Overview

URL xfantazy.com/search/nika%20venom
IP104.26.0.188
ASNCLOUDFLARENET
Location United States
Report completed2022-08-28 21:02:07 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-08-28 2 cdn.barscreative1.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/16511 (...) Phishing
2022-08-28 2 a.bestcontentfood.top/warp/4788752?r=91860 Phishing
2022-08-28 2 a.bestcontentfood.top/warp/4787912?r=13273 Phishing
2022-08-28 2 a.bestcontentfood.top/warp/4787908?r=79656 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-08-28 2 freychang.fun Sinkholed
2022-08-28 2 forgerylimit.com Sinkholed
2022-08-28 2 forgerylimit.com Sinkholed
2022-08-28 2 forgerylimit.com Sinkholed
2022-08-28 2 reasonablelandmark.com Sinkholed
2022-08-28 2 forgerylimit.com Sinkholed
2022-08-28 2 forgerylimit.com Sinkholed
2022-08-28 2 forgerylimit.com Sinkholed
2022-08-28 2 forgerylimit.com Sinkholed
2022-08-28 2 forgerylimit.com Sinkholed
2022-08-28 2 unseenreport.com Sinkholed
2022-08-28 2 addresseepaper.com Sinkholed
2022-08-28 2 freychang.fun Sinkholed
2022-08-28 2 freychang.fun Sinkholed


Files

No files detected



Passive DNS (44)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS poweredby.jads.co (2) 30525 2019-12-04 10:34:12 UTC 2022-08-28 18:10:01 UTC 185.94.237.101
mnemonic passive DNS stats.g.doubleclick.net (1) 96 2012-07-01 17:13:23 UTC 2022-08-28 04:43:36 UTC 142.251.1.157
mnemonic passive DNS cdn.adx1.com (1) 10630 2018-03-05 17:25:10 UTC 2022-08-28 15:47:16 UTC 149.11.201.98
mnemonic passive DNS e1.o.lencr.org (3) 6159 2021-08-20 07:36:30 UTC 2022-08-28 07:04:21 UTC 23.36.76.226
mnemonic passive DNS creepingbrings.com (1) 0 2022-05-27 14:56:26 UTC 2022-08-28 17:33:18 UTC 104.21.234.233 Unknown ranking
mnemonic passive DNS xfantazy.com (23) 167260 2019-11-18 08:19:02 UTC 2022-08-28 18:52:26 UTC 104.26.1.188
mnemonic passive DNS ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2022-08-28 16:46:48 UTC 93.184.220.29
mnemonic passive DNS fonts.gstatic.com (3) 0 2014-04-02 10:51:04 UTC 2022-08-28 04:42:38 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS simplewebanalysis.com (1) 0 2022-02-25 04:06:25 UTC 2022-08-28 17:24:57 UTC 3.127.140.33 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-08-28 04:47:14 UTC 34.117.237.239
mnemonic passive DNS atebilaterde.one (6) 0 2022-07-21 07:34:35 UTC 2022-08-28 15:35:38 UTC 104.21.60.149 Unknown ranking
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-08-28 04:11:28 UTC 34.120.237.76
mnemonic passive DNS cdn.barscreative1.com (1) 25648 2021-09-16 11:14:42 UTC 2022-08-28 17:33:29 UTC 45.133.44.3
mnemonic passive DNS cdn.jsdelivr.net (1) 439 2012-09-30 00:15:09 UTC 2022-08-28 04:42:32 UTC 151.101.85.229
mnemonic passive DNS cdn.sb4you1.com (2) 22321 2021-09-16 11:26:58 UTC 2022-08-28 17:33:29 UTC 104.21.51.177
mnemonic passive DNS cdn.tsyndicate.com (2) 16265 2017-07-04 06:00:09 UTC 2022-08-28 07:56:20 UTC 8.254.252.214
mnemonic passive DNS www.facebook.com (1) 99 2012-05-21 00:23:41 UTC 2022-08-28 04:43:48 UTC 31.13.72.36
mnemonic passive DNS xfantazy.com (23) 167260 2019-11-18 08:19:02 UTC 2022-08-28 18:52:26 UTC 172.67.69.220
mnemonic passive DNS oulukdliketo.shop (6) 0 2022-08-21 19:27:19 UTC 2022-08-28 18:15:52 UTC 143.204.55.49 Unknown ranking
mnemonic passive DNS mc.yandex.ru (9) 2672 2012-05-21 09:38:30 UTC 2022-08-28 06:52:46 UTC 93.158.134.119
mnemonic passive DNS d192r5l88wrng7.cloudfront.net (2) 0 2022-07-06 19:22:54 UTC 2022-08-28 18:00:42 UTC 54.230.245.4 Unknown ranking
mnemonic passive DNS addresseetransportationsyndrome.com (1) 499417 2021-03-22 17:02:39 UTC 2022-08-28 18:52:33 UTC 192.243.59.13
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2016-01-20 08:47:26 UTC 2019-03-27 04:05:54 UTC 54.230.245.118
mnemonic passive DNS forgerylimit.com (8) 0 2022-08-13 02:34:51 UTC 2022-08-28 21:02:00 UTC 192.243.61.227 Unknown ranking
mnemonic passive DNS a.bestcontentfood.top (3) 54526 2019-10-07 06:12:20 UTC 2022-08-28 18:52:35 UTC 172.67.200.139
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2022-08-28 10:15:13 UTC 143.204.55.35
mnemonic passive DNS r3.o.lencr.org (9) 344 2020-12-02 08:52:13 UTC 2022-08-28 04:43:52 UTC 23.36.77.32
mnemonic passive DNS ocsp.globalsign.com (2) 2075 2012-05-25 06:20:55 UTC 2022-08-28 05:07:48 UTC 151.101.86.133
mnemonic passive DNS freychang.fun (3) 20665 2021-01-12 15:52:59 UTC 2022-08-28 15:35:38 UTC 104.21.45.207
mnemonic passive DNS reasonablelandmark.com (1) 0 2022-08-06 02:07:43 UTC 2022-08-28 17:44:33 UTC 192.243.61.227 Unknown ranking
mnemonic passive DNS ocsp.sectigo.com (8) 487 2018-12-17 11:31:55 UTC 2022-08-28 16:38:32 UTC 172.64.155.188
mnemonic passive DNS static-cache.k2s.cc (19) 182663 2018-09-13 10:35:33 UTC 2022-08-28 10:25:45 UTC 188.72.235.186
mnemonic passive DNS unseenreport.com (1) 0 2022-03-30 14:33:17 UTC 2022-08-28 10:49:07 UTC 192.243.61.227 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-08-28 05:48:36 UTC 143.204.55.49
mnemonic passive DNS ocsp.pki.goog (9) 175 2017-06-14 07:23:31 UTC 2022-08-28 04:43:45 UTC 142.250.74.3
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-08-28 04:49:25 UTC 35.163.37.142
mnemonic passive DNS www.google-analytics.com (1) 40 2012-05-21 07:15:40 UTC 2022-08-28 17:18:29 UTC 142.250.74.174
mnemonic passive DNS tsyndicate.com (3) 13042 2017-03-16 09:04:54 UTC 2022-08-28 18:06:32 UTC 136.243.81.150
mnemonic passive DNS media.aso1.net (2) 123434 2017-02-13 21:08:06 UTC 2022-08-28 12:12:11 UTC 104.21.234.155
mnemonic passive DNS addresseepaper.com (1) 18169 2021-11-01 21:11:31 UTC 2022-08-28 14:58:53 UTC 104.21.234.254
mnemonic passive DNS fonts.googleapis.com (1) 8877 2012-05-23 12:41:44 UTC 2022-08-28 15:56:13 UTC 142.250.74.10
mnemonic passive DNS a.focusde.info (5) 499386 2022-01-15 21:28:39 UTC 2022-08-28 06:28:43 UTC 135.181.208.216
mnemonic passive DNS accounts.google.com (3) 81 2012-05-23 06:57:57 UTC 2022-08-28 13:20:16 UTC 216.58.207.237
mnemonic passive DNS cdn.cloudimagesb.com (2) 23099 2021-02-12 16:15:41 UTC 2022-08-28 08:31:58 UTC 45.133.44.10


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.26.0.188

Date UQ / IDS / BL URL IP
2022-09-20 21:13:43 +0000
0 - 0 - 15 xfantazy.com/video/6034cee1d7357618a3d2dc9d 104.26.0.188
2022-09-09 23:29:00 +0000
0 - 0 - 16 xfantazy.com/video/629a418633a7ea0600f6d506 104.26.0.188
2022-09-09 11:27:26 +0000
0 - 0 - 14 xfantazy.com/video/5e0ed14deac0b76cd9c54962 104.26.0.188
2022-09-06 06:54:08 +0000
0 - 0 - 14 xfantazy.com/video/60e2920ced696b7119a44c73 104.26.0.188
2022-08-28 21:02:07 +0000
0 - 0 - 18 xfantazy.com/search/nika%20venom 104.26.0.188

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-05 21:04:02 +0000
0 - 0 - 6 personalfinanceblog.online/co-iqos-l2/ 104.21.18.97
2022-12-05 21:03:44 +0000
0 - 0 - 11 earn-easy.net/index.php? 104.21.54.131
2022-12-05 21:01:52 +0000
0 - 0 - 2 www.iwinprize.xyz/lander/za-dating-1page-lp1_ (...) 104.21.63.166
2022-12-05 21:01:50 +0000
0 - 0 - 2 prelands.vikolo.live/meta/vietnam/penirumA/bl (...) 104.21.28.242
2022-12-05 21:01:48 +0000
0 - 0 - 2 prelands.vikolo.live/meta/vietnam/penirumA/blog-vn 104.21.28.242

Last 5 reports on domain: xfantazy.com

Date UQ / IDS / BL URL IP
2022-12-04 19:49:53 +0000
0 - 0 - 27 xfantazy.com/video/63215686df915905ff622722 172.67.137.4
2022-12-02 07:31:24 +0000
0 - 0 - 29 xfantazy.com/video/5fa9094a0c205613746667b6 172.64.162.22
2022-12-01 21:42:16 +0000
0 - 0 - 30 xfantazy.com/video/620852c85a615f1d0cdf5e9b 172.64.162.22
2022-11-29 21:55:40 +0000
0 - 0 - 35 xfantazy.com/video/5edc59d923629346a514272b 172.64.163.22
2022-11-29 03:55:04 +0000
0 - 0 - 35 xfantazy.com/video/5f76ce8301bf221df0f0efe7?u (...) 104.21.46.88

No other reports with similar screenshot



JavaScript

Executed Scripts (70)


Executed Evals (1)

#1 JavaScript::Eval (size: 125, repeated: 1) - SHA256: 920d80e57685294073e6844ab22908618709844b22774b5e6c29e260c3a62799

                                        (function() {
    try {
        return document.getElementsByTagName("video")["fluid-videoplayer"] ? "ready" : "null"
    } catch (a) {
        return "null"
    }
})();
                                    

Executed Writes (7)

#1 JavaScript::Write (size: 449, repeated: 1) - SHA256: 9524621c7f4d8fac4161095ac512d69df866d67f58ad26324b41dbc39d245af9

                                        < div style = "width:300px;height:250px;" >
    < script id = "adn-4787912"
data - sub = ""
type = "text/javascript" >
    (function(node) {
        var adn = document.createElement("script");
        adn.type = "text/javascript", adn.async = true, adn.src = "//a.bestcontentfood.top/warp/4787912?r=" + Math.floor(Math.random() * 99999);
        node.appendChild(adn);
    })(document.getElementsByTagName("script")[document.getElementsByTagName("script").length - 1].parentNode); < /script> < /div>
                                    

#2 JavaScript::Write (size: 466, repeated: 1) - SHA256: e53c2ba3b0fa3fffef0679dc24186bdff26171c74a7bc47075a33a4e481f366a

                                        < center > < div style = "width:900px;height:250px;" >
    < script id = "adn-4788752"
data - sub = ""
type = "text/javascript" >
    (function(node) {
        var adn = document.createElement("script");
        adn.type = "text/javascript", adn.async = true, adn.src = "//a.bestcontentfood.top/warp/4788752?r=" + Math.floor(Math.random() * 99999);
        node.appendChild(adn);
    })(document.getElementsByTagName("script")[document.getElementsByTagName("script").length - 1].parentNode); < /script> < /div></center >
                                    

