xfantazy.com/video/5bfbc50b365d5b12daa46988
302 Found 0 B URL HTTP/1.1 xfantazy.com/video/5bfbc50b365d5b12daa46988
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/5bfbc50b365d5b12daa46988 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sun, 20 Nov 2022 20:54:13 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/5bfbc50b365d5b12daa46988
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMGeXdTST4YDRsqak4GnnBnzu8njf646wsxFJeNwxOcK9b1BV2mYeoM%2BUjQLEb56tYRd5awE1ZOY7YnERnEm%2B%2BJ%2BYp8Gml1Uiwxx7tuZz9hfrX%2BIFK22RkN%2BJ%2FNY2fI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76d41460cf8cb529-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash eb76c0b3adf4098ad8a9d1e38250758f
99610ddb2b4ec6d04250ac244f966951695d4f00
01ed8c191c175471aee23cbc196d558e5bf5209f166806fc97db08eb06544bab
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01ED8C191C175471AEE23CBC196D558E5BF5209F166806FC97DB08EB06544BAB"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15717
Expires: Mon, 21 Nov 2022 01:16:11 GMT
Date: Sun, 20 Nov 2022 20:54:14 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 2061bb5a62c7dbe5a39e49a98bf7d214
812ff4923fc0fa69fa7db7c362d5af728e297099
6f0c1ecd37ba47802a386c487e3c2eb1794a06e8b9f56e016326686e3d80ef92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5723
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:14 GMT
Last-Modified: Sun, 20 Nov 2022 19:18:51 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1cee7787feebac18f9eca273e56e3741
3a7dac544172921e24c2a1701beef5079b21d01b
79ff4a450c749d64e116c00ca3b00d40e968906c5c3881d6eeb2dc6374a4c858
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79FF4A450C749D64E116C00CA3B00D40E968906C5C3881D6EEB2DC6374A4C858"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17761
Expires: Mon, 21 Nov 2022 01:50:15 GMT
Date: Sun, 20 Nov 2022 20:54:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 20 Nov 2022 20:45:17 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 537
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Hydy9Z7cpd3TnC0LlXzKqSYylEiweXfRHEvLx7mtQSnaEhLCwqmS4EEox3GwaOi5dCb8Zi7yqn4=
x-amz-request-id: 8E32PX93Z556E5EZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 20 Nov 2022 20:41:51 GMT
age: 743
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP
Hash 8b438e53473f1b6a874b277fd25fc3e7
a49b3b6d647667e4588e816b4df02a0f6bfa98b1
1fe6bb3e7a34c7e5a37aa5fd4cf703b4864bf5ca232b86cf718c96193fa67133
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:14 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 20 Nov 2022 20:44:50 GMT
cache-control: public,max-age=3600
age: 564
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 27138f8625c320bd1434ccd92263b641
6a8f18728c9f324c1c631ffc85901d84ec4d0e0c
02338368cfa2325e8463bd169cb0ad4df2967ca4260b75bc665cd0836e90e9f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1641
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:14 GMT
Last-Modified: Sun, 20 Nov 2022 20:26:53 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP
Hash 8b438e53473f1b6a874b277fd25fc3e7
a49b3b6d647667e4588e816b4df02a0f6bfa98b1
1fe6bb3e7a34c7e5a37aa5fd4cf703b4864bf5ca232b86cf718c96193fa67133
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:14 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c28dcab32cb68e75be2f9d541e417a3c
7e94e4d48e4004090b100451a37752a7ae691550
fe2434a22cb390d054adcb47b67cbc3d1141a753f87839723554dd1bced75e45
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP
Hash 8175ba83904ffe544306a4177caf69e9
6b9fbe92f5c97901e4baf63e237769add5df3873
912e35a537b95bde68c696bfec074d8838da6c2786db1c93cf00f1dcd1195cfe
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 20 Nov 2022 20:54:15 GMT
date: Sun, 20 Nov 2022 20:54:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 2d96877039f3405ad9fbe3223674a41c
a6a185f07d4d9c0bb023b4ad7729adfcaa5a0ef5
6eb35daf3fab0f8ce4b3ae9ba2dea5f82f4435b2a609559fd380809a32ba325c
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5bfbc50b365d5b12daa46988
Cookie: visitorId=0gn898l65tujegvyprfvhba; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3896107
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXS8kghmqEiQtLlYLJLWTEnFnM5koh6G9gSkP05Xs3rEhGiTwhNB7nkoBLLzAfoJqWIlzEhmDraBapZF1fRuVWIGTW6iKrSUgdIGkkWtrSTQ6jN1BTRQzm6UYG74d00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d41467a92c0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xgb+K6FHIO+oqQsT8P5xyg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GU+aNs/4fOSFqhqZXMKEs3mHszE=
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a16fd70048d81d63ac778964066b5fd5
8678fd9c7ef3f0b3a286e170e87bf59773f41881
fa9dd59489cb48e8509ce8297c3491823e446cdcde0f7393cd621b2abd0702dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d561fb4c2606ae6f3e27b550aac78eb1
08fab66de067ec1b26229eb8ca8025228b1e77df
696702c1838990050310f6b21658aa22f4e5d69921a3043ad0f07923db441688
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d561fb4c2606ae6f3e27b550aac78eb1
08fab66de067ec1b26229eb8ca8025228b1e77df
696702c1838990050310f6b21658aa22f4e5d69921a3043ad0f07923db441688
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 19:34:08 GMT
expires: Thu, 16 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 350407
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d561fb4c2606ae6f3e27b550aac78eb1
08fab66de067ec1b26229eb8ca8025228b1e77df
696702c1838990050310f6b21658aa22f4e5d69921a3043ad0f07923db441688
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 14:07:32 GMT
expires: Thu, 16 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 370003
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 18:53:49 GMT
expires: Thu, 16 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 352826
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d561fb4c2606ae6f3e27b550aac78eb1
08fab66de067ec1b26229eb8ca8025228b1e77df
696702c1838990050310f6b21658aa22f4e5d69921a3043ad0f07923db441688
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 20 Nov 2022 20:41:09 GMT
expires: Sun, 20 Nov 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 786
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
200 OK 85 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Hash 48c6510db10510d25a14e132b6c6bd1a
de1feca854233a18bd70d0484154bcacbd138c1d
73c6bbad275690c160ed6e68c4cd317e8c8bc46e3ca5a1445d6195bfa3ef100b
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.249.0
x-jsd-version-type: version
etag: W/"346a1-5pJjF6sMSAvD5NiPdWPuLzoQQcw"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 20 Nov 2022 20:54:15 GMT
age: 8997
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1649-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85108
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
Hash 80798d6e23e66f1e7cfd734f65d1039b
aa34f9e28b6bfded325759d66308060aabe89c2a
c9107c6993ee8d0cc4f16b48000715c838ee57b29f80fe09a742998273181aa0
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:15 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "FDE4DD2C7E84BB6B4FB6F7AA69DECFF07A7A52FD"
Expires: Mon, 21 Nov 2022 08:00:00 GMT
Last-Modified: Sun, 20 Nov 2022 20:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 955
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76d4146c6886b50c-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 153154a73a8ff78bbc7c1755bbb0356d
43441bb373c65f173b8a37db64a4998a276f16ee
edfff97e7d67143cb0404477955b30adc228ee65bdf110c223e8104bdf43399a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EDFFF97E7D67143CB0404477955B30ADC228EE65BDF110C223E8104BDF43399A"
Last-Modified: Sun, 20 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14255
Expires: Mon, 21 Nov 2022 00:51:51 GMT
Date: Sun, 20 Nov 2022 20:54:16 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b893a833827ba7e946251a0f7773c223
d00c3b1171917b0862f710952acd9f1ce21a53f6
60b5c8e28907fea1b754a31d73e99cf18eca5258e29685f9095e68239cfe0bea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60B5C8E28907FEA1B754A31D73E99CF18ECA5258E29685F9095E68239CFE0BEA"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5645
Expires: Sun, 20 Nov 2022 22:28:21 GMT
Date: Sun, 20 Nov 2022 20:54:16 GMT
Connection: keep-alive
ocsp.globalsign.com/gseccovsslca2018
200 OK 2.3 kB URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash 2486fdacefce2773286686cdcf51046b
7c4c5fe64d0cb10c2b32b7f48642ce50069ca2f0
fb06d1b814645aac78d2dcb64aad502256eda12e1defe62b67ccf36cab4c3f4f
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:16 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Thu, 24 Nov 2022 19:43:00 GMT
ETag: "99b7efa677c3aa041842f20e7fc18bb8d26f655b"
Last-Modified: Sun, 20 Nov 2022 19:43:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 100
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76d4146fed23b50c-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6724
Expires: Sun, 20 Nov 2022 22:46:20 GMT
Date: Sun, 20 Nov 2022 20:54:16 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6724
Expires: Sun, 20 Nov 2022 22:46:20 GMT
Date: Sun, 20 Nov 2022 20:54:16 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6724
Expires: Sun, 20 Nov 2022 22:46:20 GMT
Date: Sun, 20 Nov 2022 20:54:16 GMT
Connection: keep-alive
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
200 OK 17 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP
File type ASCII text, with very long lines (12210), with no line terminators
Hash a6fcba2982d636abd9ad6f0bcb809f56
b7fe63fe6c32eb868f91146f2ce4becb920cd7c5
f5033cb3e712cac27c2e86040ff190c10f4624d0ab481d6c144e22c463825590
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5bfbc50b365d5b12daa46988
Cookie: visitorId=0gn898l65tujegvyprfvhba; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-1826d2b92c0"
last-modified: Fri, 05 Aug 2022 08:42:28 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9288595
