba21b758ebd20e7c052
69113a89381d4fc3cb953192ca50851669a867e2be87a7a595b87e6d8fa582a1
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 05:49:37 GMT
date: Wed, 28 Sep 2022 05:49:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 061c104da310316018034ea438ff3472
957a1a074a0b4997456fd1dfaf46fba592be5713
9d73939fba3149ff3da99ca69a8c5fe0f09c144fe39200a5c0725c6df4d429ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9D73939FBA3149FF3DA99CA69A8C5FE0F09C144FE39200A5C0725C6DF4D429AC"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14399
Expires: Wed, 28 Sep 2022 09:49:39 GMT
Date: Wed, 28 Sep 2022 05:49:40 GMT
Connection: keep-alive
a.bestcontentfood.top/warp/4787908?r=34269
172.64.105.34200 OK 1.8 kB URL HTTP/2 a.bestcontentfood.top/warp/4787908?r=34269
IP 172.64.105.34:0
File type ASCII text, with very long lines (4178), with no line terminators
Hash 6342f7c17c76b18734ee88062c825f0e
9596e221d74084cc16ee756e58d0d97f2de6d43a
b2d5e5acda1bf7710d46a072024c8ae78788a24352474ca3773fb92851b24710
Analyzer Verdict Alert fortinet Phishing
GET /warp/4787908?r=34269 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yE6hdjsZxGpC90sjXS%2Bm%2Bsok92X9yQP6xdATlc8vPP5jzcSEJJiF57IYCAkWqv6rVzWDiQYiP2sX3FSJwSQzVHdGve%2B%2Flvbvvyx4PapdeFywqZ%2FpYlnDc%2FVuj1YIP6GoxwFLOoDANe4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3278bc5d75e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4788749?r=77342
172.64.105.34200 OK 3.1 kB URL HTTP/2 a.bestcontentfood.top/warp/4788749?r=77342
IP 172.64.105.34:0
File type ASCII text, with very long lines (4179), with no line terminators
Hash e64558b5d1510449864746aff8ee73b4
71e0e2010f140c614c44816a8fb92c5ba1607341
428729e507e3cc1c3be2051f5a9d80c51ec60050a26180f310a29c00f2eb693c
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788749?r=77342 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DI6PkSTj3zXpwunH8sNk9vywYvBl46a9EO9sGBun0fDiX2QH%2BtdQj7UmefU%2Fw%2BFCOo2f1%2B5tcUR8TaUcwWkgkrKn%2BELd4lu7lJMbto1V1aABNocYCRPoNjJCRKdydHtDDiiOElDtmxw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3278bc5375e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dictatepantry.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidTXJBcACUC0IFHzgAIs6u1%2Fba9FARQqqI0FQtCG5odmbWGTK7s5rZ9TpGSFEroR6d%2F2DznDQCogokTkhUyKnEIRKo5pQD4ccfwAWp1yK7EYbv8r237x3evm8%2B38%2FPiYucnq2%2Bp%2FtSKbrcqLqVVz%2FyvMuVDZnkvUqv1fy4Wb9cMd03282q%2B1rlqmDbernmeq7ruV5lTRoR6d7yRIRMj9tete1W67Wq16ijZ%2F7Pbe7AUge8e06eh%2BTjhQfOIiQbIYm%2FXhV2O9PpG%2B%2FEuaKZNujyow%2BS7UQXCeIZjIyDKDm6cEPbh2v3oZPDaVzo7r%2FGUI6J8%2BN9hMnRRUiE3YNpzlBBJAj50yi6Iwg1gqQjMH0bkj8kAOO4tokkvntNm4LuPFHpRB2ThUd%2FQxZjsvDrIpL43oqSvcpNrfJM6sSiF5WQvRFkZ4Q0P0HWn4MsTsCyW5D8J7L8aANJfLBplYbkZ6%2F4rhcI1qgvNWttf6nOA7ZEG9Rb4pz6ge83vUboTguScgQZjaDEANTOI7cOcukgjxzkqYOYn1WY53mByxl1W23GfB6IsMldjwaRRz232ULOJv8wQJYOwNQAzOwiNbvYlntjQm4dwOQ%2FwG6VsNyBzQi6vEQhCApLUFCCQhIUGUHRLQ%2B5sjVb3uXK5qF3sWsX2y%2BHOuvs00OddURC9tNz8ty0vb%2Be%2BQ7b4qxCa1G77UaeWw%2BabtNjgdfmHvMo9WlNMF6DlSWknQO1DvpyTBZf%2FBPp5KKfPUZIT2DVCZh8FjS%2FBFoMg5oLujWst1z0k%2BNeRJOM9neqTMfgukSaLSDbcfbVOXlhmqO1%2FjIEO73ybf%2BPq%2FcWPwUzJVJT4hP5gKCj7gxv6IIc3NCFJd9sppmMZZ9OLnwzo5mY%2F%2FJdsVNow9dX7eCLt9hEmMDj94XNNmjCZdKx5KsVybkwa9owQb5ftx%2BK8Hput1Zyk%2BTpxvW319bj1AhrpU5GoHJMyN5vYHJMnno8N328l35%2BHdKMYPIScX5KLgZSn4Clu7DpLL%2FV8zBq5glTB0VeDk0tnH1UkkCJGadhCfsfHs7wvr2DjnkJNLuNJC7RNSW6qgRVA9h8fpil5vTKL%2F50ECpnGCrjHITKqL0n5Vp5VvFdHoQiEkEo6o16JBgPG43QZRELfd5qMWR2zPzf7T8AAAD%2F%2FwEAAP%2F%2FQ%2F%2FFrocEAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 dictatepantry.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidTXJBcACUC0IFHzgAIs6u1%2Fba9FARQqqI0FQtCG5odmbWGTK7s5rZ9TpGSFEroR6d%2F2DznDQCogokTkhUyKnEIRKo5pQD4ccfwAWp1yK7EYbv8r237x3evm8%2B38%2FPiYucnq2%2Bp%2FtSKbrcqLqVVz%2FyvMuVDZnkvUqv1fy4Wb9cMd03282q%2B1rlqmDbernmeq7ruV5lTRoR6d7yRIRMj9tete1W67Wq16ijZ%2F7Pbe7AUge8e06eh%2BTjhQfOIiQbIYm%2FXhV2O9PpG%2B%2FEuaKZNujyow%2BS7UQXCeIZjIyDKDm6cEPbh2v3oZPDaVzo7r%2FGUI6J8%2BN9hMnRRUiE3YNpzlBBJAj50yi6Iwg1gqQjMH0bkj8kAOO4tokkvntNm4LuPFHpRB2ThUd%2FQxZjsvDrIpL43oqSvcpNrfJM6sSiF5WQvRFkZ4Q0P0HWn4MsTsCyW5D8J7L8aANJfLBplYbkZ6%2F4rhcI1qgvNWttf6nOA7ZEG9Rb4pz6ge83vUboTguScgQZjaDEANTOI7cOcukgjxzkqYOYn1WY53mByxl1W23GfB6IsMldjwaRRz232ULOJv8wQJYOwNQAzOwiNbvYlntjQm4dwOQ%2FwG6VsNyBzQi6vEQhCApLUFCCQhIUGUHRLQ%2B5sjVb3uXK5qF3sWsX2y%2BHOuvs00OddURC9tNz8ty0vb%2Be%2BQ7b4qxCa1G77UaeWw%2BabtNjgdfmHvMo9WlNMF6DlSWknQO1DvpyTBZf%2FBPp5KKfPUZIT2DVCZh8FjS%2FBFoMg5oLujWst1z0k%2BNeRJOM9neqTMfgukSaLSDbcfbVOXlhmqO1%2FjIEO73ybf%2BPq%2FcWPwUzJVJT4hP5gKCj7gxv6IIc3NCFJd9sppmMZZ9OLnwzo5mY%2F%2FJdsVNow9dX7eCLt9hEmMDj94XNNmjCZdKx5KsVybkwa9owQb5ftx%2BK8Hput1Zyk%2BTpxvW319bj1AhrpU5GoHJMyN5vYHJMnno8N328l35%2BHdKMYPIScX5KLgZSn4Clu7DpLL%2FV8zBq5glTB0VeDk0tnH1UkkCJGadhCfsfHs7wvr2DjnkJNLuNJC7RNSW6qgRVA9h8fpil5vTKL%2F50ECpnGCrjHITKqL0n5Vp5VvFdHoQiEkEo6o16JBgPG43QZRELfd5qMWR2zPzf7T8AAAD%2F%2FwEAAP%2F%2FQ%2F%2FFrocEAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidTXJBcACUC0IFHzgAIs6u1%2Fba9FARQqqI0FQtCG5odmbWGTK7s5rZ9TpGSFEroR6d%2F2DznDQCogokTkhUyKnEIRKo5pQD4ccfwAWp1yK7EYbv8r237x3evm8%2B38%2FPiYucnq2%2Bp%2FtSKbrcqLqVVz%2FyvMuVDZnkvUqv1fy4Wb9cMd03282q%2B1rlqmDbernmeq7ruV5lTRoR6d7yRIRMj9tete1W67Wq16ijZ%2F7Pbe7AUge8e06eh%2BTjhQfOIiQbIYm%2FXhV2O9PpG%2B%2FEuaKZNujyow%2BS7UQXCeIZjIyDKDm6cEPbh2v3oZPDaVzo7r%2FGUI6J8%2BN9hMnRRUiE3YNpzlBBJAj50yi6Iwg1gqQjMH0bkj8kAOO4tokkvntNm4LuPFHpRB2ThUd%2FQxZjsvDrIpL43oqSvcpNrfJM6sSiF5WQvRFkZ4Q0P0HWn4MsTsCyW5D8J7L8aANJfLBplYbkZ6%2F4rhcI1qgvNWttf6nOA7ZEG9Rb4pz6ge83vUboTguScgQZjaDEANTOI7cOcukgjxzkqYOYn1WY53mByxl1W23GfB6IsMldjwaRRz232ULOJv8wQJYOwNQAzOwiNbvYlntjQm4dwOQ%2FwG6VsNyBzQi6vEQhCApLUFCCQhIUGUHRLQ%2B5sjVb3uXK5qF3sWsX2y%2BHOuvs00OddURC9tNz8ty0vb%2Be%2BQ7b4qxCa1G77UaeWw%2BabtNjgdfmHvMo9WlNMF6DlSWknQO1DvpyTBZf%2FBPp5KKfPUZIT2DVCZh8FjS%2FBFoMg5oLujWst1z0k%2BNeRJOM9neqTMfgukSaLSDbcfbVOXlhmqO1%2FjIEO73ybf%2BPq%2FcWPwUzJVJT4hP5gKCj7gxv6IIc3NCFJd9sppmMZZ9OLnwzo5mY%2F%2FJdsVNow9dX7eCLt9hEmMDj94XNNmjCZdKx5KsVybkwa9owQb5ftx%2BK8Hput1Zyk%2BTpxvW319bj1AhrpU5GoHJMyN5vYHJMnno8N328l35%2BHdKMYPIScX5KLgZSn4Clu7DpLL%2FV8zBq5glTB0VeDk0tnH1UkkCJGadhCfsfHs7wvr2DjnkJNLuNJC7RNSW6qgRVA9h8fpil5vTKL%2F50ECpnGCrjHITKqL0n5Vp5VvFdHoQiEkEo6o16JBgPG43QZRELfd5qMWR2zPzf7T8AAAD%2F%2FwEAAP%2F%2FQ%2F%2FFrocEAAA%3D HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=3017ec54-6293-4d7c-a5a1-dda3733615b0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688735]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:49:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3a1ba55eb8ce9f04d84621f6e280147
Strict-Transport-Security: max-age=0; includeSubdomains
dictatepantry.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 dictatepantry.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=3017ec54-6293-4d7c-a5a1-dda3733615b0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688735]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:49:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash f8826519fae90d681854a581b06615c2
d2c22fa085aae20ff7d563cc44f9d44f898614cc
b0971fe17ce963c7a8aa3b18ac0f61b60ebfb12316dd01c12804e61cbce3f7e3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:40 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 08:27:05 GMT
Expires: Tue, 04 Oct 2022 08:27:04 GMT
Etag: "d2c22fa085aae20ff7d563cc44f9d44f898614cc"
Cache-Control: max-age=527243,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a327acd15b4e8-OSL
poweredby.jads.co/js/jads.js
185.94.236.253301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.236.253:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 28 Sep 2022 05:49:40 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 061c104da310316018034ea438ff3472
957a1a074a0b4997456fd1dfaf46fba592be5713
9d73939fba3149ff3da99ca69a8c5fe0f09c144fe39200a5c0725c6df4d429ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9D73939FBA3149FF3DA99CA69A8C5FE0F09C144FE39200A5C0725C6DF4D429AC"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14398
Expires: Wed, 28 Sep 2022 09:49:39 GMT
Date: Wed, 28 Sep 2022 05:49:41 GMT
Connection: keep-alive
a.medfoodsafety.com/i?tid=f9df5fd7-5d7c-44e4-ae9f-b355a60f8001&cf=affdcddah0
172.64.138.21200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=f9df5fd7-5d7c-44e4-ae9f-b355a60f8001&cf=affdcddah0
IP 172.64.138.21:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=f9df5fd7-5d7c-44e4-ae9f-b355a60f8001&cf=affdcddah0 HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dM7f1uBhaA7ynVmYk6j6YkvLwXt74EhScIwqcp6Dr6TjoZn6QRgyb6bJ0GtSRpO8VvHYmcLH%2BvNzieixtcWJ4SDiJzClcQX0ntk2W%2F3XOfVn1eJ65PbJh0AOwiV%2FEGLLwmkqhJ0B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a327b1c17889d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4787912?r=57294
172.64.105.34200 OK 3.8 kB URL HTTP/2 a.bestcontentfood.top/warp/4787912?r=57294
IP 172.64.105.34:0
File type ASCII text, with very long lines (4178), with no line terminators
Hash 106ecc12254b9913c3a9ecf3e899dbcb
78f06b95e1b794aa7dd205fe10f2d3a05c3cf10a
b54ec5ccfcb7c8e8f5c4bd2caddc616723f91a19cb65c09af6e4bafd38a3813f
Analyzer Verdict Alert fortinet Phishing