#3 JavaScript::Write (size: 46, repeated: 1) - SHA256: de73a926a8381f11229c3f788149919c2b1e9620adcdf9c657c1df31971b423f

                                        < ins class = "aso-zone"
data - zone = "87882" > < /ins>
                                    

#4 JavaScript::Write (size: 46, repeated: 1) - SHA256: b7c224bd318e210fb3724a686d2e6fdff03e16ced4163e2e207bd2468a998f0a

                                        < ins class = "aso-zone"
data - zone = "87884" > < /ins>
                                    

#5 JavaScript::Write (size: 680, repeated: 1) - SHA256: 7391b0075aa07f922edc59453ad1231e65efdf0954b5bd55c200ed143757b25a

                                        < !DOCTYPE html > < html > < head > < title > < /title><style>html,body{margin:0;padding:0;height:100%;width:100%;}</style > < /head><body><script src="/ / cdn.tsyndicate.com / sdk / v1 / inpage.push.js "></script> < script >
    TsInPagePush({
        spot: "9ac62f6da6514f55b72d712e0546f69d",
        verticalPosition: "bottom",
    }); < /script> < script src = "//cdn.tsyndicate.com/sdk/v1/video.instant.message.js" > < /script> < script >
    TSVideoInstantMessage({
        spot: "b5346988f58b4a3986d63c85fcf561b2",
        width: "460",
        cookieExpires: "4",
    }); < /script> < iframe width = "300"
height = "250"
frameborder = "0"
scrolling = "no"
src = "//tsyndicate.com/iframes2/81050e2dae874825b1263242bcb82944.html?" > < /iframe></body > < /html>
                                    

#6 JavaScript::Write (size: 484, repeated: 1) - SHA256: 17d94e96963dd14c2da602a6073d5af159c974cddf5e1526eaaf2725ec1bf6df

                                        < !DOCTYPE html > < html > < head > < title > < /title><style>html,body{margin:0;padding:0;height:100%;width:100%;}</style > < /head><body><!-- JuicyAds v3.0 --> < script type = "text/javascript"
data - cfasync = "false"
async src = "https://poweredby.jads.co/js/jads.js" > < /script> < ins id = "969388"
data - width = "908"
data - height = "258" > < /ins> < script type = "text/javascript"
data - cfasync = "false"
async > (adsbyjuicy = window.adsbyjuicy || []).push({
    'adzone': 969388
}); < /script>
<!--JuicyAds END--></body></html>
                                    

#7 JavaScript::Write (size: 449, repeated: 1) - SHA256: a81bb422d0bc483c5b0854665f30031275c2c069c18c6242e498865a65a55f52

                                        < div style = "width:300px;height:250px;" >
    < script id = "adn-4787908"
data - sub = ""
type = "text/javascript" >
    (function(node) {
        var adn = document.createElement("script");
        adn.type = "text/javascript", adn.async = true, adn.src = "//a.bestcontentfood.top/warp/4787908?r=" + Math.floor(Math.random() * 99999);
        node.appendChild(adn);
    })(document.getElementsByTagName("script")[document.getElementsByTagName("script").length - 1].parentNode); < /script> < /div>
                                    


HTTP Transactions (163)


Request Response
                                        
                                            GET /search/nika%20venom HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.26.1.188
HTTP/1.1 302 Found
                                        
Date: Sun, 28 Aug 2022 21:01:55 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/search/nika%20venom
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KcRIWlB6YwqIxkHvUFUE2kVSp7YvZhO6gGK%2BcOU9BD82XpFLNocr16Tnz%2BOZz7YAOUQK2Wyw77ZnHiu5titzX1Jl7YziULpqr1QYJt9ejOlFcgFwf%2FlhpjxBJXsIZA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 741ffc283b951c16-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 28 Aug 2022 20:14:00 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: x1z4qJBd7F6APPGeNJamjCtvWhHoFJ3uxHTAKNwyaTgnBVgPdniD6w==
Age: 2876


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7EBE5D06EFE28C8507B4CDFBF68C6E5BBD9919BA776990FB8A22D90CCA0C1C1B"
Last-Modified: Sat, 27 Aug 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6431
Expires: Sun, 28 Aug 2022 22:49:07 GMT
Date: Sun, 28 Aug 2022 21:01:56 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 27 Aug 2022 22:35:58 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: v6qEYrsG7m3Gpn0wESJ7jxr9f8XErV5wfjAi81yuWWy-H6QykY16PQ==
age: 80758
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4781
Cache-Control: 'max-age=158059'
Date: Sun, 28 Aug 2022 21:01:56 GMT
Last-Modified: Sun, 28 Aug 2022 19:42:15 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 28 Aug 2022 21:01:56 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /_next/static/vMq0fywG6ReNUm9yukIYR/pages/search.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/search/nika%20venom
Cookie: visitorId=untsku6e24fyem9zrgc1; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:01:56 GMT
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:01 GMT
etag: W/"6e7-1826d2c1428"
cf-cache-status: HIT
age: 2030561
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YFddsQZy3ExCJ%2BqRIOktlwim%2B3sDliHqw37Y20r%2ByTJTznFzxB29qzV0sVUyAoeCzFCZpSpPiDWvMPQLYeaJ7di4KXTKtBn2MpagPaBQ4TBXv4j80uPwBmlPX4oXJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc2c1d1d0b39-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1767), with no line terminators
Size:   1328
Md5:    85af5c012684c6743e44e8161021a9c9
Sha1:   047c9569e137db8e79a7686523748b113b72a821
Sha256: 7d2a1900b862db6861893f60e2dc626232de708373e7373a17c61800b39fe2b2
                                        
                                            GET /search/nika%20venom HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Sun, 28 Aug 2022 21:01:56 GMT
vary: Origin
set-cookie: visitorId=untsku6e24fyem9zrgc1; Domain=xfantazy.com; Path=/; Expires=Sat, 28 Aug 2032 21:01:56 GMT; HttpOnly experiment-popup-payment-7=0; Path=/; Expires=Sun, 04 Sep 2022 21:01:56 GMT experiment-save-to-button-2=0; Path=/; Expires=Sun, 04 Sep 2022 21:01:56 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcA92OLtn7NK57dUYIdr%2FnAX1Gn3fEaUxhtrrFf7Pf8VfL3NYrSQ%2B5ZknT370JGH7aQBtPYmEB9A9jBg5xudTdoE4BUq8gJdYAs9RQg0qoaFbiwdJqim7pIt2rKquA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc2a6b5b0b39-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (24729)
Size:   33424
Md5:    40464bd70d97e80266aa8120103f3f6b
Sha1:   dfae23210f59bea562de2c81ccf7ac5c760dc93f
Sha256: 5d1e7a4e065431d033c240f77fb9b3c165486665c658abd144b59c49923919e8
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:01:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 28 Aug 2022 20:17:12 GMT
Cache-Control: max-age=3600
Expires: Sun, 28 Aug 2022 20:39:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tyGQQfu6OTSKKGmZXKXm1dWJS4ReQleWlzNsIarf5T4uCUbkpv8pwA==
Age: 2684


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 28 Aug 2022 21:01:56 GMT
date: Sun, 28 Aug 2022 21:01:56 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   53655
Md5:    b46ecb03d73cc70df875b31c81ed817a
Sha1:   c376cd2600eb949f38cd1a61a185df2d51b626a8
Sha256: 1673196c5819e92d08afa6fed920542f777da366b10d544526dc71f3401d432f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:01:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /_next/static/chunks/114.41495e10c4955f1da9b2.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/search/nika%20venom
Cookie: visitorId=untsku6e24fyem9zrgc1; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:01:56 GMT
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 06 Jun 2022 14:51:25 GMT
etag: W/"2ec-181397fcb76"
cf-cache-status: HIT
age: 7164200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vHv7AvGGJaNE6oOuBK%2FA3HTDbQPdquNxHcW112p9fOZd7i7e5DjFWoiFVUcFbkuyY4qllKf0Grltf8ttw88uoa88mgwq2h7blj3GWekwtLDi3TGtbo%2FPYqKNQ8dOOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc2c1d2d0b39-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (748), with no line terminators
Size:   907
Md5:    75f2d7bde906468b21a126885ae33edd
Sha1:   3ce2b00acc7519dfb79380db389b47a8a69462c9
Sha256: 110d5e77c6403629b527b922cae667df694ac12ac65832d3ad6f31b565f56932
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:01:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 Aug 2022 19:34:08 GMT
expires: Thu, 24 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 350868
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:01:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 27 Aug 2022 02:02:22 GMT
expires: Sun, 27 Aug 2023 02:02:22 GMT
cache-control: public, max-age=31536000
age: 154774
last-modified: Wed, 11 May 2022 19:24:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size:   15920
Md5:    3a44e06eb954b96aa043227f3534189d
Sha1:   23cef6993ddb2b2979e8e7647fc3763694e2ba7d
Sha256: b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 Aug 2022 19:34:08 GMT
expires: Thu, 24 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 350868
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /static/xf-small.png HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/search/nika%20venom
Cookie: visitorId=untsku6e24fyem9zrgc1; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 28 Aug 2022 21:01:56 GMT
content-length: 1153
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Fri, 05 Aug 2022 08:39:17 GMT
etag: W/"481-1826d28a717"
cf-cache-status: HIT
age: 4133
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xf6VL8o9cw1MboV7pIe4QM0PxEWzCMYbxYUteXA653%2BpCrm%2F%2BQBsq27MhlNM94xMhb1Ro1biZHNkPE7%2F38mbsGYVAu%2Fk85%2BSsXvX8roKBjqRlLHwnBS%2B0NRj65izyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc2e3fbe0b39-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   1153
Md5:    73788af337ff4a5e7c8d8ea19dba155f
Sha1:   e0bd72878475603f40ebd05077c626816ed3285c
Sha256: be4a320fd44fdaaced2a2056ff7a4c0765a6ed0996c9b4c94a0cb2458967e8df
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:01:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3233
Cache-Control: 'max-age=158059'
Date: Sun, 28 Aug 2022 21:01:56 GMT
Last-Modified: Sun, 28 Aug 2022 20:08:03 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lcbnttB8eWpbvm5GG8TKjw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.163.37.142
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ggg6Egh3oTIyRG1wNBF+rFkhLVk=

                                        
                                            GET /npm/yandex-metrica-watch/tag.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.242.0
x-jsd-version-type: version
etag: W/"3364d-8zUodyTu6b7iC+HzYMc9hdc5tyQ"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 28 Aug 2022 21:01:57 GMT
age: 42691
x-served-by: cache-fra19183-FRA, cache-bma1678-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 83361
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (681)
Size:   83361
Md5:    5e95fd71c0607321599b2ed694f30adc
Sha1:   15e75c6e8fd13c12afb93e659206ec28893f7d17
Sha256: eb5c363392c61c58e2ab8088a17da732d4c552a8a063e8276082192d5aa81a77
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         151.101.86.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Etag: "7004E7A6281ECBAC4BF60D3D9409F56D3E89A398"
Expires: Mon, 29 Aug 2022 08:00:00 UTC
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
Content-Length: 1462
Accept-Ranges: bytes
Date: Sun, 28 Aug 2022 21:01:57 GMT
Via: 1.1 varnish
Age: 827
Connection: keep-alive
X-Served-By: cache-bma1663-BMA
X-Cache: HIT
X-Cache-Hits: 4
X-Timer: S1661720517.318514,VS0,VE0


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    79b818495a4728a2262c54643c5c7cc6
Sha1:   1d1bf2c697dbb726423795ff8b7131026515cb3b
Sha256: b9729b4452c082190d307afa58982e060c0426e5d6f032ec90e5140dddd35a2b
                                        
