r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4116
Expires: Sat, 04 Feb 2023 09:46:47 GMT
Date: Sat, 04 Feb 2023 08:38:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e051e6e01b12b9ad6e0014603f93431a
ada9efe77054d8593f2687fb3a7eada8908ef7e8
c41be8ffe176ca674efb0588164fdfd237754c6b5b461f8f46387b96ae7d6090
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41BE8FFE176CA674EFB0588164FDFD237754C6B5B461F8F46387B96AE7D6090"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10482
Expires: Sat, 04 Feb 2023 11:32:53 GMT
Date: Sat, 04 Feb 2023 08:38:11 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 07:43:37 GMT
content-type: application/json
age: 3274
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19758
Expires: Sat, 04 Feb 2023 14:07:29 GMT
Date: Sat, 04 Feb 2023 08:38:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: vTC5sGxB4eeEqZCBJslrchvt8W7Y2cufH3/gpfCB3+tK+6BF7uF9rZmvAK9y+s7FOpIuUTAqbVo=
x-amz-request-id: C2J5T8J3JTDNX3FZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 08:23:55 GMT
age: 856
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 08:38:11 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.210200 OK 3.3 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.210:0
File type C source, ASCII text, with very long lines (7738)
Hash 8451e5dafd8a46d84dfb845e40aae4e3
678a14552fe93ad4a16459eb7ce62c03b46b33b8
ca130d9f8ce433253a9bd811632314ea5d20283d7e5c9117170523d21196268d
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 12:53:24 GMT
Content-Type: application/javascript
Content-Length: 3312
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 4304687
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 149a2367312653ee73b6581578a2f84d
3c98fcaa27940cfcfb9a8c27bc3ec80476898bbc
007b5bc87b6006e78e97ea446e1979574d5c17782be5e901706a0881e62d05a4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1369
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:11 GMT
Last-Modified: Sat, 04 Feb 2023 08:15:22 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 149a2367312653ee73b6581578a2f84d
3c98fcaa27940cfcfb9a8c27bc3ec80476898bbc
007b5bc87b6006e78e97ea446e1979574d5c17782be5e901706a0881e62d05a4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1369
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:11 GMT
Last-Modified: Sat, 04 Feb 2023 08:15:22 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 149a2367312653ee73b6581578a2f84d
3c98fcaa27940cfcfb9a8c27bc3ec80476898bbc
007b5bc87b6006e78e97ea446e1979574d5c17782be5e901706a0881e62d05a4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5716
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:11 GMT
Last-Modified: Sat, 04 Feb 2023 07:02:55 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 149a2367312653ee73b6581578a2f84d
3c98fcaa27940cfcfb9a8c27bc3ec80476898bbc
007b5bc87b6006e78e97ea446e1979574d5c17782be5e901706a0881e62d05a4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5804
Cache-Control: max-age=157657
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:11 GMT
Etag: "63ddc7a0-116"
Expires: Mon, 06 Feb 2023 04:25:48 GMT
Last-Modified: Sat, 04 Feb 2023 02:49:04 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.tubecorp.com/b/loader.js?v=3
45.133.44.24200 OK 831 B URL HTTP/1.1 cdn.tubecorp.com/b/loader.js?v=3
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (1745), with no line terminators
Hash 8143f2c692706afd858455911eb34152
0e9051df8fcf7a51281db01a28185679f5c32c81
03959f368154cb76dbd9d598d9a7efde0005a1f5fb62d5cd60d6e874bbb7abce
GET /b/loader.js?v=3 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:11 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Wed, 14 Oct 2020 08:55:58 GMT
ETag: W/"5f86bd1e-6d1"
Cache-Control: max-age=3600
X-Request-ID: c0e6e05964784853ea736c38cff5dcf6
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 09:38:11 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7d482750bf7fdfcaa38c0efd583ef4dc
a4f68a124e4be130bc838e70f23fd4c6d2f4ef2d
5e6f1cadf4bc425664bb26fa2b384cf13900461b689c77d0916b1d2edd41337c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
216.58.207.202200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
IP 216.58.207.202:0
File type ASCII text, with very long lines (32025)
Hash 83b3b5729cdff3976db52c51831e96b8
d23dc823e37f58e5366340be755730f3fa9a850d
675fa88b39008a09994460a93b310a7d4593735009a9b24b6f176c347ad12421
GET /ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29725
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 23:47:20 GMT
expires: Thu, 01 Feb 2024 23:47:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 204651
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 8a34b26d8f7122332fef6ed454bbe652
bda4d1872c1d6495415403edf9cd7549042d6ef6
13bfc8d86655b94964ca47dff85709bf4c211f54970237ded9f254dd5e1012dc
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:11 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 02:35:29 GMT
Expires: Sat, 11 Feb 2023 02:35:28 GMT
Etag: "bda4d1872c1d6495415403edf9cd7549042d6ef6"
Cache-Control: max-age=582436,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794216b37e46b511-OSL
www.googletagmanager.com/gtag/js?id=UA-98275526-8
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-98275526-8
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash 22be1c9fbace20fe7d79e83179914d4c
be4a995b5eb96bfedfcf42c98af053407974be66
75a6d3c8a10e0ff45723628df5d7d29be92e836e54c856ec53ff58ea6952c683
GET /gtag/js?id=UA-98275526-8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 Feb 2023 08:38:11 GMT
expires: Sat, 04 Feb 2023 08:38:11 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 Feb 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43858
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads.js
185.94.237.102301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:38:11 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b3300332d1d491c122f2a2a003b2526303b312a2e2b134b5454544b5053564b55545c4b5d52513b555454544a0e1403
137.74.197.13200 167 B URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b3300332d1d491c122f2a2a003b2526303b312a2e2b134b5454544b5053564b55545c4b5d52513b555454544a0e1403
IP 137.74.197.13:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914514a1c0c07000a4a070b094b054b3300332d1d491c122f2a2a003b2526303b312a2e2b134b5454544b5053564b55545c4b5d52513b555454544a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b5d373d0e34221301305302003e3608075611345d2b354b5454544b5052544b54515c4b5753533b555454544a0e1403
137.74.197.13200 45 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b5d373d0e34221301305302003e3608075611345d2b354b5454544b5052544b54515c4b5753533b555454544a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 291x982, components 3\012- data
Hash af345f3ea58c31d8e08d64500dc1fcb4
a8140dfc8ee598071e7e51e74aa6a5dd37d1c798
96e7cd247316ce59aa7526d2ef633d25aea2607a7c9b390192fb45315d9a7129
GET /viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b5d373d0e34221301305302003e3608075611345d2b354b5454544b5052544b54515c4b5753533b555454544a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Content-Length: 44766
Connection: keep-alive
Cache-Control: max-age=31418383
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b3c27062f0014321d511e0b202a565d140a5d250a10254b5454544b5053544b51535c4b535c533b555454544a0e1403
137.74.197.13200 167 B URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b3c27062f0014321d511e0b202a565d140a5d250a10254b5454544b5053544b51535c4b535c533b555454544a0e1403
IP 137.74.197.13:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b3c27062f0014321d511e0b202a565d140a5d250a10254b5454544b5053544b51535c4b535c533b555454544a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5655524b5c565651515c54514b5c565651515c54513b5454553b5d5306024a0e1403
137.74.197.13200 112 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5655524b5c565651515c54514b5c565651515c54513b5454553b5d5306024a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 683x1024, components 3\012- data
Size 112 kB (112072 bytes)
Hash 7337b93b028828816268ee501d4d6fda
b7f8d6b4c93ced2852f515f79f013409749271aa
36bd6945689e62ed95a20ae380256e74e13d1c92df1767c77587294dd9541a65
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5655524b5c565651515c54514b5c565651515c54513b5454553b5d5306024a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Content-Length: 112072
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 149a2367312653ee73b6581578a2f84d
3c98fcaa27940cfcfb9a8c27bc3ec80476898bbc
007b5bc87b6006e78e97ea446e1979574d5c17782be5e901706a0881e62d05a4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1369
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:11 GMT
Last-Modified: Sat, 04 Feb 2023 08:15:22 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 08:07:19 GMT
age: 1852
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
poweredby.jads.co/js/jads2.js
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.237.102:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:11 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Nov 2022 05:24:20 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"637b0b84-eae"
Content-Encoding: gzip
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0a110808
137.74.197.13200 167 B URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0a110808
IP 137.74.197.13:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0a110808 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7d482750bf7fdfcaa38c0efd583ef4dc
a4f68a124e4be130bc838e70f23fd4c6d2f4ef2d
5e6f1cadf4bc425664bb26fa2b384cf13900461b689c77d0916b1d2edd41337c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 4304688
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 4304688
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5053514b5c56545c525457524b5c56545c525457523b5454503b515c54024a0e1403
137.74.197.13200 97 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5053514b5c56545c525457524b5c56545c525457523b5454503b515c54024a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 853x1280, components 3\012- data
Hash 1c29149d8904e4d2d0a965f66b28aa08
a3ad2f4b838fc54ce50400a3df3a414adcad5a06
46ce82c787d1e4fd308bfbbeff0580820ae8b86edf86cf36b2a613d35e8be71f
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5053514b5c56545c525457524b5c56545c525457523b5454503b515c54024a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Content-Length: 97070
Connection: keep-alive
Cache-Control: max-age=31418383
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 4304688
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b51032e0d265454530329162810010e310a28250b33354b5454544b5053554b5d5c504b505c533b555454544a0e1403
137.74.197.13200 182 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b51032e0d265454530329162810010e310a28250b33354b5454544b5053554b5d5c504b505c533b555454544a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x897, components 3\012- data
Size 182 kB (181662 bytes)
Hash d6cac81af620ab0d00d2456089aaa4aa
22cee478de009114a2ace63e6855208bd3946c7e
73487db12939d64113eda8bf881ea970c407f390cf2e6816b8c11296f50acf95
GET /viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b51032e0d265454530329162810010e310a28250b33354b5454544b5053554b5d5c504b505c533b555454544a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Content-Length: 181662
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
kahoka.pornlesbans.hotnatalia.com/s3/ad_tube/b1133.jpg
137.74.197.13200 OK 21 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/s3/ad_tube/b1133.jpg
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash 69f3803d8ef2f77530ffb24f20cfd302
fb37f62178284a1282da22266a3f5eccdf391efa
87dc0828f1abb478e906e51fe4a2e7cda2cb52dc72119a2b63a3312e69df23e0
GET /s3/ad_tube/b1133.jpg HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Content-Type: image/jpeg
Content-Length: 21286
Connection: keep-alive
Last-Modified: Sun, 10 Jan 2021 15:26:54 GMT
ETag: "5ffb1cbe-5326"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 794216b4cf9e2c16-FRA
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
188.114.99.234200 OK 18 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
IP 188.114.99.234:0
File type Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Hash 448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
GET /bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:12 GMT
content-type: font/woff2
content-length: 18028
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "448c34a56d699c29117adc64c43affeb"
last-modified: Mon, 25 Jan 2021 22:04:28 GMT
cdn-cachedat: 01/17/2023 10:41:56
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1049
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: fc8f4f7a69ed2b7bbbf6c9c4be499626
cdn-cache: HIT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 794216b52c7eb4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
188.114.99.234200 OK 28 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
IP 188.114.99.234:0
File type ASCII text, with very long lines (32003)
Hash 3ef5bf594b5a9acc5d89cdda80964c53
bc38cd9893b569ffc91d06634678825623b3a7c6
22006122d4347300797af6aa9c12c35a735481a08509b35ec816dffec49452ea
GET /bootstrap/3.3.6/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:11 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"c5b5b2fa19bd66ff23211d9f844e0131"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 08/20/2022 02:30:10
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 1d403c66f471fc311f44fc8d38610b5e
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 794216b36a3eb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5455504b5154524b5756554b5553535d56505d53554b4c095901491d0505231505054d4c090c59112121160a260e352e0713353e570a084d0b160d030d0a05083b5553535d56505d53554a0e1403
137.74.197.13200 44 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5455504b5154524b5756554b5553535d56505d53554b4c095901491d0505231505054d4c090c59112121160a260e352e0713353e570a084d0b160d030d0a05083b5553535d56505d53554a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 575x383, components 3\012- data
Hash dc124fc0d284f907cadf0417b6f10dd9
023701c0e63504cb63feb2e29984bf1d8abf86a3
098f2e1b2e1127e6651abfb1be31a6fa6c734048e78472cfc1f518edbcaf3c92
GET /viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5455504b5154524b5756554b5553535d56505d53554b4c095901491d0505231505054d4c090c59112121160a260e352e0713353e570a084d0b160d030d0a05083b5553535d56505d53554a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Content-Length: 43767
Connection: keep-alive
Cache-Control: max-age=31418383
kahoka.pornlesbans.hotnatalia.com/xo1/xo-am1?&se_referrer=&default_keyword=XXX%20Porn%20Pictures%2C%20Free%20Sex%20Pics&&annalise&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb23243
137.74.197.13200 OK 181 B URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/xo1/xo-am1?&se_referrer=&default_keyword=XXX%20Porn%20Pictures%2C%20Free%20Sex%20Pics&&annalise&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb23243
IP 137.74.197.13:0
File type HTML document, ASCII text
Hash 09aeb4dbdc26f68ae2b114c8ad836ea4
3a330be854e9ce57588d106938b67e3bf102453c
f66ee1aeb125b7a3699f53e22e693d0db0e09a77f62d17d7bf62788e2c33f117
GET /xo1/xo-am1?&se_referrer=&default_keyword=XXX%20Porn%20Pictures%2C%20Free%20Sex%20Pics&&annalise&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb23243 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 181
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Set-Cookie: _subid=s8hnpa178poq;Expires=Tuesday, 07-Mar-2023 08:39:07 GMT;Max-Age=2678400;Path=/
61f26=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNjc1NDk5OTQ3fSxcImNhbXBhaWduc1wiOntcIjRcIjoxNjc1NDk5OTQ3fSxcInRpbWVcIjoxNjc1NDk5OTQ3fSJ9.jNEm3NpvqWXZbw8Uv_ozsJbhg97OBVuf4p9gBvoLCdU;Expires=Tuesday, 10-Mar-2076 17:18:14 GMT;Max-Age=1675586347;Path=/
_token=uuid_s8hnpa178poq_s8hnpa178poq63de19ab5c2eb9.72811934;Expires=Tuesday, 07-Mar-2023 08:39:07 GMT;Max-Age=2678400;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b50505c4b51565551555557504b51565551555557503b5454573b5d0055544a0e1403
137.74.197.13200 336 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b50505c4b51565551555557504b51565551555557503b5454573b5d0055544a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=16, height=4288, bps=0, PhotometricIntepretation=RGB, manufacturer=NIKON CORPORATION, model=NIKON D300S, orientation=upper-left, width=2848], baseline, precision 8, 850x1280, components 3\012- data
Size 336 kB (335861 bytes)
Hash 3030289ee5f93a400cb5487b0a16ecbd
365311df223dd29bc9a5545efb9a2ff4fbfa5496
06672d4f1c1c8fb1590976a7384ed1d2494293b37146f681be591385c23932fa
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b50505c4b51565551555557504b51565551555557503b5454573b5d0055544a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Content-Length: 335861
Connection: keep-alive
Cache-Control: max-age=31418383
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b56505c4b52505c52535053534b52505c52535053533b5454553b5c5006524a0e1403
137.74.197.13200 235 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b56505c4b52505c52535053534b52505c52535053533b5454553b5c5006524a0e1403
IP 137.74.197.13:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, copyright=phil-flash], baseline, precision 8, 600x800, components 3\012- data
Size 235 kB (234617 bytes)
Hash 9606c18de5b3fc8bec6847ca045b3501
4faea038e6bb8965e73f6351553d7280f8537283
8adb25f81e137a28815149ba3688d75b12edc9bd8e9bfd2ce116d686890b3ffd
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b56505c4b52505c52535053534b52505c52535053533b5454553b5c5006524a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Content-Length: 234617
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9111
Expires: Sat, 04 Feb 2023 11:10:03 GMT
Date: Sat, 04 Feb 2023 08:38:12 GMT
Connection: keep-alive
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5053534b5152545c525d5d5d4b5152545c525d5d5d3b5454553b5d575d504a0e1403
137.74.197.13200 188 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5053534b5152545c525d5d5d4b5152545c525d5d5d3b5454553b5d575d504a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.11.5.0 0x0a62fc6d", baseline, precision 8, 853x1280, components 3\012- data
Size 188 kB (188098 bytes)
Hash 118bff33fe5224881c4084a67ceafe11
7d89c7d6e56392f8092ef0a03c41f18c7d16df3e
11f8bd55af3da39b557e55f2298d71d99bf80f111b0caba0cce1af6a26f945ca
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5053534b5152545c525d5d5d4b5152545c525d5d5d3b5454553b5d575d504a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Length: 188098
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
go.eabids.com/banner.go?spaceid=5675302&keywords=&maincat=
217.22.19.194200 OK 2.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675302&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2514), with no line terminators
Hash 0761ed8587b3d973d779542a17bf01bb
e663d5343302651b454f5c5a48cdb1bd08d56919
f1cc7a2874fef485d2d600b72c4684334129283773232b6ec593f2c0be550f94
GET /banner.go?spaceid=5675302&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2514
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:12 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5753514b5c535056565450554b5c535056565450553b5454523b550652564a0e1403
137.74.197.13200 362 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5753514b5c535056565450554b5c535056565450553b5454523b550652564a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 853x1280, components 3\012- data
Size 362 kB (361870 bytes)
Hash ff770da31e02237fc74768fddf1d8788
231c2fec3212c7a3c59aa9f5ed4f071b342bd38b
f9f09c365c1f4561783e98f0bdb32b1d9252de906e7c33aa7b7c187bed618ace
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5753514b5c535056565450554b5c535056565450553b5454523b550652564a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Length: 361870
Connection: keep-alive
Cache-Control: max-age=31418383
kahoka.pornlesbans.hotnatalia.com/s3/ad_vc_gam2/banner-18158.gif
137.74.197.13200 OK 142 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/s3/ad_vc_gam2/banner-18158.gif
IP 137.74.197.13:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 142 kB (141524 bytes)
Hash 7b5da4506d53370f198abf9a146c32ed
a752f2395987700d9c9b9b93ccdcb4b86a3c2d41
54f3aa73f27aabd78915903d9d2f8b6a6877acd5ff0a046a291982c5adf7dd3c
GET /s3/ad_vc_gam2/banner-18158.gif HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Type: image/gif
Content-Length: 141524
Connection: keep-alive
Last-Modified: Wed, 05 May 2021 20:10:36 GMT
ETag: "6092fbbc-228d4"
X-Cluster: web-cdn2
X-Cache: EXPIRED
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 794216b55d29697f-FRA
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26980), with no line terminators
Hash 15de4b0bb829d58a93a7209010c8ce1f
ad24f787ee5d197a971c2c3109307bd4f8d6919c
622690e88b14bd43bfd0fdf60c166f23c577f8bd94ab922b4dbd6210baa729e1
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4ae2f573f30b145fac2429eb25267e62
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
kahoka.pornlesbans.hotnatalia.com/s3/ad_amt1_v-01/916.jpg
137.74.197.13200 OK 27 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/s3/ad_amt1_v-01/916.jpg
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 87x600, components 3\012- data
Hash 8e3f466cd5bc0d72698f912696709ae9
dbc4006940dbe0f04302a223e4bd0cdaa53c0b6b
c143983bbc2668bd89dabccc153f7f73e35e788988a6864675fe045858e96dca
GET /s3/ad_amt1_v-01/916.jpg HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Type: image/jpeg
Content-Length: 27120
Connection: keep-alive
Last-Modified: Wed, 31 Mar 2021 20:30:41 GMT
ETag: "6064dbf1-69f0"
X-Cluster: web-cdn2
X-Cache: EXPIRED
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 794216b5b9c59052-FRA
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
kahoka.pornlesbans.hotnatalia.com/s3/ad_vc_gam2/banner-00014.gif
137.74.197.13200 OK 694 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/s3/ad_vc_gam2/banner-00014.gif
IP 137.74.197.13:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 694 kB (693762 bytes)
Hash 74116e5eea8e0cc2b0175d5f0b4f26f7
a23ee66128bcf6e1fd68d254763d3d0b6376ed55
bf1e0baa1e9fb48faf6203ae624691184190340f3f48c2f13458c470112adf66
GET /s3/ad_vc_gam2/banner-00014.gif HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Type: image/gif
Content-Length: 693762
Connection: keep-alive
Last-Modified: Mon, 03 May 2021 20:14:51 GMT
ETag: "609059bb-a9602"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 7941d78edaf2bbc7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b165d1e34021652322a145412351755003e21093106134b5454544b5053574b5054574b545d5d3b555454544a0e1403
137.74.197.13200 55 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b165d1e34021652322a145412351755003e21093106134b5454544b5053574b5054574b545d5d3b555454544a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x640, components 3\012- data
Hash f8a6958bec5ec8dad4c4c3d623532a48
c7576e8b5c7f3764ab16656769bcb9de287fb151
38a9981181b193139a7f4d062538dcb45f1c0484660d89a2e6957a036375b59f
GET /viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b165d1e34021652322a145412351755003e21093106134b5454544b5053574b5054574b545d5d3b555454544a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Length: 54653
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 4304688
go.eabids.com/banner.go?spaceid=5205963&keywords=&maincat=
217.22.19.194200 OK 2.6 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5205963&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2576), with no line terminators
Hash a2ba402661b95f7ce967bb24265b9083
07b2c2164b146eb85605b4ef6f3588c438ace496
f9509494f35e29eaeb58fd5ebc7cb3f325628f5f54c98fe9672a25e0e1d25e3a
GET /banner.go?spaceid=5205963&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2576
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:12 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
kahoka.pornlesbans.hotnatalia.com/s3/ad_oct20/0040.gif
137.74.197.13200 OK 96 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/s3/ad_oct20/0040.gif
IP 137.74.197.13:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash ce0ebabc6e7884365f0e353798962f3d
c03d2f57712665cedd92856b734513fe9a459475
aeaee9fae066672425340c8283d13159f94845b4f48d89be703949ef6b48a598
GET /s3/ad_oct20/0040.gif HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Type: image/gif
Content-Length: 96046
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:45:25 GMT
ETag: "5f80cbe5-1772e"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 79401afe380a2c42-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b2c015400301d51103506052f060950261d105c5226354b5454544b50515c4b5451554b50505d3b555454544a0e1403
137.74.197.13200 167 B URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b2c015400301d51103506052f060950261d105c5226354b5454544b50515c4b5451554b50505d3b555454544a0e1403
IP 137.74.197.13:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b2c015400301d51103506052f060950261d105c5226354b5454544b50515c4b5451554b50505d3b555454544a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b50564b565456555050565d4b5249565c541c5551534a0e1403
137.74.197.13200 167 B URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b50564b565456555050565d4b5249565c541c5551534a0e1403
IP 137.74.197.13:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b50564b565456555050565d4b5249565c541c5551534a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