GET /warp/4787912?r=57294 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4FtJQdL8NJtdc2gvOKVNcYOaZIepA2jQgM7M9BND%2FbWD%2F%2B7DKh%2BXyY1nsjlfL%2FVg9rIU4iMZe2oh47bbQekDqIsZPr71X4KbZnI3yd2bnpVYJH7WSgaGsll8zJBdqrzm1Aepu0K52uA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3278bc5175e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.medfoodsafety.com/i?tid=f3586d42-c4e6-4d44-a54e-2ac4e1e73a85&cf=affdcddah0
172.64.138.21200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=f3586d42-c4e6-4d44-a54e-2ac4e1e73a85&cf=affdcddah0
IP 172.64.138.21:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=f3586d42-c4e6-4d44-a54e-2ac4e1e73a85&cf=affdcddah0 HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4788749&v=2&t=30&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RweHbtiyTab3XUWpCwMaThvz5a97IGKfqVd1N1zKcZgevSoQmvzUC9Rz9t2ywN4EsDbcccgvgvkJM%2FfDqhC4%2B5MVUnUMknCUnilde%2F5fxDXSkmZouN8EOP3NJVsrt%2F%2FKu3CiUCn4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a327b3c31889d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thachuchopy.com/cvHwV.zxa-GzlAtBZCz_9EhFZGEHl-kJPKTLQM0_OODPAQzRM-iTZUjVdWD_0YmZZanbB-2dPeTfggw_MiDjAkmlZ-nnJo2pPqT_EswtMuDvA-wxJymzlAt_ZCzD1EoFd-HHRIwJcKy_UMzNQOSPU-yRRSiTUUy_RWjXEYwZO-TbQc1dLeT_Iguhciyj5-jlZmGn4ox_NqSr5sjtb-2v0wlxMyk_ZAjBcCmDV-hFdGGHlI2_ZKXLMMlNM-kPYQxRNSz_EUzVNWTXc-lZMakbYcy_MeTfYgxhM-TjMkllMmk_Yo0pNqDrg-wtMuzvJwf_NyDzVAhBN-zDgEuFcGG_5InJJKnLB-hNeOTP0Q4_MSDTAUwVJ-nXBYhZeaW_9c1ddeFfB-lhcikjNks_amWnNorpP-TrAsmtcum_Vw2xPyTzE-wBMCDDAEw_JGnHNIzJP-TLUMmNcO3_QQ9RMSSTZ-6VbW2X5Yl_SaWbQc9dN-DfQg2hNiD_kk2lMmgn
88.85.94.245302 Found 0 B URL HTTP/2 thachuchopy.com/cvHwV.zxa-GzlAtBZCz_9EhFZGEHl-kJPKTLQM0_OODPAQzRM-iTZUjVdWD_0YmZZanbB-2dPeTfggw_MiDjAkmlZ-nnJo2pPqT_EswtMuDvA-wxJymzlAt_ZCzD1EoFd-HHRIwJcKy_UMzNQOSPU-yRRSiTUUy_RWjXEYwZO-TbQc1dLeT_Iguhciyj5-jlZmGn4ox_NqSr5sjtb-2v0wlxMyk_ZAjBcCmDV-hFdGGHlI2_ZKXLMMlNM-kPYQxRNSz_EUzVNWTXc-lZMakbYcy_MeTfYgxhM-TjMkllMmk_Yo0pNqDrg-wtMuzvJwf_NyDzVAhBN-zDgEuFcGG_5InJJKnLB-hNeOTP0Q4_MSDTAUwVJ-nXBYhZeaW_9c1ddeFfB-lhcikjNks_amWnNorpP-TrAsmtcum_Vw2xPyTzE-wBMCDDAEw_JGnHNIzJP-TLUMmNcO3_QQ9RMSSTZ-6VbW2X5Yl_SaWbQc9dN-DfQg2hNiD_kk2lMmgn
IP 88.85.94.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cvHwV.zxa-GzlAtBZCz_9EhFZGEHl-kJPKTLQM0_OODPAQzRM-iTZUjVdWD_0YmZZanbB-2dPeTfggw_MiDjAkmlZ-nnJo2pPqT_EswtMuDvA-wxJymzlAt_ZCzD1EoFd-HHRIwJcKy_UMzNQOSPU-yRRSiTUUy_RWjXEYwZO-TbQc1dLeT_Iguhciyj5-jlZmGn4ox_NqSr5sjtb-2v0wlxMyk_ZAjBcCmDV-hFdGGHlI2_ZKXLMMlNM-kPYQxRNSz_EUzVNWTXc-lZMakbYcy_MeTfYgxhM-TjMkllMmk_Yo0pNqDrg-wtMuzvJwf_NyDzVAhBN-zDgEuFcGG_5InJJKnLB-hNeOTP0Q4_MSDTAUwVJ-nXBYhZeaW_9c1ddeFfB-lhcikjNks_amWnNorpP-TrAsmtcum_Vw2xPyTzE-wBMCDDAEw_JGnHNIzJP-TLUMmNcO3_QQ9RMSSTZ-6VbW2X5Yl_SaWbQc9dN-DfQg2hNiD_kk2lMmgn HTTP/1.1
Host: thachuchopy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 28 Sep 2022 05:49:41 GMT
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
location: https://10945-2.s.cdn15.com/creatives/171357/216113/448032_45a78.png
x-content-type-options: nosniff
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true
172.64.138.21200 OK 17 kB URL HTTP/2 a.medfoodsafety.com/loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true
IP 172.64.138.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5aacc95aac2fabcbd54db2c8bd966a32
55b303be3d3e046dd2834c3f401797ea7bd3ff4a
1e6cfb127abf508d06a08ad18bd74177481f436066ad106e338354b9f1b9a78d
GET /loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zPfEfyqTugsP9hnuVIQu9W4hQ8%2Bb7yhS1b1m5T5peSXLcEPXe6KapyBKuWJ8%2FWn79e24oLnnWWQlVd6A%2B%2F6gt%2F2G8VkPPpCC5iCQT4krlzy%2Bgm0hY%2BYLcO6cxD1yo6eK50ved1%2Bx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a327a3b0d889d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash f8826519fae90d681854a581b06615c2
d2c22fa085aae20ff7d563cc44f9d44f898614cc
b0971fe17ce963c7a8aa3b18ac0f61b60ebfb12316dd01c12804e61cbce3f7e3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:41 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 08:27:05 GMT
Expires: Tue, 04 Oct 2022 08:27:04 GMT
Etag: "d2c22fa085aae20ff7d563cc44f9d44f898614cc"
Cache-Control: max-age=527242,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a327adbddb52d-OSL
a.bestcontentfood.top/warp/4788750?r=40979
172.64.105.34200 OK 2.4 kB URL HTTP/2 a.bestcontentfood.top/warp/4788750?r=40979
IP 172.64.105.34:0
File type ASCII text, with very long lines (4179), with no line terminators
Hash 8cadc24280a5411e1bc603fc33ee8d61
6f221a58d3142a3554e28fa2a7c6f424533a8ac0
5cb3ed10981f401dbe77a28837080950d319e749cca6c6884e57af75e72ebb65
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788750?r=40979 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=57T1bHL56ub5XAAbxhOp38YA0pRftbWl%2BHyGsdqW2Kj4DAZdDXr%2FiNByranQMXVFwplPCdBvmApXNtJsp9UihsshG44PLHWf43zxmXgsytl9WvnilqYLTk3ToIR9%2BJGvkaqej3FoXOU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a32788c1e75e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b56134771794748d7d8788b4f4e677c2
104d818d4b9ef1f1bd8e96c860766d021fc628f5
da1ae9892ad3e3453af5b255d0c5a3cd145f45e1444a1406cbbb5e663959c2b3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA1AE9892AD3E3453AF5B255D0C5A3CD145F45E1444A1406CBBB5E663959C2B3"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21014
Expires: Wed, 28 Sep 2022 11:39:55 GMT
Date: Wed, 28 Sep 2022 05:49:41 GMT
Connection: keep-alive
a.medfoodsafety.com/i?tid=6f36d1e6-e0c4-47d0-a745-0f6f77728ac9&cf=affdcddah0
172.64.138.21200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=6f36d1e6-e0c4-47d0-a745-0f6f77728ac9&cf=affdcddah0
IP 172.64.138.21:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=6f36d1e6-e0c4-47d0-a745-0f6f77728ac9&cf=affdcddah0 HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXmB2N13tRh0wzmZMonrp7343IOD7wpxlbf%2BPfSp2jJdyVAqhfS9L3RK7bStKi0HOi0JRTt7VD0CyHSVBgqePllAAWT8kn26oxiGGl5E0Ztv0w7Y2KglVygoX0hWc8XkNV6PqdMw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a327b5c56889d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b56134771794748d7d8788b4f4e677c2
104d818d4b9ef1f1bd8e96c860766d021fc628f5
da1ae9892ad3e3453af5b255d0c5a3cd145f45e1444a1406cbbb5e663959c2b3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA1AE9892AD3E3453AF5B255D0C5A3CD145F45E1444A1406CBBB5E663959C2B3"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21014
Expires: Wed, 28 Sep 2022 11:39:55 GMT
Date: Wed, 28 Sep 2022 05:49:41 GMT
Connection: keep-alive
xfantazy.com/static/logo-tv-light.svg
104.26.1.188200 OK 1.8 kB URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 104.26.1.188:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1395)
Hash 7704231fb5dbeee788c2ea873cd7446a
c3e572ddda995922c8ed667f584e6980a2d975c3
d0c102499c337c70f931c350f9e92283f113f2bbbeaa4b45e9d143192540ce9b
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Sun, 18 Sep 2022 10:07:55 GMT
etag: W/"101b-18350119cac"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OHNfcUvKUqo9wNAKU90OEW9kvFcyc7T4swJcHwwynaGLRVaSBu3T%2F1CGwM8Ux6nKCBPPblA4tzhqm%2BrP7moGmZ0GGMeN9Vdp6uKSI7OJfcQ6ulA8bN0ERKtiN%2FpB8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261eae7b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9f3a3a4917e04be315609e439bde888f
a00db137814e6505f4b93b0f62acda17fcb77584
918bed1e201f5a597d7be79297b3b50fed2b37fec068f29072ad64f8bf96bc05
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "918BED1E201F5A597D7BE79297B3B50FED2B37FEC068F29072AD64F8BF96BC05"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17891
Expires: Wed, 28 Sep 2022 10:47:52 GMT
Date: Wed, 28 Sep 2022 05:49:41 GMT
Connection: keep-alive
10945-2.s.cdn15.com/creatives/171357/216113/448032_45a78.png
67.216.91.5200 OK 9.4 kB URL HTTP/2 10945-2.s.cdn15.com/creatives/171357/216113/448032_45a78.png
IP 67.216.91.5:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 03cfef95b159bac03fd92ca6864284e6
709a5eba38c15a0fb2c9fff295021019877df5c5
53e0793d137cd5a3896a1ca0126b5548b9d67053eb8a8b8feeb5c501beb045aa
GET /creatives/171357/216113/448032_45a78.png HTTP/1.1
Host: 10945-2.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: image/png
content-length: 9418
last-modified: Tue, 27 Sep 2022 12:35:41 GMT
etag: "03cfef95b159bac03fd92ca6864284e6"
x-timestamp: 1664282140.63901
x-trans-id: tx110c496f138d4f98aec28-006332ee22
x-openstack-request-id: tx110c496f138d4f98aec28-006332ee22
expires: Thu, 09 Mar 2023 20:20:57 GMT
cache-control: max-age=14049076
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsqzmAdmqk/B6ooG0EIWoxnf5jngzO4v15H/4XOXMHf5kBdesHq2ojvvXowTQOwGQ5U=
x-served-from: l1
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 168, 20941
accept-ranges: bytes
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=3017ec54-6293-4d7c-a5a1-dda3733615b0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3017ec54-6293-4d7c-a5a1-dda3733615b0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3017ec54-6293-4d7c-a5a1-dda3733615b0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 28 Sep 2022 05:49:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: edacb56ccb8d75b2f21fc7b18be7da2c