                                            POST /api/auth/login HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/search/nika%20venom
Content-Type: application/x-www-form-urlencoded
Origin: https://xfantazy.com
Connection: keep-alive
Cookie: visitorId=untsku6e24fyem9zrgc1; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
date: Sun, 28 Aug 2022 21:01:57 GMT
content-length: 2
vary: Origin
access-control-allow-origin: https://b.xfantazy.com
access-control-allow-credentials: true
set-cookie: k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiJkYzUwNmJkMTUwMDc2IiwiaWF0IjoxNjYxNzIwNTE3LCJleHAiOjE2NjIzMjUzMTd9.zAzjsF6DMfQUdndKVhkusLMGgaUaoFq1l3vV5hra4gM; path=/; expires=Sun, 04 Sep 2022 21:01:57 GMT; domain=xfantazy.com; httponly k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWY1YzhlYzM1ODRkNyIsImlhdCI6MTY2MTcyMDUxNywiZXhwIjoxNjY0MzEyNTE3fQ.m7l_QrGlNpG0oaCbE4Ah5AgHseRjBAHQgyAfgtr80ZA; path=/; expires=Tue, 27 Sep 2022 21:01:57 GMT; domain=xfantazy.com; httponly
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2BAMX5MaYPJKondt3WPvI2lL9ptDdgAkcMLvwuWhr%2F1DbcTlikfM%2BBCiitq8jf%2Fu%2FdHeoRBb09VX8egWOdxFLaPCaGrSUmaUCvNh95SYhWt2yfdbTZb9%2F7%2FIjdIrrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc30cb600b39-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    e0aa021e21dddbd6d8cecec71e9cf564
Sha1:   9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
Sha256: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
                                        
                                            GET /5qpfbg7.js HTTP/1.1 
Host: a.focusde.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         135.181.208.216
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 28 Aug 2022 21:01:57 GMT
content-length: 34301
expires: Tue, 15 Aug 2023 09:25:31 GMT
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 09:14:03 GMT
etag: "62fa0e5b-85fd"
cache-control: max-age=315360000, public
x-hw: 1660555531.dop239.am5.t,1660555531.cds267.am5.c
access-control-allow-origin: *
x-frame-options: DENY
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (37787), with NEL line terminators
Size:   34301
Md5:    48724cec4d9a9559238f190715a32048
Sha1:   60996b0a83df8d94abee9c5e0bf91227437fed19
Sha256: 1d9c6e091c98850f45a6ebe57dd0993825739b991d83432a2e03fc9638082f80
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sun, 28 Aug 2022 20:41:12 GMT
expires: Sun, 28 Aug 2022 22:41:12 GMT
cache-control: public, max-age=7200
age: 1245
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20006
Md5:    56f5d7f608e25d64207135f045f988cb
Sha1:   901eb59372ae330ae85e1384da93479b21ae1082
Sha256: 1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
                                        
                                            GET /_next/static/vMq0fywG6ReNUm9yukIYR/pages/login.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/search/nika%20venom
Cookie: visitorId=untsku6e24fyem9zrgc1; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiJkYzUwNmJkMTUwMDc2IiwiaWF0IjoxNjYxNzIwNTE3LCJleHAiOjE2NjIzMjUzMTd9.zAzjsF6DMfQUdndKVhkusLMGgaUaoFq1l3vV5hra4gM; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWY1YzhlYzM1ODRkNyIsImlhdCI6MTY2MTcyMDUxNywiZXhwIjoxNjY0MzEyNTE3fQ.m7l_QrGlNpG0oaCbE4Ah5AgHseRjBAHQgyAfgtr80ZA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:01:57 GMT
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:00 GMT
etag: W/"ba5-1826d2c11d8"
cf-cache-status: HIT
age: 2030881
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IBFlZIYSoNXvXp9tk03VaLntSIKH9w96YfXm654OrEC%2F1hmtfKfU2myNB5PsZXG%2BcRTmbuw6HNvNZQHGh9DlTuX0BJn3IC4j6EFcO9Q%2FFQ8mOJD7Pmkhd3432SzI7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc318c510b39-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2981), with no line terminators
Size:   112996
Md5:    bb6c3e8374105bae93afd5eeaf1d1251
Sha1:   cd4a95eb778026471e48b41fa9d6323acd5e2b7d
Sha256: f473ced87ad5d7e212de77e9b126cd21a7fa03e5e4fd3cf35024503daf9e5070
                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         151.101.86.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Expires: Thu, 01 Sep 2022 20:13:34 GMT
ETag: "dc097752e54cea9aa072a3c81da9b31189a27018"
Last-Modified: Sun, 28 Aug 2022 20:13:35 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Content-Length: 938
Accept-Ranges: bytes
Date: Sun, 28 Aug 2022 21:01:57 GMT
Age: 2902
Connection: keep-alive
X-Served-By: cache-qpg1248-QPG, cache-bma1663-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 140
X-Timer: S1661720518.687403,VS0,VE0

                                        
                                            GET /RHFSUVUlEzE8aiVMMHcgNh1vdGcCVGAXMXVIYCNgKElqJicqFmV/NigeJzUzNh48JXsqFCZ0ZwI4MT8DJTwHJgcDGwAJNjMoMQEyPEAAFAcuMxohAAwIPjQcIzsbGQIBNAA6BBEnYT4cFCM2FjMAKCQVBydFERMTKjAFPjACNQAGNhIgAx8TDgkDYBhzJwFkBRUpKhcFBkE3C2UVGBQ5FHwmERgNASkqFBkRSQsfADcdGjk+czcaZWUVOQMTNBEzFDI+KEgDYBc0EmA9FBYlCAgcIxIcNyIKSRE6ZDcTPCESETY+KzQRMxQaECABAwUHLjNgGxYcOX9pESIzBwAaEh44B2UnEhNiLQAjBT4UIjQcADQFNCMWIidUYBcDPTwZBBIsQjYEByYQOjJgEEEDdz83HjwhaAMhGmVkChdkKx0JBmIVDxM HTTP/1.1 
Host: oulukdliketo.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1179
date: Sun, 28 Aug 2022 21:01:57 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1mv1wQag8bnTC6InMWfWmYktr_56DKCLd1_m6VaSYMCqeS0T4av1cg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3026), with no line terminators
Size:   1179
Md5:    27d919d98e3184d0803c3500ced97e4c
Sha1:   9d0c6eded9ec1a45c8210fc7cd2279259ddfbd4b
Sha256: 1a56334f17f7006ff610de76fcfa4640d01b5c88faa6cff5a67286dd63008860
                                        
                                            GET /a2p5RTdEVRo2Cj8BARBUATBPIAU9ITsrT1IwEgBzDgRAKWYMM18xXg9XQHMGUl9PY0cCDkR2BU0ZDSRDHhlEdBECBB8qCk0cRHUZU0RAawdNH0R0ER8aGCIKWkwJMUMHV0hzAVpdS3UCWl1MfA8 HTTP/1.1 
Host: atebilaterde.one
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.60.149
HTTP/2 204 No Content
                                        
date: Sun, 28 Aug 2022 21:01:57 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ylU2kbv8h%2B05sZzNTPSHL1Kwv8wygnNRUgjwR197OtyN7G5pon7IDH9Wf5h2vrs6dvLchuD%2BvSuH76%2Bc1BsPu3PhVDOPetl4cac762ku1FwfnNkSl8EYr2wDdoIQq2Q3tFol"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc335eba1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /_next/static/vMq0fywG6ReNUm9yukIYR/pages/video.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/search/nika%20venom
Cookie: visitorId=untsku6e24fyem9zrgc1; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiJkYzUwNmJkMTUwMDc2IiwiaWF0IjoxNjYxNzIwNTE3LCJleHAiOjE2NjIzMjUzMTd9.zAzjsF6DMfQUdndKVhkusLMGgaUaoFq1l3vV5hra4gM; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWY1YzhlYzM1ODRkNyIsImlhdCI6MTY2MTcyMDUxNywiZXhwIjoxNjY0MzEyNTE3fQ.m7l_QrGlNpG0oaCbE4Ah5AgHseRjBAHQgyAfgtr80ZA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:01:57 GMT
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:01 GMT
etag: W/"597e-1826d2c1430"
cf-cache-status: HIT
age: 2030892
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZHiF%2BFba%2BsjB6k2DG6xVpkXas63tDqalVUhzoN6SyOvDyHic3nlYpb5ZpFqN2GjoTsVN8l%2Fni%2BwT8y3u0ukBP0NK%2FA3XDfdf%2FhFz2kjiIU92IBj4P2xxUNBvKTcJkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc319c900b39-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (22910), with no line terminators
Size:   7796
Md5:    747932cd7ce86b0ce1d5ff11debf7803
Sha1:   ed5f223fb787c35d24e2e525f873e2a6eca2dec2
Sha256: ec47cbdbd52a3078db1294fa821f45a27391a8fbfa34fba547b86c0ee93bf213
                                        
                                            GET /Q3VVRk0iFzYrciJIN2A4MRloY38FUGcAKXJMZzR4L01tMT8tEmJoLi8aICIrMRo7MmMtECFjfwUQBnYbLDs5KSIIEg8XFxdNJgIMNx8zHikaN2cuOQ8NIRwDBwFhAX0WTDMoHAwTIndocTMQFwNyExF+aHEzEQc5MhcGLQcUMWR0FDREDAkVGUUBKi5mRxcNFSsWEAV1MhAUEBcKNhw2DwURcHQLJiQbIgoEBSAifCQQHCg9cyEEExQhGzEfGik4OQsPAiE0Dj56IBQHCyUtEwgPER0gInwrMBkBeHE+BH8+GS0DBAhxHWIPKnIjGBUfJCI7BCImRgcfDy4BYiIIbkUQJyRzBhIqAHs/EXcDATctPy5zLBIgCXZBAhdrKQY6KD1+BiYheHITHBF5Fx4W HTTP/1.1 
Host: oulukdliketo.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1156
date: Sun, 28 Aug 2022 21:01:57 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5QzToStU-W6GU2rTFX5XTiYhs63aGUHyPjqFpdKChAYqDI-4PeRunw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2997), with no line terminators
Size:   1156
Md5:    0a783dcdcaf8c26d07481f5fe9e5a89b
Sha1:   14ddaaf69a9b765bf51a958280aa53b7d38f5987
Sha256: 6e59524f7affc4ab8f829835c8273035db9d4fa4b70db7c70458eacc09e0d06b
                                        
                                            GET /M1ExMWdSM1JcWFJsUxcSQT0MFFV1dAN3AwJoA0NSX2kJRhVdNgYfBF8+RFUBQT5fRUldNEUUVXUEUGcxSTVbYCx8OQFgJEthCXdXQB9pAwN3A0ZzN2MmcGswWz1eegBhMGRyMXsdVnRRcgVGBQJ3OlBnNnkedWYPdwR3Vi58KWN9IlQmBnQiQBdlSzZrF3BdA1AmUnYwRBtecyZhA3llU3EQZ3wkemBkdTFlAAV5Jks1c2UMYARGaBFqFwB2ImUlXWYQBxdmeSVyH3N3BWkDCVcwWyZFZwxiFHRmVnUaYHsDUBRwASJlJV1wNnIDZlk1eABzQT1VFxxrInEQBUYicWBTZSBQYGNwNWoLZH8vcRdZRjZmC2JwJFAGdHcUYTJ0dBB3BwgGNgITc2cgYndbQghdIQxoFV1oQQU/BgJlfil/AX4 HTTP/1.1 
Host: oulukdliketo.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1179
date: Sun, 28 Aug 2022 21:01:57 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uQQmjjsqQ8nFsOmYDpemiOEjZnSe6InmSJZ_HSrlsBFkRU6e3EMwng==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3025), with no line terminators
Size:   1179
Md5:    7b0f078394f9c96df7f2884fbe22a9e9
Sha1:   004e82c8e727f0f86d7430811e0e540a0cd66c5d
Sha256: d35183f999edc987d406f3c4d5c8d88770d950f1907266827f44b874e4cca32a
                                        