push.services.mozilla.com/
54.184.253.181101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.184.253.181:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vp09x3shu4WFsKjdu+XjNg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: E+mOlQMQEVspGbGWmEqKyCPsluE=
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b062c330f0036011c34311e0f49102e29082049000d134b5454544b50515d4b545d554b5754573b555454544a0e1403
137.74.197.13200 62 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b062c330f0036011c34311e0f49102e29082049000d134b5454544b50515d4b545d554b5754573b555454544a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 750x1000, components 3\012- data
Hash 24bc2ab457bef03ba441e17c81ae7291
6f44f91fcb3467dca7d320358594131dc1ce1418
503f128ac543002545773ea0a81dba8163ddde8c892b3e0e5fb308599dff4acd
GET /viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b062c330f0036011c34311e0f49102e29082049000d134b5454544b50515d4b545d554b5754573b555454544a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Length: 62113
Connection: keep-alive
Cache-Control: max-age=31418383
tsyndicate.com/iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.134.97200 OK 3.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3869)
Hash f1fee6e1331fe92e9683c0e20c35c63f
05819f3f5411a1d891dca3590b0e30d722d45c52
3d1cfbad4736f5a82f582ac20d28b388d69d881f9c79effc92f612a3571f3652
GET /iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/images/3/3/1475f6b6f811e69664002590c57f96/main.jpg>; rel=preload; as=image
X-Request-Id: 21fce6c2679b10c7
Set-Cookie: ts_uid=db397bf0-6aa5-45d5-a022-453c31ad42e3; expires=Fri, 04 Aug 2023 08:38:12 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
kahoka.pornlesbans.hotnatalia.com/s3/mx-wide/p1111.jpg
137.74.197.13200 OK 15 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/s3/mx-wide/p1111.jpg
IP 137.74.197.13:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 468x60, components 3\012- data
Hash ed544b2f2fc8402c24cea3354819a063
fa863b7837da9f591caf0e61a1621c9ff651fe1f
6bb3c41b0cc62494ead4de5a22746d836493ad30d7a0149fa0a5f9cad78b4c25
GET /s3/mx-wide/p1111.jpg HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Type: image/jpeg
Content-Length: 15158
Connection: keep-alive
Last-Modified: Mon, 21 Sep 2020 19:57:52 GMT
ETag: "5f6905c0-3b36"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 794216b73e402c3f-FRA
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26978), with no line terminators
Hash 8d9e32967ee94d02c485f61afa9f3b0f
8d7505475d43084e52818c2f29aca97dc58a2ca1
f0e0abfba7eccfb9067b6433bb8374fa3b2fd7988cf0f6bfd48c9dc004084b1c
GET /539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2afd62d776cf289f9a7cb6d16c4c6fb0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b12370d142a150a103e1e0c230b201e160a163d3227034b5454544b5053544b5452554b505c573b555454544a0e1403
137.74.197.13200 167 B URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b12370d142a150a103e1e0c230b201e160a163d3227034b5454544b5053544b5452554b505c573b555454544a0e1403
IP 137.74.197.13:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b12370d142a150a103e1e0c230b201e160a163d3227034b5454544b5053544b5452554b505c573b555454544a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:400,500,700
142.250.74.106200 OK 1.8 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,500,700
IP 142.250.74.106:0
File type ASCII text, with very long lines (2029)
Hash 66f7830595ff82271ffc792863a9cd42
ce7dc66faa4d1d37952ae42856d2d550926a75d2
d5ceac43c3b7ead05d45f8a274ed06d0f7154f04e81af589271f99b3762ed2bc
GET /css?family=Roboto:400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 Feb 2023 08:38:11 GMT
date: Sat, 04 Feb 2023 08:38:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5552564b53555150555257564b53555150555257563b5454553b015553054a0e1403
137.74.197.13200 427 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5552564b53555150555257564b53555150555257563b5454553b015553054a0e1403
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, copyright=mplstudios.com 2011], baseline, precision 8, 801x1200, components 3\012- data
Size 427 kB (426719 bytes)
Hash 44a61f10bff0507b9cc4edce3f56f22e
a90acbf5c62edca9a674cf95f526f063e96bfcb7
cf6af077761916daee22fea881f9d9cfd973492f61958c571be25008821b5b77
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5552564b53555150555257564b53555150555257563b5454553b015553054a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Length: 426719
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 470172
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=873032
185.94.237.102200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=873032
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1589), with CRLF, LF line terminators
Hash 11b4e8ea490442eb4796bd495bdfe66e
4e7968da82f3da52c9dd0d64ac0c13bacd7e095d
01d4fdb062991d90f39dd90e9a856ff52aab9df082e7f2cb21e469261eaf505b
GET /adshow.php?adzone=873032 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=600a2d9a82508f0dfd965c365e008870; expires=Sun, 04-Feb-2024 08:38:12 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps23198=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU3ODY5OTtpOjE2NzU3NTkwOTI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
kahoka.pornlesbans.hotnatalia.com/s3/ad_oct20/0020.jpeg
137.74.197.13200 OK 29 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/s3/ad_oct20/0020.jpeg
IP 137.74.197.13:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=704, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=528], baseline, precision 8, 200x200, components 3\012- data
Hash 76617ff47d99d3f9d1b7ad61050f9c49
ead3238a8b5c49a8ca9b486375e616a999ce2cd4
005ba2b5982450199861d7c266098abc0dc58ea7a51c484707b48828db01122e
GET /s3/ad_oct20/0020.jpeg HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Type: image/jpeg
Content-Length: 28795
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:43:34 GMT
ETag: "5f80cb76-707b"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 794087817c4e2c5d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: REVALIDATED
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 07:51:59 GMT
expires: Thu, 01 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 261973
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214200 OK 2.8 kB URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Tue, 08 Mar 2022 10:11:03 GMT
Content-Type: application/javascript
Content-Length: 2808
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765629
Accept-Ranges: bytes
kahoka.pornlesbans.hotnatalia.com/cdn-v3/xo-data/am1/196.jpg
137.74.197.13200 OK 33 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/cdn-v3/xo-data/am1/196.jpg
IP 137.74.197.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x650, components 3\012- data
Hash 4aac629eb302b93ec0847962bdab2964
c81f20f1319d0d65a1ee93db64c2fe60c3a57a52
22279f83c05d097dd5c9bc6b7ff2ae4e9000a6d8f3db88f0e2f0bfcb630128bb
GET /cdn-v3/xo-data/am1/196.jpg HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
Cookie: _subid=s8hnpa178poq; 61f26=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNjc1NDk5OTQ3fSxcImNhbXBhaWduc1wiOntcIjRcIjoxNjc1NDk5OTQ3fSxcInRpbWVcIjoxNjc1NDk5OTQ3fSJ9.jNEm3NpvqWXZbw8Uv_ozsJbhg97OBVuf4p9gBvoLCdU; _token=uuid_s8hnpa178poq_s8hnpa178poq63de19ab5c2eb9.72811934
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Type: image/jpeg
Content-Length: 33133
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "4aac629eb302b93ec0847962bdab2964"
Last-Modified: Sat, 17 Dec 2022 21:45:49 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Replication-Status: REPLICA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-version-id: fc1c751d-4788-4305-b439-f1e0c88b64ef
X-CDN-Backend: cdn-v3-web1
X-CDN: cdn-v3
alt-svc: h2=":443"; ma=60
X-Cache-Status: REVALIDATED, MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765629
static.eabids.com/data/bannerpools/112022/34757.gif
217.22.19.195200 OK 10 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/34757.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 250 x 150\012- data
Hash f1dfc834e7b463f05d89c552964de728
2ba5b3cbc29ba926ae8443ec16a33cbb0070685c
2643ce833a803c7be0321b464aa8793f887a7752d67de4fbe90a5e219ce5328f
GET /data/bannerpools/112022/34757.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: image/gif
Content-Length: 10469
Last-Modified: Thu, 28 Apr 2022 14:46:24 GMT
Connection: keep-alive
ETag: "626aa8c0-28e5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
static.eabids.com/data/bannerpools/94553/59044.gif
217.22.19.195200 OK 132 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/59044.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 132 kB (131819 bytes)
Hash c188d4c04b38b9ea53425f2ac81ba37b
d5e4391a626eb5fbcb0b636fadb6fec3f1229884
e3b45c8ce6eaa5e10f0bdea79708c9bb4a2ddfaed1c93523224d74e1af926d0a
GET /data/bannerpools/94553/59044.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: image/gif
Content-Length: 131819
Last-Modified: Thu, 28 Apr 2022 14:45:26 GMT
Connection: keep-alive
ETag: "626aa886-202eb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
tsyndicate.com/iframes2/4cac9064b352472ab0c635df56b56283.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.134.97200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/4cac9064b352472ab0c635df56b56283.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4340)
Hash ef48105f5a6e273c8efdf79d5e120ab6
559ca5504753d80d5c224e82e3c8518ae2aa1d97
164484c56b3570bee1158e02e1bd310fcfb4e26e429117e1c4c3138d99d5719b
GET /iframes2/4cac9064b352472ab0c635df56b56283.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: fce3adea36dcebe1
Set-Cookie: ts_uid=548c98e4-b448-4b5e-917f-eb043a708e13; expires=Fri, 04 Aug 2023 08:38:12 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765629
i.jads.co/network/user1895/23198-1499935984.jpg
69.16.175.42200 OK 13 kB URL HTTP/1.1 i.jads.co/network/user1895/23198-1499935984.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 468x60, components 3\012- data
Hash 6465f5ccfba2bb5b4f3c67fbde2d7bdf
166cc620c9d37703811b79ed5e0c8eb0c9c56087
4cccfce4da110a128488002798e4bc8214e4068be2cdf4251089fc12c7a61da5
GET /network/user1895/23198-1499935984.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:12 GMT
Connection: Keep-Alive
ETag: "1499935984"
Cache-Control: max-age=13296334
Content-Length: 13435
Content-Type: image/jpeg
Last-Modified: Thu, 13 Jul 2017 08:53:04 GMT
Accept-Ranges: bytes
X-HW: 1675499892.dop229.sk1.t,1675499892.cds252.sk1.c
i.jads.co/1x1.gif
69.16.175.42200 OK 43 B IP 69.16.175.42:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:12 GMT
Connection: Keep-Alive
ETag: "1457030838"
Cache-Control: max-age=11725374
Content-Length: 43
Content-Type: image/gif
Last-Modified: Thu, 03 Mar 2016 18:47:18 GMT
Accept-Ranges: bytes
X-HW: 1675499892.dop229.sk1.t,1675499892.cds264.sk1.c
tsyndicate.com/iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.134.97200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: b19cfcd731d155f8
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 51587a23f66c8249b593bdd3bc316c26
a44589aa9cf9e0a703e280f130f13783a4dce154
9d3982efed953d409b9ff9e88be9f517be1f563d0569bc8f39ca9c75be104477
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=107084
Date: Sat, 04 Feb 2023 08:38:12 GMT
Etag: "63dd0c95-1d7"
Expires: Sun, 05 Feb 2023 14:22:56 GMT
Last-Modified: Fri, 03 Feb 2023 13:31:01 GMT
Server: ECS (nyb/1D07)
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: STC9sGFqXRQzVr-tOPga9k8XJ7507AXEX9V7Ir7yUqtDxueouRuhaQ==
Age: 3115
lcdn.tsyndicate.com/error/banner.html
8.254.252.214200 OK 355 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.214:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8b1f15be621db10926fe9a4cf5e065a7
cbf25705dce9a6cdc92fca1b42924c31a4325b09
0a9c708f0537719d5a20bfaa8343363a0283320fb1776657d913a6a4f2030287
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 00:07:36 GMT
Content-Type: text/html
Content-Length: 355
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 13422636
Accept-Ranges: bytes
kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5651564b5d565553525c56524b5d565553525c56523b5454553b5d0754534a0e1403
137.74.197.13200 471 B URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5651564b5d565553525c56524b5d565553525c56523b5454553b5d0754534a0e1403
IP 137.74.197.13:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5651564b5d565553525c56524b5d565553525c56523b5454553b5d0754534a0e1403 HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
HTTP/1.1 200
Server: nginx
Date: Sat, 04 Feb 2023 08:33:24 GMT
Content-Length: 105217
Connection: keep-alive
Cache-Control: max-age=31418383
comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (27000), with no line terminators
Hash a13278812a3412789dc0777064558e57
ed2c8d0a35794935ef84aa8e0c72f56626739077
ae8be1b13547306c713e4ec1d40f68fd341eba8b6d509f0a4fc427b64eec6a83
GET /539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d3e8b8065de4dd8697e625638fc02509
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
217.22.19.194200 OK 2.6 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2639), with no line terminators
Hash aad66012262c5a91534e0d74b4bdf393
e61a927b26a1484ea7a64c6511ea1f326bac8aed
b017cd7b0d046683be691057606ce5066595996a52a5f292c6036e26b6a7e3d4
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2639
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:12 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.134.97200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: ec8aa8206dec84ca
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765629
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.210200 OK 1.2 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.210:0
File type ASCII text, with very long lines (563)
Hash aaa716b051d8f7e39379acf7dd390b58
a3e9ad6eb9c80ace589dc0fc5f1005f90374938a
8db10d074ca346ebf2267e92e83105ec60527d7e3b4e3f4ddb9157f83715402d
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 12:53:28 GMT
Content-Type: application/javascript
Content-Length: 1197
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 4304684
Accept-Ranges: bytes
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 3db977d02dff2039fd16ec05985fc382
d08dd5cd90703359c9708bc243f05d5b5e0aa0c7
f399db5e2607843c5d3fa64ebae0061e3c9858052c301decbbff1d2be38d86b2
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:12 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://kahoka.pornlesbans.hotnatalia.com
access-control-allow-credentials: true
set-cookie: uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1; expires=Tue, 01 Feb 2033 08:38:12 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b45aced3f9f05f1f4da20f8b6ea21d30
bd28ecb25ce9fb326fd8914316142aec4e70d84b
af3a035d682dd50f81039ee0b356e4a60fba24e7db5fd0e74329bd12178839b0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF3A035D682DD50F81039EE0B356E4A60FBA24E7DB5FD0E74329BD12178839B0"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18043
Expires: Sat, 04 Feb 2023 13:38:55 GMT
Date: Sat, 04 Feb 2023 08:38:12 GMT
Connection: keep-alive
cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
8.254.252.210200 OK 21 kB URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
IP 8.254.252.210:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 250x150, components 3\012- data
Hash 59daf16e56e34dea2bd62621de9ea715
f05218f39e0082340140e64e0484ff70de180e03
f16ad4fde634d96b645fe569313dd0d873a848207de7e2cddc4d3afef16e3b81
GET /imges/backup/banner/250x150.jpeg HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Date: Wed, 22 Jun 2022 09:42:10 GMT
Content-Type: image/jpeg
Content-Length: 20831
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62b2dfdb-5180"
Age: 19608962
Accept-Ranges: bytes
poweredby.jads.co/adshow.php?adzone=830927
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830927
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (433), with CRLF, LF line terminators
Hash bde8bcc1812a77915aad011fd5d6a375
914bb5a9ee56c182190191f9c32cb6a94bf5359f
3865fe9b532d96c2c4bbe61b6db3f738374cbef19a12394020f60c067603b378
GET /adshow.php?adzone=830927 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=600a2d9a82508f0dfd965c365e008870; expires=Sun, 04-Feb-2024 08:38:12 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps131=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjEyMDM0Mzg7aToxNjc1NzU5MDkyO30%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 3db977d02dff2039fd16ec05985fc382
d08dd5cd90703359c9708bc243f05d5b5e0aa0c7
f399db5e2607843c5d3fa64ebae0061e3c9858052c301decbbff1d2be38d86b2
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Cookie: uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:12 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://kahoka.pornlesbans.hotnatalia.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
opthushbeginning.com/28/85/33/28853392a76a14b1426991b6def2243b.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 opthushbeginning.com/28/85/33/28853392a76a14b1426991b6def2243b.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37127), with no line terminators
Hash 28e9d94ffa77fee704344323dba4280e
5833186eb01b260785820de358c6eedd88a33f89
639e18d0ccf7e4a8d8bcfefec742da6593e5bbf26812b9cf90c862a3526c497c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /28/85/33/28853392a76a14b1426991b6def2243b.js HTTP/1.1
Host: opthushbeginning.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2589760f2c1c651adf552df0566a5be3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
go.xlivrdr.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=m6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi&p1=3717296
104.18.51.106301 Moved Permanently 0 B URL HTTP/1.1 go.xlivrdr.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=m6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi&p1=3717296
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=m6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi&p1=3717296 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 04 Feb 2023 08:38:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 04 Feb 2023 09:38:12 GMT
Location: https://go.xlivrdr.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=m6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi&p1=3717296
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794216b90afbb4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
lcdn.tsyndicate.com/error/banner.html
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 13422636
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765629
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 51587a23f66c8249b593bdd3bc316c26
a44589aa9cf9e0a703e280f130f13783a4dce154
9d3982efed953d409b9ff9e88be9f517be1f563d0569bc8f39ca9c75be104477
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 08:38:12 GMT
Last-Modified: Sat, 04 Feb 2023 07:44:44 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oc1GNpmqNnur-Mp0IbBPRPiiMngW_iHekuVQ_mpng2ROsQ75p8OOdw==
Age: 3208
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 3db977d02dff2039fd16ec05985fc382
d08dd5cd90703359c9708bc243f05d5b5e0aa0c7
f399db5e2607843c5d3fa64ebae0061e3c9858052c301decbbff1d2be38d86b2
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Cookie: uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:12 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://kahoka.pornlesbans.hotnatalia.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 4304684
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
94.130.141.49200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 2d6e445973bf9ab1f1f746753693fda1
bcdb1002a352990c211055c790fe4ca618797b2e
2465d4ef7c7dbacdff4b88a8bc92e1f309dc7c6efe7edfc7f2e72403cbf50ba7
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:12 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://kahoka.pornlesbans.hotnatalia.com
access-control-allow-credentials: true
set-cookie: uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1; expires=Tue, 01 Feb 2033 08:38:12 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=7188786063136132737&pid=0&site=8047&sc=NO&usage_type=DCH&subid=933499612&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=kahoka.pornlesbans.hotnatalia.com&hostname=auc-banner-hz-4&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=8047&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D933499612%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D8047%26utm1%3Dtcban_s%26utm2%3D8047%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fkahoka.pornlesbans.hotnatalia.com%252F%253Fannalise%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=7188786063136132737&pid=0&site=8047&sc=NO&usage_type=DCH&subid=933499612&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=kahoka.pornlesbans.hotnatalia.com&hostname=auc-banner-hz-4&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=8047&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D933499612%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D8047%26utm1%3Dtcban_s%26utm2%3D8047%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fkahoka.pornlesbans.hotnatalia.com%252F%253Fannalise%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=7188786063136132737&pid=0&site=8047&sc=NO&usage_type=DCH&subid=933499612&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=kahoka.pornlesbans.hotnatalia.com&hostname=auc-banner-hz-4&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=8047&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D933499612%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D8047%26utm1%3Dtcban_s%26utm2%3D8047%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fkahoka.pornlesbans.hotnatalia.com%252F%253Fannalise%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 04 Feb 2023 08:38:12 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=933499612&idzone=3902650&w=160&h=600&mo=&ve=&site_id=8047&utm1=tcban_s&utm2=8047&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&katds_labels=&btype=0&score=1&bf=0.0001
X-Firefox-Spdy: h2
static.eabids.com/data/bannerpools/94553/58922.jpg
217.22.19.195200 OK 26 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/58922.jpg
IP 217.22.19.195:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash b457526ac17b874823909a24b92a54f8
639fb2e5805468be28dce50a6ff6378427308f68
623583bc6825d5d2e570b8dc9648d78dc666516f18413838263d96f12badfafd
GET /data/bannerpools/94553/58922.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: image/jpeg
Content-Length: 25805
Last-Modified: Thu, 28 Apr 2022 14:45:38 GMT
Connection: keep-alive
ETag: "626aa892-64cd"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e69146b2b3cc4fedc68b10de5fa1c071
90d9d81bb5513e701edac6b93fea10d0d536e2f1
f3706f157fe37709ef692f56e8bbd7763e372b0a02926ce27892769860f7e9f0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3463
Cache-Control: max-age=117515
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:12 GMT
Etag: "63dd33f8-117"
Expires: Sun, 05 Feb 2023 17:16:47 GMT
Last-Modified: Fri, 03 Feb 2023 16:19:04 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26976), with no line terminators
Hash 8d4d3150c11f26af1521c886cb2a020b
41bac3365997aaaba283d7a46eeb24197ec7802d
004ec5a538e9a115221f297d56aec71dcc37e64539b61afad9eb0b217a9da989
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 19de3b0684db3befc1cbcf68fe9f6cc9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
lcdn.tsyndicate.com/error/banner.html
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 13422636
i.jads.co/network/user1037/1-1621483201-0948388001621483201.gif
69.16.175.42200 OK 23 kB URL HTTP/1.1 i.jads.co/network/user1037/1-1621483201-0948388001621483201.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 468 x 60\012- data
Hash aa2d13a20b11be66ccbd1b2e3da30a30
f6b63a59d61ef7aa93e776f99101d039c5ce7857
07f16a7c377e080d68dafa55b88d48e7d53e29b4598491b3a0d6c49f992df26f
GET /network/user1037/1-1621483201-0948388001621483201.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:12 GMT
Connection: Keep-Alive
ETag: "1621483201"
Cache-Control: max-age=13258484
Content-Length: 22760
Content-Type: image/gif
Last-Modified: Thu, 20 May 2021 04:00:01 GMT
Accept-Ranges: bytes
X-HW: 1675499892.dop229.sk1.t,1675499892.cds264.sk1.c
cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/250x150.jpeg HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Wed, 22 Jun 2022 09:24:43 GMT
If-None-Match: W/"62b2dfdb-5180"
HTTP/1.1 304 Not Modified
Date: Wed, 22 Jun 2022 09:42:10 GMT
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62b2dfdb-5180"
Age: 19608962
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
188.114.99.234200 OK 8.0 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 188.114.99.234:0
File type ASCII text, with very long lines (27303)
Hash bbde69ad4e201e1606cbf6a41b31c53a
eb31d1fa34d3de65f6c4f80ad09a18743a280365
e42d400997cd57ce67e9cbe3e65f2c6a408174eb48c71a4cdbbc025e0c75c660
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:11 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"4fbd15cb6047af93373f4f895639c8bf"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 11/11/2022 02:14:45
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1047
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 09f4fc9d1515cca58ee94f9b7bc7e5ae