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DywIxTP%2B1utXSlInnW3w8m3yu2ogYpmqLc3XZmfmzZMSdXwaFx26BlPg3rhO4CAnskFm2gTdoEaxLttpDL6HKS0DtOc0Bo1lN7aByzWWAzMQZ8hv50FK1X7Xds81uTc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d41467a9290b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19c1a99-6290-4f30-afcf-c426abf8c229.png
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19c1a99-6290-4f30-afcf-c426abf8c229.png
IP
Hash 1d281fcfa1fe3056bb2a2c66c2e95720
80fe0e4893bd4cced367f09e7a795aa7df0c050f
7629098f9326c8d516a40beefa433159860fb06357f1b604ca7e3bcbfe4cb444
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19c1a99-6290-4f30-afcf-c426abf8c229.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11562
x-amzn-requestid: f01b0409-b43d-4d9c-92c0-0023c5e49d58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jV_GDmIAMFvqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c26-69366c73760dcd5b72634f73;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:35:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pvgyUJPVgG_PrCetQXIXLgxyEBar2nMFywc6HracpnEsn2tiCw_Pfg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 21:42:03 GMT
age: 83533
etag: "6082de99b599bc3c9ce14e2641a2bf60f9f187d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84f65b21-5dd5-42d9-9985-0823fc534495.webp
200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84f65b21-5dd5-42d9-9985-0823fc534495.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 25aa851caa96376b563f0322e8621292
71a917b184ec9ad1bb370724f4e4c707468e865e
7ffbeca58e1a4cc8f26f1a832376ae97d17c973efef9a1f4bebb44536da5ae1c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84f65b21-5dd5-42d9-9985-0823fc534495.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4292
x-amzn-requestid: 5b50eebe-81f9-43fa-b259-eb9be43ff3be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3i0SH1uoAMFdUA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794b4e-7322c4461f94c93c29542312;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:31:58 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pcLZxnbI_hWCZstg2gZwNR3-v6d4Y1szI-Kg_RMXsgneiIRXBZHWkA==
via: 1.1 3c22982dfb94f708939a6ef528c5e55c.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:19:52 GMT
etag: "71a917b184ec9ad1bb370724f4e4c707468e865e"
content-type: image/jpeg
age: 81264
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b47e52f-9db3-4562-a907-fad72a31cf1f.jpeg
200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b47e52f-9db3-4562-a907-fad72a31cf1f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e33cec1fb25538471758ee73cffc0c88
351f0afdd289e84c829401b80645c8803b47bc39
d826e4a0f0f53e95864b1e40d6bf13d2e82ad5806f988b7d54bb97e21b45da8e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b47e52f-9db3-4562-a907-fad72a31cf1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6744
x-amzn-requestid: 489adc2f-8725-4361-ae81-542f845b43f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3i5BFzmIAMFXEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794b6c-4200af255e86aad05e3e95f8;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:32:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: IEkibE17YLbyAKc32r0cdG9f46d-qA9Tr_JN_iA1XAnWikKEgHvywQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:35:16 GMT
etag: "351f0afdd289e84c829401b80645c8803b47bc39"
content-type: image/jpeg
age: 80340
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 481c033b9ffd030ff0de6e35cf788b47
85d3baad9217af2b5d75c019d2ef95dbb919a788
02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 65a3db77-b2e6-40b9-a776-021c2e9b56d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubSsHbZoAMFZNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a5aa-1286b97968cc2e4c7fe8ab29;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:08:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iGM_HV13dzz5eOswbOJfjj14jlFW4jy2YsW7eJumS_TM5TxxG8VMwQ==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 03:36:47 GMT
age: 62249
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP
File type ASCII text, with very long lines (38842), with no line terminators
Hash 00ec86a7ebaf123ac738237064bee52a
74c2a6dd7ead83aee33ee77446d25cbbb6fb2733
5eddcd67a29822a4386a5ffdb994b99c5fbdb315bf82dc08f694281db6b94b33
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5bfbc50b365d5b12daa46988
Cookie: visitorId=0gn898l65tujegvyprfvhba; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-181397f9e55"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 14418047
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7rMZ4sgUsuHu3L2sseoiarXtJvzYcodEKIM0RKMi5FVFHxfHkkORYyuu92yESpRf%2FVkmB9tIS2EPbhRLmgCQAbnxM82nmjQp6Bui6jvKpXABGx7dbN2aIne8Plmk2b8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d41467a9150b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
200 OK 13 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP
File type ASCII text, with very long lines (37146), with no line terminators
Hash f96fee80874833935621b3e08e77af9a
e489a34be838fbf01130cb58f67c45944c894e74
35499b2543907525ed4c8c5fe1666bb13e2a57bda855961c13369cc32f35766a
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Nov 2022 20:54:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f6abcc05bcef47ca25553606d070eaf0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1411%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977656%3Ac%3A1%3Arn%3A920576233%3Arqn%3A1%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C86%2C602%2C0%2C353%2C0%2C%2C193%2C7%2C%2C%2C%2C1430%3Ans%3A1668977653884%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977656%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1411%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977656%3Ac%3A1%3Arn%3A920576233%3Arqn%3A1%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C86%2C602%2C0%2C353%2C0%2C%2C193%2C7%2C%2C%2C%2C1430%3Ans%3A1668977653884%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977656%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
IP
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 3d139bc653df5731012af50d3588affe
455d6ff8f74b7b631f2d03d015fc5932d9500578
a08bb8fa2c8f54cf5453e679f0bf41cce6b535fed1611e7d58a0b0145cadff3c
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1411%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977656%3Ac%3A1%3Arn%3A920576233%3Arqn%3A1%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C86%2C602%2C0%2C353%2C0%2C%2C193%2C7%2C%2C%2C%2C1430%3Ans%3A1668977653884%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977656%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Sun, 20 Nov 2022 20:54:16 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:16 GMT
last-modified: Sun, 20-Nov-2022 20:54:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP
File type ASCII text, with very long lines (37161), with no line terminators
Hash a06dbf04324c9fc45e385f74aee0d467
4f55bb049aaaca75e89f736976aa2ff8a63f1b80
ae62ff5ac0ef19817781605e60da0cf22464567bb2386654b903b5e3ec384b2e
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Nov 2022 20:54:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ffb535107a16d913110edad2a32f0991
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 7e7d69aa3115e768ed4f036c668374dd
da5000138437ceb324539ce4a27fdc49fb18a7b3
ee556c4fd9ca677af3b0ac8447af0e4c34e15767b7657ba177737da2fa8ff6f9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EE556C4FD9CA677AF3B0AC8447AF0E4C34E15767B7657BA177737DA2FA8FF6F9"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2850
Expires: Sun, 20 Nov 2022 21:41:46 GMT
Date: Sun, 20 Nov 2022 20:54:16 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 913a828f0f87e891c1e29334eddee0a7
eeb36887905d7e031b5b8a5f9bca30f25d61eddf
c033a53f811feb2884ea72d7d0a4ebfedd8530dbfd3fe71e1f86439d3f17a65f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=149424
Date: Sun, 20 Nov 2022 20:54:16 GMT
Etag: "637a2c18-1d7"
Expires: Tue, 22 Nov 2022 14:24:40 GMT
Last-Modified: Sun, 20 Nov 2022 13:31:04 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3Zq_17yd4pRjdazkTfCxG_J6BOXfDst-vS2JTJFt0y1wcF6AdqCniw==
Age: 3216
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 913a828f0f87e891c1e29334eddee0a7
eeb36887905d7e031b5b8a5f9bca30f25d61eddf
c033a53f811feb2884ea72d7d0a4ebfedd8530dbfd3fe71e1f86439d3f17a65f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=151699
Date: Sun, 20 Nov 2022 20:54:16 GMT
Etag: "637a2c18-1d7"
Expires: Tue, 22 Nov 2022 15:02:35 GMT
Last-Modified: Sun, 20 Nov 2022 13:31:04 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ohwWmaHLSo-94gbZGOQZyuccSTAInSDMxXqM2dERe5vU-cFQvPJB2w==
Age: 5491
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash c403fc4f5cf4cdd2c2437c44c70b4857
16509e84e61762c5e935aa91a26e8ec4c681f2e0
afc2ce5de1ee9106e5801e519515a4ab026067383fd086c15879dc0a327887c1
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=fa5f194b-5d7e-4863-a706-64e6d298a73c:2:1; expires=Wed, 17 Nov 2032 20:54:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A286891146%3Arqn%3A3%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A286891146%3Arqn%3A3%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A286891146%3Arqn%3A3%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 20 Nov 2022 20:54:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:16 GMT
last-modified: Sun, 20-Nov-2022 20:54:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A734372498%3Arqn%3A4%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A734372498%3Arqn%3A4%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A734372498%3Arqn%3A4%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 108
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 20 Nov 2022 20:54:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:16 GMT