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=3017ec54-6293-4d7c-a5a1-dda3733615b0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3017ec54-6293-4d7c-a5a1-dda3733615b0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3017ec54-6293-4d7c-a5a1-dda3733615b0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 28 Sep 2022 05:49:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b6018194a62da2ae070a17ece5e892c1
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5538c258499a0590ee0bdc27d5a13bfa
a4dbb003407fbac4d3626a417bc341653f09edd1
cf3777a80672dc672ac692db8680594999787123071a04d9c5f80db9b9d13956
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF3777A80672DC672AC692DB8680594999787123071A04D9C5F80DB9B9D13956"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1839
Expires: Wed, 28 Sep 2022 06:20:20 GMT
Date: Wed, 28 Sep 2022 05:49:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1fe78c86fa5316cff5b32b065e79210a
b314893db78f02b4fc7152ddb23a8c540c0be3b4
68381679e3fe402a4d8a71642ee706101e2c2bcd674e45c93022c41e730ca1cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68381679E3FE402A4D8A71642EE706101E2C2BCD674E45C93022C41E730CA1CD"
Last-Modified: Tue, 27 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3707
Expires: Wed, 28 Sep 2022 06:51:28 GMT
Date: Wed, 28 Sep 2022 05:49:41 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 3356dc06f6b32344742c535d3223c902
c333a0f12bd5c8e24125e52e92c0e1d9b91ef95c
1ce67b4ccefb7e5f3d729c9fa71b5e147cf0c052f505b9bef7aa3b564a1b4d19
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:41 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 25 Sep 2022 14:40:10 GMT
Expires: Sun, 02 Oct 2022 14:40:09 GMT
Etag: "c333a0f12bd5c8e24125e52e92c0e1d9b91ef95c"
Cache-Control: max-age=376827,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a327ebeffb511-OSL
chaturbate.com/tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
104.18.101.40200 OK 15 kB URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
IP 104.18.101.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (31162)
Hash 0eba0bb5ced21a599275aa6a19067e50
0bf96ab0109f7676274a5d0153cc1186da6cfa14
8a5f68a54779005b0f46706ca40e971d0400588942368782d6c0e7b79e0b0622
GET /tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://camschat.net/
Connection: keep-alive
Cookie: __cf_bm=ntKvY0EzwExwGOQKZCxQGGNiSk.NXEkQCOOOYsxARPA-1664344181-0-AXUAO4pilBjqUdUCYaHi1sx16AezGK2KD2ehEZ+Z8MOeTd5yy94h4yprsMg9Y9PZ43I4uZ7FEXPxMU7LRm/C92I=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
set-cookie: stcki="pOtSwZ=0\054FqPd9a=1\0546pduSG=0\054aDBbcK=0"; expires=Fri, 28-Oct-2022 05:49:41 GMT; Max-Age=2592000; Path=/
affkey="eJyrVipSslJQyigpKSi20tdPTswtTs5ILNHLSy3RV6oFAJUzCgA="; Domain=.chaturbate.com; expires=Fri, 28-Oct-2022 05:49:41 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr996c0dbf-38f6-4897-b22d-ab340d641a4e:1odPwz:rSYkpYcT2WD6ve4C-kt5BTMIefg; Domain=.chaturbate.com; expires=Mon, 23-Jun-2025 05:49:41 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 751a327eebdfb524-OSL
content-encoding: br
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/kaileeshy.jpg?1664344170
104.19.242.83200 OK 12 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/kaileeshy.jpg?1664344170
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash f826172ed51a3523ff3d9af7fcaa8cfe
98bbcac55265f7652dea755408115c0310653af4
54077d4f9e09ad0cc942346852eb73805d1776f51061f587647fa40602a68736
GET /riw/kaileeshy.jpg?1664344170 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: image/jpeg
content-length: 12136
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=12146
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 29
last-modified: Wed, 28 Sep 2022 05:49:12 GMT
expires: Wed, 28 Sep 2022 05:50:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uVVZyn2%2B8cvFg9UNGViF%2Byr4ghcAhe5Lc0Gb%2BFegQoZ8kPwMq4Y45R5AQ8oFpTJIN29Qn71f5cAW4rXSYNiUO%2FcBLWmj%2FD5csBeBw8Nhc48qPCaJSdg8jpQg3Kk4e80ogMjLt2BRMQqjTdvrzRDuFzg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=5Ja2TGVHh_R7DtaeS26GPq9k0m.JvMpmasM8NG45fMw-1664344181905-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 751a3280cf6fb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cachew.camsoda.com/assets/img/camsoda-logo-160x50.png
64.210.135.116200 OK 4.5 kB URL HTTP/2 cachew.camsoda.com/assets/img/camsoda-logo-160x50.png
IP 64.210.135.116:0
File type PNG image data, 160 x 50, 8-bit colormap, non-interlaced\012- data
Hash a26f6cb889250cca822d07ed1fa17020
20b51a9dbe0928016d917e71b809c4f01a13d16f
fb6f54664e2adec6f304d47e544629a3ae46b0fdeb9ac1daab247f817ef2be13
GET /assets/img/camsoda-logo-160x50.png HTTP/1.1
Host: cachew.camsoda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promos.camsoda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: image/png
content-length: 4520
last-modified: Mon, 02 May 2022 15:02:15 GMT
etag: "626ff277-11a8"
expires: Sun, 22 May 2022 14:47:25 GMT
access-control-allow-origin: *
cache-control: max-age=1296000, public, no-transform
accept-ranges: bytes
x-cdn-diag: ams5-7619-3-62171-h-0-0---;6140-22-47157----0-0-0
X-Firefox-Spdy: h2
secure.vs3.com/_special/banners/LiveWebCams.php?cta=gtr&style=450x250-categories-0001&mp_code=dc16m&service=girls&language=en&use_promo=0&model_id=&bgcolor=FFFFFF&txtcolor=000000&linkcolor=000000&num_models=50&sitekey=whitelabel&whitelabel_domain=chatwithwebcams.com&target=_blank&btncolor=000099&btntxtcolor=FFFFFF&accentcolor=FFFF66
204.8.234.211200 OK 2.6 kB URL HTTP/2 secure.vs3.com/_special/banners/LiveWebCams.php?cta=gtr&style=450x250-categories-0001&mp_code=dc16m&service=girls&language=en&use_promo=0&model_id=&bgcolor=FFFFFF&txtcolor=000000&linkcolor=000000&num_models=50&sitekey=whitelabel&whitelabel_domain=chatwithwebcams.com&target=_blank&btncolor=000099&btntxtcolor=FFFFFF&accentcolor=FFFF66
IP 204.8.234.211:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (867), with CRLF, CR, LF line terminators
Hash 83bd795c2d1974e126fa4e924c0fc70c
7bc850ed66a6fa2c0395cafd5adc03e47aa2eba7
7331e47656f298f98f402047af22627b9de78fe8e6aeb3f7d49e158595fbe51a
GET /_special/banners/LiveWebCams.php?cta=gtr&style=450x250-categories-0001&mp_code=dc16m&service=girls&language=en&use_promo=0&model_id=&bgcolor=FFFFFF&txtcolor=000000&linkcolor=000000&num_models=50&sitekey=whitelabel&whitelabel_domain=chatwithwebcams.com&target=_blank&btncolor=000099&btntxtcolor=FFFFFF&accentcolor=FFFF66 HTTP/1.1
Host: secure.vs3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nnteens.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, max-age=2592000, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
expires: Fri, 28 Oct 2022 05:49:41 GMT
access-control-allow-origin: *
content-length: 2636
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 31 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
Hash bcdf35ea9d1369c5b3a9edf80f8749c2
5ef7b37e6669eaf3e0aa06b50cb2421ded9cde53
0e5563764a206f55df4c1bd1b70866ab37d3eb53972dcb693aabe5012a44f764
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 28 Sep 2022 05:49:42 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 39
x-timer: S1664344182.032986,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=969388
185.94.236.253200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=969388
IP 185.94.236.253:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (401), with CRLF, LF line terminators
Hash 0301975ed3389e704497dd2d52d7753e
2bf61864782c04bd9e41985e3c0b1e2a6110cccf
d6136b87e9d18ebfa4fcfc7c110d83ec13f5f89759227d1ddc8cae2081a7475a
GET /adshow.php?adzone=969388 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 05:49:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=fa4099da578164d7ac8b861411667511; expires=Thu, 28-Sep-2023 05:49:41 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Thu, 29-Sep-2022 05:49:41 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY5NDI7aToxNjY0NjAzMzgxO30%3D; expires=Sat, 01-Oct-2022 05:49:41 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 01-Oct-2022 05:49:41 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.93.42200 OK 666 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.93.42:0
File type ASCII text, with very long lines (316), with no line terminators
Hash 25b7f1278eed441b7fd34ffc11667056
2b819d6bf754aee1ed9fc68dc3ff26fa2f53834b
0f8151368d1aae47d439bbb9cd11c9f69c058ca8656e251b62f09a5595bc9392
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 894140
expires: Fri, 28 Oct 2022 05:49:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nGRApjst9wKS0MXpX9RpoDSLWCz20Bf%2FZQPCrBMB%2BDaLDPw%2F9IgsJoeWLIDtd7uHoczU3z0eWpB7%2BGLrr3bkKrSInbqgRAuCtYzImOaphadf6NyPL59%2BXl7VIQNHs6LKsXEIiL7wY9H76C4K2MiRrg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=l8fgy3kB3f_V1QAS9Moy_5H.oIrBt2u_U6F8GDAqLjI-1664344181894-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 751a3280c8c1b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
216.127.52.241200 3.0 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
IP 216.127.52.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3ff2ee8df972c74a9b0bf80e4892c0eb