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 794216b36a3fb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pompeydesigning.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 pompeydesigning.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37130), with no line terminators
Hash d685df1b173a3f9adc058533dfefce0e
53a8af71df99fc5629f55e0539e3cb7296d25934
6e00595036ce5b728605ce759dd77d214f11af4c5f997e02a666c833cd4d97eb
Analyzer Verdict Alert quad9 Sinkholed
GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: pompeydesigning.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 85f5cdc8778c761f16a5b63e76ec9694
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 4304684
friendshipmale.com/sfp.js
104.21.234.93200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 104.21.234.93:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: e3f332dbf92d9b88bea905eec6c1a218
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 04 Feb 2023 08:38:12 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NtxaXov63QdJBnOxgjdk5GKFXxnctr6E1PJzGZ9QI0vxo3gqajgN8XISYziig%2BDy3CXp%2BWCwOSDNkJ9dP0rnJZ7kJKs0zhNBCdCzXjNxLUe4q46aIz%2BfEtS7pbQcApMDvFSuIec%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794216b9881a2411-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjgwNDcsImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo4MDQ3LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjkzMzQ5OTYxMiIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjgwNDciLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjgwNDciLCJwYWdlIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8/YW5uYWxpc2UifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiYjFmYWEwZTE2YTgwYzFjMGI0MGU3MmQ5ODU5ZDU5ZjMifSwiZXh0Ijp7ImR0IjoxNjc1NDk5OTI3MTkzfX0=
162.55.139.130200 OK 1.0 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjgwNDcsImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo4MDQ3LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjkzMzQ5OTYxMiIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjgwNDciLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjgwNDciLCJwYWdlIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8/YW5uYWxpc2UifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiYjFmYWEwZTE2YTgwYzFjMGI0MGU3MmQ5ODU5ZDU5ZjMifSwiZXh0Ijp7ImR0IjoxNjc1NDk5OTI3MTkzfX0=
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1398)
Hash 4b90042de570d7deeff3c5724d7d2f90
f6aa0f8a2e082865c0a93843f048815e93f0532a
78bd97716a89e4e109e6a3ffe58ef88a064276395fe83148cc2e054af7015f5d
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjgwNDcsImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo4MDQ3LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjkzMzQ5OTYxMiIsInV0bTEiOiJ0Y2Jhbl9zIiwidXRtMiI6IjgwNDciLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjgwNDciLCJwYWdlIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8/YW5uYWxpc2UifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiYjFmYWEwZTE2YTgwYzFjMGI0MGU3MmQ5ODU5ZDU5ZjMifSwiZXh0Ijp7ImR0IjoxNjc1NDk5OTI3MTkzfX0= HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 04 Feb 2023 08:38:12 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b400c2c20802db300f72333da4ffa8aa
935b74452ae52ed54ca87df749586b6a667eca4d
6224e48de708a4119b097cebca9656f6d91527aa84f8c5eef00b6210696c2d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6224E48DE708A4119B097CEBCA9656F6D91527AA84F8C5EEF00B6210696C2D5A"
Last-Modified: Fri, 03 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3487
Expires: Sat, 04 Feb 2023 09:36:19 GMT
Date: Sat, 04 Feb 2023 08:38:12 GMT
Connection: keep-alive
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.134.97200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 5f2d6f25acb7c24d
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 2.6 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2618), with no line terminators
Hash fd8e8ba1ed7a1ded5a35bf1bd04864ba
cd720625b0179fd2290a8645c51bbfd944d25e2d
84fbedb69fee15b74c6787e9be7f9500aad2fdb66b9ddddc5046702c98e02086
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2618
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:12 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765629
btds.zog.link/in/912/?sid=0&source=933499612&idzone=3902650&w=160&h=600&mo=&ve=&site_id=8047&utm1=tcban_s&utm2=8047&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&katds_labels=&btype=0&score=1&bf=0.0001
109.206.181.2302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=933499612&idzone=3902650&w=160&h=600&mo=&ve=&site_id=8047&utm1=tcban_s&utm2=8047&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&katds_labels=&btype=0&score=1&bf=0.0001
IP 109.206.181.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=933499612&idzone=3902650&w=160&h=600&mo=&ve=&site_id=8047&utm1=tcban_s&utm2=8047&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&katds_labels=&btype=0&score=1&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Sun, 05 Feb 2023 08:38:12 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
subscribestormyapprobation.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
173.233.139.164200 OK 13 kB URL HTTP/1.1 subscribestormyapprobation.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP 173.233.139.164:0
File type ASCII text, with very long lines (37163), with no line terminators
Hash c5d459f05d085df96fbd878c192ef3d3
91252600c130d5d41ce6a233f27d4977f18df9eb
3ff29379fc2527b802408a62d1758d513134ad0835880d37685d9a7e9515b824
Analyzer Verdict Alert quad9 Sinkholed
GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a2092b8d547142b6de91204fb44e5089
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e69146b2b3cc4fedc68b10de5fa1c071
90d9d81bb5513e701edac6b93fea10d0d536e2f1
f3706f157fe37709ef692f56e8bbd7763e372b0a02926ce27892769860f7e9f0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3463
Cache-Control: max-age=117515
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:12 GMT
Etag: "63dd33f8-117"
Expires: Sun, 05 Feb 2023 17:16:47 GMT
Last-Modified: Fri, 03 Feb 2023 16:19:04 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.254.252.210200 OK 102 kB URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.254.252.210:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 102 kB (102388 bytes)
Hash b761fe954e9423addda999b0975f1ee1
7baeb7f4b5824624fbe3f2dd6b8e8b291996fd89
824c9ecf5047e7d7f90fbc438be225dbc6c3e2513fca402294432c04667a8509
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Date: Wed, 22 Jun 2022 09:39:46 GMT
Content-Type: image/png
Content-Length: 102388
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62b2dfdb-18fbf"
Age: 19609106
Accept-Ranges: bytes
comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (27000), with no line terminators
Hash 079b24bccc00a8462076eb5f1d135bcc
8a544c8ac695190076b406061c4c489ddd5911f5
ed9ff224c3110184f2fced6866dbf7f1a49c92c88a18c6bb4be7d460a18d7f0f
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 039555d4c901230a31e9c2b82965f78e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=kahoka.pornlesbans.hotnatalia.com&et=472
94.130.141.49200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=kahoka.pornlesbans.hotnatalia.com&et=472
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=kahoka.pornlesbans.hotnatalia.com&et=472 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
94.130.141.49200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
i.jads.co/network/user500/23973-1505576678.gif
69.16.175.42200 OK 118 kB URL HTTP/1.1 i.jads.co/network/user500/23973-1505576678.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 118 kB (118211 bytes)
Hash 4580e92b2cc59d4d133dc90debf83ace
601cfed3a048b6cdc617e7cd6ff1dcf1ba7179e2
4cd3e55f591f5b5b567e646484c31cbc9225b1173c1e8e59d3a9f769eaaf9a40
GET /network/user500/23973-1505576678.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:12 GMT
Connection: Keep-Alive
ETag: "1505576678"
Cache-Control: max-age=13239018
Content-Length: 118211
Content-Type: image/gif
Last-Modified: Sat, 16 Sep 2017 15:44:38 GMT
Accept-Ranges: bytes
X-HW: 1675499892.dop229.sk1.t,1675499892.cds066.sk1.c
lcdn.tsyndicate.com/error/banner.html
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 13422636
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 4304685
static.eabids.com/data/bannerpools/94553/24606.gif
217.22.19.195200 OK 131 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/24606.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 131 kB (130667 bytes)
Hash a688ff6754a8a8b952f76e0df70e756f
276518c36bb71bd4d9a31dce74f92f5f664bbf39
21ff5e8a87f5daea42d97d69fa6a19ab218ef9943981f3f706a4d38d13019fc3
GET /data/bannerpools/94553/24606.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: image/gif
Content-Length: 130667
Last-Modified: Thu, 28 Apr 2022 14:45:32 GMT
Connection: keep-alive
ETag: "626aa88c-1fe6b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36301 Moved Permanently 162 B URL HTTP/1.1 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 87d403e353e196ef2fe78219321b5ce1
7c680a1048e96294e2c8a972dc3d317623b6dda4
30a2435bb213ab13654961fb01817745a7f2e411023a4a748ab085292b985978
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "30A2435BB213AB13654961FB01817745A7F2E411023A4A748AB085292B985978"
Last-Modified: Thu, 02 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9356
Expires: Sat, 04 Feb 2023 11:14:09 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=kahoka.pornlesbans.hotnatalia.com&et=493
94.130.141.49200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=kahoka.pornlesbans.hotnatalia.com&et=493
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=kahoka.pornlesbans.hotnatalia.com&et=493 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 2.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2491), with no line terminators
Hash 2d0ae65d49f44aa6ad9613b374e81d39
bf17bd69630629a01326c769f3274222cca6f520
a60cfd2f5070a795fd30a59d5b833ee8f5d1cfcdca1147e03ee113c659953e5e
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2491
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b7d989b415697cff62370f7730b25860
434aa43f2c55020ce7b770e0115429ee5abac5b9
19fcf5229e29c08dcc880cdc79a9d595798d53a409b67fcf15f3ee2d884eeb00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "19FCF5229E29C08DCC880CDC79A9D595798D53A409B67FCF15F3EE2D884EEB00"
Last-Modified: Thu, 02 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17166
Expires: Sat, 04 Feb 2023 13:24:19 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
subscribestormyapprobation.com/28/85/33/28853392a76a14b1426991b6def2243b.js
173.233.139.164200 OK 13 kB URL HTTP/1.1 subscribestormyapprobation.com/28/85/33/28853392a76a14b1426991b6def2243b.js
IP 173.233.139.164:0
File type ASCII text, with very long lines (37139), with no line terminators
Hash fc0cda6faf8e3cdee4a43165ec47a56b
e3688f60f21de74ed745ccf33c4c841a222859e2
133e00a252cc23299b1a30eb9acee0b50be033fb1c675700c55a30df3627c747
Analyzer Verdict Alert quad9 Sinkholed
GET /28/85/33/28853392a76a14b1426991b6def2243b.js HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0daf6beb16ff860dcf5b0742080a47a5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2135c7746b7d988423183cb39604af2e
df315f261f1bf9932f58f342e84c7b990c3e427c
c8ffebf47b17243df2946afec27eff633645f13b2e754483b42702d5d9945510
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FFEBF47B17243DF2946AFEC27EFF633645F13B2E754483B42702D5D9945510"
Last-Modified: Thu, 02 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14396
Expires: Sat, 04 Feb 2023 12:38:09 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 031be4d46456a983025a51dbafe041b8
028f4f0edcd725d7a87e785c595cb695defeb31f
668963244fb14a5bced5a013c2f8f7ff3aeec27695d402b3c1e07ae528f4e11f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 03:56:20 GMT
Expires: Wed, 08 Feb 2023 03:56:19 GMT
Etag: "028f4f0edcd725d7a87e785c595cb695defeb31f"
Cache-Control: max-age=328085,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794216b85b73b511-OSL
lcdn.tsyndicate.com/images/3/3/1475f6b6f811e69664002590c57f96/main.jpg
8.254.252.214200 OK 13 kB URL HTTP/2 lcdn.tsyndicate.com/images/3/3/1475f6b6f811e69664002590c57f96/main.jpg
IP 8.254.252.214:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 728x90, components 3\012- data
Hash 48b8dcbede8fd26c87a1c5bef74d4a1a
3291d9efa460a3bae5e82c72e10e59d7f6c5ef25
91b938c20777eaecee734bdde700953a29dc54d25e3af111ad7aeb34ed0962be
GET /images/3/3/1475f6b6f811e69664002590c57f96/main.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: image/jpeg
content-length: 13181
last-modified: Sat, 03 Oct 2020 00:01:48 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"5f77bf6c-33f6"
age: 27247369
accept-ranges: bytes
X-Firefox-Spdy: h2
comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26982), with no line terminators
Hash 0780c7b32356a4285c9d3cb039c630fe
9a6da1325225293c6334bf64c8c427f8b8d3f7cd
eeef9911a9d370cf4ba3bc86b4b0234722b55367910674e81896d2391efa2656
GET /11115435c35e6b966b90a5f936e0edcc/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aec7b54d97e767703fa1b7af2a7c2799
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Wed, 22 Jun 2022 09:24:43 GMT
If-None-Match: W/"62b2dfdb-18fbf"
HTTP/1.1 304 Not Modified
Date: Wed, 22 Jun 2022 09:39:46 GMT
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62b2dfdb-18fbf"
Age: 19609107
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 071c54cca1f0ab8b597a8e442b005f08
369bdbfd3a4baeb4cbbbaa173ce2688e6ce00369
f2f85daf0ea1700715989fc102db9c6abf5f4c4744c3fbe348952e155c242f88
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2F85DAF0EA1700715989FC102DB9C6ABF5F4C4744C3FBE348952E155C242F88"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14856
Expires: Sat, 04 Feb 2023 12:45:49 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/BAk8LBNPLt0
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/BAk8LBNPLt0
IP 142.250.74.131:0
Hash 8728e66e52198643caa13a6c44ba8a5e
e2908b8496ef84bd3d0d237e7a1ab52b2f8144a4
5d87b0d0819cde1dfed00d803db022701f3f3fc1943b4df51937ac34effeaf89
POST /s/gts1p5/BAk8LBNPLt0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
poweredby.jads.co/adshow.php?adzone=962240
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=962240
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (431), with CRLF, LF line terminators
Hash 24c78cc666225f484d2b196bc0572120
7fbd2059928bb7cfc5b142f179b6df863defcbb2
71a8f182508748c028cee3816ee5c3c755a2a9f161b3f28380170ca4836604c0
GET /adshow.php?adzone=962240 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=600a2d9a82508f0dfd965c365e008870; expires=Sun, 04-Feb-2024 08:38:12 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjU5Mjk4MTtpOjE2NzU3NTkwOTI7aTo1NjQ2Mjg7aToxNjc1NzU5MDkyO30%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b2e3a76de368d69e9b3103aaaab47a84
94146a5bfdf51661b8376064ea2016690655d4e3
f0861e6a4e3b30741077d28b6e5c42583615aea70d29cf4c168a990f06b2118e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F0861E6A4E3B30741077D28B6E5C42583615AEA70D29CF4C168A990F06B2118E"
Last-Modified: Thu, 02 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6011
Expires: Sat, 04 Feb 2023 10:18:24 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
utilitypresent.com/28/85/33/28853392a76a14b1426991b6def2243b.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 utilitypresent.com/28/85/33/28853392a76a14b1426991b6def2243b.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37127), with no line terminators
Hash 28e9d94ffa77fee704344323dba4280e
5833186eb01b260785820de358c6eedd88a33f89
639e18d0ccf7e4a8d8bcfefec742da6593e5bbf26812b9cf90c862a3526c497c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /28/85/33/28853392a76a14b1426991b6def2243b.js HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a3401a0a6ae5d4a406e15b72c0c64dbe
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36404 Not Found 0 B URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: nginx
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: application/javascript
content-length: 0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMIFOjjAwaY2q0sCHDTI4WNHLQmNFCTAwYJ2uEwTEmTJkYBcnAiCHiYZg6YzLKOBgDx42QLWrUPJlSBo4WYcTcENPiRpgZM3DgmGHmRhkxOXpCJGNn4Y2HcOqIWWgjRoyzEOHAoThD5cM5cCbqmGEDB40bN2A8HNNmrg6nMGZUHGtmoYwZD8W4cUPRRl8bNB62cYOR4QwZMgSLgLO5s40aNBbXkcOGoowaN2r0fVhHRkY0dOjAmaPjxYs7El2wSeNmzYsxw8es-TGmR5k8StAkUfNmBpMhSuxMf4OniZ4sc5K4CZLmiRonObjUgQFDhg3kaZSnIdOjhRomQpa4KUInCR78erCBhxhzlDEDf3WssQYeVVCRgxx2NIEHG19UMUURp8UQhQ1NKCHFG1WwsVkNcsSwxBlXjHHEEkmU4QQVV-DxBBRLOKFGHUpQoUUTU-BQBRxuhDFHG2S8cYUMcszQxBpvUBGHFEEIUcYYaqgRAw12aCGHEjd8cUYVSRAhRRVpiFVkGxmtEQYab6jpAhxvyOEGG2XMIUYYbszhApt0BElHGMOF4cIYb6A5WBh6bQGZQzPA0EVkjekAgws7PQShYY3SVkeZOohAhhh1TWUGDCOFEYZINNTAEVTtyYBSDTOMoZhBNMhgoFhpGCZCDjG4kMOktbrQEA1iyfFFrhnx6iuwMgiLmlh1hJFRE2_okQYbbITxQg2UgoDCFcQVecccILwIwkuU7gACuG5gpi4e7oIAIUMwcAtDCiAcMSWTL4T20k47gWBEGnKUYQZ3L7xkr1hjBNWpE0-IFecXDWcEsVhsOCxCEU6YWYYdXxTcGkOw3bBVX-xZegZlh9Vg1EMHgSyGHAtpBfPHX7TxBhmO4dAWzHK8sRBkIryhkA6ZjRY0HnkslHTBkQ6UGxy9vaAmm27CKSedduKpJ59-ApqGoIS28YJYd2QUA2JioaF2e8TeBWFGQf9JR5wt1OFGGnS00KgLZIyxtpkaH_RF4INbhCZDNsSWUg445CCD4rYx7ngOkEueFQ4-kRFynXB8gWhll2c-uQg4A4oQHUcrSsOjEImhl6cG_8TGRGhlvJBoY3QGQx8KBAQ%3D&s=474afa4b676dc351f8feb79fb48c51c801b2434dff696e310958395f33b080261675499892&w=t&r=1&d=569&priv=false
94.130.141.49200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMIFOjjAwaY2q0sCHDTI4WNHLQmNFCTAwYJ2uEwTEmTJkYBcnAiCHiYZg6YzLKOBgDx42QLWrUPJlSBo4WYcTcENPiRpgZM3DgmGHmRhkxOXpCJGNn4Y2HcOqIWWgjRoyzEOHAoThD5cM5cCbqmGEDB40bN2A8HNNmrg6nMGZUHGtmoYwZD8W4cUPRRl8bNB62cYOR4QwZMgSLgLO5s40aNBbXkcOGoowaN2r0fVhHRkY0dOjAmaPjxYs7El2wSeNmzYsxw8es-TGmR5k8StAkUfNmBpMhSuxMf4OniZ4sc5K4CZLmiRonObjUgQFDhg3kaZSnIdOjhRomQpa4KUInCR78erCBhxhzlDEDf3WssQYeVVCRgxx2NIEHG19UMUURp8UQhQ1NKCHFG1WwsVkNcsSwxBlXjHHEEkmU4QQVV-DxBBRLOKFGHUpQoUUTU-BQBRxuhDFHG2S8cYUMcszQxBpvUBGHFEEIUcYYaqgRAw12aCGHEjd8cUYVSRAhRRVpiFVkGxmtEQYab6jpAhxvyOEGG2XMIUYYbszhApt0BElHGMOF4cIYb6A5WBh6bQGZQzPA0EVkjekAgws7PQShYY3SVkeZOohAhhh1TWUGDCOFEYZINNTAEVTtyYBSDTOMoZhBNMhgoFhpGCZCDjG4kMOktbrQEA1iyfFFrhnx6iuwMgiLmlh1hJFRE2_okQYbbITxQg2UgoDCFcQVecccILwIwkuU7gACuG5gpi4e7oIAIUMwcAtDCiAcMSWTL4T20k47gWBEGnKUYQZ3L7xkr1hjBNWpE0-IFecXDWcEsVhsOCxCEU6YWYYdXxTcGkOw3bBVX-xZegZlh9Vg1EMHgSyGHAtpBfPHX7TxBhmO4dAWzHK8sRBkIryhkA6ZjRY0HnkslHTBkQ6UGxy9vaAmm27CKSedduKpJ59-ApqGoIS28YJYd2QUA2JioaF2e8TeBWFGQf9JR5wt1OFGGnS00KgLZIyxtpkaH_RF4INbhCZDNsSWUg445CCD4rYx7ngOkEueFQ4-kRFynXB8gWhll2c-uQg4A4oQHUcrSsOjEImhl6cG_8TGRGhlvJBoY3QGQx8KBAQ%3D&s=474afa4b676dc351f8feb79fb48c51c801b2434dff696e310958395f33b080261675499892&w=t&r=1&d=569&priv=false
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMIFOjjAwaY2q0sCHDTI4WNHLQmNFCTAwYJ2uEwTEmTJkYBcnAiCHiYZg6YzLKOBgDx42QLWrUPJlSBo4WYcTcENPiRpgZM3DgmGHmRhkxOXpCJGNn4Y2HcOqIWWgjRoyzEOHAoThD5cM5cCbqmGEDB40bN2A8HNNmrg6nMGZUHGtmoYwZD8W4cUPRRl8bNB62cYOR4QwZMgSLgLO5s40aNBbXkcOGoowaN2r0fVhHRkY0dOjAmaPjxYs7El2wSeNmzYsxw8es-TGmR5k8StAkUfNmBpMhSuxMf4OniZ4sc5K4CZLmiRonObjUgQFDhg3kaZSnIdOjhRomQpa4KUInCR78erCBhxhzlDEDf3WssQYeVVCRgxx2NIEHG19UMUURp8UQhQ1NKCHFG1WwsVkNcsSwxBlXjHHEEkmU4QQVV-DxBBRLOKFGHUpQoUUTU-BQBRxuhDFHG2S8cYUMcszQxBpvUBGHFEEIUcYYaqgRAw12aCGHEjd8cUYVSRAhRRVpiFVkGxmtEQYab6jpAhxvyOEGG2XMIUYYbszhApt0BElHGMOF4cIYb6A5WBh6bQGZQzPA0EVkjekAgws7PQShYY3SVkeZOohAhhh1TWUGDCOFEYZINNTAEVTtyYBSDTOMoZhBNMhgoFhpGCZCDjG4kMOktbrQEA1iyfFFrhnx6iuwMgiLmlh1hJFRE2_okQYbbITxQg2UgoDCFcQVecccILwIwkuU7gACuG5gpi4e7oIAIUMwcAtDCiAcMSWTL4T20k47gWBEGnKUYQZ3L7xkr1hjBNWpE0-IFecXDWcEsVhsOCxCEU6YWYYdXxTcGkOw3bBVX-xZegZlh9Vg1EMHgSyGHAtpBfPHX7TxBhmO4dAWzHK8sRBkIryhkA6ZjRY0HnkslHTBkQ6UGxy9vaAmm27CKSedduKpJ59-ApqGoIS28YJYd2QUA2JioaF2e8TeBWFGQf9JR5wt1OFGGnS00KgLZIyxtpkaH_RF4INbhCZDNsSWUg445CCD4rYx7ngOkEueFQ4-kRFynXB8gWhll2c-uQg4A4oQHUcrSsOjEImhl6cG_8TGRGhlvJBoY3QGQx8KBAQ%3D&s=474afa4b676dc351f8feb79fb48c51c801b2434dff696e310958395f33b080261675499892&w=t&r=1&d=569&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
94.130.141.49200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
static.eabids.com/data/bannerpools/112022/33959.jpg
217.22.19.195200 OK 26 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/33959.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash e4337461de3c9093338155687c6e3ae2
808f0a8e34e8bfea81780864ef94651759a3d7a8
fc9359dbacb6246356af571388a96b1f71b8a23894dbf711df60b821bd82f073
GET /data/bannerpools/112022/33959.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: image/jpeg
Content-Length: 25961
Last-Modified: Thu, 28 Apr 2022 14:46:28 GMT
Connection: keep-alive
ETag: "626aa8c4-6569"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
subscribestormyapprobation.com/watch.112929568527.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1
173.233.139.164307 Temporary Redirect 0 B URL HTTP/1.1 subscribestormyapprobation.com/watch.112929568527.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.112929568527.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1 HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Location: https://subscribestormyapprobation.com/watch.112929568527.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=b709ef456b85dbe0799a1852f151a5aaaf351897bd0fd26bffebc359f931354792ad5e949ef11dcdd33e5b6aabeb05db846b666513c97f9675d8434556a198d622ee4cd5ab455b12dd2c1ecbe725a392b37316dd9d865429bbfffb0bdd8ca6c5&pst=1675499953&rmtc=t
Set-Cookie: u_pl=17743402; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7ICIyOSI6ImQ4Mjk0MTg4OGNhODBiNWUwMjRjNGQwYTdjYWIwNDQwIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8va2Fob2thLnBvcm5sZXNiYW5zLmhvdG5hdGFsaWEuY29tLz9hbm5hbGlzZSJ9fQ.QNg1IC03RvBhsVym1_5Yv6URMIaSgyOM5y_EV8l191M; expires=Sat, 04 Feb 2023 08:39:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b0fcd3790c862e0a33df724fffa2273b
Strict-Transport-Security: max-age=0; includeSubdomains
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 2.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2482), with no line terminators
Hash cac9f5ec2415f688fb80c4465915ae85
8e270156c3eb2eb115e1b390930ebdfe91e8367e
85bf9b0624cb2615db167c7066837139695d23c16388d260cedc044a857c736b
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2482
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
poweredby.jads.co/adshow.php?adzone=941000
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=941000
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (431), with CRLF, LF line terminators
Hash 732a306af61781407273fce7c85cefcb
7bf360094dd5a868338da48629a80b9a2e39a932
22938f4ec0436fc08f94074e27bfb611670a100f953284c83172b1eb80756515
GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=600a2d9a82508f0dfd965c365e008870; expires=Sun, 04-Feb-2024 08:38:12 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3NjtpOjE2NzU3NTkwOTI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
opthushbeginning.com/watch.311423651676.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1
192.243.59.12307 Temporary Redirect 0 B URL HTTP/1.1 opthushbeginning.com/watch.311423651676.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.311423651676.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1 HTTP/1.1
Host: opthushbeginning.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Location: https://opthushbeginning.com/watch.311423651676.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=ae683462c5fbc250d63a5c1aef7d4d7814e0f322120417d998d2d2c4a1d1866bae4f243e8ca7e7ffc3aaafe63153ace83a86c169c68d48b5ee10d997bd011b259d11cc4b5573a889817fb0c62fb415ea647bbaa8&pst=1675499953&rmtc=t
Set-Cookie: u_pl=17763945; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; expires=Sat, 04 Feb 2023 08:39:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d5864ffa0d446743169f8b6b3f677db6
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/s/gts1p5/BAk8LBNPLt0
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/BAk8LBNPLt0
IP 142.250.74.131:0
Hash 8728e66e52198643caa13a6c44ba8a5e
e2908b8496ef84bd3d0d237e7a1ab52b2f8144a4
5d87b0d0819cde1dfed00d803db022701f3f3fc1943b4df51937ac34effeaf89
POST /s/gts1p5/BAk8LBNPLt0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=kahoka.pornlesbans.hotnatalia.com&et=311
94.130.141.49200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=kahoka.pornlesbans.hotnatalia.com&et=311
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=kahoka.pornlesbans.hotnatalia.com&et=311 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26978), with no line terminators
Hash 85a83197ead6eabbbb19c83a81931ac0
0310699aa1715300f919b9baf9beee71ff018249
46fa0a2bd087808de7118ab90e549de54de3e56cef660a9e48aea8328a9b98ea
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d856ab996d5b1b1060613787cc77578c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ads.realsrv.com/ads.js
185.76.9.17200 OK 96 kB IP 185.76.9.17:0
ASN #60068 Datacamp Limited
Hash c5f7424f684ac1e022d214e795eb93d6
d7b5cd9618e94decadf1cf89183d356fb52441bb
54bf3896dfef7138e20ba936602b5b76da66864b263ab955493907745b914f74
GET /ads.js HTTP/1.1
Host: ads.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: application/javascript
etag: W/"f4fddb85b686269b678e3caf766"
expires: Thu, 02 Feb 2023 18:45:35 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675504013
server: CDN77-Turbo
x-77-nzt: AblMCQ2Xqg//GBoAAA
x-77-nzt-ray: c0a4cc28a70199927519de63a5a18f0b
x-cache: HIT
x-age: 6680
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