                                            GET /bTZYelpCCTsJZw9zIDw4OFI6HGkrUDs8KlxSDihqNW4KQwIlDn4OMwkLYUxoXQdqXCoEUmVLYktFLBsuGEVlS3wEWD4VZ0tAZUt0XRhpVGhLQ2VLfBlGOR1nXBAoDi4BC2lMbFwBakpvXAFuSmM HTTP/1.1 
Host: atebilaterde.one
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.21.60.149
HTTP/2 204 No Content
                                        
date: Sun, 28 Aug 2022 21:01:57 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xt9zLSheY9eOcxMRGLiMPaj%2BLlgQ9dslGaavHnMG5EgqwB6mXKEHLzTwXguttHYXn0ugdBPCCxbkEJG2yA4yFkAbJwL%2BWRrgTXlrkGycdR1ivcWDL08k4648zUtyTLWKI7Wk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc337ed21c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /Zk1rZGFJcggXXDx8CFQsIx8NPiArCwgyJwgPOiZQPiAyJSBVAE0QCAJwUlJTVnxfQhEPKVZVRxU5ChAUFXBaQggIKwRZRxBwWkpSUmNZXE9Wax5ZUEA5GwUGW3xNFBUSIVZVV1B8XFZRU3xcUlJV HTTP/1.1 
Host: atebilaterde.one
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.21.60.149
HTTP/2 204 No Content
                                        
date: Sun, 28 Aug 2022 21:01:57 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mH22PhaG91s6RL9BHMuDb9GGsbqzNB4HhZMajbOwsBBdQ%2FJWen648I96jPEH7bC3XKNv0biagS2YL4qVVHG%2BQXw2SA0TambvdiK1bmUTmdW839bKipBhI21Z4whOenjaV6oe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc338ee11c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fsearch%2Fnika%2520venom&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afp%3A993%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1206754322062%3Ahid%3A886814394%3Az%3A0%3Ai%3A20220828210157%3Aet%3A1661720517%3Ac%3A1%3Arn%3A346691720%3Arqn%3A1%3Au%3A166172051751915338%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1661720515759%3Ads%3A2%2C73%2C163%2C0%2C364%2C0%2C%2C214%2C10%2C%2C%2C%2C1008%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1661720517%3At%3Anika%20venom%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         93.158.134.119
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 330
date: Sun, 28 Aug 2022 21:01:57 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 28-Aug-2022 21:01:57 GMT
last-modified: Sun, 28-Aug-2022 21:01:57 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (330), with no line terminators
Size:   330
Md5:    a0a2453b706cb66e6c9bb927d73f9be2
Sha1:   da84033c2f3a75617c7df18e18c316407dc88459
Sha256: 66fa1bb5218ac4c98c2e6d278d5289ab23408384fdb563e218987224e066c965
                                        
                                            GET /IcnVaMUwRGjRXcwYcPgx1RERjBHpUHyleIgJIHWEERkQUV3oIPRdGfDYvDRc4CBFnAWoeFDRWcVQQNFJxQ1M7VS5PQXxFPB0eZ0QiFhA8WCIXEXxELU8YNUslHhk7FH40QHQBaUBFckl9Q1Bpc2lARTZYIgcNfwN8Ck1sbnpGUGlzaUBFKEdpQTRjB2JCXH-8DfBUQOVojV0ccA3xDRWoAfENQaAEqGwc/VyMKUGh3dURbahc5T0Q HTTP/1.1 
Host: d192r5l88wrng7.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oulukdliketo.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.245.4
HTTP/2 200 OK
                                        
content-length: 329
date: Sun, 28 Aug 2022 21:01:57 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Fytoji9oPTPHjkuIItk31TbRT6DkIpl4lN40Cw9NhB_rP07HPizWWg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (412), with no line terminators
Size:   329
Md5:    4f3b3b7211fc546cd43f067f68a21ac2
Sha1:   eebb7cf396dc540cc46da5aeaf1961fa2b9e336a
Sha256: 377ba3fee9121f156ce4379f4436e27ec8be7ef509c540e38552e23882ece008
                                        
                                            GET /eS0VoNlooKgZQZT8sDAtjfXdYB2htLxtZNDt4G0U9fnQOfw1/EQN1fD8/DAtqbSkJWD12Yw1YOXZ0Tlc+KXhcEC8qeAVZICIpBFd/eQNdGGpud1geInp0TQUYbndYWjMlMBATaHs9UAAFfXFNBRhud1hELG52KQ9sZXVBE2h7Ig1VMSRgWnBoe3RYBmt7dE-0Eai0sGlM8JD1NBBxyc0YGfD54WQ HTTP/1.1 
Host: d192r5l88wrng7.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oulukdliketo.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.245.4
HTTP/2 200 OK
                                        
content-length: 188
date: Sun, 28 Aug 2022 21:01:57 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IglHsZs29Psy8WtBnKFA7rpjVtxi6TcqqMh7Bcjwm36wXE07TC-aFQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   188
Md5:    355e23df3499365d3114b002ca20971e
Sha1:   ac777adc4a61e668b34da92d40b800306eb26dbb
Sha256: e2fd7cad505548a0c2be89ba1d97ea24d6ad881d54b0e45217773f49d5ea5a53
                                        
                                            GET /_next/static/vMq0fywG6ReNUm9yukIYR/pages/top.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/search/nika%20venom
Cookie: visitorId=untsku6e24fyem9zrgc1; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiJkYzUwNmJkMTUwMDc2IiwiaWF0IjoxNjYxNzIwNTE3LCJleHAiOjE2NjIzMjUzMTd9.zAzjsF6DMfQUdndKVhkusLMGgaUaoFq1l3vV5hra4gM; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWY1YzhlYzM1ODRkNyIsImlhdCI6MTY2MTcyMDUxNywiZXhwIjoxNjY0MzEyNTE3fQ.m7l_QrGlNpG0oaCbE4Ah5AgHseRjBAHQgyAfgtr80ZA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:01:57 GMT
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:01 GMT
etag: W/"582-1826d2c1430"
cf-cache-status: HIT
age: 2030882
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKFgVprhmXsYAobbm4yb%2B8Cpi1GbGNpvRKvTzHaTMnzyV6ArWVmF5lBdcCYmQtvtrxwduxvQZFHOFVVac1mbPHtVoX2MGRF7VSIDoi5PwvOaLeGuR23iXzspMLyhrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc318c530b39-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1410), with no line terminators
Size:   1266
Md5:    c3b2cc3ec0d8ad5b38b015ad455e0431
Sha1:   77fc64e1af47a7da373fcb2e35cc00866a9c5f52
Sha256: 34434ae5ba95b4d08e6f11af30cbe8adf04635caa579886f9121305c3c2840f9
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3915
Cache-Control: max-age=145693
Date: Sun, 28 Aug 2022 21:01:58 GMT
Etag: "630b5e98-1d7"
Expires: Tue, 30 Aug 2022 13:30:11 GMT
Last-Modified: Sun, 28 Aug 2022 12:24:56 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:01:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:01:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:01:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         93.158.134.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Sun, 28 Aug 2022 21:01:58 GMT
access-control-allow-origin: *
etag: "63076e51-2b"
expires: Sun, 28 Aug 2022 22:01:58 GMT
accept-ranges: bytes
last-modified: Thu, 25 Aug 2022 15:42:57 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-121614197-2&cid=204664301.1661720518&jid=392700303&gjid=2051057509&_gid=85605719.1661720518&_u=YGBAiEABBAAAAE~&z=435435952 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.251.1.157
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 28 Aug 2022 21:01:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.237
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 28 Aug 2022 21:01:58 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S772055977%3A1661720518052112&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmWG1Y0IL675cUqv7UP_Z0zeHBTfs-0PIZhGHSkgdHYANftSIDu6RpTPft6itoav5Vu2HetO
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-j9-IRV2scsBrXq9_k_ViFg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 389
server: GSE
set-cookie: __Host-GAPS=1:zT0ZRJF21Z3Ki4LfGXpT6Y-MjYUY-g:66Rj9XQhexGaeBxE;Path=/;Expires=Tue, 27-Aug-2024 21:01:58 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (377)
Size:   389
Md5:    2e8223c6377bef7d478364478f861424
Sha1:   9cbe847e430847389bb6df2ed0481b3848a7a3aa
Sha256: 9237d97af888a3daee1e9bbab64002a15ef38178b3bae8171dab2dbddd3fda05
                                        
                                            GET /utx?cb=FqiXx88xP4Hg&top=xfantazy.com&tid=961956 HTTP/1.1 
Host: oulukdliketo.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.49
HTTP/2 204 No Content
                                        
date: Sun, 28 Aug 2022 21:01:58 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 28 Aug 2022 21:02:58 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fSLJ4GXl3_Wkcd6gEV2VjrvOX5Z_yBa8Ipv0Db6SAny1SqQUU90wgg==
X-Firefox-Spdy: h2

                                        
                                            GET /utx?cb=0F1zxHexulIZ&top=xfantazy.com&tid=962014 HTTP/1.1 
Host: oulukdliketo.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.49
HTTP/2 204 No Content
                                        
date: Sun, 28 Aug 2022 21:01:58 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 28 Aug 2022 21:02:58 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: FoyuIT2YIx_HV73c7I4zMKfcRLGqYurDHgGKOfmmqVrrzoM5_t_WHg==
X-Firefox-Spdy: h2

                                        
                                            GET /asd100.bin HTTP/1.1 
Host: freychang.fun
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.21.45.207
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Sun, 28 Aug 2022 21:01:58 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 7017
last-modified: Sun, 28 Aug 2022 19:05:01 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJviMEHj1853Z33fqEgTHZoFsbhfWCGKSd07K8lq7UHdpvD4jfGxaCaLrTTmX8%2F8uzNEfS9tQ07G7RT6nyokVFT4VZAzldFx5jMxyW0pLS7ksGbTHTvrQK3QYV2Fs3lk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 741ffc35af9cb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   102871
Md5:    d589bc5aa232611bb9d79c63af4e0137
Sha1:   5da458728ce19c75dccaaa2432e5d169da8e8a71
Sha256: fc89a401191a5b15ade2ffc76cfa12bd176329901dc86a091f28da9e192385e4

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:01:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3915
Cache-Control: max-age=145693
Date: Sun, 28 Aug 2022 21:01:58 GMT
Etag: "630b5e98-1d7"
Expires: Tue, 30 Aug 2022 13:30:11 GMT
Last-Modified: Sun, 28 Aug 2022 12:24:56 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "18AB0043E4F1E6B287FA34EDA7C48C82A464CAAE817BA08357F505031C78A8C8"
Last-Modified: Sat, 27 Aug 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15863
Expires: Mon, 29 Aug 2022 01:26:21 GMT
Date: Sun, 28 Aug 2022 21:01:58 GMT
Connection: keep-alive

                                        
                                            GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/html; charset="utf-8"
                                        