bedac8463156f2ce1b75bd0f711ce4f77f631778
46f27864e0cbabe6188c45298ce083cca1091a7eae3a178fb4a16272a59eb16b
GET /as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Wed, 28 Sep 2022 05:49:42 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11664344182937_0_5106_4398=0001000; expires=Fri, 28-Oct-2022 05:49:42 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=5428-1664344182; expires=Sat, 25-Sep-2032 05:49:42 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e72c84829a3afd77e87f0c2d8542e9ec
13f0311ff3ab4a84b8ef635db64ce79e745681b9
b04417c1d4801389cc81d3e91d02c657aadf16171dc9e09b7b74c06d2ebf9945
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B04417C1D4801389CC81D3E91D02C657AADF16171DC9E09B7B74C06D2EBF9945"
Last-Modified: Mon, 26 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6525
Expires: Wed, 28 Sep 2022 07:38:27 GMT
Date: Wed, 28 Sep 2022 05:49:42 GMT
Connection: keep-alive
pt-static1.ptlwmstc.com/npe/_common/script/adblock/advertisement-v268837.js
93.93.51.200200 OK 21 B URL HTTP/2 pt-static1.ptlwmstc.com/npe/_common/script/adblock/advertisement-v268837.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with no line terminators
Hash 01c6e7ecb819ef28b0c9b962513a1596
1a49f493db7b91ed34a7040d36732352b9a5dc39
e97a9988dce8067f81f57557b349dd481e0335e75175179b6b01322be2ff13a5
GET /npe/_common/script/adblock/advertisement-v268837.js HTTP/1.1
Host: pt-static1.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:42 GMT
content-type: application/javascript
content-length: 21
last-modified: Tue, 27 Sep 2022 10:46:11 GMT
etag: "6332d473-15"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
xvt.vscdns.com/assets/js/utils/promise-polyfill.js
178.79.212.177200 OK 1.1 kB URL HTTP/2 xvt.vscdns.com/assets/js/utils/promise-polyfill.js
IP 178.79.212.177:0
File type ASCII text, with very long lines (3065), with no line terminators
Hash ab4acc8f38cda8f6fe82cdf1b04af0da
06b0a68ed44fbc0494d8e47c2f17e027afd20a3e
1b94506542cc62c485d70fde21e6d79135584881afb5382ea82b49300d68da76
GET /assets/js/utils/promise-polyfill.js HTTP/1.1
Host: xvt.vscdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.vs3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-type: application/javascript
x-llid: f2466c197db7027eff607cbc9737e24d
age: 4260357
date: Wed, 28 Sep 2022 05:49:42 GMT
last-modified: Fri, 13 Apr 2018 20:54:26 GMT
expires: Wed, 09 Aug 2023 22:23:45 GMT
content-length: 1146
X-Firefox-Spdy: h2
xvt.vscdns.com/assets/js/lib/hls_js/hls.js-0.13.1/hls.min.js
178.79.212.177200 OK 70 kB URL HTTP/2 xvt.vscdns.com/assets/js/lib/hls_js/hls.js-0.13.1/hls.min.js
IP 178.79.212.177:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 50ed3bf95c39807ab9c6ca2dd6567d99
b91bc020e738eed834b92b031c068c685bc33549
946ca2676b940ffc76eb614260d032f0c41a5f577e697a23c3d3ff34b1a889b8
GET /assets/js/lib/hls_js/hls.js-0.13.1/hls.min.js HTTP/1.1
Host: xvt.vscdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.vs3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-type: application/javascript
x-llid: a799b6f86f5eac1646b6d223451e181b
age: 4260356
date: Wed, 28 Sep 2022 05:49:42 GMT
last-modified: Mon, 03 Feb 2020 17:24:34 GMT
expires: Wed, 09 Aug 2023 22:23:46 GMT
content-length: 69573
X-Firefox-Spdy: h2
xvt.vscdns.com/assets/js/utils/ajax.js
178.79.212.177200 OK 2.3 kB URL HTTP/2 xvt.vscdns.com/assets/js/utils/ajax.js
IP 178.79.212.177:0
Hash 88204c0d3765c7b0eda262d148b7d703
58fcc028b41fe00f7acabf3d0471585eb94e1f5d
b21e9b97709c1496852365c3de23a3bd0df2b1a4367fe6d4b4b66a8bfa6994b4
GET /assets/js/utils/ajax.js HTTP/1.1
Host: xvt.vscdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.vs3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-type: application/javascript
x-llid: 6e309f0ebc098527660522fece24659b
age: 4260356
date: Wed, 28 Sep 2022 05:49:42 GMT
last-modified: Fri, 19 Jun 2020 21:45:59 GMT
expires: Wed, 09 Aug 2023 22:23:46 GMT
content-length: 2290
X-Firefox-Spdy: h2
xvt.vscdns.com/assets/js/utils/fetch-polyfill.js
178.79.212.177200 OK 3.5 kB URL HTTP/2 xvt.vscdns.com/assets/js/utils/fetch-polyfill.js
IP 178.79.212.177:0
Hash f22de6ebe7b698965f2b73f0709e9c6b
8a7224a2cc984b7d8dd7c520ddd337af85be23ee
abba8a3d2369c72cadaa613d1f64ab28fe26fccc673fef527d3de4886cc0e2a6
GET /assets/js/utils/fetch-polyfill.js HTTP/1.1
Host: xvt.vscdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.vs3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-type: application/javascript
x-llid: 17950f2e158e2de317e65dc0a75329c3
age: 4260357
date: Wed, 28 Sep 2022 05:49:42 GMT
last-modified: Fri, 13 Apr 2018 22:18:51 GMT
expires: Wed, 09 Aug 2023 22:23:45 GMT
content-length: 3463
X-Firefox-Spdy: h2
xvt.vscdns.com/assets/min/js/XVHoverAutoplay_2020_04_29_01.js
178.79.212.177200 OK 3.9 kB URL HTTP/2 xvt.vscdns.com/assets/min/js/XVHoverAutoplay_2020_04_29_01.js
IP 178.79.212.177:0
Hash 62f6172bebbdf740f0765098b3f347da
c8dc3fdf7d9a85dc74f69ddb61dbbfd849e3b649
2a2c1d0225d0b8dc2b1879ea3c5b3055434ea34cbd074505b6d8a38a50d5b4e6
GET /assets/min/js/XVHoverAutoplay_2020_04_29_01.js HTTP/1.1
Host: xvt.vscdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.vs3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-type: application/javascript
x-llid: 205eec8cfe2b83d127b2f4033b14009e
age: 4260356
date: Wed, 28 Sep 2022 05:49:42 GMT
last-modified: Wed, 29 Apr 2020 16:09:48 GMT
expires: Wed, 09 Aug 2023 22:23:46 GMT
content-length: 1641
X-Firefox-Spdy: h2
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
216.127.52.241200 4.9 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
IP 216.127.52.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (629)
Hash 3310362b792c6afaa3454adde1e888c4
0519fdd4dc2f842ad7bd270766f385ac0c6468e1
c4bed721b39a427f2066caab3ee2b553e166fc05fde977407ea2eb110398ab99
GET /as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Wed, 28 Sep 2022 05:49:42 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11664344182937_0_5104_5671=0001000; expires=Fri, 28-Oct-2022 05:49:42 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=9654-1664344182; expires=Sat, 25-Sep-2032 05:49:42 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
static-assets.highwebmedia.com/CACHE/css/output.5c1e955e3832.css
104.16.93.42200 OK 123 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.5c1e955e3832.css
IP 104.16.93.42:0
File type ASCII text, with very long lines (52985), with no line terminators
Size 123 kB (122879 bytes)
Hash daa1746e15ba97254420d9f7919bddc9
ea66d52c31cdd76d285526bcf0ec1330bd86edec
d385aa488330b5730b213abdc1bce38257c885ca5f6b2b62948ee7f6df894231
GET /CACHE/css/output.5c1e955e3832.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=63849
etag: W/"03c072147fa475d9bd57bcc9b73d3260"
last-modified: Thu, 22 Sep 2022 16:22:00 GMT
x-amz-id-2: src6WemkBrmxeGDZVP+4ipre01PPVsPb7jxfzfVQ0ssDy7l2IzQ439zT3Wf7YWS5u4ixFo+mPb4=
x-amz-meta-s3cmd-attrs: md5:03c072147fa475d9bd57bcc9b73d3260
x-amz-request-id: 12Q62S61BDK4RBY8
cf-cache-status: HIT
age: 480281
expires: Fri, 28 Oct 2022 05:49:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cIx%2BgMlf%2FhmhG8Ahe3gc6WXRKWtRm%2FUrRbGUQ9a4owAi%2F1TpakHb8GOmjoJPDbw0Ppe2KfSP3rxd5%2Fpa7Dp76mplJQBeFrLrC7ghBzS27ysO%2Fb%2BPh7B8qcxuLsg0adr9f8ZeS45ImsghfTsfLHvlkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=JWRbhyzJ_wpaEbfoh9NpjQhR64ANafZ6pq8U4Zmbhvc-1664344181896-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 751a3280c8beb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=697&ck=1&ref=https://chaturbate.com/tours/3/&ap=26&be=475&fe=625&dc=577&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664344178988,%22n%22:0,%22r%22:0,%22re%22:213,%22f%22:213,%22dn%22:213,%22dne%22:213,%22c%22:213,%22s%22:213,%22ce%22:213,%22rq%22:216,%22rp%22:406,%22rpe%22:409,%22dl%22:462,%22di%22:572,%22ds%22:577,%22de%22:586,%22dc%22:624,%22l%22:624,%22le%22:625%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFMIVAoDVlRcAwYFBlZUDRh2Yi0TFUMhJTshCU0XAwdYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwBYVABUBwRfGAoJBwcUVVpaU04ECwddHABTClVSB1JXV1gBXBNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgVTDwZcUgUHC1gDAkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=697&ck=1&ref=https://chaturbate.com/tours/3/&ap=26&be=475&fe=625&dc=577&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664344178988,%22n%22:0,%22r%22:0,%22re%22:213,%22f%22:213,%22dn%22:213,%22dne%22:213,%22c%22:213,%22s%22:213,%22ce%22:213,%22rq%22:216,%22rp%22:406,%22rpe%22:409,%22dl%22:462,%22di%22:572,%22ds%22:577,%22de%22:586,%22dc%22:624,%22l%22:624,%22le%22:625%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFMIVAoDVlRcAwYFBlZUDRh2Yi0TFUMhJTshCU0XAwdYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwBYVABUBwRfGAoJBwcUVVpaU04ECwddHABTClVSB1JXV1gBXBNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgVTDwZcUgUHC1gDAkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=697&ck=1&ref=https://chaturbate.com/tours/3/&ap=26&be=475&fe=625&dc=577&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664344178988,%22n%22:0,%22r%22:0,%22re%22:213,%22f%22:213,%22dn%22:213,%22dne%22:213,%22c%22:213,%22s%22:213,%22ce%22:213,%22rq%22:216,%22rp%22:406,%22rpe%22:409,%22dl%22:462,%22di%22:572,%22ds%22:577,%22de%22:586,%22dc%22:624,%22l%22:624,%22le%22:625%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFMIVAoDVlRcAwYFBlZUDRh2Yi0TFUMhJTshCU0XAwdYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwBYVABUBwRfGAoJBwcUVVpaU04ECwddHABTClVSB1JXV1gBXBNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgVTDwZcUgUHC1gDAkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:42 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751a32825b091c06-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=69f1ba83d7a6ee46; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