creative.xliirdr.com/widgets/v4/Universal?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f7d35c19e8363f8e59e197e6034e23aaac0f22600b273fb0cad1f12ae1c95358&iterationId=383554&masterSmartpopId=1605&memberId=m6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi&p1=3717296&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&tag=-girls%2Findian&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30029
104.18.51.106200 OK 310 B URL HTTP/2 creative.xliirdr.com/widgets/v4/Universal?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f7d35c19e8363f8e59e197e6034e23aaac0f22600b273fb0cad1f12ae1c95358&iterationId=383554&masterSmartpopId=1605&memberId=m6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi&p1=3717296&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&tag=-girls%2Findian&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30029
IP 104.18.51.106:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1ab3e663cbe43dcdd713923b7b3fee96
1256dbec4521d29c441d17234cadbde489edb006
13f000857cca2943a3fc9254b231f09e64d7113c2ca4b5372f80e5f016dd0dcd
GET /widgets/v4/Universal?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f7d35c19e8363f8e59e197e6034e23aaac0f22600b273fb0cad1f12ae1c95358&iterationId=383554&masterSmartpopId=1605&memberId=m6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi&p1=3717296&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&tag=-girls%2Findian&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30029 HTTP/1.1
Host: creative.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: text/html
last-modified: Tue, 31 Jan 2023 09:49:21 GMT
expires: Sat, 04 Feb 2023 08:38:12 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 4
vary: Accept-Encoding
server: cloudflare
cf-ray: 794216bbfa0eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1675499927972&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.248200 OK 52 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1675499927972&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with no line terminators
Hash c3743cf5e9e53705dc66056f1a34f6ec
740253d7fe753ab9b7d71e1832fd1af41c0677c1
c184a4ce5928e23f286176d3c76a8d5c12c67a8957554c92fb144b1cdd2fb17c
GET /ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1675499927972&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%2263de1975447bf8.3254701985346418%22%3B%7D; expires=Mon, 03 Feb 2025 08:38:13 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
i.jads.co/network/user500/16321-1456773411.gif
69.16.175.42200 OK 483 kB URL HTTP/1.1 i.jads.co/network/user500/16321-1456773411.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 483 kB (483151 bytes)
Hash 90cec21630c306cfdba7bd4f4cb0842c
c8c606f324382d87464b1743937395574a38fe83
86122054483b5250905782cde647a887e5269909f6f94f9793864a63b606a483
GET /network/user500/16321-1456773411.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: Keep-Alive
ETag: "1456773411"
Cache-Control: max-age=3214503
Content-Length: 483151
Content-Type: image/gif
Last-Modified: Mon, 29 Feb 2016 19:16:51 GMT
Accept-Ranges: bytes
X-HW: 1675499893.dop012.sk1.t,1675499893.cds068.sk1.c
subscribestormyapprobation.com/watch.112929568527.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=b709ef456b85dbe0799a1852f151a5aaaf351897bd0fd26bffebc359f931354792ad5e949ef11dcdd33e5b6aabeb05db846b666513c97f9675d8434556a198d622ee4cd5ab455b12dd2c1ecbe725a392b37316dd9d865429bbfffb0bdd8ca6c5&pst=1675499953&rmtc=t
173.233.139.164200 OK 633 B URL HTTP/1.1 subscribestormyapprobation.com/watch.112929568527.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=b709ef456b85dbe0799a1852f151a5aaaf351897bd0fd26bffebc359f931354792ad5e949ef11dcdd33e5b6aabeb05db846b666513c97f9675d8434556a198d622ee4cd5ab455b12dd2c1ecbe725a392b37316dd9d865429bbfffb0bdd8ca6c5&pst=1675499953&rmtc=t
IP 173.233.139.164:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (582)
Hash cc9b11199bea19beac314a79c3fd5fc8
c7035a6c83419b1114934a81ad613632f0658dc3
257d1143531dd1aa04b52566dcf691e6abe84d5db9862a9a4937bc886d4c649d
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.112929568527.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=b709ef456b85dbe0799a1852f151a5aaaf351897bd0fd26bffebc359f931354792ad5e949ef11dcdd33e5b6aabeb05db846b666513c97f9675d8434556a198d622ee4cd5ab455b12dd2c1ecbe725a392b37316dd9d865429bbfffb0bdd8ca6c5&pst=1675499953&rmtc=t HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Connection: keep-alive
Cookie: u_pl=17743402; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7ICIyOSI6ImQ4Mjk0MTg4OGNhODBiNWUwMjRjNGQwYTdjYWIwNDQwIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8va2Fob2thLnBvcm5sZXNiYW5zLmhvdG5hdGFsaWEuY29tLz9hbm5hbGlzZSJ9fQ.QNg1IC03RvBhsVym1_5Yv6URMIaSgyOM5y_EV8l191M
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1; expires=Sat, 11 Feb 2023 08:38:13 GMT; secure; SameSite=None
iprc8a045518527d8306ccaf92ab6ba07da9=2116933; expires=Sun, 05 Feb 2023 10:38:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f7896fe5eb7b1d3f73ec62abc8c23c44
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
utilitypresent.com/watch.1547607244174.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 utilitypresent.com/watch.1547607244174.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1547607244174.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1 HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Location: https://utilitypresent.com/watch.1547607244174.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=2af77b93236455148a3f2d0dd427868bcc44f88599f19bf3aa6375efa06fbc7029250c8c13df6781996298873d419d56ff47bc3378c14923a066346eb5786d65122a6bf7251a4fa240e2c3be4a0178d2facf236f&pst=1675499953&rmtc=t
Set-Cookie: u_pl=17763945; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; expires=Sat, 04 Feb 2023 08:39:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fead2fbd113e95d735d60ce685302cdf
Strict-Transport-Security: max-age=0; includeSubdomains
static.eabids.com/data/bannerpools/112022/33798.jpg
217.22.19.195200 OK 19 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/33798.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash fc746d82fc23a8e926e1f22a20a581a7
062f3d0b8c7004b124fbda3ee043ef4fd78a588d
06b8dbe70c8c0df3407d49e0afccf66574bc240c707ac62cd84f67077961338d
GET /data/bannerpools/112022/33798.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: image/jpeg
Content-Length: 19323
Last-Modified: Thu, 28 Apr 2022 14:46:26 GMT
Connection: keep-alive
ETag: "626aa8c2-4b7b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
kahoka.pornlesbans.hotnatalia.com/?annalise
137.74.197.13200 OK 13 kB URL HTTP/1.1 kahoka.pornlesbans.hotnatalia.com/?annalise
IP 137.74.197.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4683)
Hash 38a9da1d6e8e3ce4a4d74d92a5ed2b7b
c7d714e98859c0160419e83c345ef3ae5d08cddc
262e5d99a342b0877fcccbe5a3deb2e3ca3c614b60ec846f9ea5161311539bd8
GET /?annalise HTTP/1.1
Host: kahoka.pornlesbans.hotnatalia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:33:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=962235
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=962235
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (435), with CRLF, LF line terminators
Hash a1ad5e6279b9fe4eca4162889e27ad6d
542d357a9ccdeebfcfb70dd19203638c3015da85
71f0ba73d342d03d1a6f91ef8297be313862430201105f40f5357e9fce09a58c
GET /adshow.php?adzone=962235 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=600a2d9a82508f0dfd965c365e008870; expires=Sun, 04-Feb-2024 08:38:12 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps43654=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjEyMDQyOTQ7aToxNjc1NzU5MDkyO2k6MTE5Njk2OTtpOjE2NzU3NTkwOTI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
i.jads.co/network/user500/22340-1505050812.gif
69.16.175.42200 OK 366 kB URL HTTP/1.1 i.jads.co/network/user500/22340-1505050812.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 250 x 250\012- data
Size 366 kB (365951 bytes)
Hash 9d846e215d3ce2c6afccb260428e7290
ee571a5209505cc276bcd48571d80e62c12662ad
9f85d1c49424a6566c51b87d369fe43617c4a476696f7181578a338efd429fba
GET /network/user500/22340-1505050812.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: Keep-Alive
ETag: "1505050813"
Cache-Control: max-age=5173011
Content-Length: 365951
Content-Type: image/gif
Last-Modified: Sun, 10 Sep 2017 13:40:13 GMT
Accept-Ranges: bytes
X-HW: 1675499893.dop012.sk1.t,1675499893.cds245.sk1.c
subscribestormyapprobation.com/watch.259026664853.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
173.233.139.164307 Temporary Redirect 0 B URL HTTP/1.1 subscribestormyapprobation.com/watch.259026664853.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.259026664853.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1 HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Location: https://subscribestormyapprobation.com/watch.259026664853.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=4294b609e01cd0385e78d59e8413a3bc3681a11f61f55ffd94f8e5ab35ed6fdfc54143c367ce3a7bf8d91cbfac91a561046fda522cb64da6a948ce27e5326548a14c30bd39049fbf7b16530bbf8eb228351c24d117cb7bc2c1cfa3c04b22ccd5&pst=1675499953&rmtc=t
Set-Cookie: u_pl=17763945; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; expires=Sat, 04 Feb 2023 08:39:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 44e908d56f41806489ba0fc21ad5c0cd
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.33.119.27200 OK 597 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f8c14a443083e0ba17d2cdd8ba2e75d0
5ab50d54f9d07416a50e24439cc1eca9b5abfd18
10d488d9295e99534574c9d46054797a1572cb5eacf9b18b3c9e4f72f916816f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC6FFBC3C87461C5D92FDE4C3F6DF5C3BAB845DDCCC283F064A41CD651FDA630"
Last-Modified: Thu, 02 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14448
Expires: Sat, 04 Feb 2023 12:39:01 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
poweredby.jads.co/adshow.php?adzone=910222
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=910222
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (433), with CRLF, LF line terminators
Hash 93cc991adf4fd8acfb8bf8fd6e55a8f0
d43eb9f389699d44d31fa76b9405da715eabe4b9
2f91a00a8ef8794c586c773b11923857b5f1e41c60bdb8d12a29e0783ef4f6cd
GET /adshow.php?adzone=910222 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=600a2d9a82508f0dfd965c365e008870; expires=Sun, 04-Feb-2024 08:38:12 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk4MTtpOjE2NzU3NTkwOTI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcuFHjBg4cOcq0uDEDh5kWNMaEsdECh4wxIsfAKGPmRpgcOGLMkHFDxMMwdcZkvMEzJA0xY1rUGCNDDEobOFjiKCkDZVMcMHDcaDiDpE-IZOxQxEED50M4dcQstBEjxo2fcOBQhLHVxsM5cCbq6OpWRg67Isa0katDhgwbNGbk-EnGzNqKIsS4cUPRhg0YNkg-bOMGI8OdMmCc5ezZRg0akOvEyIiGDh04c3S8eHHmjQs8bNLYkUNGjosxb9q8mNMmjJzXb-C8GDPDTJgZNIhi7YijTA4YN8vgCCMmRhkbMrDKLDODbQ0ZNMg0jEFmjBgz38WIqSGGaPMy1qPD_PijzhyESZDRQxlk0EAeDWWFJkMYCIbhXE4zNETXTeotGMMYf8mwUwxRzXSUGWMwFUYYMYgxwwwkfpTDDWJcVgYXdcAAw2FzvFGHHDAF2INhiCkGo4yHtVFGG2IAKCAcMKABBRFfGGGDGEUEsUQNUWQhQx5I0BGHHEYoIUcNbxwxhRlO6DGVFm-kgccZWNSgBQ5rzPFFGTRcoUYLZdhBBB52CPHEEkW4cUQaUeiB3xFwPPEFHlrUUMcdVrwxxRNj1LDGGfhlNQMbUdDhxBhmUKGHFkJAkYQTYihhBg1EwNCGGlbA8MUZVSRBhBRVpPHjjDbAEUMPfBH111dkBJfRGmGg8QayLsDxhhxusFHGHGKE4cYcLihLhxth0BFGbmH8ZuxDKum1xQ1dPPTeQjC4AANkcthB2AyiiVBHHWlkdBoOGFZHQwtiIIgDSvOJlINbJ5UhBgyJhXFDVmXo9FUahIlwsAvXuUCDDC40RMNXcnxBcUYXZ7xxx6d9VUcYGTXxhh5psMFGGC_U4C4IKFyRhhvF3jEHCE5QAUIM7cKwAwg6u4HY0XgsDUK8DMFgMwwpgHBEGWOs8cYLoRH97rsgGJGGHDS9gccLRE_9VYgZOfHEV89-wbYOIrj9FRtC0V2EE8Tm-QXZbFDUkUflYVWvHGdQVlgNWj10kB1fiCHHQh857ncbb5CxUHhsOS7HGwvN8NAbCulAw1mf45HHQqeLQLZjdLf2mmwvIKsss85CKy211mKrLbfegiuucF_dkVEM4cHwFRrHz_jxXfFm9Lm3dDzbQh1upEHHUy60hzyxeYtw0Bfey_AVHW1UxlFZOOUgg0VtmM9QZqfl0D56ZoH197RwfNGt-vW730P89i2E0KF0W4BOuiAiBr2IjyZAYcNEzoI3dpHLMzDogwICAg%3D%3D&s=c29f36e84a58797606047169d052654fe7f679f7339d0f88e491584a63ef853b1675499892&w=t&r=1&d=790&priv=false
94.130.141.49200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcuFHjBg4cOcq0uDEDh5kWNMaEsdECh4wxIsfAKGPmRpgcOGLMkHFDxMMwdcZkvMEzJA0xY1rUGCNDDEobOFjiKCkDZVMcMHDcaDiDpE-IZOxQxEED50M4dcQstBEjxo2fcOBQhLHVxsM5cCbq6OpWRg67Isa0katDhgwbNGbk-EnGzNqKIsS4cUPRhg0YNkg-bOMGI8OdMmCc5ezZRg0akOvEyIiGDh04c3S8eHHmjQs8bNLYkUNGjosxb9q8mNMmjJzXb-C8GDPDTJgZNIhi7YijTA4YN8vgCCMmRhkbMrDKLDODbQ0ZNMg0jEFmjBgz38WIqSGGaPMy1qPD_PijzhyESZDRQxlk0EAeDWWFJkMYCIbhXE4zNETXTeotGMMYf8mwUwxRzXSUGWMwFUYYMYgxwwwkfpTDDWJcVgYXdcAAw2FzvFGHHDAF2INhiCkGo4yHtVFGG2IAKCAcMKABBRFfGGGDGEUEsUQNUWQhQx5I0BGHHEYoIUcNbxwxhRlO6DGVFm-kgccZWNSgBQ5rzPFFGTRcoUYLZdhBBB52CPHEEkW4cUQaUeiB3xFwPPEFHlrUUMcdVrwxxRNj1LDGGfhlNQMbUdDhxBhmUKGHFkJAkYQTYihhBg1EwNCGGlbA8MUZVSRBhBRVpPHjjDbAEUMPfBH111dkBJfRGmGg8QayLsDxhhxusFHGHGKE4cYcLihLhxth0BFGbmH8ZuxDKum1xQ1dPPTeQjC4AANkcthB2AyiiVBHHWlkdBoOGFZHQwtiIIgDSvOJlINbJ5UhBgyJhXFDVmXo9FUahIlwsAvXuUCDDC40RMNXcnxBcUYXZ7xxx6d9VUcYGTXxhh5psMFGGC_U4C4IKFyRhhvF3jEHCE5QAUIM7cKwAwg6u4HY0XgsDUK8DMFgMwwpgHBEGWOs8cYLoRH97rsgGJGGHDS9gccLRE_9VYgZOfHEV89-wbYOIrj9FRtC0V2EE8Tm-QXZbFDUkUflYVWvHGdQVlgNWj10kB1fiCHHQh857ncbb5CxUHhsOS7HGwvN8NAbCulAw1mf45HHQqeLQLZjdLf2mmwvIKsss85CKy211mKrLbfegiuucF_dkVEM4cHwFRrHz_jxXfFm9Lm3dDzbQh1upEHHUy60hzyxeYtw0Bfey_AVHW1UxlFZOOUgg0VtmM9QZqfl0D56ZoH197RwfNGt-vW730P89i2E0KF0W4BOuiAiBr2IjyZAYcNEzoI3dpHLMzDogwICAg%3D%3D&s=c29f36e84a58797606047169d052654fe7f679f7339d0f88e491584a63ef853b1675499892&w=t&r=1&d=790&priv=false
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcuFHjBg4cOcq0uDEDh5kWNMaEsdECh4wxIsfAKGPmRpgcOGLMkHFDxMMwdcZkvMEzJA0xY1rUGCNDDEobOFjiKCkDZVMcMHDcaDiDpE-IZOxQxEED50M4dcQstBEjxo2fcOBQhLHVxsM5cCbq6OpWRg67Isa0katDhgwbNGbk-EnGzNqKIsS4cUPRhg0YNkg-bOMGI8OdMmCc5ezZRg0akOvEyIiGDh04c3S8eHHmjQs8bNLYkUNGjosxb9q8mNMmjJzXb-C8GDPDTJgZNIhi7YijTA4YN8vgCCMmRhkbMrDKLDODbQ0ZNMg0jEFmjBgz38WIqSGGaPMy1qPD_PijzhyESZDRQxlk0EAeDWWFJkMYCIbhXE4zNETXTeotGMMYf8mwUwxRzXSUGWMwFUYYMYgxwwwkfpTDDWJcVgYXdcAAw2FzvFGHHDAF2INhiCkGo4yHtVFGG2IAKCAcMKABBRFfGGGDGEUEsUQNUWQhQx5I0BGHHEYoIUcNbxwxhRlO6DGVFm-kgccZWNSgBQ5rzPFFGTRcoUYLZdhBBB52CPHEEkW4cUQaUeiB3xFwPPEFHlrUUMcdVrwxxRNj1LDGGfhlNQMbUdDhxBhmUKGHFkJAkYQTYihhBg1EwNCGGlbA8MUZVSRBhBRVpPHjjDbAEUMPfBH111dkBJfRGmGg8QayLsDxhhxusFHGHGKE4cYcLihLhxth0BFGbmH8ZuxDKum1xQ1dPPTeQjC4AANkcthB2AyiiVBHHWlkdBoOGFZHQwtiIIgDSvOJlINbJ5UhBgyJhXFDVmXo9FUahIlwsAvXuUCDDC40RMNXcnxBcUYXZ7xxx6d9VUcYGTXxhh5psMFGGC_U4C4IKFyRhhvF3jEHCE5QAUIM7cKwAwg6u4HY0XgsDUK8DMFgMwwpgHBEGWOs8cYLoRH97rsgGJGGHDS9gccLRE_9VYgZOfHEV89-wbYOIrj9FRtC0V2EE8Tm-QXZbFDUkUflYVWvHGdQVlgNWj10kB1fiCHHQh857ncbb5CxUHhsOS7HGwvN8NAbCulAw1mf45HHQqeLQLZjdLf2mmwvIKsss85CKy211mKrLbfegiuucF_dkVEM4cHwFRrHz_jxXfFm9Lm3dDzbQh1upEHHUy60hzyxeYtw0Bfey_AVHW1UxlFZOOUgg0VtmM9QZqfl0D56ZoH197RwfNGt-vW730P89i2E0KF0W4BOuiAiBr2IjyZAYcNEzoI3dpHLMzDogwICAg%3D%3D&s=c29f36e84a58797606047169d052654fe7f679f7339d0f88e491584a63ef853b1675499892&w=t&r=1&d=790&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8f027d3c6cbb7ac20739d625793de242
76e66c0c2a0a17eed38e5601f740d78077ae3eae
be7a9b4ba36604077c75c76234e39f33e0cc75fe9b717930f28bef0cbe90cdd3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6038
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:13 GMT
Last-Modified: Sat, 04 Feb 2023 06:57:35 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278
video.ktkjmp.com/adsbygoogle.js
104.18.62.235200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.62.235:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xliirdr.com/
Origin: https://creative.xliirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: 82LrMcdTIgiiUrI9u3lX3tFHaCLr3ymHKLkEwNLyokkeYiwFlIM4yC4yCFQnnUQuIMhDhYz/PaY=
x-amz-request-id: G1890SVVQRD857Z0
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xliirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 3968
expires: Sat, 04 Feb 2023 12:38:13 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 794216bdc9f4b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.jads.co/network/user500/25313-1525084114.jpg
69.16.175.42200 OK 32 kB URL HTTP/1.1 i.jads.co/network/user500/25313-1525084114.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 160x600, components 3\012- data
Hash 949f121d70ab5f1adad3b87736f935b2
51da17c8d96dc077ea8ae47edf59ac9f73c90b0c
67eddb79d63fa1e2017bb42ef0e93db8bd3812a910d4ae39be0a39126b517a4c
GET /network/user500/25313-1525084114.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: Keep-Alive
ETag: "1525084114"
Cache-Control: max-age=13466397
Content-Length: 32031
Content-Type: image/jpeg
Last-Modified: Mon, 30 Apr 2018 10:28:34 GMT
Accept-Ranges: bytes
X-HW: 1675499893.dop012.sk1.t,1675499893.cds247.sk1.c
pompeydesigning.com/28/85/33/28853392a76a14b1426991b6def2243b.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 pompeydesigning.com/28/85/33/28853392a76a14b1426991b6def2243b.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37130), with no line terminators
Hash eca5f9316d6463e606d2a80a188a1915
a1a626aafbe753b91c80bc61222e4a355924bfbd
ce74fe78986b15826b125c28b17a81d6dfb6e50769dbf3f9dabdf664945a97bd
Analyzer Verdict Alert quad9 Sinkholed
GET /28/85/33/28853392a76a14b1426991b6def2243b.js HTTP/1.1
Host: pompeydesigning.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9a196612d3cd030434520623012f2ad2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
opthushbeginning.com/watch.311423651676.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=ae683462c5fbc250d63a5c1aef7d4d7814e0f322120417d998d2d2c4a1d1866bae4f243e8ca7e7ffc3aaafe63153ace83a86c169c68d48b5ee10d997bd011b259d11cc4b5573a889817fb0c62fb415ea647bbaa8&pst=1675499953&rmtc=t
192.243.59.12200 OK 2.0 kB URL HTTP/1.1 opthushbeginning.com/watch.311423651676.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=ae683462c5fbc250d63a5c1aef7d4d7814e0f322120417d998d2d2c4a1d1866bae4f243e8ca7e7ffc3aaafe63153ace83a86c169c68d48b5ee10d997bd011b259d11cc4b5573a889817fb0c62fb415ea647bbaa8&pst=1675499953&rmtc=t
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2510)
Hash cc6c2a577e31d05ccf65632ad799880e
f311602439d921f5863ae25136633146759d8275
8cb22e398b9f251fff2598e559a22d2fa98d372d651af18e0232c0353808bb68
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.311423651676.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=ae683462c5fbc250d63a5c1aef7d4d7814e0f322120417d998d2d2c4a1d1866bae4f243e8ca7e7ffc3aaafe63153ace83a86c169c68d48b5ee10d997bd011b259d11cc4b5573a889817fb0c62fb415ea647bbaa8&pst=1675499953&rmtc=t HTTP/1.1
Host: opthushbeginning.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Connection: keep-alive
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1; expires=Sat, 11 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 48661d7fc04a17ad78c2d05fe151792f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
solitudearbitrary.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 solitudearbitrary.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37130), with no line terminators
Hash 67245cfc92ed6c9edc70d99d610dd324
782f32b6f6d19194233f7f09c803c6c6fc467101
65abc58b307a47f804dc381cb469797d8dd01523e70a19f72859905ca4caaf23
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fc55d7c7b34464f9b595229975ac57cb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26976), with no line terminators
Hash 0d34b4055a03a410a9ac9cc3d2921ad3
5c0ea5449af3cc8cc64466ccefe38d27f0fcb167
e9f09f6225f2f98f3c65f02ec980d5b918cfbb5c6f7dd2e7f4ae74aa6102163f
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ae60b1862b74b48ccbe84b86256fa383
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
i.jads.co/network/user1037/131-1584677620-0781358001584677620.jpg
69.16.175.42200 OK 93 kB URL HTTP/1.1 i.jads.co/network/user1037/131-1584677620-0781358001584677620.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x600, components 3\012- data
Hash 293ca46153add7adc4684a3477232efb
1dacf266fc4d13ea6b6e0fc95ed0110e1e8cec2b
6341938c0833188d89c47886870bcd2381c0c630b0fae2dedc12da3e8ab3e9ef
GET /network/user1037/131-1584677620-0781358001584677620.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: Keep-Alive
ETag: "1584677620"
Cache-Control: max-age=24079947
Content-Length: 93239
Content-Type: image/jpeg
Last-Modified: Fri, 20 Mar 2020 04:13:40 GMT
Accept-Ranges: bytes
X-HW: 1675499893.dop012.sk1.t,1675499893.cds224.sk1.c
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.134.97200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: bebce986768d8038
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
pompeydesigning.com/watch.298208820187.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 pompeydesigning.com/watch.298208820187.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.298208820187.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1 HTTP/1.1
Host: pompeydesigning.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Location: https://pompeydesigning.com/watch.298208820187.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=3e8064adeebb6b1eb7e1e45309011f4cd4ed9f81941d31dd2081b6b8fdae4b4943d0a3edaa80b66b469828ba66149a07533807dc2eb249e68849ac3d8d65453673fde78d92b06b7e68acf9fb4e4a92c36d47dd&pst=1675499953&rmtc=t
Set-Cookie: u_pl=17763945; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; expires=Sat, 04 Feb 2023 08:39:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: edb47ba3b5ce09956b2ab188a6e5e1eb
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8f027d3c6cbb7ac20739d625793de242
76e66c0c2a0a17eed38e5601f740d78077ae3eae
be7a9b4ba36604077c75c76234e39f33e0cc75fe9b717930f28bef0cbe90cdd3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6038
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:13 GMT
Last-Modified: Sat, 04 Feb 2023 06:57:35 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278
utilitypresent.com/watch.1547607244174.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=2af77b93236455148a3f2d0dd427868bcc44f88599f19bf3aa6375efa06fbc7029250c8c13df6781996298873d419d56ff47bc3378c14923a066346eb5786d65122a6bf7251a4fa240e2c3be4a0178d2facf236f&pst=1675499953&rmtc=t
192.243.61.225200 OK 2.0 kB URL HTTP/1.1 utilitypresent.com/watch.1547607244174.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=2af77b93236455148a3f2d0dd427868bcc44f88599f19bf3aa6375efa06fbc7029250c8c13df6781996298873d419d56ff47bc3378c14923a066346eb5786d65122a6bf7251a4fa240e2c3be4a0178d2facf236f&pst=1675499953&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2525)
Hash c42d1b8cd642b50fbfd65cfc1ed86d69
e169d8de76d0b9cfd58945b2fe3cb10a1fb1433b
8e0645931a1fc724a761d4e65fe81fa61fa7fc1a2534fdb0be58b4e22b1cfb42
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1547607244174.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1&shu=2af77b93236455148a3f2d0dd427868bcc44f88599f19bf3aa6375efa06fbc7029250c8c13df6781996298873d419d56ff47bc3378c14923a066346eb5786d65122a6bf7251a4fa240e2c3be4a0178d2facf236f&pst=1675499953&rmtc=t HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Connection: keep-alive
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1; expires=Sat, 11 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6b0fc3c7f43d778e79e9b858776ad2f4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 4304689
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=4cac9064b352472ab0c635df56b56283&hn=kahoka.pornlesbans.hotnatalia.com&et=425
94.130.141.49200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=4cac9064b352472ab0c635df56b56283&hn=kahoka.pornlesbans.hotnatalia.com&et=425
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20250x150&sc=4cac9064b352472ab0c635df56b56283&hn=kahoka.pornlesbans.hotnatalia.com&et=425 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 4304689
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 2.6 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2618), with no line terminators
Hash d593abc91349a17af84ccf7f9abd2300
afbf7b650661dedb1577a8e21d89d0a2543f5794
6738e1bc4b127505a191153f7cbc37e9c1c332c602467d40d7e2e9ae07b4fa61
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2618
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
subscribestormyapprobation.com/watch.259026664853.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=4294b609e01cd0385e78d59e8413a3bc3681a11f61f55ffd94f8e5ab35ed6fdfc54143c367ce3a7bf8d91cbfac91a561046fda522cb64da6a948ce27e5326548a14c30bd39049fbf7b16530bbf8eb228351c24d117cb7bc2c1cfa3c04b22ccd5&pst=1675499953&rmtc=t
173.233.139.164200 OK 2.1 kB URL HTTP/1.1 subscribestormyapprobation.com/watch.259026664853.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=4294b609e01cd0385e78d59e8413a3bc3681a11f61f55ffd94f8e5ab35ed6fdfc54143c367ce3a7bf8d91cbfac91a561046fda522cb64da6a948ce27e5326548a14c30bd39049fbf7b16530bbf8eb228351c24d117cb7bc2c1cfa3c04b22ccd5&pst=1675499953&rmtc=t
IP 173.233.139.164:0
File type HTML document, ASCII text, with very long lines (2582)
Hash 2f1bc28ab750b0e6011d28ebee3077b3
d7bcadb8bfd63245bea622d7bf6d08733b4c38e2
4f76e5c4cf24915b0f6362533583214bd6ef1ab019d45d73635290e4c438727f
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.259026664853.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=4294b609e01cd0385e78d59e8413a3bc3681a11f61f55ffd94f8e5ab35ed6fdfc54143c367ce3a7bf8d91cbfac91a561046fda522cb64da6a948ce27e5326548a14c30bd39049fbf7b16530bbf8eb228351c24d117cb7bc2c1cfa3c04b22ccd5&pst=1675499953&rmtc=t HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Connection: keep-alive
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1; iprc8a045518527d8306ccaf92ab6ba07da9=2116933; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1; expires=Sat, 11 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fd846165700cc86ca8687a2fbea929cc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765630