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-fb-debug: JqnLSAi2f43mx/Aggu2CprE7MYVuLOn3QaSytUZqfvhipiwNW3ANGEm1LB2HxKqZFFT60t8CVIsSduiHEYMBtw==
date: Sun, 28 Aug 2022 21:01:58 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1183
Md5:    b253384e7afaff7b56ec61f8d9a852f9
Sha1:   b63c3ee5e79a2e05dcae2a4fb6689a6ca8c34620
Sha256: 9fc70423edb527c1d9d7b4cf5d92b2f68508f39b53be1b148d4e27b7626e52e4
                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fsearch%2Fnika%2520venom&charset=utf-8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1206754322062%3Ahid%3A886814394%3Az%3A0%3Ai%3A20220828210158%3Aet%3A1661720518%3Ac%3A1%3Arn%3A452908324%3Arqn%3A4%3Au%3A166172051751915338%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1661720515759%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1661720518&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         93.158.134.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Sun, 28 Aug 2022 21:01:58 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 28-Aug-2022 21:01:58 GMT
last-modified: Sun, 28-Aug-2022 21:01:58 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fsearch%2Fnika%2520venom&charset=utf-8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1206754322062%3Ahid%3A886814394%3Az%3A0%3Ai%3A20220828210158%3Aet%3A1661720518%3Ac%3A1%3Arn%3A718098841%3Arqn%3A5%3Au%3A166172051751915338%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1661720515759%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1661720518&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)aw(1)rqnt(5)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         93.158.134.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Sun, 28 Aug 2022 21:01:58 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 28-Aug-2022 21:01:58 GMT
last-modified: Sun, 28-Aug-2022 21:01:58 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fsearch%2Fnika%2520venom&charset=utf-8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1206754322062%3Ahid%3A886814394%3Az%3A0%3Ai%3A20220828210158%3Aet%3A1661720518%3Ac%3A1%3Arn%3A207142313%3Arqn%3A3%3Au%3A166172051751915338%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1661720515759%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1661720518&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         93.158.134.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Sun, 28 Aug 2022 21:01:58 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 28-Aug-2022 21:01:58 GMT
last-modified: Sun, 28-Aug-2022 21:01:58 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fsearch%2Fnika%2520venom&charset=utf-8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1206754322062%3Ahid%3A886814394%3Az%3A0%3Ai%3A20220828210158%3Aet%3A1661720518%3Ac%3A1%3Arn%3A1064978664%3Arqn%3A6%3Au%3A166172051751915338%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1661720515759%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1661720518&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)aw(1)rqnt(6)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         93.158.134.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Sun, 28 Aug 2022 21:01:58 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 28-Aug-2022 21:01:58 GMT
last-modified: Sun, 28-Aug-2022 21:01:58 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fsearch%2Fnika%2520venom&charset=utf-8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1206754322062%3Ahid%3A886814394%3Az%3A0%3Ai%3A20220828210158%3Aet%3A1661720518%3Ac%3A1%3Arn%3A306509463%3Arqn%3A8%3Au%3A166172051751915338%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1661720515759%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1661720518&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         93.158.134.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Sun, 28 Aug 2022 21:01:58 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 28-Aug-2022 21:01:58 GMT
last-modified: Sun, 28-Aug-2022 21:01:58 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EFF4EE2043BA81D81D564FAE2B72994858725E9282D45972CA92291BBC193FEE"
Last-Modified: Fri, 26 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2965
Expires: Sun, 28 Aug 2022 21:51:23 GMT
Date: Sun, 28 Aug 2022 21:01:58 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EFF4EE2043BA81D81D564FAE2B72994858725E9282D45972CA92291BBC193FEE"
Last-Modified: Fri, 26 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2965
Expires: Sun, 28 Aug 2022 21:51:23 GMT
Date: Sun, 28 Aug 2022 21:01:58 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78cd7e71-95b2-4fb2-99cc-1b8645fc4d73.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10824
x-amzn-requestid: abf116d5-7ffd-4100-bbbb-f8ebcc903e48
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XaJqgGfToAMFfmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6307230f-058b88810d3d902475af52a3;Sampled=0
x-amzn-remapped-date: Thu, 25 Aug 2022 07:21:51 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: 1QjI_En26B7SLes62WrxkEODPzBCDiUUo8ttH3vOUYsTTTo-ucHIqA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 08:42:16 GMT
age: 44382
etag: "96e49f02f48d8e212335722d7a95eba9b21050de"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10824
Md5:    e0a52aaf6cfd3c91ef396ec21e668634
Sha1:   96e49f02f48d8e212335722d7a95eba9b21050de
Sha256: edd20b6a1790cc65fd16f64e6e58c01140d814ffb27a6fe6f41c7dc285a76b2b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2b0d146-88a6-4ec6-a71c-bb9dd4314497.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7505
x-amzn-requestid: 66ed5a9b-1b9c-40c4-b757-7c13e9dc6410
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XitJxFFSIAMFhrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a8f0b-24404d4f7a2cae8f4c3bcb97;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 21:39:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UFJ0DtBufSFfM1vFxdagMV5tpP5ZEH2NbdduFvVM6sL7UVpdhSBhGQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sat, 27 Aug 2022 22:03:39 GMT
age: 82699
etag: "ec62fa681d45d696fc7308fede11cd16979594fd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7505
Md5:    ef5729bf444dd3cc7b8e7945187e09ee
Sha1:   ec62fa681d45d696fc7308fede11cd16979594fd
Sha256: 34d5df4a669399f171489c9cd0f90a53eea21c35c1ccd310df39cc356c9922cd
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F933e0e21-c280-4b74-a8f8-65fce6314d41.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6305
x-amzn-requestid: c8e3d17b-c4fe-474b-aaf4-14fa94606200
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xita3EUZoAMFqiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a8f78-42546a656b9222f12893ddf9;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 21:41:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: H6vVCulD-zli69M5-qvPjeNmwhRlRmcsA8iDXJDcKSgCXsLDD5lHsg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 27 Aug 2022 21:48:01 GMT
age: 83637
etag: "48f405786f10c0ec70fd69cf63c44fa6b8a164f4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6305
Md5:    3dc873af5fc2b0ca028c7cfef840ab59
Sha1:   48f405786f10c0ec70fd69cf63c44fa6b8a164f4
Sha256: d48a9846a6a470b7d88bfe521b3adae3f9827419b4ae09c78e22f0d8a4c0e0f3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c51c541-314b-4130-a3af-d06caf60bb7b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7058
x-amzn-requestid: 9059da6e-9360-445d-8605-e05f29234b44
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XiuGcGYqoAMFRfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a908f-3faf9a64271fb8a02010d3e5;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 21:45:51 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: IevbIr8ZUpryBbm6-c5-3MXJ4eXrXrHxTFGNl3-alDedXci9AzRzxw==
via: 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sat, 27 Aug 2022 22:04:08 GMT
etag: "0c0aa0266043aa373afb74a15ab605fba7ceb654"
age: 82670
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7058
Md5:    d86049a1b34617a0d41fb4ef97009303
Sha1:   0c0aa0266043aa373afb74a15ab605fba7ceb654
Sha256: 02bcd4310d68f5cffd90c1cced9e9789876f3c51c1edb21f9b0dec1e659118b6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3669e6e-88e8-42f1-8b3b-7bb300b93ae6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6527
x-amzn-requestid: e00d8dd2-45c6-4d2f-ac77-22b789af807f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xis-kE_ZIAMFuew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a8ec3-365ab7026fbf1302654e6e4d;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 21:38:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Wi_nJPwhDPfeFP_UBplh5_IAa8HZsWoA6aA9kpTGPCx1EpNiQN8vKQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 27 Aug 2022 21:43:56 GMT
age: 83882
etag: "defd4c20c1034f6890d780022c94cab34cbf87f3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6527
Md5:    8609f20b4f6de9888a710a1a865a8cca
Sha1:   defd4c20c1034f6890d780022c94cab34cbf87f3
Sha256: 36444bc24a9bd966ab805567dd936db8fcded9244c675025c023fe99b32be5b0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ffd5e13-a021-41cd-b8a0-c47ab5824b67.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6143
x-amzn-requestid: b714dab3-5fd9-49ab-85c3-be842523fe5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XitbkFZRIAMF5pQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a8f7d-61caf56c26c2365762b0165d;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 21:41:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tmJzZhBRPLy8YUEJZ1Ha17ySrq77JD3nZFNTZY8GNc5dvKPVVpPmZQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 27 Aug 2022 21:53:51 GMT
age: 83287
etag: "d4034cc5264cce974cc6c5e38a712170fe2640cf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6143
Md5:    85306ac4e917d959101d95a326ecede9
Sha1:   d4034cc5264cce974cc6c5e38a712170fe2640cf
Sha256: dc10c89e607d309e9f9b5ef5856a2775bc0e96629a09a03641af3fc8a7b6f468
                                        
                                            POST /c1FJUHZcbiojSycWfCk4Njl9ByM+HCwYQxUACDRPFhd4FDQ7Nm8kHxdscGZHSmR/dgYaNXRjRFUiPTECBiJ0YkZDZm85GBU+dGFQBWx5fk5daGdgUAZseHYCAzAubUdVIT0kGk5gf2ZHRGN5ZUdLYn9o HTTP/1.1 
Host: atebilaterde.one
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         104.21.60.149
HTTP/2 204 No Content
                                        
date: Sun, 28 Aug 2022 21:01:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WrVRkaB03EtyeQOJtdsMhjwTiN9MoD0%2BSDugr%2BM5n%2Bq4DOxD5%2Bc%2BLofXql7gAagXckJTLpGSUTiXF0nW%2FRcELw543hX8vqb6x5lbfnR8IhRXJ4dsgQdhrnt69FDoyGqf0b3W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc37fc011c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fsearch%2Fnika%2520venom&charset=utf-8&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1206754322062%3Ahid%3A886814394%3Az%3A0%3Ai%3A20220828210158%3Aet%3A1661720518%3Ac%3A1%3Arn%3A899440577%3Arqn%3A7%3Au%3A166172051751915338%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1661720515759%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1661720518%3At%3Anika%20venom%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6-h-1%29clc%280-0-0%29aw%281%29rqnt%287%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         93.158.134.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Sun, 28 Aug 2022 21:01:58 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 28-Aug-2022 21:01:58 GMT
last-modified: Sun, 28-Aug-2022 21:01:58 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /floater?cs=dnBJRG9CR3h8X0RBe3daQkN4dF8&abt=0&red=1&sm=83&k=nika%20venom%20xfantazy&v=0.8.9.0&sts=0&prn=1&emb=0&tid=961956&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fsearch%2Fnika%2520venom&jst=4&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi3_&_Ycdj=1661720518368&crc=1 HTTP/1.1 
Host: oulukdliketo.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: text/plain
                                        
content-length: 1192
date: Sun, 28 Aug 2022 21:01:58 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=c057f333-c847-4a18-bb74-06e19f825def
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vPieXP3QuL3DmHSfYOJKB7TgpF-dRTZprxfxMN6r4KKa1a-95H-Eqg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1887), with no line terminators
Size:   1192
Md5:    e82c70ac562c2e010e78df3ac3637a57
Sha1:   1d9ba65069d957199ad23ff8571d5a0c0b6d9dfa
Sha256: 0da3faed38d1db01f5ff4063ea38bae1e9c31fdeefb1bf7098d82c575f757be5
                                        
                                            GET /api/spots/395190?host=xfantazy.com&ev=192&wh=939&ww=1280 HTTP/1.1 
Host: a.focusde.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         135.181.208.216
HTTP/2 200 OK
                                        
server: nginx
date: Sun, 28 Aug 2022 21:01:59 GMT
content-length: 0
set-cookie: nauid=OA4S99WJDvi16hEXsmfo; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D29C30FA09F0C9A3490FBCFCDFB06C8E3E013280DF29B45797BC9D8ABEEBBAA0"
Last-Modified: Sat, 27 Aug 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18685
Expires: Mon, 29 Aug 2022 02:13:25 GMT
Date: Sun, 28 Aug 2022 21:02:00 GMT
Connection: keep-alive

                                        
                                            POST /UXR4QVF+SxsybDNGPTYFYwwaFzYXRyAHYAA1FjkLBkUxAzdgA141ODVJQXdgaEFOZyE4EEVyY3cHDCAlJAdFc2FhQV4oPzcbRXNhYUJIcWBhRV12EjkADDEidEc5ZGMXUUoHMjUaViA1KUVWIj48UUoHaGdAHSBjaBIZeTJoRE4iZGEVTiI0Z0ZPeTM0EE5zaTVaCC82dEM7LyQ9GF12EmVFTXBmZUdJcWNnR051Y2RMT3J3J0lIb2l/TVZxdyRJTnhoYEZKc2JmQU91aWFHXjUhMBNFcHchAAwtbGBCTnBmY0RNc2FhREw HTTP/1.1 
Host: atebilaterde.one
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         104.21.60.149
HTTP/2 204 No Content
                                        
date: Sun, 28 Aug 2022 21:02:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pjzMiShntpnDsNPjhizvAM%2FR%2FxvyFQ5K6N2cRFDv2ylnOqsehOkasgTOfF3b8DmXIZ%2FbJh%2FULwQIM1xrM8epNeLklRxcDF0NlM%2FQoqxnj%2FKA%2BH9des8iq2VyhzxLPZ3CrKX2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc423f811c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /964ea29fa8c906c50a6ce6278bed628d.png HTTP/1.1 
Host: cdn.adx1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         149.11.201.98
HTTP/2 200 OK
content-type: image/png
                                        
server: openresty/1.15.8.3
date: Sun, 28 Aug 2022 21:02:00 GMT
content-length: 19427
last-modified: Tue, 21 Jun 2022 21:25:16 GMT
etag: "62b2373c-4be3"
expires: Thu, 01 Sep 2022 10:53:11 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size:   19427
Md5:    749dc1a761b4cadc07648fe3ed87796a
Sha1:   0023796a9b6c8ec9c554b3aac96f99753568a6c1
Sha256: d865312aaaacbcb21bf9525e62c3c93e889c543a2976e786772369981d9500c0
                                        