last-modified: Sun, 20-Nov-2022 20:54:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A420788339%3Arqn%3A2%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A420788339%3Arqn%3A2%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A420788339%3Arqn%3A2%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 20 Nov 2022 20:54:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:16 GMT
last-modified: Sun, 20-Nov-2022 20:54:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A118291933%3Arqn%3A6%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A118291933%3Arqn%3A6%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A118291933%3Arqn%3A6%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 20 Nov 2022 20:54:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:16 GMT
last-modified: Sun, 20-Nov-2022 20:54:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A25648237%3Arqn%3A5%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A25648237%3Arqn%3A5%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A25648237%3Arqn%3A5%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 20 Nov 2022 20:54:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:16 GMT
last-modified: Sun, 20-Nov-2022 20:54:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A422463595%3Arqn%3A7%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A422463595%3Arqn%3A7%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977657%3Ac%3A1%3Arn%3A422463595%3Arqn%3A7%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1668977653884%3Arqnl%3A1%3Ast%3A1668977657&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 20 Nov 2022 20:54:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:16 GMT
last-modified: Sun, 20-Nov-2022 20:54:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash c91810ee51ac042a4b44ab1b3f5206f9
5196bcaceb50f2ff102558dd6fbbc6203fd88dfb
d280abf84ff99e0df3d113ce7926f16f40d5a082f5f5b3eb59aea618ccd28e59
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=e95838e0-0bbe-4494-a1d7-4b5924e8b115:3:1; expires=Wed, 17 Nov 2032 20:54:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 61b8159abf3be7586aa3ac5e18b4ac5b
09cbb9cecfe9af9f94de8ad0cfdae9344209cd93
f1eeada6706cdd095d6bf242d0dab63aeed7897ed08e238a89377f3cb2cca037
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F1EEADA6706CDD095D6BF242D0DAB63AEED7897ED08E238A89377F3CB2CCA037"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11335
Expires: Mon, 21 Nov 2022 00:03:11 GMT
Date: Sun, 20 Nov 2022 20:54:16 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 7e7d69aa3115e768ed4f036c668374dd
da5000138437ceb324539ce4a27fdc49fb18a7b3
ee556c4fd9ca677af3b0ac8447af0e4c34e15767b7657ba177737da2fa8ff6f9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EE556C4FD9CA677AF3B0AC8447AF0E4C34E15767B7657BA177737DA2FA8FF6F9"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2850
Expires: Sun, 20 Nov 2022 21:41:46 GMT
Date: Sun, 20 Nov 2022 20:54:16 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f5bfec5a196dd4db66f9e88f047ec1ca
f339516ff853651bd180a9ad0bbaab51a84b3e90
73932451a2029d7924d102be3b10ce4d4dbd749b5372691dc9c79dd1944963e8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73932451A2029D7924D102BE3B10CE4D4DBD749B5372691DC9C79DD1944963E8"
Last-Modified: Sun, 20 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5869
Expires: Sun, 20 Nov 2022 22:32:05 GMT
Date: Sun, 20 Nov 2022 20:54:16 GMT
Connection: keep-alive
moleconcern.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
200 OK 29 kB URL HTTP/1.1 moleconcern.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash f4be3287755f7d0c7e3b73be13b0ff4a
f435ec329f31ed509f15ce46b673f3447c0d2681
661713a869e242e00dfbc0d47570119b2f72ae12e8562da79102dad9722c17b7
Analyzer Verdict Alert quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: moleconcern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Nov 2022 20:54:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 48be9386f227a865b93f662c3d5191c9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ifknittedhurtful.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
200 OK 29 kB URL HTTP/1.1 ifknittedhurtful.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 1f2e0533b330d8d9363d7fb29279bd97
660da20bbf88d676801ecc31af97fabcb27c381f
ddbeb78b4ae5162e467f03d553d7bbefc8b1bde56a82598f794fc60334f603d4
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 21154e440af0558f224096eed0d82a51
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ifknittedhurtful.com/pixel/purst?dl=0&th=0&sc=0&rs=3388&rd=3388&fd=773&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 ifknittedhurtful.com/pixel/purst?dl=0&th=0&sc=0&rs=3388&rd=3388&fd=773&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3388&rd=3388&fd=773&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
moleconcern.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=fa5f194b-5d7e-4863-a706-64e6d298a73c%3A2%3A1
200 OK 2.8 kB URL HTTP/1.1 moleconcern.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=fa5f194b-5d7e-4863-a706-64e6d298a73c%3A2%3A1
IP
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6294), with no line terminators
Hash 84ecb9f55de6e5fc114607597b4f4def
0c434a405176187d4132455936be7a9c8237efe3
30181d99469f523a79c7126039ed35a5466389b642bc32e566b444e27fc6bbbe
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=fa5f194b-5d7e-4863-a706-64e6d298a73c%3A2%3A1 HTTP/1.1
Host: moleconcern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Nov 2022 20:54:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Mon, 21 Nov 2022 20:54:17 GMT; secure; SameSite=None
uid_id2=fa5f194b-5d7e-4863-a706-64e6d298a73c:2:1; expires=Sun, 27 Nov 2022 20:54:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 21 Nov 2022 20:54:17 GMT; secure; SameSite=None
uncs=1; expires=Mon, 21 Nov 2022 20:54:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 21 Nov 2022 20:54:17 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 21 Nov 2022 20:54:17 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 316e9c0ffea2e869aa6a0aa36b727562
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:17 GMT
content-length: 0
set-cookie: nauid=nIThK7bR173xaYkzvuxB; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
ifknittedhurtful.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115%3A3%3A1
200 OK 4.1 kB URL HTTP/1.1 ifknittedhurtful.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5943), with no line terminators
Hash dcacf6d233fef4dad244c352c296d197
e70b6928587fb6976b834cc0c232fca61f7ea786
5819d1310887d2f1012a2d5c3a11c37b05e5602a811f8e50956f4b6ac0f04420
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115%3A3%3A1 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Mon, 21 Nov 2022 20:54:17 GMT; secure; SameSite=None
uid_id2=e95838e0-0bbe-4494-a1d7-4b5924e8b115:3:1; expires=Sun, 27 Nov 2022 20:54:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 21 Nov 2022 20:54:17 GMT; secure; SameSite=None
uncs=1; expires=Mon, 21 Nov 2022 20:54:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 21 Nov 2022 20:54:17 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 21 Nov 2022 20:54:17 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3790576]; expires=Sun, 20 Nov 2022 20:54:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ae9801dabaf7f8924ca9010a32408c95
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:17 GMT
content-length: 0
set-cookie: nauid=NdUAxq8ipbJFgCbtLs0N; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:17 GMT
content-length: 0
set-cookie: nauid=NWiGYHQbkYVMFDmXNvcu; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:17 GMT
content-length: 0
set-cookie: nauid=EIbn42VUZuqPSTlYGM2s; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 451f76bc75af4c4c1a32606cd4174c2c
f81c4d07ed2b1e3024412abf15990b90bd29eff8
f7039e5fe9832185de7309ad91a2fa0c6f8cdc888023066a25743a73af2f0cb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7039E5FE9832185DE7309AD91A2FA0C6F8CDC888023066A25743A73AF2F0CB9"
Last-Modified: Sat, 19 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14381
Expires: Mon, 21 Nov 2022 00:53:58 GMT
Date: Sun, 20 Nov 2022 20:54:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 508d60840e38724c0badca180ccb2f0c
bf7365c5276f2fc522f4df4a2b43dc517ebf9276
7c284f2042490d1b9606e679c766eebe8d6a7d2657c2a8dfe058298ce02aa97f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C284F2042490D1B9606E679C766EEBE8D6A7D2657C2A8DFE058298CE02AA97F"
Last-Modified: Fri, 18 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3561
Expires: Sun, 20 Nov 2022 21:53:38 GMT
Date: Sun, 20 Nov 2022 20:54:17 GMT
Connection: keep-alive
moleconcern.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhSi4eDHMQVHBn%2B8f0%2FDCHxRgTgjEJSSTn6qrqmXJrupqqrunJXAwJSA4eZvEinnrf7GYxhpCc9CKE2XjQBSGjIHtwIX9DICBeZHYHVj%2BH%2Fryu9yl4733qi3W3R3w4unvlEz2SStHluO7X3rkhM65LW7t0vRb4df907YbMmo3TteH8YwbvB35c99%2BtnRdsVS%2BHfuD7gR%2FUzkkjUj1c3mch8wedoN7x642wHsQNDM1%2F%2F63zYKkHPtgjr0Py2f96Pz%2BGZFNk%2FUdnhV0tdP7eR32naKENBnzr02w102WG%2FiFMjYc021pMQ9sZIV8fgc62Fg6gBxtzB0jkjHh%2FBEiyrYVMJIPNA6WJgsiQ8OMoB1MINYWkUzB9B5I%2FIwDjuHQZWf%2FeJW1KevOApXN2Ro69fAFZzsixP08i6z88o%2BSwdk0rV0idWQzTCnI4hexOkbttFCMPstwGK25D8l%2FJ8suLyPobl63SkHz3rZTGadBpJEsxb4mlRrsZLdGW31xqNkSTh502bUVsPyIpp5DpFEqMQe0ROOvBSQ8u9eByD32%2BW6NxJ%2FX9VpqkUdRuMMaiiLG43eQxjxrt1Idjcw9jFPkYTI3BzC3k5hZW5dqMkNsbMO4JbK%2BC5R5sQTDgFUpBUFqCkhKUkqAsCMpBtcmVDW11jyvrkmDRw0WPqokuuut0UxddkZH1fI%2B8Nk%2FPe%2FXzt7EqdmthkIqoE%2FtpIwiFHzZZFKVB0mRCNINIJBRWVpD2CKj1MJIzcio%2BjlzOyP9XniCh27BqG0yeAHVvgpaTVuiD9iaNto9R9kNGC2eo6gmqip7VzjBRZ8ol4LpCXhxDcdNbV3vkjf2Ndr6%2FD8F2Vn55fv7hydFzMFMhNxU%2Bk08Juuru5KouycZVXVry%2BHJeyL4c0fm2rxW0EEfvfyxultrwC2ft%2BNsP2JyYwwfXhS0u0ozLrGvJd2ck58Kc04YJ8uMFe0MkV5ztnXEmc%2FnFKx%2Beu9DPjbBW6mwKKp%2FZL8HkjLwiNvff8amnf0OaKYyr0Hc7ZFGQegqW34LND9VbTWDU4UySeyhdNTFhcnio5IyEL36CEjsra49O%2FM6%2BOQqaVLDiXxcP8bq9i67xQIs7yPoVBqbCQFWgagzrjk6K3Oys%2FBbtFxLlTRJlvI1EGbV2EK%2BVuzURp34q%2FFAkaSdJW9TnnbTRSWgnEK0kpgEKO2Ojr%2F76BwAA%2F%2F8BAAD%2F%2F0CyakWjBAAA