solitudearbitrary.com/watch.920030444602.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
173.233.137.60307 Temporary Redirect 0 B URL HTTP/1.1 solitudearbitrary.com/watch.920030444602.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.920030444602.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1 HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Location: https://solitudearbitrary.com/watch.920030444602.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=16b3fd897d40b7cefe59b4e0af250970454ccbf6b198e2550c23401dcecce2cfd5e7faced9ac9f79cccbca33d54adbf3b5319c2af744eccb72ed4d264dd8c8ae51eaa616dc2029fd8d97d548a4c309f3e7bfdb48ebb27a8a6f62c708fefe3245&pst=1675499953&rmtc=t
Set-Cookie: u_pl=17763957; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk1NywiayI6IjExMTE1NDM1YzM1ZTZiOTY2YjkwYTVmOTM2ZTBlZGNjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYxLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJkNXdyanVydCIsImNwa3MiOnsgIjI5IjoiOGY5ZmM2N2UzYjViMzY4ZjFjNzJjOWJlZDQzYTBmNDEifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9rYWhva2EucG9ybmxlc2JhbnMuaG90bmF0YWxpYS5jb20vP2FubmFsaXNlIn19.V5lYFV5j_dGAljpsD4Ytyro5vIemh8yV98QEtgS-kUE; expires=Sat, 04 Feb 2023 08:39:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 504caf0fe545394176de43431cae4209
Strict-Transport-Security: max-age=0; includeSubdomains
go.xliirdr.com/config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FcampaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3Df7d35c19e8363f8e59e197e6034e23aaac0f22600b273fb0cad1f12ae1c95358%26iterationId%3D383554%26masterSmartpopId%3D1605%26memberId%3Dm6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi%26p1%3D3717296%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D226439%26tag%3D-girls%252Findian%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D30029
104.18.51.106200 OK 1.6 kB URL HTTP/2 go.xliirdr.com/config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FcampaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3Df7d35c19e8363f8e59e197e6034e23aaac0f22600b273fb0cad1f12ae1c95358%26iterationId%3D383554%26masterSmartpopId%3D1605%26memberId%3Dm6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi%26p1%3D3717296%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D226439%26tag%3D-girls%252Findian%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D30029
IP 104.18.51.106:0
File type JSON data\012- , ASCII text
Hash 807c0b44836dbf2d3a10800fd04f2468
c563679218c5f5685dfa025d5fffb25df4ff99d3
9922542c7122a15c28d8c6a846ff637be7946e0c3de6c9a5c402595863fc404e
GET /config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FcampaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3Df7d35c19e8363f8e59e197e6034e23aaac0f22600b273fb0cad1f12ae1c95358%26iterationId%3D383554%26masterSmartpopId%3D1605%26memberId%3Dm6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi%26p1%3D3717296%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D226439%26tag%3D-girls%252Findian%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D30029 HTTP/1.1
Host: go.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xliirdr.com/
Origin: https://creative.xliirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Sat, 04 Feb 2023 08:38:13 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbsH7Yo6Mm5jMsJ; SameSite=None; Secure; path=/; expires=Sun, 05-Feb-23 07:38:13 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 794216bd9e4d0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=940998
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=940998
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (431), with CRLF, LF line terminators
Hash 0fdb7363294902a7e12d81ccc2aa0e09
ae784a825d18d3950afa42114547f356ffadb50b
f9b55219255b3687ed6ddabc741791022931bb5b793548f2fc79a465cb9870e0
GET /adshow.php?adzone=940998 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=657dcf2e54dc12d116ccfe4605159ad3; expires=Sun, 04-Feb-2024 08:38:13 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 05-Feb-2023 08:38:13 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3NjtpOjE2NzU3NTkwOTM7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:13 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:13 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
45.133.44.24200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d021cf80"
X-Request-ID: 46e3c8966fb591f3a4aa8b89c6992905
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 09:38:13 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 690 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (690), with no line terminators
Hash 0b2f5d941aa7d0044b225c36966ba39a
064cfa8e9cccb998df457c82fbebbfce28036ce8
55affdd62ce7f03de21c2dda2f9326e5e8cf3b3335d985d947854cc86658d886
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 690
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
poweredby.jads.co/adshow.php?adzone=830958
185.94.237.102200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830958
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (438), with CRLF, LF line terminators
Hash 5e216909b48462593587511fbcfc8fc5
f3d3c380be9ac45c692a0bf20a944a3b37f73314
249ce5f7a00f21d5b0a9f3a9d61eb091dfadcdd7fcd6c6c84acead7df2d7dcb4
GET /adshow.php?adzone=830958 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=600a2d9a82508f0dfd965c365e008870; expires=Sun, 04-Feb-2024 08:38:12 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps30216=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps30216=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjc4NTY1NjtpOjE2NzU3NTkwOTI7aTo3Nzc4MzE7aToxNjc1NzU5MDkyO30%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 2.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2535), with no line terminators
Hash a0d8b6e480a5cd23c09a5099cf30b41f
782790bc357e4e29c58e367d48372345a881f954
70c03234032ba69d157e950c51f907f8cc432e7d2d7f1f8a281d37e790ceaf25
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2535
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26984), with no line terminators
Hash a9d8ed081c9ff343ca92347d9e57a18a
e2ae00e63dcce57b41b8ad05d03927440f231d93
8f9a6b70771a2a85139991c538c596016c519b22188e220b21a7a87aa635ea0d
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0be71737e48fd99936d52dfa1ce49b87
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
lcdn.tsyndicate.com/error/banner.html
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 13422637
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 2.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2535), with no line terminators
Hash bd0b2665af0d05719455b6ba6b254090
08e89b5adb8faa28fc9fe5c57d77cf90079c0676
8ba05391ce753ca010a4a94e63f853c409b3fe4c5ffc2fa449cdfe4fc72e68a2
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2535
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
pompeydesigning.com/watch.312988631625.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=ff2f3db3eb6273e53159663eaec0791becd0b4fdedb0656161e5705d17406b79eab8c87c5f099c8089dd50535edc6c84f10c86757e7ce3d34f8dd38b906f205e1d026e71e6b041ca41912f56f708a5bddfb08e&pst=1675499953&rmtc=t
192.243.61.225200 OK 633 B URL HTTP/1.1 pompeydesigning.com/watch.312988631625.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=ff2f3db3eb6273e53159663eaec0791becd0b4fdedb0656161e5705d17406b79eab8c87c5f099c8089dd50535edc6c84f10c86757e7ce3d34f8dd38b906f205e1d026e71e6b041ca41912f56f708a5bddfb08e&pst=1675499953&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (582)
Hash cc9b11199bea19beac314a79c3fd5fc8
c7035a6c83419b1114934a81ad613632f0658dc3
257d1143531dd1aa04b52566dcf691e6abe84d5db9862a9a4937bc886d4c649d
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.312988631625.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=ff2f3db3eb6273e53159663eaec0791becd0b4fdedb0656161e5705d17406b79eab8c87c5f099c8089dd50535edc6c84f10c86757e7ce3d34f8dd38b906f205e1d026e71e6b041ca41912f56f708a5bddfb08e&pst=1675499953&rmtc=t HTTP/1.1
Host: pompeydesigning.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Connection: keep-alive
Cookie: u_pl=17743402; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7ICIyOSI6ImQ4Mjk0MTg4OGNhODBiNWUwMjRjNGQwYTdjYWIwNDQwIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8va2Fob2thLnBvcm5sZXNiYW5zLmhvdG5hdGFsaWEuY29tLz9hbm5hbGlzZSJ9fQ.QNg1IC03RvBhsVym1_5Yv6URMIaSgyOM5y_EV8l191M
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1; expires=Sat, 11 Feb 2023 08:38:13 GMT; secure; SameSite=None
iprc8a045518527d8306ccaf92ab6ba07da9=2116933; expires=Sun, 05 Feb 2023 10:38:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fd203e1b4d1d4d13a49fdb998e60eb1b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pompeydesigning.com/watch.298208820187.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=3e8064adeebb6b1eb7e1e45309011f4cd4ed9f81941d31dd2081b6b8fdae4b4943d0a3edaa80b66b469828ba66149a07533807dc2eb249e68849ac3d8d65453673fde78d92b06b7e68acf9fb4e4a92c36d47dd&pst=1675499953&rmtc=t
192.243.61.225200 OK 2.0 kB URL HTTP/1.1 pompeydesigning.com/watch.298208820187.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=3e8064adeebb6b1eb7e1e45309011f4cd4ed9f81941d31dd2081b6b8fdae4b4943d0a3edaa80b66b469828ba66149a07533807dc2eb249e68849ac3d8d65453673fde78d92b06b7e68acf9fb4e4a92c36d47dd&pst=1675499953&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2408)
Hash c19273516eb13ad9de2b6799a4105ce5
1ea2f24231c4bc69a6efc8d6053899183235ff7b
58b1ee5712954120098acd942501dcc44700048dc7191b0a7f7efbfec5fcf6af
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.298208820187.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=3e8064adeebb6b1eb7e1e45309011f4cd4ed9f81941d31dd2081b6b8fdae4b4943d0a3edaa80b66b469828ba66149a07533807dc2eb249e68849ac3d8d65453673fde78d92b06b7e68acf9fb4e4a92c36d47dd&pst=1675499953&rmtc=t HTTP/1.1
Host: pompeydesigning.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Connection: keep-alive
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1; expires=Sat, 11 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: afb2c9162ede7eee8872ec8ecc52e4ae
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0|1675499893
104.18.101.40301 Moved Permanently 0 B URL HTTP/1.1 chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0|1675499893
IP 104.18.101.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0|1675499893 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: https://chaturbate.com:443/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0|1675499893
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=hVdlHk19pRoYHsJdugiaVPnvfSkwGPzuTsrgSkREYRg-1675499893-0-AVm3HlfAL4p29uH07eBNob2/Ok8Ixs8d2kTQm4t+PlaTOTRfof/CUu66ur2GDOxTQlC4ypvv2cSMOjU+M2DYWlY=; path=/; expires=Sat, 04-Feb-23 09:08:13 GMT; domain=.chaturbate.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZHG415Mq4AWKSnolbC3QNLN5UgKTKwXzxzymTtZb%2Fv8ae%2BqDdGGlnuUAsZLr%2FP0N8K%2FTWFka4A1P22k5m6tKrWvU7jhS%2BvJrlykoXbXr%2BHFWLvAQtXKB3%2BC3Zf1xAOCM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 794216bf7e441c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.tubecorp.com/b/tcbanner.js?v=21
45.133.44.24200 OK 18 kB URL HTTP/1.1 cdn.tubecorp.com/b/tcbanner.js?v=21
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (50685), with no line terminators
Hash cdf1ca2de3be908c01fc475c284bd396
41d93ac6b9d836e4ee2317d00b977bc4edd6a294
14b531a858232cd186a0a4c7070ddde07e950a8e7adf0940835f6adf86600590
GET /b/tcbanner.js?v=21 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:35 GMT
ETag: W/"61989abb-c604"
Cache-Control: max-age=3600
X-Request-ID: eb03ce2295c7cf6145769d1f48d5ab66
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 09:38:13 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
poweredby.jads.co/adshow.php?adzone=943746
185.94.237.102200 OK 1.9 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=943746
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1589), with CRLF, LF line terminators
Hash ca58b2b06aa984b4cf23ca6f8478e4f0
5ecc3d180d28ca3a7eba44939927f236ce273935
816245c6fc7adfdccd19a010ef95b93ec1e5b62a3754576d0cda1bb6da47fb78
GET /adshow.php?adzone=943746 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=600a2d9a82508f0dfd965c365e008870; expires=Sun, 04-Feb-2024 08:38:12 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 05-Feb-2023 08:38:12 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjU2NDYyODtpOjE2NzU3NTkwOTI7aTo1OTI5ODE7aToxNjc1NzU5MDkyO30%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 07-Feb-2023 08:38:12 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
45.133.44.24200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d021cf80"
X-Request-ID: 46e3c8966fb591f3a4aa8b89c6992905
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 09:38:13 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 4304689
solitudearbitrary.com/watch.920030444602.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=16b3fd897d40b7cefe59b4e0af250970454ccbf6b198e2550c23401dcecce2cfd5e7faced9ac9f79cccbca33d54adbf3b5319c2af744eccb72ed4d264dd8c8ae51eaa616dc2029fd8d97d548a4c309f3e7bfdb48ebb27a8a6f62c708fefe3245&pst=1675499953&rmtc=t
173.233.137.60200 OK 2.1 kB URL HTTP/1.1 solitudearbitrary.com/watch.920030444602.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=16b3fd897d40b7cefe59b4e0af250970454ccbf6b198e2550c23401dcecce2cfd5e7faced9ac9f79cccbca33d54adbf3b5319c2af744eccb72ed4d264dd8c8ae51eaa616dc2029fd8d97d548a4c309f3e7bfdb48ebb27a8a6f62c708fefe3245&pst=1675499953&rmtc=t
IP 173.233.137.60:0
File type HTML document, ASCII text, with very long lines (2572)
Hash 2f5d6632a29101f8eb6647115adc4629
7fae7dd923d22a57ac8f217060d59a84dfbac2d2
018e7d4dc6cca0d6469bfba3c448cef367f354eeba652a91284e7ba8e44a7e1f
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.920030444602.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=16b3fd897d40b7cefe59b4e0af250970454ccbf6b198e2550c23401dcecce2cfd5e7faced9ac9f79cccbca33d54adbf3b5319c2af744eccb72ed4d264dd8c8ae51eaa616dc2029fd8d97d548a4c309f3e7bfdb48ebb27a8a6f62c708fefe3245&pst=1675499953&rmtc=t HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Connection: keep-alive
Cookie: u_pl=17763957; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk1NywiayI6IjExMTE1NDM1YzM1ZTZiOTY2YjkwYTVmOTM2ZTBlZGNjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYxLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJkNXdyanVydCIsImNwa3MiOnsgIjI5IjoiOGY5ZmM2N2UzYjViMzY4ZjFjNzJjOWJlZDQzYTBmNDEifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9rYWhva2EucG9ybmxlc2JhbnMuaG90bmF0YWxpYS5jb20vP2FubmFsaXNlIn19.V5lYFV5j_dGAljpsD4Ytyro5vIemh8yV98QEtgS-kUE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1; expires=Sat, 11 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2e68849f8c00b637022ac9f193d39c6f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 4304689
subscribestormyapprobation.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
173.233.139.164200 OK 4.4 kB URL HTTP/1.1 subscribestormyapprobation.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
IP 173.233.139.164:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6322), with no line terminators
Hash f94c6ccb35a03d2bb09a946389c65d73
6041211f69305ac2b0f3bff902ccd13a56fc43d3
9621cbaed47d91f87a0bbf7afec845e7756c7cc93b4331a56ebc1a6354aedd94
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1 HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1; iprc8a045518527d8306ccaf92ab6ba07da9=2116933; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17763945,17787248; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1; expires=Sat, 11 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs=2; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6bc5a71c0674e58eafd230a0ff5518fd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
i.jads.co/ads/user500/ad1705568-1611902991.jpg
69.16.175.42200 OK 21 kB URL HTTP/1.1 i.jads.co/ads/user500/ad1705568-1611902991.jpg
IP 69.16.175.42:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x600, components 3\012- data
Hash 8228a3401e9302175f92af14a982b89a
419941c516fd40de61d22677b38982f2fd4f26e3
394f7a1b569cbddb72185dc4f5b512d43115f6ddd7f84d6bb41f433ffb67324d
GET /ads/user500/ad1705568-1611902991.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: Keep-Alive
ETag: "1611902991"
Cache-Control: max-age=13243353
Content-Length: 20655
Content-Type: image/jpeg
Last-Modified: Fri, 29 Jan 2021 06:49:51 GMT
Accept-Ranges: bytes
X-HW: 1675499893.dop012.sk1.t,1675499893.cds224.sk1.c
i.jads.co/network/user500/30216-1564740503-0801571001564740503.gif
69.16.175.42200 OK 46 kB URL HTTP/1.1 i.jads.co/network/user500/30216-1564740503-0801571001564740503.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 160 x 600\012- data
Hash 7933aab89049cf4f520647272822037f
f7f334c13f8a9d48e2b36c53f564b2aba4b4020a
d243417de2d67035e53c4fad8d0248f09374523dc27cf52e3b9184e5eb3bdacc
GET /network/user500/30216-1564740503-0801571001564740503.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: Keep-Alive
ETag: "1564740503"
Cache-Control: max-age=20512662
Content-Length: 45646
Content-Type: image/gif
Last-Modified: Fri, 02 Aug 2019 10:08:23 GMT
Accept-Ranges: bytes
X-HW: 1675499893.dop012.sk1.t,1675499893.cds223.sk1.c
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 89af9743caf2e82c5f649207b006cddc
269cf162c7004f7d618aea7e8c8b52dea5ae2691
930d0cc1e07a3e9cb9e771548183a222d4f257e3f70b17eb196356e7734cde6d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "930D0CC1E07A3E9CB9E771548183A222D4F257E3F70B17EB196356E7734CDE6D"
Last-Modified: Thu, 02 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14420
Expires: Sat, 04 Feb 2023 12:38:33 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 31ced9359ed0edd56a09608f0ef2fe66
62d577d3b99b0be9d38cffd8e83b0351ee6b93a6
e05a0ba35ee20d920a856974f596e817130ed78369dceaacedd2166ba7c2f732
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E05A0BA35EE20D920A856974F596E817130ED78369DCEAACEDD2166BA7C2F732"
Last-Modified: Thu, 02 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6292
Expires: Sat, 04 Feb 2023 10:23:05 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
revolveoppress.com/28/85/33/28853392a76a14b1426991b6def2243b.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 revolveoppress.com/28/85/33/28853392a76a14b1426991b6def2243b.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37163), with no line terminators
Hash 0fcdde2246d3dbf3f4cc47c6654b9205
f32c26550595931ad6f89efd0ee6c837a0e9a496
03658843b32838c0dce36fef16635fa8d2fc1bab7f1cbdf52de17c374c176944
GET /28/85/33/28853392a76a14b1426991b6def2243b.js HTTP/1.1
Host: revolveoppress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 328917682bad16b5619be4fd824c7ac3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
i.jads.co/network/user500/30216-1561026355-0623366001561026355.gif
69.16.175.42200 OK 894 kB URL HTTP/1.1 i.jads.co/network/user500/30216-1561026355-0623366001561026355.gif
IP 69.16.175.42:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 894 kB (894420 bytes)
Hash 770acba9750708cd26af068a41633714
e3cd0335e5d3da159c8024687ec2ac460c6a0a2b
539f4871988539bcf2f80372b7be8d4904bd9aeb79363feaccebd96cb7cbed96
GET /network/user500/30216-1561026355-0623366001561026355.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: Keep-Alive
ETag: "1561026355"
Cache-Control: max-age=9581426
Content-Length: 894420
Content-Type: image/gif
Last-Modified: Thu, 20 Jun 2019 10:25:55 GMT
Accept-Ranges: bytes
X-HW: 1675499893.dop229.sk1.t,1675499893.cds208.sk1.c
static.eabids.com/data/bannerpools/94553/59591.gif
217.22.19.195200 OK 614 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/59591.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 614 kB (614308 bytes)
Hash 8216e582330c7c89cdac0dba4ae66c3c
75543ae0205f76cbd188c5fa2dbe3b1119ef40ef
0d9f8149577cf3ba72e2e4c8914e6ea18c3d41695d25a153b57653128d0c2b37
GET /data/bannerpools/94553/59591.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: image/gif
Content-Length: 614308
Last-Modified: Thu, 28 Apr 2022 14:45:35 GMT
Connection: keep-alive
ETag: "626aa88f-95fa4"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 31ced9359ed0edd56a09608f0ef2fe66
62d577d3b99b0be9d38cffd8e83b0351ee6b93a6
e05a0ba35ee20d920a856974f596e817130ed78369dceaacedd2166ba7c2f732
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E05A0BA35EE20D920A856974F596E817130ED78369DCEAACEDD2166BA7C2F732"
Last-Modified: Thu, 02 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6292
Expires: Sat, 04 Feb 2023 10:23:05 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 4304685
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 3d84979ba8fb44b083716b6359684601
6779aa23c14e94569f1babb49c1cb8fe8a7e766f
c651a5fcaf1d770e4c62f0a105543f0b27556374d4464cd39326ae81fffafc9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4772
Cache-Control: max-age=147230
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:13 GMT
Etag: "63dda2ef-138"
Expires: Mon, 06 Feb 2023 01:32:03 GMT
Last-Modified: Sat, 04 Feb 2023 00:12:31 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 312
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.134.97200 OK 3.5 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4661)
Hash eea7c7c957caf7466b32b73390bbb6fd
10f6b83f6a563b2682f528a18f226b801cdcfe90
d4d04b557afe7fd145fef51abb3918c5d1af73587f9e2590094b99c11e4d7eba
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/images/2/2/79b4e9bc64fe35efabaa0379301a143a7c641c/main.jpg>; rel=preload; as=image
X-Request-Id: 42a7fb906eda24bb
Set-Cookie: ts_uid=adef6c64-6035-44c7-a88b-e2543cc44765; expires=Fri, 04 Aug 2023 08:38:13 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOGLcgBHDRhcWIsYU3BLjoYgyExveqFEDhw0ZOWZ06aMg; expires=Sun, 05 Feb 2023 08:38:13 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26976), with no line terminators
Hash 8d4d3150c11f26af1521c886cb2a020b
41bac3365997aaaba283d7a46eeb24197ec7802d
004ec5a538e9a115221f297d56aec71dcc37e64539b61afad9eb0b217a9da989
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: close
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c86ba1e26dacc7a64a7ec3c0f875e4f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3378
Expires: Sat, 04 Feb 2023 09:34:31 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.134.97200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: d1385196c979ffc9
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 2.6 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2618), with no line terminators
Hash 2c39d129bb7756bd96e620ff730779ef
ad5d695be101f22515b352ef99eacdc7bf8653ec
e6e4520d6836da6d58bdfcadf525376d9020ede082cef5358e1f6e6931651010
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2618
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 04 02 2023 08:38:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.134.97200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: fad9f847d2c53a6e
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6fdf2cc1432e9b9d48e91cfbb1ec827c
d8f106fb542283c654a2edd0c8ec4f99f3b0d2a3
ceae4a0d3c64968dc6b232b68eacd509ca112101fa5a54ea2d4540a37b4c8de8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAE4A0D3C64968DC6B232B68EACD509CA112101FA5A54EA2D4540A37B4C8DE8"
Last-Modified: Fri, 03 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8752
Expires: Sat, 04 Feb 2023 11:04:05 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G8F3Fflod6HB4QFtjpD09xzi-2LKPw_DBJT0PKYKU3bs3pvOwO_LRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:32 GMT
age: 37661
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 37483
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 39009
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b5c35cdff2fb0758db780212b0b1f77
edbb557a3bf57128467335685aebbd4831d802f8
e0fa59843073ba8bd171c66610bc1b3d59a1a94c4991e6023507b9453ca0edba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9349
x-amzn-requestid: ecd1913d-7dbe-4ffd-ba85-0549aab51a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyayOGPlIAMFQ7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dda4da-6a9b8d146155fa8b6c1c02d6;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:20:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGBEz2d-SXXPBZhwlJgR4w248y-NY2c-18euLre5PULjWUIfhfUmNQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 00:20:43 GMT
etag: "edbb557a3bf57128467335685aebbd4831d802f8"
content-type: image/jpeg
age: 29850
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f926cd4f39b1a10b152e5959b28ae29e
2b1982d21321071394e363888e007598e968fb35
a51b246a9aa5a2583cae7fd4f0a3bdf73f0b318b7838828d36ea5674a5f26753
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13309
x-amzn-requestid: f6a3f0f3-d91b-4f4d-8265-0f87742ba5d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFeBFX4oAMFfpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd82bf-5808ceec265756c702d212dc;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:55:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WWjzs8W8GmSAM0-Uc8XBTxz67RJJCIzp3fBYhkoIWZ26UrobmZV8mw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:28:17 GMT
age: 36596
etag: "2b1982d21321071394e363888e007598e968fb35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.134.97200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=XXX,Porn,Pictures,Free,Sex,Pics,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,same,daniels,step,short,fuck,moble,kate,monster,younger,football,nataly,amateur,lyndonn,XXX,Porn,Pictures,Free,Sex,Pics&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 9c103e46e27b3ef5