                                            GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1 
Host: addresseetransportationsyndrome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.6
Date: Sun, 28 Aug 2022 21:02:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 146d336cb488844eb0de4e6aee8cfecd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (37142), with no line terminators
Size:   13425
Md5:    fa2afa1660930e6b32c83006ef2aa134
Sha1:   38087ec64ef8ddbc0c48c07021e286cb7a788d97
Sha256: 227c830f35bbad309aee364869452d93f5875aaf6e264b23c789fd9c93a3b548
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.118
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 28 Aug 2022 21:02:00 GMT
Last-Modified: Sun, 28 Aug 2022 19:18:15 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: e-god8N7ddI_zCLGDJfgXX34eUtOv7dhnlCv2SCJtjtn7WS09JOeHA==
Age: 6225

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         3.127.140.33
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:02:00 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=c67dc25a-67aa-43b5-ba23-2eff660e60c0:3:1; expires=Wed, 25 Aug 2032 21:02:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    55ef1e5ccb213f7df4ee38f309b15cf0
Sha1:   876b08ec44648690101eb1a201bf2163627ca227
Sha256: 1de10281a332fe6f41660213811f2410836949403afec59992eb61b7679abdf5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7E8AF547E2942FE0047CA31208FD36CB458AEA4D77A0073AC5509007D2EE154F"
Last-Modified: Sun, 28 Aug 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11449
Expires: Mon, 29 Aug 2022 00:12:49 GMT
Date: Sun, 28 Aug 2022 21:02:00 GMT
Connection: keep-alive

                                        
                                            GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1 
Host: forgerylimit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.22.0
Date: Sun, 28 Aug 2022 21:02:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 929ed5586331f8e39ef18ec837fab57b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size:   28744
Md5:    997ee12cd5f25844e470ee9bc74b80dc
Sha1:   b0700f39316957aa0faea686824aa148c867cdc8
Sha256: b7e7b1943497db5b9cb23ce6283c8369e2ca4e42f26413329d84e0e198c6cd78

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "6500BD5AFFB7EC84FC3537FDCC3EC96EBF8817EC493B4C022AF4CF708E2914AA"
Last-Modified: Fri, 26 Aug 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6907
Expires: Sun, 28 Aug 2022 22:57:08 GMT
Date: Sun, 28 Aug 2022 21:02:01 GMT
Connection: keep-alive

                                        
                                            GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=c67dc25a-67aa-43b5-ba23-2eff660e60c0%3A3%3A1 HTTP/1.1 
Host: forgerylimit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.22.0
Date: Sun, 28 Aug 2022 21:02:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Mon, 29 Aug 2022 21:02:01 GMT; secure; SameSite=None uid_id2=c67dc25a-67aa-43b5-ba23-2eff660e60c0:3:1; expires=Sun, 04 Sep 2022 21:02:01 GMT; secure; SameSite=None pdhtkv=true; expires=Mon, 29 Aug 2022 21:02:01 GMT; secure; SameSite=None uncs=1; expires=Mon, 29 Aug 2022 21:02:01 GMT; secure; SameSite=None pdhtkv29=true; expires=Mon, 29 Aug 2022 21:02:01 GMT; secure; SameSite=None uncs29=1; expires=Mon, 29 Aug 2022 21:02:01 GMT; secure; SameSite=None sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]; expires=Sun, 28 Aug 2022 21:02:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28d733202ea100f2c079390d351351a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (6352), with no line terminators
Size:   3678
Md5:    4939e4a914d514ce6613396cb250c07e
Sha1:   f6e0ab1586e7b2a4e661fd21add3a2a8d00c930d
Sha256: 881c010f8b4351a5762280fba896fc24065d2a9bd68eb501e423fb7ac41fead1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "CE763B6BEC5375B30DA029140C3AE35CA8C53D84ED04D678449A7DED52B5BDDD"
Last-Modified: Sun, 28 Aug 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12173
Expires: Mon, 29 Aug 2022 00:24:54 GMT
Date: Sun, 28 Aug 2022 21:02:01 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "6500BD5AFFB7EC84FC3537FDCC3EC96EBF8817EC493B4C022AF4CF708E2914AA"
Last-Modified: Fri, 26 Aug 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6906
Expires: Sun, 28 Aug 2022 22:57:08 GMT
Date: Sun, 28 Aug 2022 21:02:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "94984399356BA3AEB6C1419E1AF4F3F267E9537D39DCF39BDDEBF67F96BB2EED"
Last-Modified: Fri, 26 Aug 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7547
Expires: Sun, 28 Aug 2022 23:07:49 GMT
Date: Sun, 28 Aug 2022 21:02:02 GMT
Connection: keep-alive

                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3s3v8GM9%2BGcvsihz8KBgJt09M90Z9xCMa3Qxu1l2Fb1JdVX1pEx1V1PVPT0ZEEIWZI%2BzRz113iQbVoPo0QWDTBZEAsKOBwliDh7UkyDCXjwoMxs2%2BC7f99V7h%2Fe9rz7aKo6Ji4IeXbqi%2B1IpOtequ7UX3%2FO8i7VlmRa9Wm8%2BeD9oXqyZ7ivtoO6%2BVHtDsDU957ue63quV1uSRsS6NzchIbO9tldvu%2FWmX%2FdaTfTMf2dbOLDUAe8ek6ch%2BXjmvnMeko2QJl9cEnYt19nLryeFork26PLdd9K1VJcpktM2Ng7idPdEDW0fLO1DpztTu9Ddx8JIjonz7T6idPfEJKLu9tRnpCBSRPwcyu4IQo0g6QhM34TkDwjAOK6uIE3uXNWmpOuPWDphx2Tm4V%2BQ5ZjM%2FHweafL5opK92g2tilzq1KIXV5C9EWRnhKw4QN4%2FA1kegOWbkPx7MvdwGWmyvWKVhuRHL7Ag5Mxv0dkgpHS22YhasxH1G7O%2BiOMgcEXgMncakJQjyHgEJQag9iwK66CQDorYQZE5SPhRjXmeF7qcUXe%2BzViDhyIKuOvRMPao5wbzKNhkhwHybACmBmBmA5nZwJq8PSZkcxum%2BAZ2tYLlDmxO0OUVSkFQWoKSEpSSoMwJym61w5X1bXWHK1tE3kn1T2qjGuq8s0V3dN4RKdnKjslT0%2FT%2BeOIe1sRRjfpxu%2B3GntsMAzfwWOi1ucc8ShvUF4z7sLKCtGdArYO%2BHJPzF35BNrnoh%2F8gogew6gBMPglaPAdaDkPfBV0dNudd9NO9XkzTnPbX60wn4LpCls8gX3e21DF5duqjNash2OHCaOPezuZPv4OZCpmp8IG8T9BRt4bXdUm2r%2BvSki9Xslwmsk8nF76R01z879O3xHqpDb98yQ7uvsomxKTde1vYfJmmXKYdSz5blJwLs6QNE%2BTry%2FZdEV0r7OpiYdIiW7722tLlJDPCWqnTEehktWfeBJNj8v9FMf28F%2FZ%2FhTQjmKJCUhySE0DqA7BsAzY7XPjq4wk%2BgdVnYdSpJsoclEU1NH50%2BqgkgRKnM40qWHG4ML4y%2FvPu378hEo8D2bK30DHPg%2BY3kSYVuqZCV1WgagBbnB3mmTlc%2BKExBSLlDCNlnO1IGXX7UbhWHtXCRsOlQbvlhSEVYdT05%2BPA45T6zcAPAtpAbsfs3I%2Ff%2FQsAAP%2F%2FAQAA%2F%2F8J1wiDhwQAAA%3D%3D HTTP/1.1 
Host: forgerylimit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c67dc25a-67aa-43b5-ba23-2eff660e60c0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.22.0
Date: Sun, 28 Aug 2022 21:02:02 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fe81d7f50bb5309f926503366d59b979
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sfp.js HTTP/1.1 
Host: creepingbrings.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.234.233
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sun, 28 Aug 2022 21:02:01 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: b9a3824e953648b03aa857e72f9acc8d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 28 Aug 2022 21:02:00 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2BoRIElNIodsENHXOEvXDlT7mSVu5eIQzL6rtrRvjzukgpXHgSk1bsCZ6ZNANMrT4pJJ4LBLb4vcgmyi3v8obnBSACAyh3Q%2F1UTpNqsLK6EpobEccnXlpnCP6204gNKzMvLsXGc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 741ffc453cfb74ad-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size:   23428
Md5:    fcd7a642890135e84b84543a0b884cdf
Sha1:   6d75db26e760927f8569ad0fff5adbfe4c7200f7
Sha256: 296f5a6c2de128c831ea74cc062dff365d67ab3722821b5a10d77a0ff46f2779
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "893AA15F459674BE08625F9CB855CC9EEFA556784D96950EF68DF4BB8C1E82E6"
Last-Modified: Sun, 28 Aug 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10257
Expires: Sun, 28 Aug 2022 23:52:59 GMT
Date: Sun, 28 Aug 2022 21:02:02 GMT
Connection: keep-alive

                                        
                                            GET /pixel/purst?dl=0&th=0&sc=0&rs=5701&rd=5701&fd=1029&bv=22.8.v.2&tmpl=136 HTTP/1.1 
Host: reasonablelandmark.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
                                        
Server: nginx/1.22.0
Date: Sun, 28 Aug 2022 21:02:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html HTTP/1.1 
Host: cdn.barscreative1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.3
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Sun, 28 Aug 2022 21:02:02 GMT
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-616"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 28 Aug 2022 22:02:02 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2433
Md5:    187676ebbe21434a07bc12c5d38f0dd6
Sha1:   1f13de95cb368c10934ccff61e45308dcc881a5d
Sha256: 8e23dd62988cef419422f6d11e46175342be1d0f0dedb50b8bbd3bd4bb2c6d7f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sb/ssp/utility/live-message/3-2/js/script.js HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.21.51.177
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 28 Aug 2022 21:02:02 GMT
last-modified: Thu, 28 Apr 2022 08:29:16 GMT
etag: W/"626a505c-495"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2199418
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tdh%2BNaywNDsGJOAaM9r8O6pjK03auFKXib6AiJSDhuQRaMWBWMiZVeUgSuHin4wZwUnHTrhBkNtfDbWa5giOR0apbqgalVp4bJ2Gp2CSWGctkQ%2FvO3s%2BceXWH%2BfWdi3NCJ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 741ffc513e58b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   929
Md5:    24e740462c1f1885dadbed7d1dd6e308
Sha1:   d5f269b5832f5408e99b1c22da98d7a8d1b04aeb
Sha256: 1593d9c6dfc62289546a374d6da92d3d131514b0c0f5c435b50384524e4d7431
                                        
                                            GET /si/d0/a0/d8/d0a0d821060389d259eacced98d832d6/1655369780.jpg HTTP/1.1 
Host: cdn.cloudimagesb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.10
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 28 Aug 2022 21:02:02 GMT
content-length: 11220
server: nginx/1.17.6
last-modified: Thu, 16 Jun 2022 08:56:28 GMT
etag: "62aaf03c-2bd4"
expires: Tue, 30 Aug 2022 21:02:02 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size:   11220
Md5:    3f40e4f0a14d71c9e6f54240628972a6
Sha1:   40f2097b5d23a3a724f67d7b1a00347638777e69
Sha256: 6917138d08085819df6ded4e805183cbe3987695f8861aea7d84e5449406be1f
                                        