200 OK 7 B URL HTTP/1.1 moleconcern.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhSi4eDHMQVHBn%2B8f0%2FDCHxRgTgjEJSSTn6qrqmXJrupqqrunJXAwJSA4eZvEinnrf7GYxhpCc9CKE2XjQBSGjIHtwIX9DICBeZHYHVj%2BH%2Fryu9yl4733qi3W3R3w4unvlEz2SStHluO7X3rkhM65LW7t0vRb4df907YbMmo3TteH8YwbvB35c99%2BtnRdsVS%2BHfuD7gR%2FUzkkjUj1c3mch8wedoN7x642wHsQNDM1%2F%2F63zYKkHPtgjr0Py2f96Pz%2BGZFNk%2FUdnhV0tdP7eR32naKENBnzr02w102WG%2FiFMjYc021pMQ9sZIV8fgc62Fg6gBxtzB0jkjHh%2FBEiyrYVMJIPNA6WJgsiQ8OMoB1MINYWkUzB9B5I%2FIwDjuHQZWf%2FeJW1KevOApXN2Ro69fAFZzsixP08i6z88o%2BSwdk0rV0idWQzTCnI4hexOkbttFCMPstwGK25D8l%2FJ8suLyPobl63SkHz3rZTGadBpJEsxb4mlRrsZLdGW31xqNkSTh502bUVsPyIpp5DpFEqMQe0ROOvBSQ8u9eByD32%2BW6NxJ%2FX9VpqkUdRuMMaiiLG43eQxjxrt1Idjcw9jFPkYTI3BzC3k5hZW5dqMkNsbMO4JbK%2BC5R5sQTDgFUpBUFqCkhKUkqAsCMpBtcmVDW11jyvrkmDRw0WPqokuuut0UxddkZH1fI%2B8Nk%2FPe%2FXzt7EqdmthkIqoE%2FtpIwiFHzZZFKVB0mRCNINIJBRWVpD2CKj1MJIzcio%2BjlzOyP9XniCh27BqG0yeAHVvgpaTVuiD9iaNto9R9kNGC2eo6gmqip7VzjBRZ8ol4LpCXhxDcdNbV3vkjf2Ndr6%2FD8F2Vn55fv7hydFzMFMhNxU%2Bk08Juuru5KouycZVXVry%2BHJeyL4c0fm2rxW0EEfvfyxultrwC2ft%2BNsP2JyYwwfXhS0u0ozLrGvJd2ck58Kc04YJ8uMFe0MkV5ztnXEmc%2FnFKx%2Beu9DPjbBW6mwKKp%2FZL8HkjLwiNvff8amnf0OaKYyr0Hc7ZFGQegqW34LND9VbTWDU4UySeyhdNTFhcnio5IyEL36CEjsra49O%2FM6%2BOQqaVLDiXxcP8bq9i67xQIs7yPoVBqbCQFWgagzrjk6K3Oys%2FBbtFxLlTRJlvI1EGbV2EK%2BVuzURp34q%2FFAkaSdJW9TnnbTRSWgnEK0kpgEKO2Ojr%2F76BwAA%2F%2F8BAAD%2F%2F0CyakWjBAAA
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhSi4eDHMQVHBn%2B8f0%2FDCHxRgTgjEJSSTn6qrqmXJrupqqrunJXAwJSA4eZvEinnrf7GYxhpCc9CKE2XjQBSGjIHtwIX9DICBeZHYHVj%2BH%2Fryu9yl4733qi3W3R3w4unvlEz2SStHluO7X3rkhM65LW7t0vRb4df907YbMmo3TteH8YwbvB35c99%2BtnRdsVS%2BHfuD7gR%2FUzkkjUj1c3mch8wedoN7x642wHsQNDM1%2F%2F63zYKkHPtgjr0Py2f96Pz%2BGZFNk%2FUdnhV0tdP7eR32naKENBnzr02w102WG%2FiFMjYc021pMQ9sZIV8fgc62Fg6gBxtzB0jkjHh%2FBEiyrYVMJIPNA6WJgsiQ8OMoB1MINYWkUzB9B5I%2FIwDjuHQZWf%2FeJW1KevOApXN2Ro69fAFZzsixP08i6z88o%2BSwdk0rV0idWQzTCnI4hexOkbttFCMPstwGK25D8l%2FJ8suLyPobl63SkHz3rZTGadBpJEsxb4mlRrsZLdGW31xqNkSTh502bUVsPyIpp5DpFEqMQe0ROOvBSQ8u9eByD32%2BW6NxJ%2FX9VpqkUdRuMMaiiLG43eQxjxrt1Idjcw9jFPkYTI3BzC3k5hZW5dqMkNsbMO4JbK%2BC5R5sQTDgFUpBUFqCkhKUkqAsCMpBtcmVDW11jyvrkmDRw0WPqokuuut0UxddkZH1fI%2B8Nk%2FPe%2FXzt7EqdmthkIqoE%2FtpIwiFHzZZFKVB0mRCNINIJBRWVpD2CKj1MJIzcio%2BjlzOyP9XniCh27BqG0yeAHVvgpaTVuiD9iaNto9R9kNGC2eo6gmqip7VzjBRZ8ol4LpCXhxDcdNbV3vkjf2Ndr6%2FD8F2Vn55fv7hydFzMFMhNxU%2Bk08Juuru5KouycZVXVry%2BHJeyL4c0fm2rxW0EEfvfyxultrwC2ft%2BNsP2JyYwwfXhS0u0ozLrGvJd2ck58Kc04YJ8uMFe0MkV5ztnXEmc%2FnFKx%2Beu9DPjbBW6mwKKp%2FZL8HkjLwiNvff8amnf0OaKYyr0Hc7ZFGQegqW34LND9VbTWDU4UySeyhdNTFhcnio5IyEL36CEjsra49O%2FM6%2BOQqaVLDiXxcP8bq9i67xQIs7yPoVBqbCQFWgagzrjk6K3Oys%2FBbtFxLlTRJlvI1EGbV2EK%2BVuzURp34q%2FFAkaSdJW9TnnbTRSWgnEK0kpgEKO2Ojr%2F76BwAA%2F%2F8BAAD%2F%2F0CyakWjBAAA HTTP/1.1
Host: moleconcern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=fa5f194b-5d7e-4863-a706-64e6d298a73c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Nov 2022 20:54:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 959c21564148352d3ee4666800d813e5
Strict-Transport-Security: max-age=0; includeSubdomains
ifknittedhurtful.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSwYscxRutzuZ3%2BekhSi4iyhw8KLiz1T09O9PmEIxxJRiTJYnkXF1VvVtudVdT1T09OyCEBCTHCbmIp943myxqkOQqCDKjh7AgZBRlD9mDf4AIgYAnZWYHVr9Df6%2FrfQXvva8%2B2ykPCUXJDtY%2FMgOlNVtpN2njzesqE6ZyjUvXGj5t0jON6ypbDc80%2BrOP7b3j03aTvtX4QPItsxJQn1Kf%2Bo01ZWVi%2BitzFip%2FEPnNiDbDoOm3Q%2FTtf%2F9d6cExD6J3SF6GEtP%2FbT5%2BBMXHyNKH56XbKkz%2B9vtpqVlhLHpi7%2BNsKzNVhvQYJtZDku0tpmHclJDPT8BkewsHML3dmQPEakq833zE2d5CJuLevSOlsYbMEIsXUPXGkHoMxcbg5haUeEIALnDpMrL0%2FiVjK7Z9xLIZOyUnnz%2BDqqbk5NPTyNJvzmnVb1w1uiyUyRz6SQ3VH0NtjJGXExQDD6qagBc3ocRPZOX5RWTp7mWnDZQ4eENG7W6rK%2BkyjWO5HIZRuMx80VkO43YUhLIb%2B357HpFSY6hkDC2HYG4JpfNQKg9l4qHMPaTioMHaUUJpJ4mTVqsbcs5bLc7b3VXRFq2wm1CUfOZhiCIfgushuL2B3N7AlrozJeTmLmz5PdxmDSc8uIKgJ2pUkqByBBUjqBRBVRBUvfqe0C5w9X2hXRn7ix4seqsemWJjh90zxYbMyE5%2BSF6ap%2FfHi99iSx40WJBEEU18GnZW6arPO34kfO4z1mKB5CKAUzWUOwHmPAzUlJx%2B9Xfks5V%2B%2BjdiNoHTE3B1Cqx8DawadQIKtjkKuxSD7EE%2FYVnBBttNblIIUyMvTqLY9nb0IXllriP69U9Ivn920poXuK2R2xqfqB8INvTt0RVTkd0rpnLk0eW8UKkasNmGrxaskEtffSi3K2PFhfNu%2BOW7fEbM4INr0hUXWSZUtuHI1%2BeUENKuGcsl%2Be6Cuy7j9dJtnittVuYX199bu5DmVjqnTDYGU0%2FW74KrKfl%2FtjZ%2Fu68%2FfQxlx7BljbTcJ4uCMhPw%2FAZcfqzeGQKrj2fi3ENV1iMbxMeHWk1J8OxHaLl%2F9s7DU7%2FwL5bA4hpO%2FuviMd5xt7FhPbDiFrK0Rs%2FW6OkaTA%2FhyqVRkdv9sz8vBMTaG8XaeruxtvrOUbxOHTRkO6GJpIGMkyhOOoyKKAmjmEW%2B7MRt5qNwUz64%2B9c%2FAAAA%2F%2F8BAAD%2F%2FxKiQiGXBAAA
200 OK 7 B URL HTTP/1.1 ifknittedhurtful.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSwYscxRutzuZ3%2BekhSi4iyhw8KLiz1T09O9PmEIxxJRiTJYnkXF1VvVtudVdT1T09OyCEBCTHCbmIp943myxqkOQqCDKjh7AgZBRlD9mDf4AIgYAnZWYHVr9Df6%2FrfQXvva8%2B2ykPCUXJDtY%2FMgOlNVtpN2njzesqE6ZyjUvXGj5t0jON6ypbDc80%2BrOP7b3j03aTvtX4QPItsxJQn1Kf%2Bo01ZWVi%2BitzFip%2FEPnNiDbDoOm3Q%2FTtf%2F9d6cExD6J3SF6GEtP%2FbT5%2BBMXHyNKH56XbKkz%2B9vtpqVlhLHpi7%2BNsKzNVhvQYJtZDku0tpmHclJDPT8BkewsHML3dmQPEakq833zE2d5CJuLevSOlsYbMEIsXUPXGkHoMxcbg5haUeEIALnDpMrL0%2FiVjK7Z9xLIZOyUnnz%2BDqqbk5NPTyNJvzmnVb1w1uiyUyRz6SQ3VH0NtjJGXExQDD6qagBc3ocRPZOX5RWTp7mWnDZQ4eENG7W6rK%2BkyjWO5HIZRuMx80VkO43YUhLIb%2B357HpFSY6hkDC2HYG4JpfNQKg9l4qHMPaTioMHaUUJpJ4mTVqsbcs5bLc7b3VXRFq2wm1CUfOZhiCIfgushuL2B3N7AlrozJeTmLmz5PdxmDSc8uIKgJ2pUkqByBBUjqBRBVRBUvfqe0C5w9X2hXRn7ix4seqsemWJjh90zxYbMyE5%2BSF6ap%2FfHi99iSx40WJBEEU18GnZW6arPO34kfO4z1mKB5CKAUzWUOwHmPAzUlJx%2B9Xfks5V%2B%2BjdiNoHTE3B1Cqx8DawadQIKtjkKuxSD7EE%2FYVnBBttNblIIUyMvTqLY9nb0IXllriP69U9Ivn920poXuK2R2xqfqB8INvTt0RVTkd0rpnLk0eW8UKkasNmGrxaskEtffSi3K2PFhfNu%2BOW7fEbM4INr0hUXWSZUtuHI1%2BeUENKuGcsl%2Be6Cuy7j9dJtnittVuYX199bu5DmVjqnTDYGU0%2FW74KrKfl%2FtjZ%2Fu68%2FfQxlx7BljbTcJ4uCMhPw%2FAZcfqzeGQKrj2fi3ENV1iMbxMeHWk1J8OxHaLl%2F9s7DU7%2FwL5bA4hpO%2FuviMd5xt7FhPbDiFrK0Rs%2FW6OkaTA%2FhyqVRkdv9sz8vBMTaG8XaeruxtvrOUbxOHTRkO6GJpIGMkyhOOoyKKAmjmEW%2B7MRt5qNwUz64%2B9c%2FAAAA%2F%2F8BAAD%2F%2FxKiQiGXBAAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSwYscxRutzuZ3%2BekhSi4iyhw8KLiz1T09O9PmEIxxJRiTJYnkXF1VvVtudVdT1T09OyCEBCTHCbmIp943myxqkOQqCDKjh7AgZBRlD9mDf4AIgYAnZWYHVr9Df6%2FrfQXvva8%2B2ykPCUXJDtY%2FMgOlNVtpN2njzesqE6ZyjUvXGj5t0jON6ypbDc80%2BrOP7b3j03aTvtX4QPItsxJQn1Kf%2Bo01ZWVi%2BitzFip%2FEPnNiDbDoOm3Q%2FTtf%2F9d6cExD6J3SF6GEtP%2FbT5%2BBMXHyNKH56XbKkz%2B9vtpqVlhLHpi7%2BNsKzNVhvQYJtZDku0tpmHclJDPT8BkewsHML3dmQPEakq833zE2d5CJuLevSOlsYbMEIsXUPXGkHoMxcbg5haUeEIALnDpMrL0%2FiVjK7Z9xLIZOyUnnz%2BDqqbk5NPTyNJvzmnVb1w1uiyUyRz6SQ3VH0NtjJGXExQDD6qagBc3ocRPZOX5RWTp7mWnDZQ4eENG7W6rK%2BkyjWO5HIZRuMx80VkO43YUhLIb%2B357HpFSY6hkDC2HYG4JpfNQKg9l4qHMPaTioMHaUUJpJ4mTVqsbcs5bLc7b3VXRFq2wm1CUfOZhiCIfgushuL2B3N7AlrozJeTmLmz5PdxmDSc8uIKgJ2pUkqByBBUjqBRBVRBUvfqe0C5w9X2hXRn7ix4seqsemWJjh90zxYbMyE5%2BSF6ap%2FfHi99iSx40WJBEEU18GnZW6arPO34kfO4z1mKB5CKAUzWUOwHmPAzUlJx%2B9Xfks5V%2B%2BjdiNoHTE3B1Cqx8DawadQIKtjkKuxSD7EE%2FYVnBBttNblIIUyMvTqLY9nb0IXllriP69U9Ivn920poXuK2R2xqfqB8INvTt0RVTkd0rpnLk0eW8UKkasNmGrxaskEtffSi3K2PFhfNu%2BOW7fEbM4INr0hUXWSZUtuHI1%2BeUENKuGcsl%2Be6Cuy7j9dJtnittVuYX199bu5DmVjqnTDYGU0%2FW74KrKfl%2FtjZ%2Fu68%2FfQxlx7BljbTcJ4uCMhPw%2FAZcfqzeGQKrj2fi3ENV1iMbxMeHWk1J8OxHaLl%2F9s7DU7%2FwL5bA4hpO%2FuviMd5xt7FhPbDiFrK0Rs%2FW6OkaTA%2FhyqVRkdv9sz8vBMTaG8XaeruxtvrOUbxOHTRkO6GJpIGMkyhOOoyKKAmjmEW%2B7MRt5qNwUz64%2B9c%2FAAAA%2F%2F8BAAD%2F%2FxKiQiGXBAAA HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=e95838e0-0bbe-4494-a1d7-4b5924e8b115:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3790576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a84034b26afd5963e88541f13f6c1d9
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 14bb1a68029a02fba011db85d5499d96
50c731767d2de8a7eec8d5e2b2386683b3ad814d
1de79f89077c18af57451469d25c3eb4072371ecf87abf8ae7e9e7987b0ac19b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1DE79F89077C18AF57451469D25C3EB4072371ECF87ABF8AE7E9E7987B0AC19B"
Last-Modified: Sun, 20 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3499
Expires: Sun, 20 Nov 2022 21:52:36 GMT
Date: Sun, 20 Nov 2022 20:54:17 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 14bb1a68029a02fba011db85d5499d96
50c731767d2de8a7eec8d5e2b2386683b3ad814d
1de79f89077c18af57451469d25c3eb4072371ecf87abf8ae7e9e7987b0ac19b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1DE79F89077C18AF57451469D25C3EB4072371ECF87ABF8AE7E9E7987B0AC19B"
Last-Modified: Sun, 20 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3499
Expires: Sun, 20 Nov 2022 21:52:36 GMT
Date: Sun, 20 Nov 2022 20:54:17 GMT
Connection: keep-alive
grewquartersupporting.com/pixel/purst?dl=0&th=0&sc=0&rs=3505&rd=3505&fd=829&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 grewquartersupporting.com/pixel/purst?dl=0&th=0&sc=0&rs=3505&rd=3505&fd=829&bv=22.10.v.10&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3505&rd=3505&fd=829&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: grewquartersupporting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Nov 2022 20:54:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5d%2F1e%2F66%2F5d1e6654b79f5bf053b789353432e45e%2F1613739250.html&l=1274&fd=119
200 OK 0 B URL HTTP/1.1 ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5d%2F1e%2F66%2F5d1e6654b79f5bf053b789353432e45e%2F1613739250.html&l=1274&fd=119
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5d%2F1e%2F66%2F5d1e6654b79f5bf053b789353432e45e%2F1613739250.html&l=1274&fd=119 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=e95838e0-0bbe-4494-a1d7-4b5924e8b115:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3790576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.barscreative1.com/sb/au/5d/1e/66/5d1e6654b79f5bf053b789353432e45e/1613739250.html
200 OK 7.2 kB URL HTTP/2 cdn.barscreative1.com/sb/au/5d/1e/66/5d1e6654b79f5bf053b789353432e45e/1613739250.html
IP
ASN #39572 DataWeb Global Group B.V.