code.jquery.com/jquery-2.1.3.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-2.1.3.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32180)
Hash de4fdb8e2e5d9b9624bad7ed2b726525
053a31e8e83b261e3863c4f9e652caba910a2b89
f44c9556d0ecebc0716a7fce2899c0b40ed96394bebafb2937f4305bf3b118f3
GET /jquery-2.1.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:42 GMT
content-encoding: gzip
content-length: 29507
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-14960"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664344182.dop224.sk1.t,1664344182.cds069.sk1.hn,1664344182.cds215.sk1.c
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=985600
185.94.236.253200 OK 34 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=985600
IP 185.94.236.253:0
Hash 898dfc647ac1faf52deb99a897a09908
c91019f2cab8333646e1daa77e9718bc6a5eef21
a63fbb50f2186b5321f2f832ba3c2e03727cb2efd93870445b3a02abbbd23848
GET /adshow.php?adzone=985600 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 05:49:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=fa4099da578164d7ac8b861411667511; expires=Thu, 28-Sep-2023 05:49:41 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps131=1; expires=Thu, 29-Sep-2022 05:49:41 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjEyMDM0MjQ7aToxNjY0NjAzMzgxO30%3D; expires=Sat, 01-Oct-2022 05:49:41 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 01-Oct-2022 05:49:41 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
i.jads.co/network/user1037/1-1619547642-0988677001619547642.jpg
69.16.175.42200 OK 48 kB URL HTTP/2 i.jads.co/network/user1037/1-1619547642-0988677001619547642.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash bed76d5054fbb3773c6416a9f5eb4787
529be37c0f481376c7836bb96727bfac759c8ada
6fc7fd95807c1c214e8be5bcfb44d4581154e909d6900279b99f63f2638bb338
GET /network/user1037/1-1619547642-0988677001619547642.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=fa4099da578164d7ac8b861411667511; imps61=1; juicy_data_1=YToxOntpOjEyMDM0MjQ7aToxNjY0NjAzMzgxO30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; imps131=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:42 GMT
etag: "1619547643"
cache-control: max-age=18297819
content-length: 47572
content-type: image/jpeg
last-modified: Tue, 27 Apr 2021 18:20:43 GMT
accept-ranges: bytes
x-hw: 1664344182.dop220.sk1.t,1664344182.cds264.sk1.hn,1664344182.cds225.sk1.c
X-Firefox-Spdy: h2
m.sancdn.net/common/fontawesome-430/font-awesome.min.css
69.16.175.42200 OK 24 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/font-awesome.min.css
IP 69.16.175.42:0
File type ASCII text, with very long lines (23523)
Hash 3738ef90dad175977dc8a695809bb71a
98aa676ba7987caa86d49ab1b71f73896d08ad13
c86f7b62a894d5799f1aa0a535efb34ed6f914447f901f1da50c837dee13fa72
GET /common/fontawesome-430/font-awesome.min.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:42 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 23685
Content-Type: text/css
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1664344182.dop224.sk1.t,1664344182.cds015.sk1.shn,1664344182.cds015.sk1.c
m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
69.16.175.42200 OK 20 kB URL HTTP/1.1 m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
IP 69.16.175.42:0
File type HTML document, ASCII text, with very long lines (14756)
Hash 70d492eca4141bdd1452977dd893dd63
9cd9504b3afdeca86a03251591e1afab36ae2c57
ce0f70d9e807bb959717d8350c21a107f5b6b7221a774b6d1ed057219468a260
GET /jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:42 GMT
Connection: Keep-Alive
ETag: "1367368554"
Cache-Control: max-age=86400
Content-Length: 19484
Content-Type: application/javascript
Last-Modified: Wed, 01 May 2013 00:35:54 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1664344182.dop225.sk1.t,1664344182.cds261.sk1.shn,1664344182.dop225.sk1.t,1664344182.cds026.sk1.c
m.sancdn.net/common/videojs/videojs.min-original-v2.css
69.16.175.42200 OK 12 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs.min-original-v2.css
IP 69.16.175.42:0
File type ASCII text, with very long lines (11336)
Hash 4b6813504d31e3b11655aafacf165db4
96517f0033bd59f277cd2eefa7d088ae6ff82dad
063b4a568733054fea7f238a10b384170ce29c136d3194feed44d8c8b451f55d
GET /common/videojs/videojs.min-original-v2.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:42 GMT
Connection: Keep-Alive
ETag: "1385146323"
Cache-Control: max-age=47007
Content-Length: 11451
Content-Type: text/css
Last-Modified: Fri, 22 Nov 2013 18:52:03 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1664344182.dop015.sk1.t,1664344182.cds214.sk1.shn,1664344182.cds214.sk1.c
camschat.net/900250/awe900250.php
66.230.180.98200 OK 310 kB URL HTTP/2 camschat.net/900250/awe900250.php
IP 66.230.180.98:0
Size 310 kB (309950 bytes)
Hash 2596b63533401239e5281f60402a7831
0a62143febf835f518bc5ef72825b0d50af6c308
e89537056726797efc21c23b3463757b58808c29428c9a17993f3c97899916e4
GET /900250/awe900250.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static1.ptlwmstc.com/npe/image/smilies_ex.png
93.93.51.200200 OK 8.5 kB URL HTTP/2 pt-static1.ptlwmstc.com/npe/image/smilies_ex.png
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type PNG image data, 536 x 138, 8-bit colormap, non-interlaced\012- data
Hash 53fc00ebf44066190d5faea2a7931e7c
21178ac1ffb10f958d26d17a0fe49d5d31a00720
63526a6642f64fadb44cd33d634bb626f8e96af3f850215cfdd78a9c609fc85c
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:42 GMT
content-type: image/png
content-length: 8533
last-modified: Wed, 03 Aug 2022 06:46:21 GMT
etag: "62ea19bd-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1025&ck=1&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1025&ck=1&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1025&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1900
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:42 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 751a32841c481c06-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.241200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.241:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
Cookie: iid=5428-1664344182
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Wed, 28 Sep 2022 05:49:42 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1664344182; expires=Sat, 25-Sep-2032 05:49:42 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.241200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.241:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
Cookie: iid=9654-1664344182
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Wed, 28 Sep 2022 05:49:42 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1664344182; expires=Sat, 25-Sep-2032 05:49:42 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1b/bb44575ef9fdb1591a546226117ba649_glamour_896x504.jpg
93.93.51.190200 OK 57 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1b/bb44575ef9fdb1591a546226117ba649_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 726b230e15ca0c998a863bb7adffba03
05fcdfc20ba8860fa91b0f22ccdc378dca5ce206
75df75dadad73990224607d70cea96b59cdc3915b741b8af26fa9cdab62dce94
GET /ff268cab8d9fbae1ed7506f97496274f1b/bb44575ef9fdb1591a546226117ba649_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:42 GMT
content-type: image/jpeg
content-length: 56799
last-modified: Fri, 16 Sep 2022 03:44:59 GMT
etag: "726b230e15ca0c998a863bb7adffba03"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:49:42 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
pt.wmptctl.com/Kg9oB/Bbs.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 43 B URL HTTP/2 pt.wmptctl.com/Kg9oB/Bbs.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /Kg9oB/Bbs.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:42 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Fri, 28-Oct-22 05:49:42 GMT; SameSite=None; Secure
expires: Wed, 28 Sep 2022 05:49:41 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
69.16.175.42200 OK 57 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
IP 69.16.175.42:0
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://as.sexad.net
Connection: keep-alive
Referer: https://m.sancdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:42 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 56780