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3378
Expires: Sat, 04 Feb 2023 09:34:31 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
static.eabids.com/data/bannerpools/94553/23737.gif
217.22.19.195200 OK 99 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/23737.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 300 x 250\012- data
Hash 25d04628310e3f487e44800c56e3e87b
8507054db7162588cef17d8eda9bbfda82865e7d
6b7b09736651c0089eee7dc2bcf91cf9fd6ac49fd122af8159459933f0fb0ca5
GET /data/bannerpools/94553/23737.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: image/gif
Content-Length: 99364
Last-Modified: Thu, 28 Apr 2022 14:45:32 GMT
Connection: keep-alive
ETag: "626aa88c-18424"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 37660
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3378
Expires: Sat, 04 Feb 2023 09:34:31 GMT
Date: Sat, 04 Feb 2023 08:38:13 GMT
Connection: keep-alive
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 4304689
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765630
lcdn.tsyndicate.com/images/2/2/79b4e9bc64fe35efabaa0379301a143a7c641c/main.jpg
8.254.252.214200 OK 11 kB URL HTTP/2 lcdn.tsyndicate.com/images/2/2/79b4e9bc64fe35efabaa0379301a143a7c641c/main.jpg
IP 8.254.252.214:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x250, components 3\012- data
Hash 939c0470e0f23a4a1d5424888168e580
34f467873026947a224787b0593831723fd5b825
a703effaf5cf6ef4e93baf2af3abf522b9fa9b53cab734e3db9fa3e08b151737
GET /images/2/2/79b4e9bc64fe35efabaa0379301a143a7c641c/main.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: image/jpeg
content-length: 10959
last-modified: Thu, 16 Jun 2022 16:46:38 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"62ab5e6e-2b84"
age: 13499959
accept-ranges: bytes
X-Firefox-Spdy: h2
revolveoppress.com/watch.1343859577464.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
192.243.59.12307 Temporary Redirect 0 B URL HTTP/1.1 revolveoppress.com/watch.1343859577464.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch.1343859577464.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1 HTTP/1.1
Host: revolveoppress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Location: https://revolveoppress.com/watch.1343859577464.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=16cebb3be4efd2dfaa02d37c40062ada4f6dd5099abff671643ca0e4e9cf62661c41f649bb6bd4f93d2a03bab2924b832eae7fa1e995d6c38433696e2230c3e733da2f23c73a29f58cf1ea9db3622d6f41eaea743f66ba3bfbd46196238a71&pst=1675499953&rmtc=t
Set-Cookie: u_pl=17763945; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; expires=Sat, 04 Feb 2023 08:39:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 797c3263e12b73dbbffbee15d69c1eba
Strict-Transport-Security: max-age=0; includeSubdomains
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765631
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765631
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.254.252.210304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Wed, 22 Jun 2022 09:24:43 GMT
If-None-Match: W/"62b2dfdb-18fbf"
HTTP/1.1 304 Not Modified
Date: Wed, 22 Jun 2022 09:39:46 GMT
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62b2dfdb-18fbf"
Age: 19609108
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 28765631
utilitypresent.com/watch.968247921368.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 utilitypresent.com/watch.968247921368.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.968247921368.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1 HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Location: https://utilitypresent.com/watch.968247921368.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=21ed015e2066e8aced1bb2a727d9665568430ded799476b95838b31d60f5363127871c8cf3d992bc89ec03583b93279db5eb1817e1c3c1f8da9fd25d9ead5253f811e5d6f26ec3c85b6aa14d0ef9048e25d93d8f3de4c6546338bb7b60ac3e&pst=1675499954&rmtc=t
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoyLCJhdSI6MiwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHA6Ly9rYWhva2EucG9ybmxlc2JhbnMuaG90bmF0YWxpYS5jb20vP2FubmFsaXNlIn19.t26S1RXN-75l7d9Tg1ZJnjCjG4B5qu0r0Z59p5kVnQY; expires=Sat, 04 Feb 2023 08:39:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d2b860d6c0bddc6c4943c754ab26e120
Strict-Transport-Security: max-age=0; includeSubdomains
static.eabids.com/data/bannerpools/119449/56538.gif
217.22.19.195200 OK 352 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/119449/56538.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 352 kB (351733 bytes)
Hash 7191781e782d49c40fc74c79c73acb6e
c4b793faa16b4bf1ddf1f8f74f326a06316f97e2
b48ddad71c6dfc527c36c00f628deb6b6a9c16a2177e84a0081c4b7f2418a238
GET /data/bannerpools/119449/56538.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: image/gif
Content-Length: 351733
Last-Modified: Thu, 28 Apr 2022 14:30:28 GMT
Connection: keep-alive
ETag: "626aa504-55df5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
utilitypresent.com/28/85/33/28853392a76a14b1426991b6def2243b.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 utilitypresent.com/28/85/33/28853392a76a14b1426991b6def2243b.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37130), with no line terminators
Hash eca5f9316d6463e606d2a80a188a1915
a1a626aafbe753b91c80bc61222e4a355924bfbd
ce74fe78986b15826b125c28b17a81d6dfb6e50769dbf3f9dabdf664945a97bd
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /28/85/33/28853392a76a14b1426991b6def2243b.js HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8da368d78ce84541e9206e00cebc008c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.eabids.com/data/bannerpools/94553/24635.jpg
217.22.19.195200 OK 19 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/24635.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 1e24040c12be65c50b1c904ff689c324
df17da048541e088a55f5aaca18d01e37975efba
c4d2255fef1b3cbd5dad3ce6cabe276f612ab169ad3c2213d1f76508dcd41e96
GET /data/bannerpools/94553/24635.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: image/jpeg
Content-Length: 18888
Last-Modified: Thu, 28 Apr 2022 14:45:42 GMT
Connection: keep-alive
ETag: "626aa896-49c8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
outdilateinterrupt.com/28/85/33/28853392a76a14b1426991b6def2243b.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 outdilateinterrupt.com/28/85/33/28853392a76a14b1426991b6def2243b.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37136), with no line terminators
Hash 4da965772ecc65fe83b19b33f2dbc112
0be932061c3a3c0476c8808f6b25c35960040f97
5ef907f1bec62120f4fd63c68941a349f3b447d4c6b244b50dbe8133fc9bee87
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /28/85/33/28853392a76a14b1426991b6def2243b.js HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3cb8c367fbb7b98ea5f65a55cb914ead
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
94.130.141.49200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
lcdn.tsyndicate.com/error/banner.html
8.254.252.214304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 13422638
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQGCMGxowaYWC0EHMjzIwWNGjIENMCh5kbMlrcuBHDjJgaY8bkMEMGhoiHYeqMyUhGp40YMmTQaDGGDA0bKG_GDKOUTAsYIGnsrEnDzBgzPyGSsbNQxo0ZM2A8hFNHzMKjMW4AhQOH4owcNB7OgTNRxwwcKc3OeDimTV2_M47WyAGUDFiGD8W4cVMWR1wYMWw8bOMGI8MaNHAMFgGHs2cboCuKqCOHzcK0OHCclbtaRkY0dOjAmaPjxQs2aeiMCSOnzBwXY960eTEG-Jg1LuCggfNjTZk8PfDYSPMGBhsYeu6gyXFHj40ZMWDYgWOHSx0YMGTYaJ7m-Zc0ZHpUUYMlR40iU7jRhhlXlOHGF1qcQcUTMRARhB5xhBHFGDXUh8QXeQRRwxVQtJGHGmk4YYUZd1RxBhxpBFHeF26E4QQaeuRBBBFnHAHVHFjAgNcMSSxxhQ04IDGGHXk0cQYda7RBhBkxrPFFGHiAWAUVR6BBxRhVDEEGE188YUMcaygB4RhfnFFFEkRIUUUa7sEnX3Jz0NEDDC7EF0Ob8dkwR3BlfIHGG3H2YFAdbFwUBhtsHJdcG3i-Kcd9-clg2Q2Y2dDofGHIGQQZhNIBwhEGInTopdblcccbcuS3R6mnptrHpcWZgVBxcvSAm24lzBBECTIYwasRa4TxZ7DRoeoGG8aJEYYbx_1JR4t0HJpGGMgp9-ulwxmGXw9oKZbDpWag2kam3MKHhww1wHDpnnT0uW0Md9Fw6RllvNGDE09cCocc9fXZxhsHsdHDHvv2-8W_AfcRFhnKZRTssNTCYSyycyjLrAvOQisttYuGNVxfW6DXxVpyDKWDDC7EUMZVDokgxmN0YkZYaV_sa3LMMdBAmxzrvaaWCGWMUdpCMcugWh11pJGRQWWYMZ8NS9ngUQ0obXRDC2HExlIZ6NIwQ04p3YBaWGkcJkIOMbiQA50qpQxaWI-WnRHaarONckM0hFVHGBk18YYeaSAaxgs11AkCClek4QbDd8wBghNUgJBenTuAkLgbUFeuHQ2V88wQVnWm8GnQa7zxggyYwZdeDCAYkUasb-DxQnqF-0SYySLgGxaqX-SUke4PsYF7EU4sXIYdXxTn2mcziQYkfA_JcQZlJ9cg20MHIS-GHAvFhv3xBwNc2VHYy_HGaw8BulBepJmPRx7rY58H9XTIUUcZ0Td9W25w9PbCw28glsTkcKxkLatZb3hWpjZWreWEZQ48y4j5okUHVLWgDm4ITgvO44KiIGVhuDvIFzxoG4u0gSI2uAFocpADHORgNHRog20YksIVtvCFOLCBDBqTPOPA4Ul9yYwKtXLD0YRBDH0RwUHMEJRChQUOwiMaYTwDgz4oICA%3D&s=fcebce2de4f2c682df98e66c4659f162c675d53c8731cbc636bf133e67fedfcb1675499893&w=t&r=1&d=9&priv=false
94.130.141.49200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQGCMGxowaYWC0EHMjzIwWNGjIENMCh5kbMlrcuBHDjJgaY8bkMEMGhoiHYeqMyUhGp40YMmTQaDGGDA0bKG_GDKOUTAsYIGnsrEnDzBgzPyGSsbNQxo0ZM2A8hFNHzMKjMW4AhQOH4owcNB7OgTNRxwwcKc3OeDimTV2_M47WyAGUDFiGD8W4cVMWR1wYMWw8bOMGI8MaNHAMFgGHs2cboCuKqCOHzcK0OHCclbtaRkY0dOjAmaPjxQs2aeiMCSOnzBwXY960eTEG-Jg1LuCggfNjTZk8PfDYSPMGBhsYeu6gyXFHj40ZMWDYgWOHSx0YMGTYaJ7m-Zc0ZHpUUYMlR40iU7jRhhlXlOHGF1qcQcUTMRARhB5xhBHFGDXUh8QXeQRRwxVQtJGHGmk4YYUZd1RxBhxpBFHeF26E4QQaeuRBBBFnHAHVHFjAgNcMSSxxhQ04IDGGHXk0cQYda7RBhBkxrPFFGHiAWAUVR6BBxRhVDEEGE188YUMcaygB4RhfnFFFEkRIUUUa7sEnX3Jz0NEDDC7EF0Ob8dkwR3BlfIHGG3H2YFAdbFwUBhtsHJdcG3i-Kcd9-clg2Q2Y2dDofGHIGQQZhNIBwhEGInTopdblcccbcuS3R6mnptrHpcWZgVBxcvSAm24lzBBECTIYwasRa4TxZ7DRoeoGG8aJEYYbx_1JR4t0HJpGGMgp9-ulwxmGXw9oKZbDpWag2kam3MKHhww1wHDpnnT0uW0Md9Fw6RllvNGDE09cCocc9fXZxhsHsdHDHvv2-8W_AfcRFhnKZRTssNTCYSyycyjLrAvOQisttYuGNVxfW6DXxVpyDKWDDC7EUMZVDokgxmN0YkZYaV_sa3LMMdBAmxzrvaaWCGWMUdpCMcugWh11pJGRQWWYMZ8NS9ngUQ0obXRDC2HExlIZ6NIwQ04p3YBaWGkcJkIOMbiQA50qpQxaWI-WnRHaarONckM0hFVHGBk18YYeaSAaxgs11AkCClek4QbDd8wBghNUgJBenTuAkLgbUFeuHQ2V88wQVnWm8GnQa7zxggyYwZdeDCAYkUasb-DxQnqF-0SYySLgGxaqX-SUke4PsYF7EU4sXIYdXxTn2mcziQYkfA_JcQZlJ9cg20MHIS-GHAvFhv3xBwNc2VHYy_HGaw8BulBepJmPRx7rY58H9XTIUUcZ0Td9W25w9PbCw28glsTkcKxkLatZb3hWpjZWreWEZQ48y4j5okUHVLWgDm4ITgvO44KiIGVhuDvIFzxoG4u0gSI2uAFocpADHORgNHRog20YksIVtvCFOLCBDBqTPOPA4Ul9yYwKtXLD0YRBDH0RwUHMEJRChQUOwiMaYTwDgz4oICA%3D&s=fcebce2de4f2c682df98e66c4659f162c675d53c8731cbc636bf133e67fedfcb1675499893&w=t&r=1&d=9&priv=false
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQGCMGxowaYWC0EHMjzIwWNGjIENMCh5kbMlrcuBHDjJgaY8bkMEMGhoiHYeqMyUhGp40YMmTQaDGGDA0bKG_GDKOUTAsYIGnsrEnDzBgzPyGSsbNQxo0ZM2A8hFNHzMKjMW4AhQOH4owcNB7OgTNRxwwcKc3OeDimTV2_M47WyAGUDFiGD8W4cVMWR1wYMWw8bOMGI8MaNHAMFgGHs2cboCuKqCOHzcK0OHCclbtaRkY0dOjAmaPjxQs2aeiMCSOnzBwXY960eTEG-Jg1LuCggfNjTZk8PfDYSPMGBhsYeu6gyXFHj40ZMWDYgWOHSx0YMGTYaJ7m-Zc0ZHpUUYMlR40iU7jRhhlXlOHGF1qcQcUTMRARhB5xhBHFGDXUh8QXeQRRwxVQtJGHGmk4YYUZd1RxBhxpBFHeF26E4QQaeuRBBBFnHAHVHFjAgNcMSSxxhQ04IDGGHXk0cQYda7RBhBkxrPFFGHiAWAUVR6BBxRhVDEEGE188YUMcaygB4RhfnFFFEkRIUUUa7sEnX3Jz0NEDDC7EF0Ob8dkwR3BlfIHGG3H2YFAdbFwUBhtsHJdcG3i-Kcd9-clg2Q2Y2dDofGHIGQQZhNIBwhEGInTopdblcccbcuS3R6mnptrHpcWZgVBxcvSAm24lzBBECTIYwasRa4TxZ7DRoeoGG8aJEYYbx_1JR4t0HJpGGMgp9-ulwxmGXw9oKZbDpWag2kam3MKHhww1wHDpnnT0uW0Md9Fw6RllvNGDE09cCocc9fXZxhsHsdHDHvv2-8W_AfcRFhnKZRTssNTCYSyycyjLrAvOQisttYuGNVxfW6DXxVpyDKWDDC7EUMZVDokgxmN0YkZYaV_sa3LMMdBAmxzrvaaWCGWMUdpCMcugWh11pJGRQWWYMZ8NS9ngUQ0obXRDC2HExlIZ6NIwQ04p3YBaWGkcJkIOMbiQA50qpQxaWI-WnRHaarONckM0hFVHGBk18YYeaSAaxgs11AkCClek4QbDd8wBghNUgJBenTuAkLgbUFeuHQ2V88wQVnWm8GnQa7zxggyYwZdeDCAYkUasb-DxQnqF-0SYySLgGxaqX-SUke4PsYF7EU4sXIYdXxTn2mcziQYkfA_JcQZlJ9cg20MHIS-GHAvFhv3xBwNc2VHYy_HGaw8BulBepJmPRx7rY58H9XTIUUcZ0Td9W25w9PbCw28glsTkcKxkLatZb3hWpjZWreWEZQ48y4j5okUHVLWgDm4ITgvO44KiIGVhuDvIFzxoG4u0gSI2uAFocpADHORgNHRog20YksIVtvCFOLCBDBqTPOPA4Ul9yYwKtXLD0YRBDH0RwUHMEJRChQUOwiMaYTwDgz4oICA%3D&s=fcebce2de4f2c682df98e66c4659f162c675d53c8731cbc636bf133e67fedfcb1675499893&w=t&r=1&d=9&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
prejudiceinsure.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1
192.243.61.225200 OK 3.4 kB URL HTTP/1.1 prejudiceinsure.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6105), with no line terminators
Hash 6cbf28e24d568b3d57f86852120e67ed
6ec6c3284cca54102193b4984fdc3c334eda0bd7
dd56e9752d3e750076f29e0190e76c9672c754a417cf7616f7c958e3efb3ab2e
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=66be96df-befa-4de4-bb7a-3e45e84a1088%3A2%3A1 HTTP/1.1
Host: prejudiceinsure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17787248; expires=Sun, 05 Feb 2023 08:38:13 GMT; secure; SameSite=None
uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1; expires=Sat, 11 Feb 2023 08:38:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 08:38:14 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 08:38:14 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 Feb 2023 08:38:14 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 Feb 2023 08:38:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9e0497e56945858047facb866de08268
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
outdilateinterrupt.com/watch.1514380222892.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 outdilateinterrupt.com/watch.1514380222892.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1514380222892.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1 HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com
Access-Control-Allow-Credentials: true
Location: https://outdilateinterrupt.com/watch.1514380222892.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&shu=7a878c28c65b2c5411e4a9060fa16c4e1375805cfdd1f271cb4b11c0eb41bb5bacafb96aff5a460b92bb1356aeee3553a8417a71425afec29e7d97e03b6167b7631df1c11bb2a728db1d56e7c2ebb1c23b3b329d6994fdd037814b5437dd42&pst=1675499954&rmtc=t
Set-Cookie: u_pl=17763945; expires=Sun, 05 Feb 2023 08:38:14 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; expires=Sat, 04 Feb 2023 08:39:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9a32f0fd6a8967d21d047e8d52852698
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 3d84979ba8fb44b083716b6359684601
6779aa23c14e94569f1babb49c1cb8fe8a7e766f
c651a5fcaf1d770e4c62f0a105543f0b27556374d4464cd39326ae81fffafc9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4773
Cache-Control: max-age=147230
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:14 GMT
Etag: "63dda2ef-138"
Expires: Mon, 06 Feb 2023 01:32:04 GMT
Last-Modified: Sat, 04 Feb 2023 00:12:31 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 312
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 358c0cc441f7401b74509340db8b0014
19c0c7970d9a01d09daa48fd89a756d3da76a4d8
f4b0f1711cc67ff151c6ce05827d1663b2569b55a669e8bb4a1dd21b3972dfea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4B0F1711CC67FF151C6CE05827D1663B2569B55A669E8BB4A1DD21B3972DFEA"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10124
Expires: Sat, 04 Feb 2023 11:26:58 GMT
Date: Sat, 04 Feb 2023 08:38:14 GMT
Connection: keep-alive
subscribestormyapprobation.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW9cxRed5%2FjX%2FCgCCCGlQKwQRZDwZt7ue%2FuRCEWEJCgiXyRBaWjm660Hz755zLzZ57iKCEIpEHE6yrdn7VhAQKSgREJrGpQqS4Fc4P8BIajRri0ZbjH33nNuce%2BZ89k47BOKwPauX7Eb2hh2Km3SxsnbOpe28o2rtxoxbdIzjds67yRnGuvzx41OxzRt0jca7yqxZk%2B1aExpTOPGRe1UZtdPLVjo4nE%2FbvZpM2k14zTBuvtv78MSPIsgR%2FvkRWg5%2B9%2FqL0%2BgxRT58Pvzyq%2BVtnjzwjAYVlqHkdz5IF%2FLbZVjeFRmLkKW7xxOw%2FoZIV8uweY7hxfAjrbmF4DrGYl%2Bi8HzncM1wUfbB5tyA5WDy%2BdQjaZQZgrNphD2HrR8RgAhcfUa8uGjq9ZV7M4By%2BbsjCz%2F%2FSd0NSPLv7%2BEfPjdOaPXGzetCaW2ucd6VkOvT6EHUxRhF%2BVGBF3tQpSfQEuCfFhDy73XOx0u%2B6xNV3gnTVeSlkhWOKd8pRO30nan26VKsoU0Wk%2BhsymMejgjjSsXwPwSgo8QdISQRQhFhKHca7C0n1HazXjWbvcSIUS7LUTa68hUtpNeRhHE%2FIBNlMUmhNmEcJ8%2BKuRquTbaKl1QWyEXfhzvHEDpAtueY%2Bk4RuHuYk1vwoWf4FdreLkEX85I9P5djGSNShFUnqBiBJUmqEqCalRvS%2BNbvn4kjQ88Psytw9yuJ7YcjNm2LQcqJ%2BNin7wwVzg6rgusqb2G7LX6Sdzr9QTrUZ4q2kpEIinrCsZpklB4XUP7JTAfYUPPyMt%2FjFHoGVnOfgBnu%2FBmF0I%2FDxZeAasm3RYFW50kPYqN%2FFsu%2FXDAjPHNXJWQtkZRLqO8E43NPjmx%2BOrTbx2HEk%2FPzh58ePKv6QMIV6NwNT7SPxMMzP3JDVuRrRu28uTJtaLUQ73B5ja4WbJSHfv6PXWnsk5eOu83v3pbzIl5%2BfiW8uVllkudDzz55pyWUrmL1glFfrzkbyt%2BPfjVc8Hlobh8%2FZ2Ll4aFU95rm0%2FB9DP%2FOYSekf%2Ff%2F2Jh8Fdf%2BxjaTeFCjWF4Sg4D2k4hirvwxdH23hI4czTDiwhVqCeuxY9AowmMOuoZr%2BH%2F1fOjeuzvY%2BAisPLewtYjV2NkajCzCR%2BOTcrCPT37a3sR4CaacOOiLW6ceXggrdd7DZVmNFO0pXjW51mXUdnPkj5n%2FVh1ecpilH4m9k%2BEfwAAAP%2F%2FAQAA%2F%2F8CvSOQuAQAAA%3D%3D
173.233.139.164200 OK 7 B URL HTTP/1.1 subscribestormyapprobation.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW9cxRed5%2FjX%2FCgCCCGlQKwQRZDwZt7ue%2FuRCEWEJCgiXyRBaWjm660Hz755zLzZ57iKCEIpEHE6yrdn7VhAQKSgREJrGpQqS4Fc4P8BIajRri0ZbjH33nNuce%2BZ89k47BOKwPauX7Eb2hh2Km3SxsnbOpe28o2rtxoxbdIzjds67yRnGuvzx41OxzRt0jca7yqxZk%2B1aExpTOPGRe1UZtdPLVjo4nE%2FbvZpM2k14zTBuvtv78MSPIsgR%2FvkRWg5%2B9%2FqL0%2BgxRT58Pvzyq%2BVtnjzwjAYVlqHkdz5IF%2FLbZVjeFRmLkKW7xxOw%2FoZIV8uweY7hxfAjrbmF4DrGYl%2Bi8HzncM1wUfbB5tyA5WDy%2BdQjaZQZgrNphD2HrR8RgAhcfUa8uGjq9ZV7M4By%2BbsjCz%2F%2FSd0NSPLv7%2BEfPjdOaPXGzetCaW2ucd6VkOvT6EHUxRhF%2BVGBF3tQpSfQEuCfFhDy73XOx0u%2B6xNV3gnTVeSlkhWOKd8pRO30nan26VKsoU0Wk%2BhsymMejgjjSsXwPwSgo8QdISQRQhFhKHca7C0n1HazXjWbvcSIUS7LUTa68hUtpNeRhHE%2FIBNlMUmhNmEcJ8%2BKuRquTbaKl1QWyEXfhzvHEDpAtueY%2Bk4RuHuYk1vwoWf4FdreLkEX85I9P5djGSNShFUnqBiBJUmqEqCalRvS%2BNbvn4kjQ88Psytw9yuJ7YcjNm2LQcqJ%2BNin7wwVzg6rgusqb2G7LX6Sdzr9QTrUZ4q2kpEIinrCsZpklB4XUP7JTAfYUPPyMt%2FjFHoGVnOfgBnu%2FBmF0I%2FDxZeAasm3RYFW50kPYqN%2FFsu%2FXDAjPHNXJWQtkZRLqO8E43NPjmx%2BOrTbx2HEk%2FPzh58ePKv6QMIV6NwNT7SPxMMzP3JDVuRrRu28uTJtaLUQ73B5ja4WbJSHfv6PXWnsk5eOu83v3pbzIl5%2BfiW8uVllkudDzz55pyWUrmL1glFfrzkbyt%2BPfjVc8Hlobh8%2FZ2Ll4aFU95rm0%2FB9DP%2FOYSekf%2Ff%2F2Jh8Fdf%2BxjaTeFCjWF4Sg4D2k4hirvwxdH23hI4czTDiwhVqCeuxY9AowmMOuoZr%2BH%2F1fOjeuzvY%2BAisPLewtYjV2NkajCzCR%2BOTcrCPT37a3sR4CaacOOiLW6ceXggrdd7DZVmNFO0pXjW51mXUdnPkj5n%2FVh1ecpilH4m9k%2BEfwAAAP%2F%2FAQAA%2F%2F8CvSOQuAQAAA%3D%3D
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSvW9cxRed5%2FjX%2FCgCCCGlQKwQRZDwZt7ue%2FuRCEWEJCgiXyRBaWjm660Hz755zLzZ57iKCEIpEHE6yrdn7VhAQKSgREJrGpQqS4Fc4P8BIajRri0ZbjH33nNuce%2BZ89k47BOKwPauX7Eb2hh2Km3SxsnbOpe28o2rtxoxbdIzjds67yRnGuvzx41OxzRt0jca7yqxZk%2B1aExpTOPGRe1UZtdPLVjo4nE%2FbvZpM2k14zTBuvtv78MSPIsgR%2FvkRWg5%2B9%2FqL0%2BgxRT58Pvzyq%2BVtnjzwjAYVlqHkdz5IF%2FLbZVjeFRmLkKW7xxOw%2FoZIV8uweY7hxfAjrbmF4DrGYl%2Bi8HzncM1wUfbB5tyA5WDy%2BdQjaZQZgrNphD2HrR8RgAhcfUa8uGjq9ZV7M4By%2BbsjCz%2F%2FSd0NSPLv7%2BEfPjdOaPXGzetCaW2ucd6VkOvT6EHUxRhF%2BVGBF3tQpSfQEuCfFhDy73XOx0u%2B6xNV3gnTVeSlkhWOKd8pRO30nan26VKsoU0Wk%2BhsymMejgjjSsXwPwSgo8QdISQRQhFhKHca7C0n1HazXjWbvcSIUS7LUTa68hUtpNeRhHE%2FIBNlMUmhNmEcJ8%2BKuRquTbaKl1QWyEXfhzvHEDpAtueY%2Bk4RuHuYk1vwoWf4FdreLkEX85I9P5djGSNShFUnqBiBJUmqEqCalRvS%2BNbvn4kjQ88Psytw9yuJ7YcjNm2LQcqJ%2BNin7wwVzg6rgusqb2G7LX6Sdzr9QTrUZ4q2kpEIinrCsZpklB4XUP7JTAfYUPPyMt%2FjFHoGVnOfgBnu%2FBmF0I%2FDxZeAasm3RYFW50kPYqN%2FFsu%2FXDAjPHNXJWQtkZRLqO8E43NPjmx%2BOrTbx2HEk%2FPzh58ePKv6QMIV6NwNT7SPxMMzP3JDVuRrRu28uTJtaLUQ73B5ja4WbJSHfv6PXWnsk5eOu83v3pbzIl5%2BfiW8uVllkudDzz55pyWUrmL1glFfrzkbyt%2BPfjVc8Hlobh8%2FZ2Ll4aFU95rm0%2FB9DP%2FOYSekf%2Ff%2F2Jh8Fdf%2BxjaTeFCjWF4Sg4D2k4hirvwxdH23hI4czTDiwhVqCeuxY9AowmMOuoZr%2BH%2F1fOjeuzvY%2BAisPLewtYjV2NkajCzCR%2BOTcrCPT37a3sR4CaacOOiLW6ceXggrdd7DZVmNFO0pXjW51mXUdnPkj5n%2FVh1ecpilH4m9k%2BEfwAAAP%2F%2FAQAA%2F%2F8CvSOQuAQAAA%3D%3D HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Cookie: u_pl=17763945,17787248; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1; iprc8a045518527d8306ccaf92ab6ba07da9=2116933; pdhtkv=true; uncs=2; pdhtkv5=true; uncs5=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0131e110229688c5ac9fb70beb650dfe
Strict-Transport-Security: max-age=0; includeSubdomains
outdilateinterrupt.com/watch.1514380222892?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
173.233.137.36200 OK 1.2 kB URL HTTP/1.1 outdilateinterrupt.com/watch.1514380222892?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (508)
Hash c69f8c174abd4b1f9be204685750d5f8
47d9a7d5045355787a11529eb8c5e3a963f6ba46
0d412887ce028c5359f4f85798d1f1144fabbff3c196dcef57083e3fb70303c3
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1514380222892?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1 HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17763945; expires=Sun, 05 Feb 2023 08:38:14 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; expires=Sat, 04 Feb 2023 08:39:14 GMT; secure; SameSite=None
uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1; expires=Sat, 11 Feb 2023 08:38:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d6537f147c76d1a004f3624bdc540c48
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6eac904305f0af9ac8425ba6638af743
6cc700dcc996020985e64492e8d9df7c498d861b
97a04042d25ff5aba9e8e6b99828405fc609275c375530f777a4a5d57e4cede3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97A04042D25FF5ABA9E8E6B99828405FC609275C375530F777A4A5D57E4CEDE3"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12813
Expires: Sat, 04 Feb 2023 12:11:47 GMT
Date: Sat, 04 Feb 2023 08:38:14 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6eac904305f0af9ac8425ba6638af743
6cc700dcc996020985e64492e8d9df7c498d861b
97a04042d25ff5aba9e8e6b99828405fc609275c375530f777a4a5d57e4cede3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97A04042D25FF5ABA9E8E6B99828405FC609275C375530F777A4A5D57E4CEDE3"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12813
Expires: Sat, 04 Feb 2023 12:11:47 GMT
Date: Sat, 04 Feb 2023 08:38:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 604c3cbda1f304eef93aa15329e8e7ac
d9f25abc81500d2740265d4a2b11fa7e2d251d1f
5b0938197333a46575fa5d665e649f70b3268e27d0f3cbcac04065cc70acf9c5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B0938197333A46575FA5D665E649F70B3268E27D0F3CBCAC04065CC70ACF9C5"
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21507
Expires: Sat, 04 Feb 2023 14:36:41 GMT
Date: Sat, 04 Feb 2023 08:38:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ed38d0c095010beffbefd5493030dde6
283ec58d73589f555dd49c7fd2e19c1bc0ed8a92
4034b89955d03c028c1ccd0d9dda7b7528f34ad892996dc7bc420fb64366da02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4034B89955D03C028C1CCD0D9DDA7B7528F34AD892996DC7BC420FB64366DA02"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6993
Expires: Sat, 04 Feb 2023 10:34:47 GMT
Date: Sat, 04 Feb 2023 08:38:14 GMT
Connection: keep-alive
outdilateinterrupt.com/pixel/sbe?t=1&error=timeout
173.233.137.36200 OK 0 B URL HTTP/1.1 outdilateinterrupt.com/pixel/sbe?t=1&error=timeout
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbe?t=1&error=timeout HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f0a2c75ca4cc72cf2477f1457c96323e
787bb1bdb7c7faa5a5ccfb5194abc5d9b8d8d0ca
34ce6167ecf6dbccf1c2aefd01dd17881fd5b8a44f2e1cdb63f22805239266a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2521
Cache-Control: max-age=165904
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:14 GMT
Etag: "63ddf4ad-118"
Expires: Mon, 06 Feb 2023 06:43:18 GMT
Last-Modified: Sat, 04 Feb 2023 06:01:17 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 280
img.strpst.com/thumbs/1675499761/102397796
104.18.63.124200 OK 38 kB URL HTTP/2 img.strpst.com/thumbs/1675499761/102397796
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash b9d7c835ef2d0b3db3c08f345241af35
68a134650129f98e6946251daef312ac5bea1972
58f96aaedeae9345fa684d3705aa902a2c5d6aca2ded396f1046a0d210c93c71
GET /thumbs/1675499761/102397796 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xliirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:14 GMT
content-type: image/jpeg
content-length: 37596
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=38493, status=webp_bigger
etag: "151ef3453af5720951d8b5db20a2c631"
last-modified: Sat, 04 Feb 2023 08:35:49 GMT
cf-cache-status: HIT
age: 109
expires: Sat, 04 Feb 2023 09:08:14 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 794216c4df8f0b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/d7/b8/61/d7b861bc8f8cb3be450d5ddfd2bfe642/1663164678.gif
45.133.44.9200 OK 31 kB URL HTTP/2 cdn.cloudimagesb.com/cti/d7/b8/61/d7b861bc8f8cb3be450d5ddfd2bfe642/1663164678.gif
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type GIF image data, version 89a, 300 x 250\012- data
Hash 10ed4fc609e58d8ec63dfbc7ba938e71
cf3479a3319c224cb95e58a37c742980cd28352f
ee1b7677ee7270b0a0342c79540aec32e6dd95b94c626ca5865617ef144c3332
GET /cti/d7/b8/61/d7b861bc8f8cb3be450d5ddfd2bfe642/1663164678.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:14 GMT
content-type: image/gif
content-length: 30654
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 14:11:26 GMT
etag: "6321e10e-77be"
expires: Mon, 06 Feb 2023 08:38:14 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.106200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.106:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 04 Feb 2023 08:38:14 GMT
Date: Sat, 04 Feb 2023 08:38:14 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f0a2c75ca4cc72cf2477f1457c96323e
787bb1bdb7c7faa5a5ccfb5194abc5d9b8d8d0ca
34ce6167ecf6dbccf1c2aefd01dd17881fd5b8a44f2e1cdb63f22805239266a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2521
Cache-Control: max-age=165904
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:14 GMT
Etag: "63ddf4ad-118"
Expires: Mon, 06 Feb 2023 06:43:18 GMT
Last-Modified: Sat, 04 Feb 2023 06:01:17 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 280
cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
45.133.44.4200 OK 119 kB URL HTTP/2 cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Size 119 kB (119380 bytes)