Hash b721609cc4e158dac29a03420d40f56a
550d045ef16c4585cb533b6236de033230458780
e73fbb3deb8e609197297191e1407b0f5c11ea1e305856116a50edae93d62acf
GET /sb/au/5d/1e/66/5d1e6654b79f5bf053b789353432e45e/1613739250.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:17 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 12:54:16 GMT
etag: W/"602fb4f8-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 20 Nov 2022 21:54:17 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dc39092f52fd18aa2eea19acae5c731d
6a015c91a9cdeae701d95b66c59f80e88623e0d4
2618bb65763cba890bbfbb4992a2b59070ade16b266e94e8754cdbeaea9d0f0c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2618BB65763CBA890BBFBB4992A2B59070ADE16B266E94E8754CDBEAEA9D0F0C"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5363
Expires: Sun, 20 Nov 2022 22:23:41 GMT
Date: Sun, 20 Nov 2022 20:54:18 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/ef/7e/93/ef7e93747bd8db4922aff48b863977f8/1664559104.jpg
200 OK 8.8 kB URL HTTP/2 cdn.cloudimagesb.com/si/ef/7e/93/ef7e93747bd8db4922aff48b863977f8/1664559104.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 9217446f102ee8d7c0192592375901d9
88547095b7ec7ac51ae73585d8d5b48a6a047892
6c4d0b848d8e9d8d8ac34c67d1dcad3f5c10126ace2564445332d90860e5b836
GET /si/ef/7e/93/ef7e93747bd8db4922aff48b863977f8/1664559104.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:18 GMT
content-type: image/jpeg
content-length: 8813
server: nginx/1.17.6
last-modified: Fri, 30 Sep 2022 17:31:53 GMT
etag: "63372809-226d"
expires: Tue, 22 Nov 2022 20:54:18 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=89
200 OK 0 B URL HTTP/1.1 ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=89
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=89 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=e95838e0-0bbe-4494-a1d7-4b5924e8b115:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3790576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.cloudimagesb.com/si/bc/04/1f/bc041f6fd4648fb7efa92f16bf2fc619/1660744996.jpg
200 OK 14 kB URL HTTP/2 cdn.cloudimagesb.com/si/bc/04/1f/bc041f6fd4648fb7efa92f16bf2fc619/1660744996.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 1480461577f3da2b2f728ba77da5a38b
9d93993c12a17a1ecfed4eb8fde8d3eaf6d06ff1
88df8286a549e418d17f838f5363c87ffa4efa4c56657626068e82ca7241019a
GET /si/bc/04/1f/bc041f6fd4648fb7efa92f16bf2fc619/1660744996.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:18 GMT
content-type: image/jpeg
content-length: 14280
server: nginx/1.17.6
last-modified: Wed, 17 Aug 2022 14:03:25 GMT
etag: "62fcf52d-37c8"
expires: Tue, 22 Nov 2022 20:54:18 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/img/close.svg
200 OK 585 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/img/close.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash bce897c680cae17c899994ba9f1a68da
698c9fbcd96ab6e61b7bb9b6039eb439a24839fd
8313e273fc788c1d37c114316ecf3b22cc7cd3c65c8585acc9c6b3595dd06734
GET /sb/ssp/utility/social-media/whatsapp/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:18 GMT
content-type: image/svg+xml
last-modified: Thu, 11 Feb 2021 15:19:43 GMT
etag: W/"60254b0f-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 457354
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8pVzyLmW9QElIXSkK5db%2FNoGlGzu1SPycK%2Bt7EfWE07JR0Y2XkToJ0P84MxTe813e%2BTSktnlEVXwQQue3988msTALYbKFvmi54Ljz5MFs9vYMdSzgFJig2tzR9nBX55Wy%2B13I2Os6gHZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d4147a8f0c7780-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fanimate.css&l=79245&fd=124
200 OK 0 B URL HTTP/1.1 ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fanimate.css&l=79245&fd=124
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fanimate.css&l=79245&fd=124 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=e95838e0-0bbe-4494-a1d7-4b5924e8b115:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3790576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fstyle.css&l=6334&fd=124
200 OK 660 B URL HTTP/1.1 ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fstyle.css&l=6334&fd=124
IP
ASN #39572 DataWeb Global Group B.V.
File type gzip compressed data, max compression\012- data
Hash 5860c780c8e9daa4f852038f02b5bdc2
c75c8b4db36bffe075ce493f06d011f855d5541a
f11b9f8e851e15c0c6abd53a9994c6dcef78ceeebd0f0b8bbde610fec8332c85
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Fwhatsapp%2Fcss%2Fstyle.css&l=6334&fd=124 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=e95838e0-0bbe-4494-a1d7-4b5924e8b115:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3790576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/css/animate.css
200 OK 5.9 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/css/animate.css
IP
Hash b60f0ea20e95712afff76131c3030085
c696e579ddaa55aeb5815222f24f4230d21fdf71
13ff74312cd3ed870712c8f1f38a7a2f4b70534f106b3b927827bcc4e9d0edbc
GET /sb/ssp/utility/social-media/whatsapp/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:17 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 457230
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjmvd0DVPOPMMelj%2BsW69%2FtZ43bjZaoy3rpQsCyvEf9QC2S43ODjNPGp4BWLydAhkdemSNV7o%2FVHrekfEgMkpTgskzGmUvoCzaLX%2BGdHXhwWpTpodLryku73GgwHQLsHCtblpU6PaOv6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d4147a5ea07780-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=43
200 OK 0 B URL HTTP/1.1 ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=43
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=43 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=e95838e0-0bbe-4494-a1d7-4b5924e8b115:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3790576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
friendshipmale.com/sfp.js
200 OK 27 kB URL HTTP/2 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 249d5bb8f8d5fd948efc1354d88c6817
7c912d3b06643207404fedefff09fafa13366c0d
f3bfe89639b988ecb00f0cfee2f14749541d67e96bd6b6308d6e934031db1352
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:16 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: efbc207e4450d29b31c09c0c39a4ced7
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 20 Nov 2022 20:54:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pv5QHGEV1Yug2%2FaQsGU2AYBwB%2BWSedAg%2FlrxtGlNnshM4X5ZCoMekmgEPfxLmV3%2Bkvqh%2BCx4c2Yr50gDLQdN6HPhUZHzlVIcGsJpQdFIa1tjZmMzvpWlKY6i54iu68PjRiTwRpw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d414712ee971c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