Content-Type: application/octet-stream
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1664344182.dop222.sk1.t,1664344182.cds209.sk1.shn,1664344182.cds209.sk1.c
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f18/80debbb78985951a333ed254eacf95cb_glamour_896x504.jpg
93.93.51.190200 OK 87 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f18/80debbb78985951a333ed254eacf95cb_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 7d75e97dda81d559c831ff7f9250a4a5
ab256437030a4a25fdaf18d49e5642260990bc92
2075d530a58beba9d357eeb3a9034675750bca2e8f0d87f4e7fcc36f0258f9e0
GET /ff268cab8d9fbae1ed7506f97496274f18/80debbb78985951a333ed254eacf95cb_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:42 GMT
content-type: image/jpeg
content-length: 87279
last-modified: Wed, 28 Oct 2020 14:14:49 GMT
etag: "7d75e97dda81d559c831ff7f9250a4a5"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:49:42 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1b/be1d525b0f1aeb0ebf071939127aaedb_glamour_896x504.jpg
93.93.51.190200 OK 34 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1b/be1d525b0f1aeb0ebf071939127aaedb_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 9218561203d11f4fe46cb7e82b16326b
de35ae0ceea624884c1d0d7eaab1bdaf0b60bcff
b4426bcc7ad442a784b8a38c32966fbbb2b9fa86f0c57502419f433bb5d522f6
GET /ff268cab8d9fbae1ed7506f97496274f1b/be1d525b0f1aeb0ebf071939127aaedb_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:42 GMT
content-type: image/jpeg
content-length: 33743
last-modified: Mon, 22 Nov 2021 13:10:11 GMT
etag: "9218561203d11f4fe46cb7e82b16326b"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:49:42 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
secure.vs3.com/xml/live-video-ads.php?mp_code=dc16m&utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&cats=&response_type=json&t=1664344180141
204.8.234.211301 Moved Permanently 20 B URL HTTP/2 secure.vs3.com/xml/live-video-ads.php?mp_code=dc16m&utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&cats=&response_type=json&t=1664344180141
IP 204.8.234.211:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /xml/live-video-ads.php?mp_code=dc16m&utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&cats=&response_type=json&t=1664344180141 HTTP/1.1
Host: secure.vs3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure.vs3.com/_special/banners/LiveWebCams.php?cta=gtr&style=450x250-categories-0001&mp_code=dc16m&service=girls&language=en&use_promo=0&model_id=&bgcolor=FFFFFF&txtcolor=000000&linkcolor=000000&num_models=50&sitekey=whitelabel&whitelabel_domain=chatwithwebcams.com&target=_blank&btncolor=000099&btntxtcolor=FFFFFF&accentcolor=FFFF66
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 28 Sep 2022 05:49:42 GMT
set-cookie: PHPSESSID=i2tuh5e63qq3dme6n8as9kk4m2; path=/ ;SameSite=None; secure; HttpOnly
service=girls; expires=Thu, 28-Sep-2023 05:49:42 GMT; path=/; domain=.vs3.com; secure
mp_code=dc16m; expires=Fri, 28-Oct-2022 05:49:42 GMT; path=/; domain=.vs3.com
language=en; expires=Wed, 05-Oct-2022 05:49:42 GMT; path=/; domain=.vs3.com; secure
source_code=default; expires=Wed, 05-Oct-2022 05:49:42 GMT; path=/; domain=.vs3.com; secure
layout04=1; expires=Wed, 05-Oct-2022 05:49:42 GMT; path=/; SameSite=Strict; domain=.vs3.com
started=1664344182; expires=Thu, 29-Sep-2022 05:49:42 GMT; path=/; SameSite=Strict; domain=.vs3.com
pb_cc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; SameSite=Strict; domain=.vs3.com
location: /xml/live-video-ads.php?utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&response_type=json&t=1664344180141
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 20
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f14/448cedaca766c4b06915731ae29fe30d_glamour_896x504.jpg
93.93.51.190200 OK 46 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f14/448cedaca766c4b06915731ae29fe30d_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash b8e87e43156cf5c18bc0763e9458644a
92fd4711cee04b464e97348ebd4f8dd68ae58d6e
e1a509107ef04bac3bfa69cac2a57d7398e2cd6c115ca11e3dc3d116715c6ade
GET /ff268cab8d9fbae1ed7506f97496274f14/448cedaca766c4b06915731ae29fe30d_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:42 GMT
content-type: image/jpeg
content-length: 46182
last-modified: Mon, 26 Sep 2022 07:30:22 GMT
etag: "b8e87e43156cf5c18bc0763e9458644a"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:49:42 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f17/79b656ff7eddfe2419eab639684e9576_glamour_896x504.jpg
93.93.51.190200 OK 112 kB URL HTTP/2 galleryn11.awemdia.com/ff268cab8d9fbae1ed7506f97496274f17/79b656ff7eddfe2419eab639684e9576_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Size 112 kB (111611 bytes)
Hash 1acf3eaead332363162e82f4c7facb18
88a3013b2f69ce698abe83dc9a9f1ae88a273783
ad40e960bd5f081bb7b9e908e5b28b07181bbf807425c41c85c349187f6dd881
GET /ff268cab8d9fbae1ed7506f97496274f17/79b656ff7eddfe2419eab639684e9576_glamour_896x504.jpg HTTP/1.1
Host: galleryn11.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:42 GMT
content-type: image/jpeg
content-length: 111611
last-modified: Wed, 17 Aug 2022 09:39:49 GMT
etag: "1acf3eaead332363162e82f4c7facb18"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:49:42 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
m1.nsimg.net//media/1/2/6/12639049.jpg
207.178.0.93200 OK 21 kB URL HTTP/1.1 m1.nsimg.net//media/1/2/6/12639049.jpg
IP 207.178.0.93:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 320x240, components 3\012- data
Hash c4454ee8edb2f0c44d4efdbc5d9b2023
64ff4e251c68b6b589b15db6a479fb066802ab27
b2b1d02a30cac569e352eafea54d189b1530413b9cefb6c540c44bd99ee56567
GET //media/1/2/6/12639049.jpg HTTP/1.1
Host: m1.nsimg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 05:49:43 GMT
Content-Type: image/jpeg
Content-Length: 20550
Connection: keep-alive
Last-Modified: Fri, 06 May 2022 09:14:31 GMT
ETag: "6274e6f7-5046"
Expires: Mon, 03 Jul 2023 00:50:42 GMT
Cache-Control: max-age=31536000
X-Varnish: 281805164 7166341
Age: 7517505
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0430085417cf41ae8c6abab3f215a785
56ee36f9675690d36820831e26f5b471a1a6c0f7
96fdd156523808fe10d786642c0ae040e50985816e8626fac6c77930466faffe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96FDD156523808FE10D786642C0AE040E50985816E8626FAC6C77930466FAFFE"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6629
Expires: Wed, 28 Sep 2022 07:40:12 GMT
Date: Wed, 28 Sep 2022 05:49:43 GMT
Connection: keep-alive
pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
93.93.51.191200 OK 7.1 kB URL HTTP/2 pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash af14ee1b0ca9202b785530d8607a3516
96d9f14f2c3949d0bd50fd6775762d34ec7d30bd
bb29678ba5bf64fac9fca46e143acb312da6c47334a86e4f55156515e028c951
GET /live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3 HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Wed, 28 Sep 2022 05:49:43 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Fri, 28-Oct-22 05:49:43 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
secure.vs3.com/xml/live-video-ads.php?utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&response_type=json&t=1664344180141
204.8.234.211200 OK 3.6 kB URL HTTP/2 secure.vs3.com/xml/live-video-ads.php?utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&response_type=json&t=1664344180141
IP 204.8.234.211:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash ccac3967b4496335870ccfe48197d5cc
25c10601f77dc07575d19818cf8adbe9e1e6e60f
45a7e30c206c34515cfa120f31f5ac4b15d4c9b496249e5ce7d1330749009ef3
GET /xml/live-video-ads.php?utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&response_type=json&t=1664344180141 HTTP/1.1
Host: secure.vs3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure.vs3.com/_special/banners/LiveWebCams.php?cta=gtr&style=450x250-categories-0001&mp_code=dc16m&service=girls&language=en&use_promo=0&model_id=&bgcolor=FFFFFF&txtcolor=000000&linkcolor=000000&num_models=50&sitekey=whitelabel&whitelabel_domain=chatwithwebcams.com&target=_blank&btncolor=000099&btntxtcolor=FFFFFF&accentcolor=FFFF66
Connection: keep-alive
Cookie: PHPSESSID=i2tuh5e63qq3dme6n8as9kk4m2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:43 GMT
set-cookie: service=girls; expires=Thu, 28-Sep-2023 05:49:43 GMT; path=/; domain=.vs3.com; secure
mp_code=0000; expires=Fri, 28-Oct-2022 05:49:43 GMT; path=/; domain=.vs3.com
language=en; expires=Wed, 05-Oct-2022 05:49:43 GMT; path=/; domain=.vs3.com; secure
source_code=default; expires=Wed, 05-Oct-2022 05:49:43 GMT; path=/; domain=.vs3.com; secure
layout04=1; expires=Wed, 05-Oct-2022 05:49:43 GMT; path=/; SameSite=Strict; domain=.vs3.com
started=1664344182; expires=Thu, 29-Sep-2022 05:49:43 GMT; path=/; SameSite=Strict; domain=.vs3.com
pb_cc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; SameSite=Strict; domain=.vs3.com
BILLING_TEST_SUB_GROUP_4=NEW; expires=Thu, 29-Sep-2022 05:49:43 GMT; path=/; domain=.vs3.com; secure
BILLING_TEST_GROUP_4=GROUP_B%3A%3Av8; expires=Wed, 05-Oct-2022 05:49:43 GMT; path=/; domain=.vs3.com; secure