Hash a63c4001088995b51cefe66467f14d68
b9b102f141e1ceded8857c78a0683f25bccaeaea
c50205cc8efbd516b3bfc8601267da226d8e4f1eb7ee9f5e869f0cc40ec83128
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:14 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 Feb 2023 09:38:14 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
outdilateinterrupt.com/watch.1514380222892?shu=150b8fd519c597d1f2292d8f96e6c805215666eb60db334684f7de673e263288650bb59aa1ed0dfe277de1be0e0c37ccc5c1c4bfd9d99767f5070c8031cc8f69c41140ee35e56b33bce59e5c016625713ea6afc600a1fbd8f958ac3c065c2aaa&pst=1675499954&rmtc=t&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&pii=&in=false&key=c515a1f4fc3a36b04275034bdcef5c99&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&dev=e&res=12.1053&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&tz=0
173.233.137.36200 OK 1.8 kB URL HTTP/1.1 outdilateinterrupt.com/watch.1514380222892?shu=150b8fd519c597d1f2292d8f96e6c805215666eb60db334684f7de673e263288650bb59aa1ed0dfe277de1be0e0c37ccc5c1c4bfd9d99767f5070c8031cc8f69c41140ee35e56b33bce59e5c016625713ea6afc600a1fbd8f958ac3c065c2aaa&pst=1675499954&rmtc=t&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&pii=&in=false&key=c515a1f4fc3a36b04275034bdcef5c99&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&dev=e&res=12.1053&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&tz=0
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2524)
Hash bb026ab9b7bbfa26f19c9651f0d9cf82
4cffdbe80e96a2086f7cc911cdd4650fa9c9491c
4b6e4644a04b3f832f7aa6849e68c2fcba6c8a16ad796b53de92d4998936f956
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1514380222892?shu=150b8fd519c597d1f2292d8f96e6c805215666eb60db334684f7de673e263288650bb59aa1ed0dfe277de1be0e0c37ccc5c1c4bfd9d99767f5070c8031cc8f69c41140ee35e56b33bce59e5c016625713ea6afc600a1fbd8f958ac3c065c2aaa&pst=1675499954&rmtc=t&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1&pii=&in=false&key=c515a1f4fc3a36b04275034bdcef5c99&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&dev=e&res=12.1053&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&tz=0 HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://outdilateinterrupt.com/watch.1514380222892?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w; uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://kahoka.pornlesbans.hotnatalia.com/?annalise
Access-Control-Allow-Origin: http://kahoka.pornlesbans.hotnatalia.com/?annalise
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1; expires=Sat, 11 Feb 2023 08:38:14 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 08:38:14 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 08:38:14 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 Feb 2023 08:38:14 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 Feb 2023 08:38:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 74c8e7ffdd4d753027f02a47f9c8bc0b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/si/4d/4a/74/4d4a74b19a14385ab3d7176c906ea94b/1669388730.png
45.133.44.9200 OK 87 kB URL HTTP/2 cdn.cloudimagesb.com/si/4d/4a/74/4d4a74b19a14385ab3d7176c906ea94b/1669388730.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash bf05659ee8411e39a9c3736736293d47
d86d4f9d1c16c38003a9f6cd8a6ece38f511755c
cd335b6e2e50e4474fb5276d9def3e7629e1d9278a2d597ccc09c896228e01c2
GET /si/4d/4a/74/4d4a74b19a14385ab3d7176c906ea94b/1669388730.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:14 GMT
content-type: image/png
content-length: 86644
server: nginx/1.17.6
last-modified: Fri, 25 Nov 2022 15:05:39 GMT
etag: "6380d9c3-15274"
expires: Mon, 06 Feb 2023 08:38:14 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6eac904305f0af9ac8425ba6638af743
6cc700dcc996020985e64492e8d9df7c498d861b
97a04042d25ff5aba9e8e6b99828405fc609275c375530f777a4a5d57e4cede3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97A04042D25FF5ABA9E8E6B99828405FC609275C375530F777A4A5D57E4CEDE3"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12813
Expires: Sat, 04 Feb 2023 12:11:47 GMT
Date: Sat, 04 Feb 2023 08:38:14 GMT
Connection: keep-alive
cdn.cloudimagesb.com/bi/d3/46/74/d34674c8e2d99fb19eb1e759f1af7e6b/1646311727.jpg
45.133.44.9200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/bi/d3/46/74/d34674c8e2d99fb19eb1e759f1af7e6b/1646311727.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Hash 0b3e70903c5b622dc37f8beff9d6332d
f1f430fb32ec93841b08b1ac4dacc8d55ca77b16
62459f7055cf8ff212dcfb1f8a33bb3ded2dab97f8d6eeffae77115ad05b91d7
GET /bi/d3/46/74/d34674c8e2d99fb19eb1e759f1af7e6b/1646311727.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://outdilateinterrupt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:14 GMT
content-type: image/jpeg
content-length: 32656
server: nginx/1.17.6
last-modified: Thu, 03 Mar 2022 12:48:59 GMT
etag: "6220b93b-7f90"
expires: Mon, 06 Feb 2023 08:38:14 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
jennyvisits.com/fwih4jgc?key=d9108d59c1176704036dde15ca47e48e&psid=17743402
173.233.137.60200 OK 1.3 kB URL HTTP/1.1 jennyvisits.com/fwih4jgc?key=d9108d59c1176704036dde15ca47e48e&psid=17743402
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 3f6f1ede54358d37a4d9c6eccf6884bf
6cc2f29fd2045af4bf1774cc2d0790c8279e29da
f0d4dd5ca1878e11e263fea406606460346ffa1dd0c3dd25a17cba6016468272
Analyzer Verdict Alert quad9 Sinkholed
GET /fwih4jgc?key=d9108d59c1176704036dde15ca47e48e&psid=17743402 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=15184015; expires=Sun, 05 Feb 2023 08:38:14 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTE4NDAxNSwiayI6ImQ5MTA4ZDU5YzExNzY3MDQwMzZkZGUxNWNhNDdlNDhlIiwic2lkIjoiMTc3NDM0MDIiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyOCwicHQiOjQsInBrIjoiZndpaDRqZ2MiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9rYWhva2EucG9ybmxlc2JhbnMuaG90bmF0YWxpYS5jb20vIn19.QVAI8yJRGSzSdvhaS_bWsqifWaEuZGxytDZEuM2bBNA; expires=Sat, 04 Feb 2023 08:39:14 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f3d0123e7d99c4c409328a20a550807c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
revolveoppress.com/watch.1343859577464?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
173.233.137.60200 OK 1.2 kB URL HTTP/1.1 revolveoppress.com/watch.1343859577464?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (508)
Hash 579ef5fad66a828ac77d48cca578bbad
a94dbd83c754578aff690eb093c679c26cfd83d7
8cc744771517c2a993deda8f158729237c85ae5ad170a44958475a37a529c2fa
GET /watch.1343859577464?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22xxx%22%2C%22porn%22%2C%22pictures%22%2C%22free%22%2C%22sex%22%2C%22pics%22%5D&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F%3Fannalise&tz=0&dev=e&res=12.1053&uuid=66bd9a30-b655-42c4-bb0b-612536770eda%3A2%3A1 HTTP/1.1
Host: revolveoppress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHA6Ly9rYWhva2EucG9ybmxlc2JhbnMuaG90bmF0YWxpYS5jb20vP2FubmFsaXNlIn19.K40igYz-svWZcIEo356d_Z5uuqCyZzDG8qVlM5c8B3E; expires=Sat, 04 Feb 2023 08:39:14 GMT; secure; SameSite=None
uid_id2=66bd9a30-b655-42c4-bb0b-612536770eda:2:1; expires=Sat, 11 Feb 2023 08:38:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f0180cf5c4f2c43febd62808dbed213a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
revolveoppress.com/pixel/sbe?t=1&error=timeout
173.233.137.60200 OK 0 B URL HTTP/1.1 revolveoppress.com/pixel/sbe?t=1&error=timeout
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbe?t=1&error=timeout HTTP/1.1
Host: revolveoppress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyAiMjkiOiIyODg1MzM5MmE3NmExNGIxNDI2OTkxYjZkZWYyMjQzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2thaG9rYS5wb3JubGVzYmFucy5ob3RuYXRhbGlhLmNvbS8_YW5uYWxpc2UifX0.bchlsEjXRg3tEnoY6D1OMRhde4HpFvjDrkiGadX-O2w
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
prejudiceinsure.com/pixel/sbe?t=1&error=timeout
192.243.59.20200 OK 0 B URL HTTP/1.1 prejudiceinsure.com/pixel/sbe?t=1&error=timeout
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbe?t=1&error=timeout HTTP/1.1
Host: prejudiceinsure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Cookie: u_pl=17787248; uid_id2=66be96df-befa-4de4-bb7a-3e45e84a1088:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 08:38:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
jennyvisits.com/fwih4jgc?shu=da2920834b56159fda91051c0dbdad02430a438cc2b5409c2d73cbbb50974d724e2957e6e2102e7be0381586f58e0998fb4c5ba7af2201b330fac710d576f2a9a912e60e5beeb954bc0a1d70e40cb4ed6a30c8dc4bbabe5c50f648b5c4436c212e8174644d9d&pst=1675499954&rmtc=t&uuid=&pii=&in=false&key=d9108d59c1176704036dde15ca47e48e&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F&psid=17743402
173.233.137.60302 Found 0 B URL HTTP/1.1 jennyvisits.com/fwih4jgc?shu=da2920834b56159fda91051c0dbdad02430a438cc2b5409c2d73cbbb50974d724e2957e6e2102e7be0381586f58e0998fb4c5ba7af2201b330fac710d576f2a9a912e60e5beeb954bc0a1d70e40cb4ed6a30c8dc4bbabe5c50f648b5c4436c212e8174644d9d&pst=1675499954&rmtc=t&uuid=&pii=&in=false&key=d9108d59c1176704036dde15ca47e48e&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F&psid=17743402
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /fwih4jgc?shu=da2920834b56159fda91051c0dbdad02430a438cc2b5409c2d73cbbb50974d724e2957e6e2102e7be0381586f58e0998fb4c5ba7af2201b330fac710d576f2a9a912e60e5beeb954bc0a1d70e40cb4ed6a30c8dc4bbabe5c50f648b5c4436c212e8174644d9d&pst=1675499954&rmtc=t&uuid=&pii=&in=false&key=d9108d59c1176704036dde15ca47e48e&refer=http%3A%2F%2Fkahoka.pornlesbans.hotnatalia.com%2F&psid=17743402 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jennyvisits.com/fwih4jgc?key=9ca601a9f47c735df76d5ca46fa26a66&submetric=15184015
Cookie: u_pl=15184015; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTE4NDAxNSwiayI6ImQ5MTA4ZDU5YzExNzY3MDQwMzZkZGUxNWNhNDdlNDhlIiwic2lkIjoiMTc3NDM0MDIiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyOCwicHQiOjQsInBrIjoiZndpaDRqZ2MiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9rYWhva2EucG9ybmxlc2JhbnMuaG90bmF0YWxpYS5jb20vIn19.QVAI8yJRGSzSdvhaS_bWsqifWaEuZGxytDZEuM2bBNA; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 08:38:15 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://www.gaming-adult.com/ac734f97-5441-4f52-bea9-71d2fea3752c?campaign_ID=728615&placement_id=15184015&country_code=NO&cost_cpa=3.000000&externalid=1d25d327e718660015ad37881fd1fc96
Set-Cookie: iprce95dbe04bd5cdd06b0355abefb0c986f=3991454; expires=Sun, 05 Feb 2023 08:38:15 GMT
pdhtkv=true; expires=Sun, 05 Feb 2023 08:38:15 GMT
uncs=1; expires=Sun, 05 Feb 2023 08:38:15 GMT
pdhtkv28=true; expires=Sun, 05 Feb 2023 08:38:15 GMT
uncs28=1; expires=Sun, 05 Feb 2023 08:38:15 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 102236bbf4fdfefaa5703295faf79398
Strict-Transport-Security: max-age=0; includeSubdomains
www.gaming-adult.com/ac734f97-5441-4f52-bea9-71d2fea3752c?campaign_ID=728615&placement_id=15184015&country_code=NO&cost_cpa=3.000000&externalid=1d25d327e718660015ad37881fd1fc96
18.194.134.212302 Found 0 B URL HTTP/2 www.gaming-adult.com/ac734f97-5441-4f52-bea9-71d2fea3752c?campaign_ID=728615&placement_id=15184015&country_code=NO&cost_cpa=3.000000&externalid=1d25d327e718660015ad37881fd1fc96
IP 18.194.134.212:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ac734f97-5441-4f52-bea9-71d2fea3752c?campaign_ID=728615&placement_id=15184015&country_code=NO&cost_cpa=3.000000&externalid=1d25d327e718660015ad37881fd1fc96 HTTP/1.1
Host: www.gaming-adult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 04 Feb 2023 08:38:15 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://tm-offers.gamingadult.com/?offer=284&uid=028fc1a0-06ce-42c2-9bd8-34042c7f6f9e&subid=wvvsmji2out4eocmic0ut3ju&utm_source=AdsterraChX-David&utm_campaign=728615&utm_content=15184015&subid4=NO
pragma: no-cache
set-cookie: ac734f97-5441-4f52-bea9-71d2fea3752c-v4=kEnBQ3C5jTeK_MXaGl_HMTAJUKVyZfpLAT41j5aQ5Xs; Max-Age=86400; Expires=Sun, 05-Feb-2023 08:38:15 GMT; Domain=www.gaming-adult.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=42uhtZC9U7pB%2F6MO93GB8DiiYhBqgtKMIDWS0qXdZLLan8PdzmYkXFICXslcBp4xjJMT4zjzDVrVuzmOdaNv0617GlbztEVUlimnhUKXzgRfuT71hqCcODJ2AWIsietLQ58koYdP83IKDh5LX%2FFsUA%3D%3D; Max-Age=31536000; Expires=Sun, 04-Feb-2024 08:38:15 GMT; Domain=www.gaming-adult.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 6a06e7d04a6be89a3e5a60141cdc3137
b3154407b42bcbb9e650f024e6b21e8f4158fbd4
60ab84decea963f1da034b80f5dfc11d4b585109e135a50b139bcd53994bf6d0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 08:28:37 GMT
Expires: Fri, 10 Feb 2023 08:28:36 GMT
Etag: "b3154407b42bcbb9e650f024e6b21e8f4158fbd4"
Cache-Control: max-age=517220,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794216c9d812b511-OSL
tm-offers.gamingadult.com/?offer=284&uid=028fc1a0-06ce-42c2-9bd8-34042c7f6f9e&subid=wvvsmji2out4eocmic0ut3ju&utm_source=AdsterraChX-David&utm_campaign=728615&utm_content=15184015&subid4=NO
5.196.166.128302 Found 2.1 kB URL HTTP/2 tm-offers.gamingadult.com/?offer=284&uid=028fc1a0-06ce-42c2-9bd8-34042c7f6f9e&subid=wvvsmji2out4eocmic0ut3ju&utm_source=AdsterraChX-David&utm_campaign=728615&utm_content=15184015&subid4=NO
IP 5.196.166.128:0
File type gzip compressed data, from Unix\012- data
Hash abf05704865b13a98e23d32821222a07
4494a2c1b66d97d7399626acba2fbf5b34fb774d
dcaba1b89f439efdbe6dffe291422cdead6ef2cefc8c8bad44e7cd13d1ecdfe7
GET /?offer=284&uid=028fc1a0-06ce-42c2-9bd8-34042c7f6f9e&subid=wvvsmji2out4eocmic0ut3ju&utm_source=AdsterraChX-David&utm_campaign=728615&utm_content=15184015&subid4=NO HTTP/1.1
Host: tm-offers.gamingadult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 04 Feb 2023 08:38:15 GMT
content-type: text/html; charset=UTF-8
location: https://www.hentaiheroes.com/?ref_id=135846&noagev=1&tc1=HH6041ed2b03a3a925fdf4bae67b0766b5&tc2=11026&tc3=284&tc4={PARAMETER}&tc5=AdsterraChX-David&tc6=728615&tc7=15184015&tc8=NO
set-cookie: HH-offer284=1; expires=Sat, 04-Feb-2023 20:38:15 GMT; Max-Age=43200; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
www.hentaiheroes.com/js/screenfull.js?v=67522962
94.75.250.120200 OK 935 B URL HTTP/2 www.hentaiheroes.com/js/screenfull.js?v=67522962
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with very long lines (2863), with no line terminators
Hash 4dfe9ff40759d6d7316a51d4c38e5f9e
e1e3d4777637e222b1200a6d6bc67135492f9dd0
5ba0c79e328a50335bcd5850178c1f0cb70cd5478e738950a925081d04c49c50
GET /js/screenfull.js?v=67522962 HTTP/1.1
Host: www.hentaiheroes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/?ref_id=135846&noagev=1&tc1=HH6041ed2b03a3a925fdf4bae67b0766b5&tc2=11026&tc3=284&tc4={PARAMETER}&tc5=AdsterraChX-David&tc6=728615&tc7=15184015&tc8=NO
Cookie: HH_SESS_13=oc5p6bmghotlp8jgilno3g637m; lang=en; ref_id=135846; tc1=HH6041ed2b03a3a925fdf4bae67b0766b5; tc2=11026; tc3=284; tc4=%7BPARAMETER%7D; tc5=AdsterraChX-David; tc6=728615; tc7=15184015; tc8=NO; age_verification=1; HAPBK=web10|Y94Ze
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Wed, 01 Feb 2023 05:33:48 GMT
etag: "b2f-5f39ccaf09536-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 935
content-type: application/javascript
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hentaiheroes.com/css/chat.css?v=67522960
94.75.250.120200 OK 16 kB URL HTTP/2 www.hentaiheroes.com/css/chat.css?v=67522960
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash ce0a8efd041e18311fd4ec66241558f0
887cbfe85c384e89fd130c2e10fe70b037cb0852
d4860d6e9ce84321bab65a06ed8c9d9a102c5dfd89832378b6cacb0590bd1654
GET /css/chat.css?v=67522960 HTTP/1.1
Host: www.hentaiheroes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/?ref_id=135846&noagev=1&tc1=HH6041ed2b03a3a925fdf4bae67b0766b5&tc2=11026&tc3=284&tc4={PARAMETER}&tc5=AdsterraChX-David&tc6=728615&tc7=15184015&tc8=NO
Cookie: HH_SESS_13=oc5p6bmghotlp8jgilno3g637m; lang=en; ref_id=135846; tc1=HH6041ed2b03a3a925fdf4bae67b0766b5; tc2=11026; tc3=284; tc4=%7BPARAMETER%7D; tc5=AdsterraChX-David; tc6=728615; tc7=15184015; tc8=NO; age_verification=1; HAPBK=web10|Y94Ze
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Wed, 01 Feb 2023 05:33:27 GMT
etag: "21728-5f39cc9aa9841-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 15641
content-type: text/css
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:38:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
216.58.207.202200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP 216.58.207.202:0
File type ASCII text, with very long lines (65447)
Hash 7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 22:19:54 GMT
expires: Thu, 01 Feb 2024 22:19:54 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
age: 209901
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.hentaiheroes.com/home.html
94.75.250.120200 OK 3.9 kB URL HTTP/2 www.hentaiheroes.com/home.html
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1409)
Hash eacef065a7fedd3796a86064d360c2b4
277e007edebc24b37eb4609c05a82b2f3b1a91a8
d11d7ce006ef57690a683dfded5f849b974ae45df2d82d2b411e4502c1cff668
GET /home.html HTTP/1.1
Host: www.hentaiheroes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/?ref_id=135846&noagev=1&tc1=HH6041ed2b03a3a925fdf4bae67b0766b5&tc2=11026&tc3=284&tc4={PARAMETER}&tc5=AdsterraChX-David&tc6=728615&tc7=15184015&tc8=NO
Cookie: HH_SESS_13=oc5p6bmghotlp8jgilno3g637m; lang=en; ref_id=135846; tc1=HH6041ed2b03a3a925fdf4bae67b0766b5; tc2=11026; tc3=284; tc4=%7BPARAMETER%7D; tc5=AdsterraChX-David; tc6=728615; tc7=15184015; tc8=NO; age_verification=1; HAPBK=web10|Y94Ze
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
content-length: 3856
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
creative.xliirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.js
104.18.51.106200 OK 79 kB URL HTTP/2 creative.xliirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.js
IP 104.18.51.106:0
File type Unicode text, UTF-8 text, with very long lines (35319), with LF, NEL line terminators
Hash 81c8c0ce4cfcee119c1501ee3707f5fc
ecb7dcb17f0636c70d60292edec153f4d7e4bcaf
a65ee04a436300909cc41571b8f8c01bb7ed5be813e616c775f6165f43b3e511
GET /widgets/v4/Universal/main.33831b792a3809ba493a.js HTTP/1.1
Host: creative.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xliirdr.com/widgets/v4/Universal?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f7d35c19e8363f8e59e197e6034e23aaac0f22600b273fb0cad1f12ae1c95358&iterationId=383554&masterSmartpopId=1605&memberId=m6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi&p1=3717296&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&tag=-girls%2Findian&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30029
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-42f63"
expires: Sat, 04 Feb 2023 08:38:09 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 7
vary: Accept-Encoding
server: cloudflare
cf-ray: 794216bcaaa1b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/carterone/v17/q5uCsoe5IOB2-pXv9UcNExN8hA.woff2
216.58.207.227200 OK 28 kB URL HTTP/2 fonts.gstatic.com/s/carterone/v17/q5uCsoe5IOB2-pXv9UcNExN8hA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 27984, version 1.0\012- data
Hash 9c01ef3c4862a40bf29bd780e7e88da4
54db29d9cf8092d9c50d477c5d9d9e199c944453
dc6d951120092f271275422fbff657a219671695d03bdd251761e05ee9e86589
GET /s/carterone/v17/q5uCsoe5IOB2-pXv9UcNExN8hA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hentaiheroes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27984
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 02:16:04 GMT
expires: Sat, 03 Feb 2024 02:16:04 GMT
cache-control: public, max-age=31536000
age: 109331
last-modified: Thu, 21 Apr 2022 17:07:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.hentaiheroes.com/js/quest.js?v=67522962
94.75.250.120200 OK 7.7 kB URL HTTP/2 www.hentaiheroes.com/js/quest.js?v=67522962
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with very long lines (31801), with no line terminators
Hash 41d954de2ac80864a346f8e746003525
f2c139f6cfd0efcdaa0be974cb77dc0257ecf52f
3580bdcfc459c3c987098d62f6787a23ffccbde8ce3769ce12673895db07e048
GET /js/quest.js?v=67522962 HTTP/1.1
Host: www.hentaiheroes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/home.html
Cookie: HH_SESS_13=oc5p6bmghotlp8jgilno3g637m; lang=en; ref_id=135846; tc1=HH6041ed2b03a3a925fdf4bae67b0766b5; tc2=11026; tc3=284; tc4=%7BPARAMETER%7D; tc5=AdsterraChX-David; tc6=728615; tc7=15184015; tc8=NO; age_verification=1; HAPBK=web10|Y94Ze
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Wed, 01 Feb 2023 05:33:45 GMT
etag: "7c39-5f39ccabe791d-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7726
content-type: application/javascript
X-Firefox-Spdy: h2
www.hentaiheroes.com/js/guest.js?v=67522961
94.75.250.120200 OK 529 B URL HTTP/2 www.hentaiheroes.com/js/guest.js?v=67522961
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with very long lines (1367), with no line terminators
Hash 7348e55be15dc16f98e50b2826ece833
4186367a3694585077625c655a9c503cdabbd545
ea3aab4a54f71ce834d19887b7b10988bb3ba09ed818f92b80ee64150bf59972
GET /js/guest.js?v=67522961 HTTP/1.1
Host: www.hentaiheroes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/home.html
Cookie: HH_SESS_13=oc5p6bmghotlp8jgilno3g637m; lang=en; ref_id=135846; tc1=HH6041ed2b03a3a925fdf4bae67b0766b5; tc2=11026; tc3=284; tc4=%7BPARAMETER%7D; tc5=AdsterraChX-David; tc6=728615; tc7=15184015; tc8=NO; age_verification=1; HAPBK=web10|Y94Ze
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Wed, 01 Feb 2023 05:33:33 GMT
etag: "557-5f39cca0a3c94-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 529
content-type: application/javascript
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0f27f32c7cd58f60416fca7aafd9f948
fb2622a0253d1540d9b8e972722a0c9d81933ce4
b2d90c17489a0dc0dd60b246277f134b3e89296b56639c3743869526a3f45eb3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 15:14:36 GMT
Expires: Thu, 09 Feb 2023 15:14:35 GMT
Etag: "fb2622a0253d1540d9b8e972722a0c9d81933ce4"
Cache-Control: max-age=455179,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794216caf90ab511-OSL
hh2.hh-content.com/pictures/design/ic_favicon_32px.png
104.152.112.111200 OK 576 B URL HTTP/2 hh2.hh-content.com/pictures/design/ic_favicon_32px.png
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash f76e95aa42153a9047cd4b8bcca0be00
f67a235e807ec1d016d394d9d3790a95846e89fd
cd37f4f58b91e31ceb237b9470026a39bb96cf967b5886698bb2e38e65bf34e2
GET /pictures/design/ic_favicon_32px.png HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
content-type: image/png
content-length: 576
last-modified: Mon, 18 Jun 2018 08:55:04 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
accept-ranges: bytes
x-cdn-diag: ams5-6141-0-16153-h-0-0---;6249-32-8747----0-0-0
X-Firefox-Spdy: h2
images.hh-content.com/hentai/pictures/design/logo2.png
104.152.112.105200 OK 3.4 kB URL HTTP/2 images.hh-content.com/hentai/pictures/design/logo2.png
IP 104.152.112.105:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type PNG image data, 566 x 250, 8-bit colormap, non-interlaced\012- data
Hash bb30651d4829e8d4aa2d2fe1da64b9c9
1607a6cec035df2fc2779732d7505f4c9ecdb5a2
0a9d9b559f56759b74032fa25a5f422cb094864a26e93f7b366a0f0dc8675782
GET /hentai/pictures/design/logo2.png HTTP/1.1
Host: images.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
content-type: image/png
content-length: 3449
last-modified: Tue, 23 Mar 2021 12:09:15 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: images.hh-content.com
accept-ranges: bytes
x-cdn-diag: ams5-7619-0-4013-h-0-0---;6141-35-26816----0-0-0
X-Firefox-Spdy: h2
images.hh-content.com/hentai/pictures/design/logo-apple-touch-icon.png
104.152.112.105200 OK 189 kB URL HTTP/2 images.hh-content.com/hentai/pictures/design/logo-apple-touch-icon.png
IP 104.152.112.105:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type gzip compressed data, from Unix\012- data
Size 189 kB (189110 bytes)
Hash cfd0ecbb3155139288271985381767c8
0f98aa52874152176042da89cd9ab7b29af39767
f82243d93a4864557d9b01a60db9dd36cbdca175461c47588484c8ac98c8bfa8
GET /hentai/pictures/design/logo-apple-touch-icon.png HTTP/1.1
Host: images.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
content-type: image/png
content-length: 4006
last-modified: Thu, 17 Dec 2020 17:04:14 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: images.hh-content.com
accept-ranges: bytes
x-cdn-diag: ams5-6141-0-16151-h-0-0---;6141-35-26816----0-0-0
X-Firefox-Spdy: h2
hh2.hh-content.com/quest/ic_eyeopen.svg
104.152.112.111200 OK 1.1 kB URL HTTP/2 hh2.hh-content.com/quest/ic_eyeopen.svg
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash d024138a612c10f6f1f53a59ee5e3dd2
eeaf38bfbcc7b8eb245647db978e61db286bcc30
54dc51810c4190a40a490c712bc60a7a2764e6213f8c1b7230836d83de5de996
GET /quest/ic_eyeopen.svg HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
content-type: image/svg+xml
content-length: 1142
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-7846-0-57513-h-0-0---;6249-32-8747----0-0-0
X-Firefox-Spdy: h2
hh2.hh-content.com/pictures/design/mob_rotation.gif
104.152.112.111200 OK 104 kB URL HTTP/2 hh2.hh-content.com/pictures/design/mob_rotation.gif
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type GIF image data, version 89a, 500 x 443\012- data
Size 104 kB (104376 bytes)
Hash 56deb21462c0875468e3d21f85bb61f9
97cb9c682beb7c0f9c7396d47472c9e263e0677a
f849636c8b1d9a0fb7fde5dde56795c2428291e5e76a53ce4c53974e6c32afa8