moleconcern.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 moleconcern.com/pixel/sbs?c=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: moleconcern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=fa5f194b-5d7e-4863-a706-64e6d298a73c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Nov 2022 20:54:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
moleconcern.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhSi4eDHMQVHBn%2B9f8MofFGBOCMQlJJOfqquqZcmu6mqqu6clcDAlIDh5m8SKeet%2FsZjGGkJz0IoTZeNAFIaMge3Ahf0MgIF5kdgdWP4f%2BvK73KXjvfeqLdbdHfDi6e%2BUTPZJK0eVG3a%2B9c0NmXJe2dul6LfDr%2FunaDZk149O14fxjBu8HfqPuv1s7L9iqXg79wPcDP6idk0akeri8z0LmDzpBvePX47AeNGIMzX%2F%2FrfNgqQc%2B2COvQ%2FLZ%2F3o%2FP4ZkU2T9R2eFXS10%2Ft5HfadooQ0GfOvTbDXTZYb%2BIUyNhzTbWkxD2xkhXx%2BBzrYWDqAHG3MHSOSMeH8ESLKthUwkg80DpYmCyJDw4ygHUwg1haRTMH0Hkj8jAOO4dBlZ%2F94lbUp684Clc3ZGjr18AVnOyLE%2FTyLrPzyj5LB2TStXSJ1ZDNMKcjiF7E6Ru20UIw%2By3AYrbkPyX8nyy4vI%2BhuXrdKQfPetlDbSoBMnSw3eEktxuxkt0ZbfXGrGosnDTpu2IrYfkZRTyHQKJcag9gic9eCkB5d6cLmHPt%2Bt0UYn9f1WmqRR1I4ZY1HEWKPd5A0exe3Uh2NzD2MU%2BRhMjcHMLeTmFlbl2oyQ2xsw7glsr4LlHmxBMOAVSkFQWoKSEpSSoCwIykG1yZUNbXWPK%2BuSYNHDRY%2BqiS6663RTF12RkfV8j7w2T8979fO3sSp2a2GQiqjT8NM4CIUfNlkUpUHSZEI0g0gkFFZWkPYIqPUwkjNyqnEcuZyR%2F688QUK3YdU2mDwB6t4ELSet0AftTeK2j1H2Q0YLZ6jqCaqKntXOMFFnyiXgukJeHENx01tXe%2BSN%2FY12vr8PwXZWfnl%2B%2FuHJ0XMwUyE3FT6TTwm66u7kqi7JxlVdWvL4cl7IvhzR%2BbavFbQQR%2B9%2FLG6W2vALZ%2B342w%2FYnJjDB9eFLS7SjMusa8l3ZyTnwpzThgny4wV7QyRXnO2dcSZz%2BcUrH5670M%2BNsFbqbAoqn9kvweSMvCI299%2Fxqad%2FQ5opjKvQdztkUZB6Cpbfgs0P1VtNYNThTJJ7KF01MWFyeKjkjIQvfoISOytrj078zr45CppUsOJfFw%2Fxur2LrvFAizvI%2BhUGpsJAVaBqDOuOTorc7Kz8Fu0XEuVNEmW8jUQZtXYQr5W7tUYQi3bSbjHOE8F40AqjduT7IedxqyOCDgo7Y6Ov%2FvoHAAD%2F%2FwEAAP%2F%2FVLrko6MEAAA%3D
200 OK 32 kB URL HTTP/1.1 moleconcern.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhSi4eDHMQVHBn%2B9f8MofFGBOCMQlJJOfqquqZcmu6mqqu6clcDAlIDh5m8SKeet%2FsZjGGkJz0IoTZeNAFIaMge3Ahf0MgIF5kdgdWP4f%2BvK73KXjvfeqLdbdHfDi6e%2BUTPZJK0eVG3a%2B9c0NmXJe2dul6LfDr%2FunaDZk149O14fxjBu8HfqPuv1s7L9iqXg79wPcDP6idk0akeri8z0LmDzpBvePX47AeNGIMzX%2F%2FrfNgqQc%2B2COvQ%2FLZ%2F3o%2FP4ZkU2T9R2eFXS10%2Ft5HfadooQ0GfOvTbDXTZYb%2BIUyNhzTbWkxD2xkhXx%2BBzrYWDqAHG3MHSOSMeH8ESLKthUwkg80DpYmCyJDw4ygHUwg1haRTMH0Hkj8jAOO4dBlZ%2F94lbUp684Clc3ZGjr18AVnOyLE%2FTyLrPzyj5LB2TStXSJ1ZDNMKcjiF7E6Ru20UIw%2By3AYrbkPyX8nyy4vI%2BhuXrdKQfPetlDbSoBMnSw3eEktxuxkt0ZbfXGrGosnDTpu2IrYfkZRTyHQKJcag9gic9eCkB5d6cLmHPt%2Bt0UYn9f1WmqRR1I4ZY1HEWKPd5A0exe3Uh2NzD2MU%2BRhMjcHMLeTmFlbl2oyQ2xsw7glsr4LlHmxBMOAVSkFQWoKSEpSSoCwIykG1yZUNbXWPK%2BuSYNHDRY%2BqiS6663RTF12RkfV8j7w2T8979fO3sSp2a2GQiqjT8NM4CIUfNlkUpUHSZEI0g0gkFFZWkPYIqPUwkjNyqnEcuZyR%2F688QUK3YdU2mDwB6t4ELSet0AftTeK2j1H2Q0YLZ6jqCaqKntXOMFFnyiXgukJeHENx01tXe%2BSN%2FY12vr8PwXZWfnl%2B%2FuHJ0XMwUyE3FT6TTwm66u7kqi7JxlVdWvL4cl7IvhzR%2BbavFbQQR%2B9%2FLG6W2vALZ%2B342w%2FYnJjDB9eFLS7SjMusa8l3ZyTnwpzThgny4wV7QyRXnO2dcSZz%2BcUrH5670M%2BNsFbqbAoqn9kvweSMvCI299%2Fxqad%2FQ5opjKvQdztkUZB6Cpbfgs0P1VtNYNThTJJ7KF01MWFyeKjkjIQvfoISOytrj078zr45CppUsOJfFw%2Fxur2LrvFAizvI%2BhUGpsJAVaBqDOuOTorc7Kz8Fu0XEuVNEmW8jUQZtXYQr5W7tUYQi3bSbjHOE8F40AqjduT7IedxqyOCDgo7Y6Ov%2FvoHAAD%2F%2FwEAAP%2F%2FVLrko6MEAAA%3D
IP
Hash ee2fe3a47dba4f9242ac403667d51f74
239a24d94ee2e35abbb54dfced12801d21947305
252bab508fef26c0147e0695be846a500545655947980828e3c3e4f6e9cc8e1a
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvKFLwYhSi4eDHMQVHBn%2B9f8MofFGBOCMQlJJOfqquqZcmu6mqqu6clcDAlIDh5m8SKeet%2FsZjGGkJz0IoTZeNAFIaMge3Ahf0MgIF5kdgdWP4f%2BvK73KXjvfeqLdbdHfDi6e%2BUTPZJK0eVG3a%2B9c0NmXJe2dul6LfDr%2FunaDZk149O14fxjBu8HfqPuv1s7L9iqXg79wPcDP6idk0akeri8z0LmDzpBvePX47AeNGIMzX%2F%2FrfNgqQc%2B2COvQ%2FLZ%2F3o%2FP4ZkU2T9R2eFXS10%2Ft5HfadooQ0GfOvTbDXTZYb%2BIUyNhzTbWkxD2xkhXx%2BBzrYWDqAHG3MHSOSMeH8ESLKthUwkg80DpYmCyJDw4ygHUwg1haRTMH0Hkj8jAOO4dBlZ%2F94lbUp684Clc3ZGjr18AVnOyLE%2FTyLrPzyj5LB2TStXSJ1ZDNMKcjiF7E6Ru20UIw%2By3AYrbkPyX8nyy4vI%2BhuXrdKQfPetlDbSoBMnSw3eEktxuxkt0ZbfXGrGosnDTpu2IrYfkZRTyHQKJcag9gic9eCkB5d6cLmHPt%2Bt0UYn9f1WmqRR1I4ZY1HEWKPd5A0exe3Uh2NzD2MU%2BRhMjcHMLeTmFlbl2oyQ2xsw7glsr4LlHmxBMOAVSkFQWoKSEpSSoCwIykG1yZUNbXWPK%2BuSYNHDRY%2BqiS6663RTF12RkfV8j7w2T8979fO3sSp2a2GQiqjT8NM4CIUfNlkUpUHSZEI0g0gkFFZWkPYIqPUwkjNyqnEcuZyR%2F688QUK3YdU2mDwB6t4ELSet0AftTeK2j1H2Q0YLZ6jqCaqKntXOMFFnyiXgukJeHENx01tXe%2BSN%2FY12vr8PwXZWfnl%2B%2FuHJ0XMwUyE3FT6TTwm66u7kqi7JxlVdWvL4cl7IvhzR%2BbavFbQQR%2B9%2FLG6W2vALZ%2B342w%2FYnJjDB9eFLS7SjMusa8l3ZyTnwpzThgny4wV7QyRXnO2dcSZz%2BcUrH5670M%2BNsFbqbAoqn9kvweSMvCI299%2Fxqad%2FQ5opjKvQdztkUZB6Cpbfgs0P1VtNYNThTJJ7KF01MWFyeKjkjIQvfoISOytrj078zr45CppUsOJfFw%2Fxur2LrvFAizvI%2BhUGpsJAVaBqDOuOTorc7Kz8Fu0XEuVNEmW8jUQZtXYQr5W7tUYQi3bSbjHOE8F40AqjduT7IedxqyOCDgo7Y6Ov%2FvoHAAD%2F%2FwEAAP%2F%2FVLrko6MEAAA%3D HTTP/1.1
Host: moleconcern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=fa5f194b-5d7e-4863-a706-64e6d298a73c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Nov 2022 20:54:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 98bced78ff3ceb282c98392cebef70ee
Strict-Transport-Security: max-age=0; includeSubdomains
mc.yandex.ru/metrika/advert.gif
200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 20 Nov 2022 20:54:18 GMT
access-control-allow-origin: *
etag: "63776891-2b"
expires: Sun, 20 Nov 2022 21:54:18 GMT
accept-ranges: bytes
last-modified: Fri, 18 Nov 2022 14:12:17 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/?rwlrd=961956
200 OK 112 kB URL HTTP/2 d192r5l88wrng7.cloudfront.net/?rwlrd=961956
IP
File type Unicode text, UTF-8 text, with very long lines (15952)
Size 112 kB (111961 bytes)
Hash a76a6bebc5fbbdfdcf5702aa47ad9368
e2652dfaa9aafee294a6c58f01e179048d2612c1
93dbf01981351141f4056c180a047463bad14d8913070a54d77015b601a44df4
GET /?rwlrd=961956 HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 111961
date: Sun, 20 Nov 2022 20:53:19 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8DQ01wbUmmoWGdFS3_8eCb-wtR9DQpijw97s3jdaMYNcWniyiim5xw==
age: 59
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d5ccc6ed714b650846fefb0a8e24ca22
30521fa613dcb97b95ad3baab58c4446482d5061
ef46e9367b670662ae596685c5f27da1bf065e714ef2e86c65d5267a188d08d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=2019482794.1668977656&jid=1403835409&gjid=726353007&_gid=680358362.1668977656&_u=YGBAiEABBAAAAEAAI~&z=1067561984
200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=2019482794.1668977656&jid=1403835409&gjid=726353007&_gid=680358362.1668977656&_u=YGBAiEABBAAAAEAAI~&z=1067561984
IP