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 3592
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
galleryn0.awemdia.com/ff268cab8d9fbae1ed7506f97496274f17/7b1809eb1322a55b9f55600d47f27335_glamour_896x504.jpg
93.93.51.190200 OK 88 kB URL HTTP/2 galleryn0.awemdia.com/ff268cab8d9fbae1ed7506f97496274f17/7b1809eb1322a55b9f55600d47f27335_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 84e1de405466afdbfe95a9d04d12b2f1
9707ec7372dcdddb252c8cc5aab2e04da1a8e4c6
4f6ac9dc1e27197dff03200f7bb8f9fd4aae0fbfd4d922059e31c85d66139bbb
GET /ff268cab8d9fbae1ed7506f97496274f17/7b1809eb1322a55b9f55600d47f27335_glamour_896x504.jpg HTTP/1.1
Host: galleryn0.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:43 GMT
content-type: image/jpeg
content-length: 87762
last-modified: Fri, 13 May 2022 07:30:05 GMT
etag: "84e1de405466afdbfe95a9d04d12b2f1"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:49:43 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 0eff56985c3b3625a9f2fee1ebd251e9
3e259c0ccf3283bbb8553d924e15dc015c7000be
c365c3857216c3753ef6dd139c54b4a61d45b3232e18173bad66486e659a7f22
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:49:43 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 07:51:02 GMT
Expires: Tue, 04 Oct 2022 07:51:01 GMT
Etag: "3e259c0ccf3283bbb8553d924e15dc015c7000be"
Cache-Control: max-age=525077,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a328d9e5eb503-OSL
dss-relay-109-71-166-27.dditscdn.com/?psid=&pstool=
109.71.166.35101 Switching Protocols 0 B URL HTTP/1.1 dss-relay-109-71-166-27.dditscdn.com/?psid=&pstool=
IP 109.71.166.35:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?psid=&pstool= HTTP/1.1
Host: dss-relay-109-71-166-27.dditscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://pt.wmptctl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Dls/J9isctWsnMZtd2EGvg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: unknown
Date: Wed, 28 Sep 2022 05:49:44 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FXZbpmqyvAtrN0Qzj9r1dBhYISQ=
thachuchopy.com/cfH.VgzhaiG_lktlZmzn9-hpZqErlsk_PuTvQwzxM-TzIA4BNCC_ZEjFdGDH0-mJZKnLBM2_POTPAQmRZ-nTJU2VPWT_AYmZaaWb1-ndPeWfhg0_diHjBkzlJ-TnNoBpJqT_JsGtJuTvJ-GxMyTzAA5_NCDDUEtFM-iH5IzJLKm_NMkNbOjPE-1RLSmTNUv_bWSXUYyZR-mbNcydZeW_Fg0haiXjZ-llcmynUoy_RqjrEs1tM-jvMwyxNyy_UAyBRCjDI-wFMGzHMI4_OKCLUMyNR-jPQQzRMST_IU4VNWFX8-xZMajbJcm_Meyf5gwhb-mjckmlcmG_Fo5pPqTrA-mtcuGvFw5_by3zVA0BU-GDVEyFQG2_xIpJYK2Ls-9NMOCPZQy_ZSXTYU9VM-CXZYzZcaz_0c1dJenfN-0hPiTjEkm_emmn9oupZ-UrlsktPuT_Qw0xNyjzQ-5BNCjDIE
88.85.94.245302 Found 0 B URL HTTP/2 thachuchopy.com/cfH.VgzhaiG_lktlZmzn9-hpZqErlsk_PuTvQwzxM-TzIA4BNCC_ZEjFdGDH0-mJZKnLBM2_POTPAQmRZ-nTJU2VPWT_AYmZaaWb1-ndPeWfhg0_diHjBkzlJ-TnNoBpJqT_JsGtJuTvJ-GxMyTzAA5_NCDDUEtFM-iH5IzJLKm_NMkNbOjPE-1RLSmTNUv_bWSXUYyZR-mbNcydZeW_Fg0haiXjZ-llcmynUoy_RqjrEs1tM-jvMwyxNyy_UAyBRCjDI-wFMGzHMI4_OKCLUMyNR-jPQQzRMST_IU4VNWFX8-xZMajbJcm_Meyf5gwhb-mjckmlcmG_Fo5pPqTrA-mtcuGvFw5_by3zVA0BU-GDVEyFQG2_xIpJYK2Ls-9NMOCPZQy_ZSXTYU9VM-CXZYzZcaz_0c1dJenfN-0hPiTjEkm_emmn9oupZ-UrlsktPuT_Qw0xNyjzQ-5BNCjDIE
IP 88.85.94.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cfH.VgzhaiG_lktlZmzn9-hpZqErlsk_PuTvQwzxM-TzIA4BNCC_ZEjFdGDH0-mJZKnLBM2_POTPAQmRZ-nTJU2VPWT_AYmZaaWb1-ndPeWfhg0_diHjBkzlJ-TnNoBpJqT_JsGtJuTvJ-GxMyTzAA5_NCDDUEtFM-iH5IzJLKm_NMkNbOjPE-1RLSmTNUv_bWSXUYyZR-mbNcydZeW_Fg0haiXjZ-llcmynUoy_RqjrEs1tM-jvMwyxNyy_UAyBRCjDI-wFMGzHMI4_OKCLUMyNR-jPQQzRMST_IU4VNWFX8-xZMajbJcm_Meyf5gwhb-mjckmlcmG_Fo5pPqTrA-mtcuGvFw5_by3zVA0BU-GDVEyFQG2_xIpJYK2Ls-9NMOCPZQy_ZSXTYU9VM-CXZYzZcaz_0c1dJenfN-0hPiTjEkm_emmn9oupZ-UrlsktPuT_Qw0xNyjzQ-5BNCjDIE HTTP/1.1
Host: thachuchopy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 28 Sep 2022 05:49:44 GMT
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
location: https://10945-2.s.cdn15.com/creatives/152327/203388/431284_122f3.png
x-content-type-options: nosniff
X-Firefox-Spdy: h2
api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&streamType=rtmp&category=girl&performerIds[]=BriannaStars
93.93.51.225200 OK 668 kB URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&streamType=rtmp&category=girl&performerIds[]=BriannaStars
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 668 kB (668014 bytes)
Hash 6441c74ec448ccfb7a1f6dae5a2cb684
99b7729b0986a90f1ac5413c01f60a6e06326aaa
ecaca9044a1a249b0255a7957b6b76d3be76bed4cbd70ebaff3bb3cb7b80c76b
GET /v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&streamType=rtmp&category=girl&performerIds[]=BriannaStars HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pt.wmptctl.com/
Origin: https://pt.wmptctl.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:43 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:39 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=NlCicU1sjKhSrtLL2I8P; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true
172.64.138.21200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true
IP 172.64.138.21:0
GET /loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BUgoKdRm%2FCkoZ3wMBme16%2FPu%2FXZ5sLSDuf0OZZ8hjKGxgVDpCwbcsVZPO%2F28g4E61p97olL00vH%2BOKFQlcRaqqJTswVnNaMHxHDY8QvTWwRFfRxEQyjddoKi3n1xyfNJneuk7jPG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a327a5b4d889d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/signup.js
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/signup.js
IP 104.26.1.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/signup.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIzYzllM2E3NDllZjk2IiwiaWF0IjoxNjY0MzQ0MTc3LCJleHAiOjE2NjQ5NDg5Nzd9.oKuwPeAUyHFRh_ghkBpsVLft5NhhrehUtqKrhPsywmg; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiZWZjM2RhYWZjOWE1MiIsImlhdCI6MTY2NDM0NDE3NywiZXhwIjoxNjY2OTM2MTc3fQ.wXwQ9TR1iS5JGUBoZt6M9kuO6t8gvZBjbidE1UgEivU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"bac-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 847904
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L4uYtoWrnqaoo83ZI9qe%2BA7%2Bd9r4XvYYFefO93Uwjpe%2FLX79mwvzbb0KpO2oI0KV6ooudar5QvvRfRu4VE5hcRrnekdzcbxo0ps3vfNB0Jl2Fqi6xZDjBNsDQXNyKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3268595db512-OSL
content-encoding: br
X-Firefox-Spdy: h2
awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
93.93.51.191200 OK 0 B URL HTTP/2 awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID} HTTP/1.1
Host: awecre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
cache-control: no-cache
date: Wed, 28 Sep 2022 05:49:41 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Fri, 28-Oct-22 05:49:41 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2
pt-static3.ptlwmstc.com/npe/ba/elf/script/elf-v268837.js
93.93.51.200200 OK 0 B URL HTTP/2 pt-static3.ptlwmstc.com/npe/ba/elf/script/elf-v268837.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/ba/elf/script/elf-v268837.js HTTP/1.1
Host: pt-static3.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:43 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 10:46:12 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6332d474-8a384"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
chaturbate.com/in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f
104.18.101.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f
IP 104.18.101.40:0
GET /in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Mon, 03-Oct-2022 05:49:41 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJwdjFsKgCAQAK8S+135gD7qswsE3WAzRREjdAMjuntsnzMD8wDB1EBV6w5tAyadjIRLmZkpR2bcj3ClbpSy6kFyyKw90VkmIQymYjxSf1gSXNE57ubebE4hWnb/WCt4PzeUIDE="; Domain=.chaturbate.com; expires=Fri, 28-Oct-2022 05:49:41 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Wed, 28-Sep-2022 11:49:41 GMT; Max-Age=21600; Path=/
stcki="pOtSwZ=0\054FqPd9a=1\0546pduSG=0\054aDBbcK=0"; expires=Fri, 28-Oct-2022 05:49:41 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr22e48e69-d040-4ee0-9f03-f9441c365597:1odPwz:rkFfdv9B1wx56T416dFt6vdUwq4; Domain=.chaturbate.com; expires=Mon, 23-Jun-2025 05:49:41 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=ntKvY0EzwExwGOQKZCxQGGNiSk.NXEkQCOOOYsxARPA-1664344181-0-AXUAO4pilBjqUdUCYaHi1sx16AezGK2KD2ehEZ+Z8MOeTd5yy94h4yprsMg9Y9PZ43I4uZ7FEXPxMU7LRm/C92I=; path=/; expires=Wed, 28-Sep-22 06:19:41 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 751a327dca8db524-OSL
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/242.e6062ff562716b6e41db.js
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/242.e6062ff562716b6e41db.js
IP 104.26.1.188:0
GET /_next/static/chunks/242.e6062ff562716b6e41db.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"26cdb-181a9f40d06"
last-modified: Tue, 28 Jun 2022 10:55:52 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 7930307
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hNl9jP3boduwrAxEheNTz68rIzW6Not5Go%2BupRFr6sIUhVv9uDOZ0%2FjSJKxH5xGntI1qgUm5GYZONRzNqloJ5Rc4di1DDsLMao2jHYbGw2%2Bqw9ItbMaijuvrpvD%2BEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a32660f20b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/index.js