                                            GET /si/25/f8/67/25f8672a8dede505f1d482a0fae4ce30/1655369803.jpg HTTP/1.1 
Host: cdn.cloudimagesb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.10
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 28 Aug 2022 21:02:02 GMT
content-length: 11257
server: nginx/1.17.6
last-modified: Thu, 16 Jun 2022 08:56:51 GMT
etag: "62aaf053-2bf9"
expires: Tue, 30 Aug 2022 21:02:02 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size:   11257
Md5:    fdd0d70787cbe32ddf0f337191cd073e
Sha1:   c69ec6c3647241c0fecb67eba56195414120253b
Sha256: e2014a64037f30864207347c73f351be90f4cf3b5abaed05f86252d9007cb40d
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=321 HTTP/1.1 
Host: forgerylimit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c67dc25a-67aa-43b5-ba23-2eff660e60c0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
                                        
Server: nginx/1.22.0
Date: Sun, 28 Aug 2022 21:02:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=79249&fd=58 HTTP/1.1 
Host: forgerylimit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c67dc25a-67aa-43b5-ba23-2eff660e60c0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
                                        
Server: nginx/1.22.0
Date: Sun, 28 Aug 2022 21:02:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sb/ssp/utility/live-message/3-2/css/animate.css HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.51.177
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 28 Aug 2022 21:02:02 GMT
last-modified: Thu, 28 Apr 2022 08:29:13 GMT
etag: W/"626a5059-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2199418
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H0stPvAhw0%2FSmFIzqYRcoNdHmlI5sHHk4l0rjRPDBQAJoPyVImXS%2FJpuFUbAHoVGxXn7zhC48f1LrTnM2u21rSU%2FHfHoChvEhl9LTAX8u%2BljB9O6kQo%2BaAWqkfvQ9%2Bb7McE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 741ffc506d6bb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   5507
Md5:    b5ded357e4071cb6cabaf3437de3df7d
Sha1:   6c96815efb42acd19b15cc3073ea09aacfd350c6
Sha256: 713f04b6111fec8270fe32d776fac5c36b48585e740e9f31162d17b5ddcfbe10
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fstyle.css&l=8924&fd=69 HTTP/1.1 
Host: forgerylimit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c67dc25a-67aa-43b5-ba23-2eff660e60c0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
                                        
Server: nginx/1.22.0
Date: Sun, 28 Aug 2022 21:02:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/sbs?c=1 HTTP/1.1 
Host: forgerylimit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c67dc25a-67aa-43b5-ba23-2eff660e60c0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
                                        
Server: nginx/1.22.0
Date: Sun, 28 Aug 2022 21:02:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3s3v8GM9%2BGcvsihz8KBgJt09Mz0z7iEYYzSY3Sy7it6kuqp6Uqa6q6nqnp4MCCELssfZo546b5INq0H06IJBJgsiAWHHgwQxBw%2FqSRBhLx6UmQ0bfJfv%2B%2Bq9w%2FveVx9t5yfERU6PF6%2FovlSKzjWqbuXF9zzvcmVFJnmv0msF7wf1yxXTfaUdVN2XKm8Itq7nfNdzXc%2F1KkvSiEj35iYkZLrf9qptt1r3q16jjp7572xzB5Y64N0T8jQkH8%2Fcdy5CshGS%2BItFYdcznb78epwrmmmDLt97J1lPdJEgPmsj4yBK9k7V0PbB0gF0sju1C919LAzlmDjfHiBM9k5NIuzuTH2GCiJByC%2Bg6I4g1AiSjsD0TUj%2BgACM4%2BoqkvjOVW0KuvGIpRN2TGYe%2FgVZjMnMzxeRxJ8vKNmr3NAqz6ROLHpRCdkbQXZGSPNDZP1zkMUhWLYFyb8ncw9XkMQ7q1ZpSH78AguanPkNOhs0KZ2t18LGbEj92qwvoigIXBG4zJ0GJOUIMhpBiQGoPY%2FcOsilgzxykKcOYn5cYZ7nNV3OqNtqM1bjTREG3PVoM%2FKo5wYt5GyywwBZOgBTAzCzidRsYl3eHhOytQOTfwO7VsJyBzYj6PIShSAoLEFBCQpJUGQERbfc5cr6trzDlc1D77T6p7VWDnXW2aa7OuuIhGynJ%2BSpaXp%2FPHEP6%2BK4Qv2o3XYjz603AzfwWNNrc495lNaoLxj3YWUJac%2BBWgd9OSYXL%2F2CdHLRD%2F9BSA9h1SGYfBI0fw60GDZ9F3RtWG%2B56Cf7vYgmGe1vVJmOwXWJNJtBtuFsqxPy7NRHY1ZDsKP50ea93a2ffgczJVJT4gN5n6Cjbg2v64LsXNeFJV%2BuppmMZZ9OLnwjo5n436dviY1CG768aAd3X2UTYtLuvy1stkITLpOOJZ8tSM6FWdKGCfL1sn1XhNdyu7aQmyRPV669trQcp0ZYK3UyAp2s9sybYHJM%2Fr8gpp%2F30sGvkGYEk5eI8yNyCkh9CJZuwqZH8199PMEnsPo8jDrThKmDIi%2BHxg%2FPHpUkUOJspmEJK47mx1fGf979%2BzeE4nEg2%2FYWOuZ50OwmkrhE15ToqhJUDWDz88MsNUfzP9SmQKicYaiMsxMqo24%2FCtfK40rN5c1QRKIZinqjHgnGw0YjdFnEwhpvtRgyO2YXfvzuXwAAAP%2F%2FAQAA%2F%2F%2BJA91rhwQAAA%3D%3D HTTP/1.1 
Host: forgerylimit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c67dc25a-67aa-43b5-ba23-2eff660e60c0:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.22.0
Date: Sun, 28 Aug 2022 21:02:03 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 19d09fbe63f2c95d87e53cc68335ec1b
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:02:03 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 06:36:57 GMT
Expires: Fri, 02 Sep 2022 06:36:56 GMT
Etag: "c221e22978d291a76a4f2954faf3739365789646"
Cache-Control: max-age=379492,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 741ffc5659cdfabc-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:02:03 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 06:36:57 GMT
Expires: Fri, 02 Sep 2022 06:36:56 GMT
Etag: "c221e22978d291a76a4f2954faf3739365789646"
Cache-Control: max-age=379492,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 741ffc56aa04fabc-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:02:03 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 06:36:57 GMT
Expires: Fri, 02 Sep 2022 06:36:56 GMT
Etag: "c221e22978d291a76a4f2954faf3739365789646"
Cache-Control: max-age=379492,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 741ffc569f98fac0-OSL

                                        
                                            GET /thumbnail/IO-W6SLyn6668D3EqQ/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 13499
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   13499
Md5:    e0d3b46fe2e7da026d1429472b832703
Sha1:   57315d1d038fee134c7fd6d7dc94c621161446d2
Sha256: d447b7d1536721e251c9162407e20d91a0bb7652aabede0635efc4bfe69bdf3b
                                        
                                            GET /thumbnail/LL6TtHTwwqi_-G-R_A/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 13119
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   13119
Md5:    dd97db7fac266e9ddf8788c4658b48f9
Sha1:   31038a640dd85b749fdbbb9006e8292a5818c072
Sha256: 06c09333790ba838a3caa0a93ab4ee888b14db10455934870907aa5cd73a2056
                                        
                                            GET /thumbnail/JbuSuyOjnP24-TWS_Q/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 10775
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   10775
Md5:    398c5ef4788e48e72e6da8b376d040ad
Sha1:   d1f037b48836b0624990b132d6ad3bb9ce1d2416
Sha256: 556a0efe3ab32715d337c5362b9ea42305bc0042f00073785eb221caaed34580
                                        
                                            GET /thumbnail/crjF6X6mw__p_mjF-A/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 10737
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   10737
Md5:    5eb8ffae0da2d8a5b731e9af4d5f368a
Sha1:   3e20057945445f3d115607a3cd6956d45a6b8f9e
Sha256: 5a6be3bfb9c52bb90fdd9db438c84935e0412b837e78fa56708ad44171b7f5cc
                                        
                                            GET /thumbnail/d-nGuH6vnv2-q2mW_g/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 11939
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   11939
Md5:    1dbc262fa5a853d6772f4310ab6060a5
Sha1:   fdaa3c0f7c58a34c483e8e12524f8ae1b6aa16c9
Sha256: 336f1bc3b164b1622f948e7a814a6cb12867cfe9fb87d1c31c32498a55b828ff
                                        
                                            GET /thumbnail/JrmQ7n6jyKbo_WiSqQ/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 11257
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   11257
Md5:    f71fdd59a117306f342faff14765f765
Sha1:   849524c5ecea2c4458382b99c74867741fe5c5a2
Sha256: 03e0df37f9688681c8632226217592c504a75ff6b263800e56c952bbe52a19d8
                                        
                                            GET /thumbnail/d-iTvCXzwvy_rj_G_A/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 10819
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   10819
Md5:    69ae9348b900d950581a26fc823f2dcf
Sha1:   9832756154a9581adc7ac44dda2782c67af4698e
Sha256: a0a303b8c0e677f9c9339d627e6f4a3ccc0a782347e5faf806a1678d719b8347
                                        
                                            GET /thumbnail/cOiWvyXyyKbpqTuQ-A/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 11223
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   11223
Md5:    15f2eb8d2390d0d98c3c79d2c4bcbb19
Sha1:   9983284a38cdcbd9bc16dd06a70424f127352ec5
Sha256: add1dd18abd07d26f1dfe54d15f720b68722f899061405367403d01f550b3fb4
                                        
                                            GET /_next/static/vMq0fywG6ReNUm9yukIYR/pages/categories.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/search/nika%20venom
Cookie: visitorId=untsku6e24fyem9zrgc1; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiJkYzUwNmJkMTUwMDc2IiwiaWF0IjoxNjYxNzIwNTE3LCJleHAiOjE2NjIzMjUzMTd9.zAzjsF6DMfQUdndKVhkusLMGgaUaoFq1l3vV5hra4gM; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWY1YzhlYzM1ODRkNyIsImlhdCI6MTY2MTcyMDUxNywiZXhwIjoxNjY0MzEyNTE3fQ.m7l_QrGlNpG0oaCbE4Ah5AgHseRjBAHQgyAfgtr80ZA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:01:57 GMT
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:00 GMT
etag: W/"240b-1826d2c11d8"
cf-cache-status: HIT
age: 2030882
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2owm90zGQEvdmtoxLovzPGUAXfU5Da00KBz1R9g3XCNhSHAAjxTXid3dEWcHMx8rDQtK8BhAPnCmJbsBMgdk9%2BlBRPRe6GGd6jL2GE9B31VrfM2gAGaJ5JhrzfZKeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc319c6b0b39-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9227), with no line terminators
Size:   20366
Md5:    6385adec7812cba8f9592ddc7608f470
Sha1:   45847d27d38b3c4c446130bdea9e3c923967276a
Sha256: d14fa28310d3d677977f07d93093e2f3fc2da0507231efbb4144aa6a79a42410
                                        
                                            GET /thumbnail/JbyStCejwqnk_TmSqw/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 13032
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   13032
Md5:    16127140883124119c39bbe726e51f57
Sha1:   fce17afc77b8bce923d7f2472297932e6c611d4a
Sha256: e74b22cbffc44491402201ee54ffd23fa86fa948258611a2afdc41e73e0a26a0
                                        
                                            GET /thumbnail/LOWUu3_ynqjr-GnC_w/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 13905
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   13905
Md5:    22502e0da78fd7f6a18ff90fa91bf3a8
Sha1:   ef51c2a6b1d2403864f733284bca0f33bf512ebb
Sha256: efbf246e4728fe6d1209169b108d3aa80dd04cdd93d9f0d6098e8939b0b30fde
                                        
                                            GET /thumbnail/I7uQuCKuyvzv-2mR_A/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 16377
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   16377
Md5:    cf6fd1816c2578a6103ad67e2f37b3c5
Sha1:   658721dfb3651ad10e561f0cebf91a797ab11160
Sha256: f41ea084369c1407642d5471faa1cc3668f20595c407465e93a96975682977e7
                                        