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=2019482794.1668977656&jid=1403835409&gjid=726353007&_gid=680358362.1668977656&_u=YGBAiEABBAAAAEAAI~&z=1067561984 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 20 Nov 2022 20:54:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ifknittedhurtful.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSwYscxReuzuZ3%2BekhSi4iyhw8KLiz3T09O9PmEIxxJRizSxLZc3VV9Wy51V1NVff07ICwJCA5zpKLeOr9ZjeLukhyFQSZ0UNYEDKKsofswT9AhEDAkzKzA6vvUO9Vfa%2Fg%2B773PtstToiLgh6vfaT7Uim61Ky7tTfXZcp1aWs3btc8t%2B5eqq3LdDm4VOtND9N9x3Obdfet2geCbeol3%2FVc13O92oo0Ita9pRkKmR2GXj1064Ff95oBeua%2Fd1s4sNQB756QlyH55H8bjx9BshHS5OFVYTdznb39flIommuDLj%2F4ON1MdZkiOStj4yBOD%2Bbd0HZCyOfnoNODuQLo7t5UASI5Ic5vHqL0YE4TUXf%2FlGmkIFJE%2FAWU3RGEGkHSEZi%2BC8mfEIBx3FhFmjy4oU1Jt05ROkUn5PzzZ5DlhJx%2FehFp8s0VJXu1W1oVudSpRS%2BuIHsjyM4IWTFG3ncgyzFYfgeS%2F0SWnl9HmuytWqUh%2BfEbImy2G23hLrpRJBaDIAwWqcdbi0HUDP1AtCPPa84sknIEGY%2BgxADULqCwDgrpoIgdFJmDhB%2FXaDOMXbcVR3Gj0Q4YY40GY832Mm%2FyRtCOXRRsqmGAPBuAqQGY2UZmtrEpdyaE3NmDKb6H3ahguQObE3R5hVIQlJagpASlJChzgrJb7XNlfVs94MoWkTfP%2Fjw3qqHOO7t0X%2BcdkZLd7IS8NHPvjxe%2FxaY4rlE%2FDkM39tygtewue6zlhdxjHqUN6gvGfVhZQdpzoNZBX07IxVd%2FRzYd6ad%2FI6JjWDUGkxdAi9dAy2HLd0E3hkHbRT897MU0zWl%2Fq850Aq4rZPl55FvOrjohr8x4hL%2F%2BCcGOLo8bswAzFTJT4RP5A0FH3Rve1CXZu6lLSx6tZrlMZJ9OJ3wrp7lY%2BOpDsVVqw69dtYMv32VTYFoe3hY2v05TLtOOJV9fkZwLs6INE%2BS7a3ZdRGuF3bhSmLTIrq%2B9t3ItyYywVup0BCqfrN0HkxPy%2F3RltruvP30MaUYwRYWkOCLzgNRjsGwbNjtjbzWBUWc9UeagLKqh8aOzRyUnxH%2F2I5Q4urzz8MIv7IsF0KiCFf%2F6eFbv2nvoGAc0v4s0qdA1FbqqAlUD2GJhmGfm6PLPcwKRcoaRMs5epIzaObXXyuNa05vucLvFOI8E417Lb7QbrutzHrRC4YXI7YT17%2F%2F1DwAAAP%2F%2FAQAA%2F%2F8GqszHlwQAAA%3D%3D
200 OK 7 B URL HTTP/1.1 ifknittedhurtful.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSwYscxReuzuZ3%2BekhSi4iyhw8KLiz3T09O9PmEIxxJRizSxLZc3VV9Wy51V1NVff07ICwJCA5zpKLeOr9ZjeLukhyFQSZ0UNYEDKKsofswT9AhEDAkzKzA6vvUO9Vfa%2Fg%2B773PtstToiLgh6vfaT7Uim61Ky7tTfXZcp1aWs3btc8t%2B5eqq3LdDm4VOtND9N9x3Obdfet2geCbeol3%2FVc13O92oo0Ita9pRkKmR2GXj1064Ff95oBeua%2Fd1s4sNQB756QlyH55H8bjx9BshHS5OFVYTdznb39flIommuDLj%2F4ON1MdZkiOStj4yBOD%2Bbd0HZCyOfnoNODuQLo7t5UASI5Ic5vHqL0YE4TUXf%2FlGmkIFJE%2FAWU3RGEGkHSEZi%2BC8mfEIBx3FhFmjy4oU1Jt05ROkUn5PzzZ5DlhJx%2FehFp8s0VJXu1W1oVudSpRS%2BuIHsjyM4IWTFG3ncgyzFYfgeS%2F0SWnl9HmuytWqUh%2BfEbImy2G23hLrpRJBaDIAwWqcdbi0HUDP1AtCPPa84sknIEGY%2BgxADULqCwDgrpoIgdFJmDhB%2FXaDOMXbcVR3Gj0Q4YY40GY832Mm%2FyRtCOXRRsqmGAPBuAqQGY2UZmtrEpdyaE3NmDKb6H3ahguQObE3R5hVIQlJagpASlJChzgrJb7XNlfVs94MoWkTfP%2Fjw3qqHOO7t0X%2BcdkZLd7IS8NHPvjxe%2FxaY4rlE%2FDkM39tygtewue6zlhdxjHqUN6gvGfVhZQdpzoNZBX07IxVd%2FRzYd6ad%2FI6JjWDUGkxdAi9dAy2HLd0E3hkHbRT897MU0zWl%2Fq850Aq4rZPl55FvOrjohr8x4hL%2F%2BCcGOLo8bswAzFTJT4RP5A0FH3Rve1CXZu6lLSx6tZrlMZJ9OJ3wrp7lY%2BOpDsVVqw69dtYMv32VTYFoe3hY2v05TLtOOJV9fkZwLs6INE%2BS7a3ZdRGuF3bhSmLTIrq%2B9t3ItyYywVup0BCqfrN0HkxPy%2F3RltruvP30MaUYwRYWkOCLzgNRjsGwbNjtjbzWBUWc9UeagLKqh8aOzRyUnxH%2F2I5Q4urzz8MIv7IsF0KiCFf%2F6eFbv2nvoGAc0v4s0qdA1FbqqAlUD2GJhmGfm6PLPcwKRcoaRMs5epIzaObXXyuNa05vucLvFOI8E417Lb7QbrutzHrRC4YXI7YT17%2F%2F1DwAAAP%2F%2FAQAA%2F%2F8GqszHlwQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSwYscxReuzuZ3%2BekhSi4iyhw8KLiz3T09O9PmEIxxJRizSxLZc3VV9Wy51V1NVff07ICwJCA5zpKLeOr9ZjeLukhyFQSZ0UNYEDKKsofswT9AhEDAkzKzA6vvUO9Vfa%2Fg%2B773PtstToiLgh6vfaT7Uim61Ky7tTfXZcp1aWs3btc8t%2B5eqq3LdDm4VOtND9N9x3Obdfet2geCbeol3%2FVc13O92oo0Ita9pRkKmR2GXj1064Ff95oBeua%2Fd1s4sNQB756QlyH55H8bjx9BshHS5OFVYTdznb39flIommuDLj%2F4ON1MdZkiOStj4yBOD%2Bbd0HZCyOfnoNODuQLo7t5UASI5Ic5vHqL0YE4TUXf%2FlGmkIFJE%2FAWU3RGEGkHSEZi%2BC8mfEIBx3FhFmjy4oU1Jt05ROkUn5PzzZ5DlhJx%2FehFp8s0VJXu1W1oVudSpRS%2BuIHsjyM4IWTFG3ncgyzFYfgeS%2F0SWnl9HmuytWqUh%2BfEbImy2G23hLrpRJBaDIAwWqcdbi0HUDP1AtCPPa84sknIEGY%2BgxADULqCwDgrpoIgdFJmDhB%2FXaDOMXbcVR3Gj0Q4YY40GY832Mm%2FyRtCOXRRsqmGAPBuAqQGY2UZmtrEpdyaE3NmDKb6H3ahguQObE3R5hVIQlJagpASlJChzgrJb7XNlfVs94MoWkTfP%2Fjw3qqHOO7t0X%2BcdkZLd7IS8NHPvjxe%2FxaY4rlE%2FDkM39tygtewue6zlhdxjHqUN6gvGfVhZQdpzoNZBX07IxVd%2FRzYd6ad%2FI6JjWDUGkxdAi9dAy2HLd0E3hkHbRT897MU0zWl%2Fq850Aq4rZPl55FvOrjohr8x4hL%2F%2BCcGOLo8bswAzFTJT4RP5A0FH3Rve1CXZu6lLSx6tZrlMZJ9OJ3wrp7lY%2BOpDsVVqw69dtYMv32VTYFoe3hY2v05TLtOOJV9fkZwLs6INE%2BS7a3ZdRGuF3bhSmLTIrq%2B9t3ItyYywVup0BCqfrN0HkxPy%2F3RltruvP30MaUYwRYWkOCLzgNRjsGwbNjtjbzWBUWc9UeagLKqh8aOzRyUnxH%2F2I5Q4urzz8MIv7IsF0KiCFf%2F6eFbv2nvoGAc0v4s0qdA1FbqqAlUD2GJhmGfm6PLPcwKRcoaRMs5epIzaObXXyuNa05vucLvFOI8E417Lb7QbrutzHrRC4YXI7YT17%2F%2F1DwAAAP%2F%2FAQAA%2F%2F8GqszHlwQAAA%3D%3D HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=e95838e0-0bbe-4494-a1d7-4b5924e8b115:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3790576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 54346d10a7a22637c921e482639f83ff
Strict-Transport-Security: max-age=0; includeSubdomains
ifknittedhurtful.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 ifknittedhurtful.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=e95838e0-0bbe-4494-a1d7-4b5924e8b115:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3790576]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 20 Nov 2022 20:54:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d5ccc6ed714b650846fefb0a8e24ca22
30521fa613dcb97b95ad3baab58c4446482d5061
ef46e9367b670662ae596685c5f27da1bf065e714ef2e86c65d5267a188d08d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/6d4ciwz8i6A
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6d4ciwz8i6A
IP
Hash aa9101f284523747b0142cf1f6a60440
d83053a5538153f27991608c0af49dfb6992c605
82e7d0766326ce37c34adc530e8f6d5b6a326623e8643b3105bab6689b010d9a
POST /s/gts1p5/6d4ciwz8i6A HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205418%3Aet%3A1668977659%3Ac%3A1%3Arn%3A759799924%3Arqn%3A9%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668977653884%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668977659&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205418%3Aet%3A1668977659%3Ac%3A1%3Arn%3A759799924%3Arqn%3A9%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668977653884%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668977659&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205418%3Aet%3A1668977659%3Ac%3A1%3Arn%3A759799924%3Arqn%3A9%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668977653884%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668977659&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 20 Nov 2022 20:54:18 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:18 GMT