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/index.js
IP 104.26.1.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/index.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIzYzllM2E3NDllZjk2IiwiaWF0IjoxNjY0MzQ0MTc3LCJleHAiOjE2NjQ5NDg5Nzd9.oKuwPeAUyHFRh_ghkBpsVLft5NhhrehUtqKrhPsywmg; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiZWZjM2RhYWZjOWE1MiIsImlhdCI6MTY2NDM0NDE3NywiZXhwIjoxNjY2OTM2MTc3fQ.wXwQ9TR1iS5JGUBoZt6M9kuO6t8gvZBjbidE1UgEivU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2b7-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 847904
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tuQ07pu5IUgkAb2QNAYO%2BpHzFA5G08C%2BIShzHgm3OGOyBmi1%2FfryABdjy4ITvgbjySmoprEAXUySwc5H4DMp8zth8Q6ZkLZBvchbGaEk6sJTLeY5hKt2LNdMq4%2Bw%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a32685957b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true
172.64.138.21200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true
IP 172.64.138.21:0
GET /loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=62%2FVJLi9%2Fss7UrxBPeQj8R0MWDtS9i8P3VJliGtI7tN5ytH28slHxaqrcfLzdPPiikqk%2BCUssnxoP90qFggx7v0epmPOEXlNiDDMEQ0ub9axrfGC3NvfCKY1a12FFktjINua3wXv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a327a4b20889d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:39 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=97C9cSsamVyV0OS3Inlz; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
IP 104.26.1.188:0
GET /video/5f6580f261e5e63e2c1c7cbc HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=022fxs9snr9oilk9arxtfm; Domain=xfantazy.com; Path=/; Expires=Tue, 28 Sep 2032 05:49:36 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Wed, 05 Oct 2022 05:49:36 GMT
experiment-save-to-button-2=0; Path=/; Expires=Wed, 05 Oct 2022 05:49:36 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nga7TpYP6uR7%2FwLukyt4Ok1VtdiPr5oD0qe2PUjV3YHjsQ6gTOGVhXDz6rP6cdzqf5CZSWapChaJPq%2BYHaOEuC6%2B6hjaB3l2%2FvSrha0VvvjxRzy3pj0xdZBpu7r0%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a325f682db512-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4788752?r=25130
172.64.105.34200 OK 0 B URL HTTP/2 a.bestcontentfood.top/warp/4788752?r=25130
IP 172.64.105.34:0
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788752?r=25130 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJL4f2Fr7RYFrtWEgZYBmwRyftdTjVRnJYdrQ2z67Vgady%2FocYOmiIlKHevFIGENUxfGTJVZmqBnJR3XMIJykAT6%2BUCGUWiUY4goW5V60oQvElpnXXerXQtB7iioVbVyW70O1yo1Pas%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3278ac4775e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 104.26.1.188:0
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"61c-179fb7179e1"
last-modified: Fri, 11 Jun 2021 14:19:48 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30801244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rDwfYA32KcxvywGK1pMwzSEwYKrXkR%2FuMfX7E8x5Nv9WyyR2mNjInjf96xplbjo2EFNXaGGXx8NAvmpsT6fRqKNclCqSHk2M8YeuQHq6iaQrBEWtnvlwSlN47MGNZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261dadab512-OSL
content-encoding: br
X-Firefox-Spdy: h2
nnteens.com/adnium900x250soda.php?id=4776911
66.230.180.98200 OK 0 B URL HTTP/2 nnteens.com/adnium900x250soda.php?id=4776911
IP 66.230.180.98:0
GET /adnium900x250soda.php?id=4776911 HTTP/1.1
Host: nnteens.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/_app.js
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/_app.js
IP 104.26.1.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 847909
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AzpjvWpYZOA5YS0E8XKdwLDgmUPcdOD2UR%2Bh4wzD1bFrrMVDip20hrmzAAo8zjZtGnEb%2Fq61pJjydFSiR1vbMepZhv%2F5KpyI1DpCBSrUAwYc1Jt4oFFkIV45yCBonA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261caceb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
camschat.net/900250/game.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/game.php
IP 66.230.180.98:0
GET /900250/game.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 104.26.1.188:0
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-181397f9e59"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9785337
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ekgQFDYDCNg44TxS5m9Ig6L8pQr8EruRJA3cStBeiiKvO%2FSWqVHktsuycSMcALkdluSVohmpRRAlOTD4IoorqupemjuJ5aKQvNT8L0k6zlDxWyvQeUCgI0lOCaUwxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261dad9b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 104.26.1.188:0
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-181397f9e55"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9784569
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pyW2ed%2BHXeuIzkXdJoIRy%2FG%2BFi7FHwPx4HQvJwBHw%2B7iW6OzUMOeVZfLDtqlMHwmSbJWicPtqOgPMzEmzCix7CHjPR9fX3UVof42MUUTWPNhDxtLNbaE%2Bgn2OPmH8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261dad3b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 104.26.1.188:0
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-181397f9e55"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9784935
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXWzOyAJI12CsfN7ruTAbm2EEiyHFfmo4pRFGZN%2Bb2dIQ2Ydvi9qNW3IqDbP%2FQouEBym%2FL%2FjWoun3jAeVCb4bZzSI7ef32IjhSwuRgh%2FKxGFfaKc1IdWMn2ZMvOVZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261dad5b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 104.26.1.188:0
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"4f4a-179fb7093d6"
last-modified: Fri, 11 Jun 2021 14:18:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30801244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=exBpzMtsEYOntCJaICnoraXJthAiQmM%2BQT56%2Bh%2FUCv13klwOAojJJOimQZa371Z5af7FNHQKPCbBO6WPGUa1aStQH9VIQ1IvLNvFT0Fc%2FUmp1LlJayud%2BL3UdbMlYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261dad7b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/css/styles.f80584c6.chunk.css
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/css/styles.f80584c6.chunk.css
IP 104.26.1.188:0
GET /_next/static/css/styles.f80584c6.chunk.css HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:37 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400
cf-bgj: minify
cf-polished: origSize=195904
etag: W/"2fd40-18350160aa8"
last-modified: Sun, 18 Sep 2022 10:12:45 GMT
vary: Origin, Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tg1yf8IwfsBTHQPsOxC%2BGfGQIurwdGs1jb5lKBhe%2Bu3XI1wBvXX6%2FricOwIpDTy91AkRhfks%2B87unk0CEYxsXeE1as5olzZwWndZr8UcSpa3nTVlMxPC57hXRoFEDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3265ff1ab512-OSL
content-encoding: br
X-Firefox-Spdy: h2
camschat.net/900250/adnium.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/adnium.php
IP 66.230.180.98:0
GET /900250/adnium.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
thachuchopy.com/aMW/5.wRY/Wyd/l/Qi2L9MkXZETu9j6KbD2y5VlESBWZQQ9IN_DyQL2pNNDvk/2WMDid0Z0HNvDcYk0ZO_T_YwzA
88.85.94.245200 OK 0 B URL HTTP/2 thachuchopy.com/aMW/5.wRY/Wyd/l/Qi2L9MkXZETu9j6KbD2y5VlESBWZQQ9IN_DyQL2pNNDvk/2WMDid0Z0HNvDcYk0ZO_T_YwzA
IP 88.85.94.245:0
GET /aMW/5.wRY/Wyd/l/Qi2L9MkXZETu9j6KbD2y5VlESBWZQQ9IN_DyQL2pNNDvk/2WMDid0Z0HNvDcYk0ZO_T_YwzA HTTP/1.1
Host: thachuchopy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
104.26.1.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 104.26.1.188:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5f6580f261e5e63e2c1c7cbc
Cookie: visitorId=022fxs9snr9oilk9arxtfm; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:36 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"c8b-179fb71df0d"
last-modified: Fri, 11 Jun 2021 14:20:14 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30801244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqKFNCTv2MGH3FaI2JcfySFVcvksMmv6YszD%2FGpbYwUKPAyTFM3aHASc0cvHABbBv%2FuOPLqlkkanLVXBYleYOGUSrevO6I0UgMvXCsCkOK5SeiA3VEDmRQ93z1nP2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3261dad8b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 0 B IP 142.250.74.3:0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:49:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a.focusde.info/api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:39 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=WwtTGowucpdNUXt9gXeU; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.focusde.info/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=vVCrGK2JguCi8vqXIiuf
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:49:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
promos.camsoda.com/embed/?id=cybermike2&cmp=adnium900x250-4776911&page=new
64.210.135.116200 OK 0 B URL HTTP/2 promos.camsoda.com/embed/?id=cybermike2&cmp=adnium900x250-4776911&page=new
IP 64.210.135.116:0
GET /embed/?id=cybermike2&cmp=adnium900x250-4776911&page=new HTTP/1.1
Host: promos.camsoda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nnteens.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:49:41 GMT
content-type: text/html
x-powered-by: PHP/5.4.45-0reflected3+deb8u1
cache-control: public, max-age=20
expires: Wed, 28 Sep 2022 05:50:00 GMT
vary: Accept-Encoding
x-cdn-diag: ams5-7846-3-7937-h-0-0---;6140-24-47157----0-0-0
X-Firefox-Spdy: h2