GET /pictures/design/mob_rotation.gif HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
content-type: image/gif
content-length: 104376
last-modified: Fri, 12 Mar 2021 15:25:52 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
accept-ranges: bytes
x-cdn-diag: ams5-6249-0-19872-h-0-0---;6249-32-8747----0-0-0
X-Firefox-Spdy: h2
hh2.hh-content.com/ic_loading_carrot.svg
104.152.112.111200 OK 3.7 kB URL HTTP/2 hh2.hh-content.com/ic_loading_carrot.svg
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash c7ea21734a64fecf0b2b8f54e582e036
2383ef4319d210f37b256cdd05a6e75de60091bc
bd50e89429493ff3043675f67cbbdeea7da18da0ef2a8e0de870eb39dac8dd25
GET /ic_loading_carrot.svg HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
content-type: image/svg+xml
content-length: 3743
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-6140-0-39858-h-0-0---;6249-32-8747----0-0-2
X-Firefox-Spdy: h2
hh2.hh-content.com/quest/ic_eyeclosed.svg
104.152.112.111200 OK 1.4 kB URL HTTP/2 hh2.hh-content.com/quest/ic_eyeclosed.svg
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash ee4ad4b4410fcc5898cab08a69780cd6
a8ed6e8ef5b181c240270cbcc7aa155405eb3003
1221af76045abbae2c6505da09d58cdee9ece408c45c084198f4b6646e60cb84
GET /quest/ic_eyeclosed.svg HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
content-type: image/svg+xml
content-length: 1424
last-modified: Mon, 24 Feb 2020 08:40:25 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-6140-0-39858-h-0-0---;6249-32-8747----0-0-0
X-Firefox-Spdy: h2
fonts.gstatic.com/s/kalam/v16/YA9Qr0Wd4kDdMtDqHTLMkiQ.woff2
216.58.207.227200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/kalam/v16/YA9Qr0Wd4kDdMtDqHTLMkiQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 22144, version 1.0\012- data
Hash f3ad3b3081bb38a18628d88ddf39b8b6
befa33190a885871d06ebf259dc12d0d325fd74c
252063af6ade8b9a744cde4ddad0fc21ea53b8ba711eed121a0c2e8610ea9c93
GET /s/kalam/v16/YA9Qr0Wd4kDdMtDqHTLMkiQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hentaiheroes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22144
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 18:05:49 GMT
expires: Fri, 02 Feb 2024 18:05:49 GMT
cache-control: public, max-age=31536000
age: 138747
last-modified: Tue, 26 Apr 2022 15:48:21 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hh2.hh-content.com/design/menu/sound_on.svg
104.152.112.111200 OK 2.3 kB URL HTTP/2 hh2.hh-content.com/design/menu/sound_on.svg
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash c89b911deef6444f334ee6bec8b70bae
8e9121d4a8eb7cac274a7cc6b9665531d908e604
7c114f2ad2ce1fb762d9a537d35c75de9901a6885e00a77aa1b9486dd8169c8f
GET /design/menu/sound_on.svg HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/svg+xml
content-length: 2269
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-6249-0-19875-h-0-0---;6249-29-8747----0-0-1
X-Firefox-Spdy: h2
hh2.hh-content.com/design/quest_fullscreen/quest_exit_fullscreen.png
104.152.112.111200 OK 500 B URL HTTP/2 hh2.hh-content.com/design/quest_fullscreen/quest_exit_fullscreen.png
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 0be950aa354017dc58d2523c5d7bb687
d0fc1a220cdc3975fa92ac6f5f7b118048c54902
10bc9639649542c420fdec036e7aceedb3b16a0081c33fc97125c07b90f2b6b8
GET /design/quest_fullscreen/quest_exit_fullscreen.png HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/png
content-length: 500
last-modified: Fri, 23 Sep 2022 06:45:28 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
accept-ranges: bytes
x-cdn-diag: ams5-7619-0-4018-h-0-0---;6249-29-8747----0-0-1
X-Firefox-Spdy: h2
www.hentaiheroes.com/phoenix-tr_labels-en-1438.js
94.75.250.120200 OK 20 kB URL HTTP/2 www.hentaiheroes.com/phoenix-tr_labels-en-1438.js
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash f712d50695e47bde15985afaa85936ba
a32aaae79769f3f4d36fa098178d38f4acff59ea
693ecbdb82872262398966305ba2e5a1386932c7fcb3a41ee42e60f883fe8283
GET /phoenix-tr_labels-en-1438.js HTTP/1.1
Host: www.hentaiheroes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/home.html
Cookie: HH_SESS_13=oc5p6bmghotlp8jgilno3g637m; lang=en; ref_id=135846; tc1=HH6041ed2b03a3a925fdf4bae67b0766b5; tc2=11026; tc3=284; tc4=%7BPARAMETER%7D; tc5=AdsterraChX-David; tc6=728615; tc7=15184015; tc8=NO; age_verification=1; HAPBK=web10|Y94Ze
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
server: Apache
content-encoding: gzip
cache-control: private, max-age=604800, pre-check=604800
pragma: private
expires: Thu, 08 Jan 70 01:00:00 +0100
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8;
X-Firefox-Spdy: h2
hh2.hh-content.com/pictures/design/ic_soft_currency.png
104.152.112.111200 OK 4.8 kB URL HTTP/2 hh2.hh-content.com/pictures/design/ic_soft_currency.png
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 628032e842e346860ba4132a5b66fe93
d441605bb3c43621520525758d75b9c9bc99831a
1fbde569f6ce61dc1302f088318f2d1acdc24b85475e998bda540fc131c4f04a
GET /pictures/design/ic_soft_currency.png HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/png
content-length: 4783
last-modified: Wed, 13 Mar 2019 16:03:42 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
accept-ranges: bytes
x-cdn-diag: ams5-7619-0-4018-h-0-0---;6249-29-8747----0-0-0
X-Firefox-Spdy: h2
hh2.hh-content.com/design/ic_fullscreen.svg
104.152.112.111200 OK 9.1 kB URL HTTP/2 hh2.hh-content.com/design/ic_fullscreen.svg
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 0831c44a1a21d67c02ef25bc69e5b889
b160e53081718dfbde5d57fc71d3d09e7d263eac
ceb0ca832f16fdb1647cbf5d34d6c095dd6ad6b8b842dc2cf7317f15dcbe2f76
GET /design/ic_fullscreen.svg HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/svg+xml
content-length: 9108
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-7619-0-4013-h-0-0---;6249-29-8747----0-0-1
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ef101d6d7799c89959a87381336a413
f0a6faf1125e928c27bf708524000d46ecd9a765
158112dde8643734bdd78b578e10c4f5d2a5543971e653999954cf8f7c4598ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "158112DDE8643734BDD78B578E10C4F5D2A5543971E653999954CF8F7C4598CA"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6214
Expires: Sat, 04 Feb 2023 10:21:50 GMT
Date: Sat, 04 Feb 2023 08:38:16 GMT
Connection: keep-alive
hh2.hh-content.com/pictures/audio/bg_music_2.ogg
104.152.112.111206 Partial Content 31 kB URL HTTP/2 hh2.hh-content.com/pictures/audio/bg_music_2.ogg
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
Hash 9f239050435104f4eb479ed551bc572e
6fb1f2be5cc8d1c7a37ad1817dc93352032aba7e
254539f96da4f49640a68355510591e55b42825ae910fe5b8f58961f93b7a416
GET /pictures/audio/bg_music_2.ogg HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=1802240-
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: audio/ogg
content-length: 31368
last-modified: Mon, 22 Feb 2021 09:58:57 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
content-range: bytes 1802240-1833607/1833608
x-cdn-diag: ams5-7846-0-57513-h-0-0---;6249-24-8747----0-0-2
X-Firefox-Spdy: h2
eggs-content.kinkoid.com/authentication/show.svg
94.75.250.120200 OK 510 B URL HTTP/2 eggs-content.kinkoid.com/authentication/show.svg
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (510), with no line terminators
Hash aae407daa4dba9e5d6b2ddf37a0f1b41
fa37c7736d6c33b9e62349cc65d0252bc715cb47
84bc80996a1db1c515d60d9fb037042d6220adc9b5be3bf279b06013fc9d6aa2
GET /authentication/show.svg HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/svg+xml
content-length: 510
last-modified: Tue, 14 Jul 2020 06:31:15 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
eggs-content.kinkoid.com/authentication/hide.svg
94.75.250.120200 OK 748 B URL HTTP/2 eggs-content.kinkoid.com/authentication/hide.svg
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (748), with no line terminators
Hash cad59edc70e2ae6387ab04e4f961528f
c7bb66aa521e859f4d8a35b6b8da847862e24413
51bdb6a686feff9b34838a4e975c4ed30fb665543036b1f8adc6036be0764192
GET /authentication/hide.svg HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/svg+xml
content-length: 748
last-modified: Tue, 14 Jul 2020 06:31:25 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
eggs-content.kinkoid.com/authentication/hentai/logo.png
94.75.250.120200 OK 3.4 kB URL HTTP/2 eggs-content.kinkoid.com/authentication/hentai/logo.png
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type PNG image data, 270 x 123, 8-bit colormap, non-interlaced\012- data
Hash 646617323d6d9e7cc959c516687af6d2
692b46ea8a5edbe527788e6b4e497363699cad5d
c95f6a0e76f202044aaf647ad9894d5822b322adf586f3b656c99aabcab6ee4e
GET /authentication/hentai/logo.png HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/png
content-length: 3379
last-modified: Tue, 14 Jul 2020 06:31:34 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
eggs-content.kinkoid.com/authentication/hentai/forgotten_password.png
94.75.250.120200 OK 223 kB URL HTTP/2 eggs-content.kinkoid.com/authentication/hentai/forgotten_password.png
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type PNG image data, 1200 x 3000, 8-bit colormap, non-interlaced\012- data
Size 223 kB (222857 bytes)
Hash 8ca851d27cfc171809a2df1bcda0d298
4195c1ea0fe0be41c6611f7ac2d3ad04d0c0496f
cb7c3470a20fb0ca125356f550da9f2404aabcba21b595be4b0a147ff8dc542e
GET /authentication/hentai/forgotten_password.png HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/png
content-length: 222857
last-modified: Tue, 14 Jul 2020 04:40:20 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
use.typekit.net/lfu1uah.css
95.101.11.120200 OK 827 B URL HTTP/2 use.typekit.net/lfu1uah.css
IP 95.101.11.120:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (516)
Hash 23cb3bd0e9baa58586be8877ed1fa4cf
4ba80bb386eced49c48a45d0f1760810178e4fbe
9170aa9c3289e5e5d09f40bc0941d772e3d4cde22e5f145eafdfa7b68118ad69
GET /lfu1uah.css HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 827
date: Sat, 04 Feb 2023 08:38:16 GMT
X-Firefox-Spdy: h2
eggs-content.kinkoid.com/authentication/hentai/authenticate.png
94.75.250.120200 OK 376 kB URL HTTP/2 eggs-content.kinkoid.com/authentication/hentai/authenticate.png
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type PNG image data, 1200 x 3000, 8-bit colormap, non-interlaced\012- data
Size 376 kB (375725 bytes)
Hash aab6e513d0b432bdcf6dad47cd4bc8ed
fddf92ae7fc344fb7840184cd4f754b41a6adf6c
b6880722169342e566a36393a92ceefac70f35020bb5193f9872e1e0dd8a905b
GET /authentication/hentai/authenticate.png HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/png
content-length: 375725
last-modified: Tue, 14 Jul 2020 04:40:20 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
eggs-content.kinkoid.com/authentication/hentai/register.png
94.75.250.120200 OK 657 kB URL HTTP/2 eggs-content.kinkoid.com/authentication/hentai/register.png
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type PNG image data, 1200 x 3000, 8-bit colormap, non-interlaced\012- data
Size 657 kB (657088 bytes)
Hash 94e78471d96928c94b8a02a81744ac8d
eed3da5bce576f851fdc86811a9c02f68757ae87
9df1ddbf2d792fc3c08ab0313cb55f85d9206d897e0030d39f1ab5dcb2fa8fb6
GET /authentication/hentai/register.png HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/png
content-length: 657088
last-modified: Tue, 14 Jul 2020 04:40:20 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
www.hentaiheroes.com/ajax.php
94.75.250.120200 OK 16 B URL HTTP/2 www.hentaiheroes.com/ajax.php
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /ajax.php HTTP/1.1
Host: www.hentaiheroes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 60
Origin: https://www.hentaiheroes.com
Connection: keep-alive
Referer: https://www.hentaiheroes.com/home.html
Cookie: HH_SESS_13=oc5p6bmghotlp8jgilno3g637m; lang=en; ref_id=135846; tc1=HH6041ed2b03a3a925fdf4bae67b0766b5; tc2=11026; tc3=284; tc4=%7BPARAMETER%7D; tc5=AdsterraChX-David; tc6=728615; tc7=15184015; tc8=NO; age_verification=1; HAPBK=web10|Y94Ze
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:16 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-length: 16
content-type: application/json; charset=utf-8
X-Firefox-Spdy: h2
p.typekit.net/p.css?s=1&k=lfu1uah&ht=tk&f=34212.34213.34214.34215.34216.34217&a=13331608&app=typekit&e=css
95.101.11.112200 OK 5 B URL HTTP/2 p.typekit.net/p.css?s=1&k=lfu1uah&ht=tk&f=34212.34213.34214.34215.34216.34217&a=13331608&app=typekit&e=css
IP 95.101.11.112:0
ASN #20940 Akamai International B.V.
Hash 83d24d4b43cc7eef2b61e66c95f3d158
f0cafc285ee23bb6c28c5166f305493c4331c84d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
GET /p.css?s=1&k=lfu1uah&ht=tk&f=34212.34213.34214.34215.34216.34217&a=13331608&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
content-type: text/css
content-length: 5
last-modified: Thu, 28 Jul 2022 22:24:50 GMT
etag: "62e30cb2-5"
cache-control: public, max-age=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
date: Sat, 04 Feb 2023 08:38:16 GMT
X-Firefox-Spdy: h2
hh2.hh-content.com/clubs/ic_xCross.png
104.152.112.111200 OK 1.3 kB URL HTTP/2 hh2.hh-content.com/clubs/ic_xCross.png
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type PNG image data, 82 x 74, 8-bit colormap, non-interlaced\012- data
Hash 8ae89c096a2186b9ed393a2baa1e8886
53917bc9a063bc304440ec6ae17fb1c583c8f9c4
02c88820b0f0b1292dfc9a5ad88c8cbbfd7941a41ca69f00b769b41deb198be6
GET /clubs/ic_xCross.png HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/png
content-length: 1264
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
accept-ranges: bytes
x-cdn-diag: ams5-6139-0-27687-h-0-0---;6249-22-8747----0-0-1
X-Firefox-Spdy: h2
hh2.hh-content.com/design/ic_login.svg
104.152.112.111200 OK 8.7 kB URL HTTP/2 hh2.hh-content.com/design/ic_login.svg
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5915a8ebac160e3953e4467dedec30b8
df20474ef16fc034e7c9bf27bb1bff222d106032
fec09101a2dbd6d4956c64c59f4898b448ec8dc884cbc01976ce6e6fa6eeb118
GET /design/ic_login.svg HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/svg+xml
content-length: 8722
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-7619-0-4013-h-0-0---;6249-22-8747----0-0-0
X-Firefox-Spdy: h2
hh2.hh-content.com/design/ic_legal.svg
104.152.112.111200 OK 2.3 kB URL HTTP/2 hh2.hh-content.com/design/ic_legal.svg
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash e12db90b345490737b33530778cf44ee
e873e0209b1a08f5d87dd0534d6fd3311c9f766f
b8f586101e80adb692675c6b21adaad397a7ba1033d45d61d2f0189b78c6cb91
GET /design/ic_legal.svg HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/svg+xml
content-length: 2320
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-6141-0-16151-h-0-0---;6249-22-8747----0-0-0
X-Firefox-Spdy: h2
hh2.hh-content.com/design/ic_join.svg
104.152.112.111200 OK 1.4 kB URL HTTP/2 hh2.hh-content.com/design/ic_join.svg
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (401), with CRLF line terminators
Hash 8ba97dba6572f93deebde7fe83bd5b69
f4cda4f98492c210aa990cf6063e8a79590ae011
f5557fa48f8dcff13b38b1b5055d04768470bc01be5a1a0971fd9293042b1b79
GET /design/ic_join.svg HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: image/svg+xml
content-length: 1411
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-6249-0-19876-h-0-0---;6249-22-8747----0-0-0
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 1.2 kB IP 172.64.155.188:0
File type gzip compressed data, max compression\012- data
Hash a519e818220d68076667e57b5d7b76e6
8ce609c09a71915f1ac617c0ff4c20669512a7d1
ffe68925d65c79b58b8ee31ad4e40bd3567bac95fb4e39f1c4e8b89347db8707
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 15:14:36 GMT
Expires: Thu, 09 Feb 2023 15:14:35 GMT
Etag: "fb2622a0253d1540d9b8e972722a0c9d81933ce4"
Cache-Control: max-age=455178,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794216cc8cc4b51b-OSL
www.hentaiheroes.com/img/quests/1/1/1600x900cut/p1a.jpg
94.75.250.120200 OK 193 kB URL HTTP/2 www.hentaiheroes.com/img/quests/1/1/1600x900cut/p1a.jpg
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 177x177, segment length 16, baseline, precision 8, 1600x900, components 3\012- data
Size 193 kB (193003 bytes)
Hash 34f709040c1fea1400d3807981361901
7b992a2bb749ce13e3bb29c472e91122818cd895
ee34edd3aa144929a578389b3919689998d07f55fb7fa635c2c245b41785c010
GET /img/quests/1/1/1600x900cut/p1a.jpg HTTP/1.1
Host: www.hentaiheroes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/home.html
Cookie: HH_SESS_13=oc5p6bmghotlp8jgilno3g637m; lang=en; ref_id=135846; tc1=HH6041ed2b03a3a925fdf4bae67b0766b5; tc2=11026; tc3=284; tc4=%7BPARAMETER%7D; tc5=AdsterraChX-David; tc6=728615; tc7=15184015; tc8=NO; age_verification=1; HAPBK=web10|Y94Ze
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
server: Apache
cache-control: private, max-age=2629000, pre-check=2629000
pragma: private
expires: Sat, 31 Jan 70 11:16:40 +0100
strict-transport-security: max-age=31536000
content-type: image/jpg
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0f27f32c7cd58f60416fca7aafd9f948
fb2622a0253d1540d9b8e972722a0c9d81933ce4
b2d90c17489a0dc0dd60b246277f134b3e89296b56639c3743869526a3f45eb3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:38:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 15:14:36 GMT
Expires: Thu, 09 Feb 2023 15:14:35 GMT
Etag: "fb2622a0253d1540d9b8e972722a0c9d81933ce4"
Cache-Control: max-age=455178,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794216cc8c7c0b61-OSL
www.hentaiheroes.com/js/chat.js?v=67522962
94.75.250.120200 OK 113 kB URL HTTP/2 www.hentaiheroes.com/js/chat.js?v=67522962
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
Size 113 kB (112563 bytes)
Hash f62c08e46a1dd6adc7b1ed1819b06b6b
3a3d69ba4f9a4bb4cb4e3eca6c85b73b6f5c0da8
09c999438e804006785c3b5154df497aa3401db8149eb62c9cff46e76bb6e4ad
GET /js/chat.js?v=67522962 HTTP/1.1
Host: www.hentaiheroes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/?ref_id=135846&noagev=1&tc1=HH6041ed2b03a3a925fdf4bae67b0766b5&tc2=11026&tc3=284&tc4={PARAMETER}&tc5=AdsterraChX-David&tc6=728615&tc7=15184015&tc8=NO
Cookie: HH_SESS_13=oc5p6bmghotlp8jgilno3g637m; lang=en; ref_id=135846; tc1=HH6041ed2b03a3a925fdf4bae67b0766b5; tc2=11026; tc3=284; tc4=%7BPARAMETER%7D; tc5=AdsterraChX-David; tc6=728615; tc7=15184015; tc8=NO; age_verification=1; HAPBK=web10|Y94Ze
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Wed, 01 Feb 2023 05:33:47 GMT
etag: "65cda-5f39ccae058f7-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
X-Firefox-Spdy: h2
12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
45.133.44.24200 OK 0 B URL HTTP/2 12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags= HTTP/1.1
Host: 12007250.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: text/html; charset=UTF-8
last-modified: Wed, 20 May 2020 13:08:32 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=grQAvhS3lGLkn%2FoLs0qfU6q4wCcqssKF37ISbrnBwRICiat5LDh%2BeMC4x370j8cmoU4%2BmiqYQNBdqc9%2Fw9PJc14sH2sPTpOWkBz9ouwzdOcCydFfHbL5I0HNn0Zq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7521b56d9c5eb395-MUC
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 04 Feb 2023 09:38:13 GMT
cache-control: max-age=3600
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/img/close.svg
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/img/close.svg
IP 172.64.166.9:0
GET /sb/ssp/utility/social-media/facebook/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:14 GMT
content-type: image/svg+xml
last-modified: Thu, 11 Feb 2021 15:13:59 GMT
etag: W/"602549b7-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 753553
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3tvXn8lpv%2F8Ng2TkCdO3%2FMd1Xb2me7m6cZdcgqFBSfoaJ8UlBrBA48TQcUpXChfQJUCZcJTp13Tj2FZiU7rTJDiJ5NqQ0%2Fsd5x4CWj0D98KpgI1RGZVTVSC9OK1TrHp3UJkdnWIZiG1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794216c4d9eb71c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
IP 172.64.166.9:0
GET /sb/ssp/utility/social-media/facebook/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:14 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p6X6Fg6OpKc%2BZRJPpYNJbQ7Vn%2BIdI7q4vsbpMqOK2hBd%2Ffzr3iaImYUusTY9hRvzxm4dXCELCNRhJQhpakWAhAZ4C1O4tvDPNfkAx7hpvRBQXq60VEQS%2F5Nhr4zyEY54WuLoTRC6Q%2Frr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794216c4a9c771c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
188.114.99.234200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
IP 188.114.99.234:0
GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:11 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"2f624089c65f12185e79925bc5a7fc42"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 11/18/2022 06:18:39
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 755
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 43caa5c98cdbfec9678ba07fb0559a3f
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 794216b34a16b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.hentaiheroes.com/js/default.js?v=67522962
94.75.250.120200 OK 0 B URL HTTP/2 www.hentaiheroes.com/js/default.js?v=67522962
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
GET /js/default.js?v=67522962 HTTP/1.1
Host: www.hentaiheroes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/home.html
Cookie: HH_SESS_13=oc5p6bmghotlp8jgilno3g637m; lang=en; ref_id=135846; tc1=HH6041ed2b03a3a925fdf4bae67b0766b5; tc2=11026; tc3=284; tc4=%7BPARAMETER%7D; tc5=AdsterraChX-David; tc6=728615; tc7=15184015; tc8=NO; age_verification=1; HAPBK=web10|Y94Ze
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:15 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Wed, 01 Feb 2023 05:33:43 GMT
etag: "1cc7b5-5f39ccaa3fbe1-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Carter+One|Kalam:700|Mr+Dafoe|Alegreya+Sans:700i|Marck+Script
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Carter+One|Kalam:700|Mr+Dafoe|Alegreya+Sans:700i|Marck+Script
IP 142.250.74.106:0
GET /css?family=Carter+One|Kalam:700|Mr+Dafoe|Alegreya+Sans:700i|Marck+Script HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 Feb 2023 08:38:15 GMT
date: Sat, 04 Feb 2023 08:38:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
creative.xliirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.css
104.18.51.106200 OK 0 B URL HTTP/2 creative.xliirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.css
IP 104.18.51.106:0
GET /widgets/v4/Universal/main.33831b792a3809ba493a.css HTTP/1.1
Host: creative.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xliirdr.com/widgets/v4/Universal?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f7d35c19e8363f8e59e197e6034e23aaac0f22600b273fb0cad1f12ae1c95358&iterationId=383554&masterSmartpopId=1605&memberId=m6WUxrWE0zoac4oMYUhO_G4_E_W6ANX1S1R0pzLjT02_0INngnDSwweVy1XRzUmn0U25AFQmBNLfonKYDJYKUyT-_g3e5j6u3BQJVsU101AIX9w_gUIDRUi&p1=3717296&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&tag=-girls%2Findian&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30029
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:13 GMT
content-type: text/css
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-3403"
expires: Sat, 04 Feb 2023 08:38:09 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 10
vary: Accept-Encoding
server: cloudflare
cf-ray: 794216bcaaa0b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hh2.hh-content.com/pictures/audio/bg_music_2.ogg
104.152.112.111206 Partial Content 0 B URL HTTP/2 hh2.hh-content.com/pictures/audio/bg_music_2.ogg
IP 104.152.112.111:0
ASN #11019 HAPROXY-TECHNOLOGIES
GET /pictures/audio/bg_music_2.ogg HTTP/1.1
Host: hh2.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Sat, 04 Feb 2023 08:38:16 GMT
content-type: audio/ogg
content-length: 1833608
last-modified: Mon, 22 Feb 2021 09:58:57 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: hh
content-range: bytes 0-1833607/1833608
x-cdn-diag: ams5-7846-0-57513-h-0-0---;6249-23-8747----0-0-0
X-Firefox-Spdy: h2
eggs-ext.kinkoid.com/authentication/start_authentication?product_id=1&language=en&purpose=authenticate
94.75.250.120200 OK 0 B URL HTTP/2 eggs-ext.kinkoid.com/authentication/start_authentication?product_id=1&language=en&purpose=authenticate
IP 94.75.250.120:0
ASN #60781 LeaseWeb Netherlands B.V.
GET /authentication/start_authentication?product_id=1&language=en&purpose=authenticate HTTP/1.1
Host: eggs-ext.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hentaiheroes.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: OPTIONS, POST, GET
access-control-max-age: 2592000
access-control-allow-headers: protocol
content-type: text/html; charset=utf-8
date: Sat, 04 Feb 2023 08:38:16 GMT
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootswatch/3.3.7/sandstone/bootstrap.min.css
188.114.99.234200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootswatch/3.3.7/sandstone/bootstrap.min.css
IP 188.114.99.234:0
GET /bootswatch/3.3.7/sandstone/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kahoka.pornlesbans.hotnatalia.com
Connection: keep-alive
Referer: http://kahoka.pornlesbans.hotnatalia.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 08:38:11 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"193a9c738b1f86bbb65f69ffa04f3bd8"
last-modified: Mon, 25 Jan 2021 22:04:28 GMT
cdn-cachedat: 08/20/2022 09:02:21
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: f841efe89fa43e64a4b14be352ec4d66
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 794216b36a3db4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2