                                            GET /thumbnail/dbmb7CPyzfjr-WiR_w/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 11168
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   11168
Md5:    f63741c80df9534cd5990b5ce79dcc60
Sha1:   adedd566202db095c25cb119516c92c7ace4a3c4
Sha256: 3d67f3ecb027063e07c9be660f2552baf5e3f24ccdac7ff37df8ec4b14c22cd1
                                        
                                            GET /thumbnail/dribuiL0ma7u-2iWqw/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 12860
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   12860
Md5:    63eba586d5ffa0021bcfeed9a75d4d0e
Sha1:   08ec14bea952ffaa8389d331ceedc20416df86c5
Sha256: f775cbb2309d026a76bba4d4d578653f7bbd2284c90175c4adf2cf783a9e4526
                                        
                                            GET /thumbnail/J7zAtHWvnPrsqjmQ9w/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 13683
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   13683
Md5:    94a649f12b57880169bd9c2e91b43c01
Sha1:   fa8e9a2bfe3f91a9dea3b348877405fc98011d2f
Sha256: aa4c40e8caa6afa66d9c0b9460ad790b80646fcd91492c2365f641da995e9e0d
                                        
                                            GET /thumbnail/JuqT6CenmPi9-DzC_w/w320h240/6.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 13867
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   13867
Md5:    272d7f30e59737532f360165b5451ff7
Sha1:   e3324683bbc6df8f600cd0daa94acbec189e98e9
Sha256: 0cd9ec065229676b0a74e2d96f4248d0366aaf0f4fdd126d907f1ea9826504a8
                                        
                                            GET /warp/4788752?r=91860 HTTP/1.1 
Host: a.bestcontentfood.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.200.139
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:02:03 GMT
referer: b.bestcontentfood.top
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=twEP0Rl6mNQKfac0bFygYKgFcaeezT0WnSx209sWNMpEZY%2BFc%2FrTFDM6T%2B5zGQZcGT5OrpvMiVnvbx0UYMAsRO4WAcIqICUQxBzpwt%2FxgIA1yELQUpm9Z6wN9g571sNk6JrqgY%2BJ0wM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc5768d50b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4181), with no line terminators
Size:   1838
Md5:    719e67b57b576d43634081439b305689
Sha1:   0790cf0ba99e75c847b5f08a7d3ed0759939e07b
Sha256: ef0a7a231885f0e44aeb710fa525bde18e0aebea3820465555cb0e51e535e796

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /thumbnail/JuqT6CenmPi9-DzC_w/w320h240/7.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 14871
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   14871
Md5:    419fff5666114bfda52f103f1c944a76
Sha1:   c09164930e9540baef9d8e4ada1b766ecf780741
Sha256: 352ab74d35eba03d7055c7e15944c27b52d16813ffd99db3bc0ff63e3402a1d4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:02:03 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 06:36:57 GMT
Expires: Fri, 02 Sep 2022 06:36:56 GMT
Etag: "c221e22978d291a76a4f2954faf3739365789646"
Cache-Control: max-age=379492,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 741ffc566ae10b4d-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:02:03 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 06:36:57 GMT
Expires: Fri, 02 Sep 2022 06:36:56 GMT
Etag: "c221e22978d291a76a4f2954faf3739365789646"
Cache-Control: max-age=379492,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 741ffc567b921c0e-OSL

                                        
                                            GET /thumbnail/crzH7HD1zq3u_m2e_Q/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 11065
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   11065
Md5:    942f7e410ed55afb39cdfd0c7ee207aa
Sha1:   5e918b58c1cd20cb25db9481011b893e8b584258
Sha256: 1c3e7d8eaec94681e6e642c641227a16cad478fa4c6baff29166269215d1a44d
                                        
                                            GET /thumbnail/cunBuXP1n6e5rWjGrg/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 9773
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   9773
Md5:    a26337ddce5b81cb9c31d4aedefa1b72
Sha1:   2d6b56461095152468a9269b5dc7f07d2e6ea806
Sha256: f088df50ae175b98685fb22590a50751479ec1823565808645281c704682f6c6
                                        
                                            GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1 
Host: a.focusde.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=OA4S99WJDvi16hEXsmfo
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         135.181.208.216
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Sun, 28 Aug 2022 21:02:03 GMT
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3565
Md5:    17eca55f87c8031d4ef3aa7e54ea7fa5
Sha1:   4668dd89c39156c27e6cb35e6b8f7636fce2da4a
Sha256: 8f669b5fc06ed7961a4f577e462aa7913ec2983fffddb4f05363389e65d29263
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:02:03 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 05:56:26 GMT
Expires: Fri, 02 Sep 2022 05:56:25 GMT
Etag: "112592d31625c69855d9dfb7df3a84d8e2e0efa7"
Cache-Control: max-age=377061,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 741ffc5aacc9fabc-OSL

                                        
                                            GET /sdk/v1/video.instant.message.js HTTP/1.1 
Host: cdn.tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         8.254.252.214
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 28 Aug 2022 21:02:03 GMT
content-length: 3512
last-modified: Thu, 21 Jul 2022 11:18:31 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"62d93607-21d4"
age: 3317132
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   6130
Md5:    ceb8caa1add3c08d3533eaa1c07569f3
Sha1:   a0d52909a695ee35b0566e58401a4fca25041b32
Sha256: cd76d6953b2c5070f1c6c216b1a3f95c9bac3cf57ff13fae85e6167fe62af426
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4E2AF3274315C87827BAFC8DB981CDD1699612BBBCD4425BA698A8F6B860AB9A"
Last-Modified: Fri, 26 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7991
Expires: Sun, 28 Aug 2022 23:15:15 GMT
Date: Sun, 28 Aug 2022 21:02:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:02:04 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 20:27:05 GMT
Expires: Fri, 02 Sep 2022 20:27:04 GMT
Etag: "bf8bed047007a349d62ac56c334892e1d0cd816b"
Cache-Control: max-age=429299,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 741ffc5aaa52fac0-OSL

                                        
                                            GET /js/jads.js HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.94.237.101
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Sun, 28 Aug 2022 21:02:04 GMT
Content-Length: 178
Connection: keep-alive
Location: jads2.js


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            GET /js/jads2.js HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.94.237.101
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Sun, 28 Aug 2022 21:02:04 GMT
Last-Modified: Thu, 07 Jul 2022 14:07:12 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62c6e890-eae"
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   2035
Md5:    1cff5dccdd069777faab3391c94c33f3
Sha1:   ea6e4e906473e32ea12fb91d7b045776d0369476
Sha256: cc94b028f09ceac2fa27880fcc8582b9cecba3360f237343f39d7da6a159731c
                                        
                                            GET /thumbnail/JuqT6CenmPi9-DzC_w/w320h240/8.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.72.235.186
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Sun, 28 Aug 2022 21:02:04 GMT
content-length: 13447
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   13447
Md5:    43891a8c8b6e117c94723470eef42f2a
Sha1:   92dee3e4d1fc6967ec80faebfbefa2c160c34b51
Sha256: 7df6896ea9c906b0f9b7e4b6f35ffde3b2099e729a1e98272bbc48821902c020
                                        
                                            GET /pxf.gif?uuid=c67dc25a-67aa-43b5-ba23-2eff660e60c0&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.22.0
Date: Sun, 28 Aug 2022 21:02:04 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bfff3f01e7360232eef624eab3c6ee4f
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /warp/4787912?r=13273 HTTP/1.1 
Host: a.bestcontentfood.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.200.139
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:02:03 GMT
referer: b.bestcontentfood.top
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MbvCGBAIjPauLzFBb5XMkQ%2Fp4K6%2B94%2B6kpGHiG1%2BrcEgK%2FyHHVRjgcGV9ZCrdPyxK%2BCz1MmEKTpvuzTnyeteDJG9zmqbkArgCP7JKebD4kWPdLIKo4Jd4GjLAZYf1EKGvVVODBNdi0I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc5738a70b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4180), with no line terminators
Size:   1799
Md5:    4d37434496ed9745936b9ec25ac37d28
Sha1:   006ab0428d8c1feb69410c23d5ffeb49ae29fdb2
Sha256: 99bd38e6b4e3c158dede6b742444ec2c997f3b9ed3e999539d20aa0f5090b7ff

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 28 Aug 2022 21:02:04 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 05:56:26 GMT
Expires: Fri, 02 Sep 2022 05:56:25 GMT
Etag: "112592d31625c69855d9dfb7df3a84d8e2e0efa7"
Cache-Control: max-age=377060,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 741ffc5aaf310b4d-OSL

                                        
                                            GET /sdk/v1/inpage.push.js HTTP/1.1 
Host: cdn.tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         8.254.252.214
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 28 Aug 2022 21:02:04 GMT
content-length: 4444
last-modified: Wed, 17 Nov 2021 10:14:43 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6194d613-2b04"
age: 23627569
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (673)
Size:   4444
Md5:    b77307418d206a6c943eff64b6652d91
Sha1:   449318beb19fec9a044f1284822d4e554fb5bc40
Sha256: a16899e5dc9d6249a9365f6232a690b8f767c96c9ab6a8f15788c5281c56c16c
                                        
                                            GET /do2/b5346988f58b4a3986d63c85fcf561b2/vast?w=1280&h=1024&keywords=ifr&tz=0 HTTP/1.1 
Host: tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         136.243.81.150
HTTP/2 200 OK
content-type: application/xml; charset=utf-8
                                        
server: nginx
date: Sun, 28 Aug 2022 21:02:04 GMT
access-control-allow-origin: https://media.aso1.net
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-vast: 3.0
x-request-id: a1b169a53def4718
set-cookie: ts_uid=efafcaa6-85f9-45b6-b9e6-10568c41f0a0; expires=Tue, 28 Feb 2023 21:02:04 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   20248
Md5:    b259d87a75717eb72c6268af7941a889
Sha1:   4e1dd90229f903cc5e9cfe86d4d433c1957b5465
Sha256: 9770aae17b35405f40891812d7d19d421d92af556ea741199f6bc12160b23294
                                        
                                            GET /do2/9ac62f6da6514f55b72d712e0546f69d/push?t=in_page_push&w=1280&h=1024&keywords=ifr&tz=0 HTTP/1.1 
Host: tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         136.243.81.150
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Sun, 28 Aug 2022 21:02:05 GMT
access-control-allow-origin: https://media.aso1.net
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: fe976c3e270a0d57
set-cookie: ts_uid=648fa777-588e-484d-95fa-d090fbad54b6; expires=Tue, 28 Feb 2023 21:02:05 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None bfq=APeIECNCxxYZOHDcgHGjRhcWIsYU3BLjoYgyE2PYsBEDBwwbOWQ47KMg; expires=Mon, 29 Aug 2022 21:02:05 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2533
Md5:    a29abb28fc19517cdf16f2e9a96c5636
Sha1:   7eeb2b9b80674d96cc3e64542eea74b2535b42ab
Sha256: 001d537371f97278307e72f41db874094a8324f7b65915b35df1a3d1366cd64a
                                        
                                            GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/search/nika%20venom
Cookie: visitorId=untsku6e24fyem9zrgc1; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:01:56 GMT
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 11 Jun 2021 14:18:49 GMT
etag: W/"4f4a-179fb7093d6"
cf-cache-status: HIT
age: 28177584
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0kSHU9%2FEV3ebFfgfFPMPBORR3OjiipbVx18jCYEEPu1TptElSvAoZwAWiDE6n7XgpQEdu8S1PDV3YkX7mqhhUWGIqwSJ%2B%2Bo7SOIR%2BmiyPcLAYtd9wycKHrnGZtC1OA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc2c1d320b39-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/search/nika%20venom
Cookie: visitorId=untsku6e24fyem9zrgc1; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.69.220
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sun, 28 Aug 2022 21:01:56 GMT
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:42:36 GMT
etag: W/"152f62-1826d2bb0af"
cf-cache-status: HIT
age: 2031457
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IGhSWCbRQKgzdjPL68z%2BWc7ZuKmjA66fC%2FBZckeB9oRQUHqIOp8Zj0GuMlJMT%2BLO3G8Tl2iZN7Yk7My77%2F0miroU34yBDWrw%2B4997vW9YjllDxe4QWPazy7bKbrgIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 741ffc2c1d230b39-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1