last-modified: Sun, 20-Nov-2022 20:54:18 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205418%3Aet%3A1668977659%3Ac%3A1%3Arn%3A280847658%3Arqn%3A8%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668977653884%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977659%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205418%3Aet%3A1668977659%3Ac%3A1%3Arn%3A280847658%3Arqn%3A8%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668977653884%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977659%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205418%3Aet%3A1668977659%3Ac%3A1%3Arn%3A280847658%3Arqn%3A8%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668977653884%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977659%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 20 Nov 2022 20:54:18 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:18 GMT
last-modified: Sun, 20-Nov-2022 20:54:18 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ladiathdefinishe.com/OGVNYWVZBy4MWllYL0cQSglwRFd+QH8nAQlcfxNQVF11FhdWAnpPBlQKOAUDSgojFUtWADlEV34RHxsjCzYLMA5gDSYUBEIrFCRWbhEuMCd3AxorDW8SHA8qUgYALyZbDQUMKFkoGSQKegkIWSlRKAAzVwxRBw1daQEVKAxgHR9QP28jHCQcSBUuGQZ8KgkSFnwkBAwoey8VKQxhHQQZBnsuGgoUYAJ9CSp7ERw0C1c2LglccAcaO1Z/NAwJKlErKCAhTB0pMCBiNQUnVHkwF1UAVgYYMyRIHSkwIHksGREdejMHViNVLAkzH3oMLhk3fSYjJ1R5NGA0QAonLjk3TzcjCQ1ZNAsEB28/fjcNcRcdGAJtNxxUCFwSDykAfzN+ICNyUxciI2EnHlEccyAhMgBQL38gMHIIFyYjfTYjCkNSFiIPFQUmIhQ8agg0BAoP
200 OK 1.2 kB URL HTTP/2 ladiathdefinishe.com/OGVNYWVZBy4MWllYL0cQSglwRFd+QH8nAQlcfxNQVF11FhdWAnpPBlQKOAUDSgojFUtWADlEV34RHxsjCzYLMA5gDSYUBEIrFCRWbhEuMCd3AxorDW8SHA8qUgYALyZbDQUMKFkoGSQKegkIWSlRKAAzVwxRBw1daQEVKAxgHR9QP28jHCQcSBUuGQZ8KgkSFnwkBAwoey8VKQxhHQQZBnsuGgoUYAJ9CSp7ERw0C1c2LglccAcaO1Z/NAwJKlErKCAhTB0pMCBiNQUnVHkwF1UAVgYYMyRIHSkwIHksGREdejMHViNVLAkzH3oMLhk3fSYjJ1R5NGA0QAonLjk3TzcjCQ1ZNAsEB28/fjcNcRcdGAJtNxxUCFwSDykAfzN+ICNyUxciI2EnHlEccyAhMgBQL38gMHIIFyYjfTYjCkNSFiIPFQUmIhQ8agg0BAoP
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Hash 7b49e00ce358cb698778e4612989d876
cdda10c5ac3bf5f1e073c16086973c58214d3c91
2404268f42cfdb6d76c6af21c809b0b8d5094a8db89ded3a02c4fab8022d542a
GET /OGVNYWVZBy4MWllYL0cQSglwRFd+QH8nAQlcfxNQVF11FhdWAnpPBlQKOAUDSgojFUtWADlEV34RHxsjCzYLMA5gDSYUBEIrFCRWbhEuMCd3AxorDW8SHA8qUgYALyZbDQUMKFkoGSQKegkIWSlRKAAzVwxRBw1daQEVKAxgHR9QP28jHCQcSBUuGQZ8KgkSFnwkBAwoey8VKQxhHQQZBnsuGgoUYAJ9CSp7ERw0C1c2LglccAcaO1Z/NAwJKlErKCAhTB0pMCBiNQUnVHkwF1UAVgYYMyRIHSkwIHksGREdejMHViNVLAkzH3oMLhk3fSYjJ1R5NGA0QAonLjk3TzcjCQ1ZNAsEB28/fjcNcRcdGAJtNxxUCFwSDykAfzN+ICNyUxciI2EnHlEccyAhMgBQL38gMHIIFyYjfTYjCkNSFiIPFQUmIhQ8agg0BAoP HTTP/1.1
Host: ladiathdefinishe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1187
date: Sun, 20 Nov 2022 20:54:18 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: _H6Xe5nHEfBmzZK7QJjbGgLjJGChf3MMbdppeMArJcH6HhYKeC3k0g==
X-Firefox-Spdy: h2
ladiathdefinishe.com/NWhYa1dUCjsGaFRVOk0iRwRlTmVzTWotMwRRahliWVBgHCVbD29FNFkHLQ8xRwc2H3lbDSxOZXMxFzwnBD5rDzZ3OisTBHBYHC4ARSccWj9zMjM+MXQpAV8QYAQAKi4NHjs6MEMyGyFjfi4VARNjWQA5D3AKDyoGZgk0LTR3KgIaBV1QFC4DYyMcPiB0JjMbAnc5YE5ldy9pPhtgLw0TE3A6Hgg8YCIJDB4QWhosAQUuGQIFZitpBDV8WREnAF46NjwGWTgKAwFmK2kEFGUAMzsPWSozJQVNMQo4bncsDVIQcz4RJwBSCzA+MFoaCiwzdi5pGzRWAw0hE2dFGVsfczIIOS9zLhs9I3MyaDIdYlkaBwUEUBwpLXw6DgMdZDIMLh5iAxpeBU1QPjgQbE4yGDhbGGUdL20gOjFkYCka
200 OK 1.2 kB URL HTTP/2 ladiathdefinishe.com/NWhYa1dUCjsGaFRVOk0iRwRlTmVzTWotMwRRahliWVBgHCVbD29FNFkHLQ8xRwc2H3lbDSxOZXMxFzwnBD5rDzZ3OisTBHBYHC4ARSccWj9zMjM+MXQpAV8QYAQAKi4NHjs6MEMyGyFjfi4VARNjWQA5D3AKDyoGZgk0LTR3KgIaBV1QFC4DYyMcPiB0JjMbAnc5YE5ldy9pPhtgLw0TE3A6Hgg8YCIJDB4QWhosAQUuGQIFZitpBDV8WREnAF46NjwGWTgKAwFmK2kEFGUAMzsPWSozJQVNMQo4bncsDVIQcz4RJwBSCzA+MFoaCiwzdi5pGzRWAw0hE2dFGVsfczIIOS9zLhs9I3MyaDIdYlkaBwUEUBwpLXw6DgMdZDIMLh5iAxpeBU1QPjgQbE4yGDhbGGUdL20gOjFkYCka
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3016), with no line terminators
Hash 4e08cde16ac071b170cafa1e7d9b2145
fdb5e9a4bf387c9542d37c700784af2fd5f327d5
de3e9d82bcfb64af4998d47abea7e0c62ca3ba48988ab689fbc89693ab18bbf0
GET /NWhYa1dUCjsGaFRVOk0iRwRlTmVzTWotMwRRahliWVBgHCVbD29FNFkHLQ8xRwc2H3lbDSxOZXMxFzwnBD5rDzZ3OisTBHBYHC4ARSccWj9zMjM+MXQpAV8QYAQAKi4NHjs6MEMyGyFjfi4VARNjWQA5D3AKDyoGZgk0LTR3KgIaBV1QFC4DYyMcPiB0JjMbAnc5YE5ldy9pPhtgLw0TE3A6Hgg8YCIJDB4QWhosAQUuGQIFZitpBDV8WREnAF46NjwGWTgKAwFmK2kEFGUAMzsPWSozJQVNMQo4bncsDVIQcz4RJwBSCzA+MFoaCiwzdi5pGzRWAw0hE2dFGVsfczIIOS9zLhs9I3MyaDIdYlkaBwUEUBwpLXw6DgMdZDIMLh5iAxpeBU1QPjgQbE4yGDhbGGUdL20gOjFkYCka HTTP/1.1
Host: ladiathdefinishe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Sun, 20 Nov 2022 20:54:18 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: fL8qQYx8mMXXjufymuZz6dghUQlUCfmKVNuZpJf7Bn0JHvSmR6MswQ==
X-Firefox-Spdy: h2
dentcontrader.com/THVKU0ljSikgdCkeLmcECB0AN3k/Mwk4MX4hGwoGHy1zHAgdTWwnIChIc2V7fER+dTklEXdibz8BKyc8P0h7dSAiEyVubzpIe316eFt5Y2d6Uz9ueGoBOjIucURsIz04GXdif3pNc2R+ekByZH5+
204 No Content 0 B URL HTTP/2 dentcontrader.com/THVKU0ljSikgdCkeLmcECB0AN3k/Mwk4MX4hGwoGHy1zHAgdTWwnIChIc2V7fER+dTklEXdibz8BKyc8P0h7dSAiEyVubzpIe316eFt5Y2d6Uz9ueGoBOjIucURsIz04GXdif3pNc2R+ekByZH5+
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /THVKU0ljSikgdCkeLmcECB0AN3k/Mwk4MX4hGwoGHy1zHAgdTWwnIChIc2V7fER+dTklEXdibz8BKyc8P0h7dSAiEyVubzpIe316eFt5Y2d6Uz9ueGoBOjIucURsIz04GXdif3pNc2R+ekByZH5+ HTTP/1.1
Host: dentcontrader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 20 Nov 2022 20:54:18 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1pjNYXBGvBYEYl5CnX1fEuf81dwwwaOalhytFnEmP4vOLoxpdZJZFBPmKhiRSOlPa8rw%2FCsO2FKPmrAZSvZjaWB02lfjSKAR%2FM4vB5%2FbNV0CGkkBneaSQIOb9a2FfGjRb40LNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d4147efff9b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ladiathdefinishe.com/eW5zcksYDBAfdBhTEVQ+CwJOV3k/S0E0L0hXQQB+FVZLBTkXCURcKBUBBhYtCwEdBmUXCwdXeT9bEiQvPjQ3FQA2LRQxCQFeVkAJMAIYMBNLOEEkGgE+IyYeNTgbHjozFClDBgMnATF5EiE2Njw0JhtCPzACGDsfAx0dMSdAOxAhBjI5QiAmIC8lEQhLHgojIA40PDF6Iz0xFSYpCT0TCDojQzYzTQ09HDgzOAs/bkssOBUjIzo0JwosPCkoKBc8JjcJTUtBMAA4LCs6IisEJRUsMSdBPBw6KBscKj8/FyUjLwQlFSwcPhoaGD0rCxkJPCs4JRhAGSYwehgoJF8FLi0xASMgXxdHHD4KCSEsES8QHBksNgQFezU/ABYcAShDJAoVNClBLywtJgonHQk5IAwDJxQxezsjKSMJLy01Cn4dBTk8HT43VRg4FgADTyorIykXJhY/FDUxEQ
200 OK 1.2 kB URL HTTP/2 ladiathdefinishe.com/eW5zcksYDBAfdBhTEVQ+CwJOV3k/S0E0L0hXQQB+FVZLBTkXCURcKBUBBhYtCwEdBmUXCwdXeT9bEiQvPjQ3FQA2LRQxCQFeVkAJMAIYMBNLOEEkGgE+IyYeNTgbHjozFClDBgMnATF5EiE2Njw0JhtCPzACGDsfAx0dMSdAOxAhBjI5QiAmIC8lEQhLHgojIA40PDF6Iz0xFSYpCT0TCDojQzYzTQ09HDgzOAs/bkssOBUjIzo0JwosPCkoKBc8JjcJTUtBMAA4LCs6IisEJRUsMSdBPBw6KBscKj8/FyUjLwQlFSwcPhoaGD0rCxkJPCs4JRhAGSYwehgoJF8FLi0xASMgXxdHHD4KCSEsES8QHBksNgQFezU/ABYcAShDJAoVNClBLywtJgonHQk5IAwDJxQxezsjKSMJLy01Cn4dBTk8HT43VRg4FgADTyorIykXJhY/FDUxEQ
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash 2a61ddd107789f58d199cf16f1fb1587
87d0ef37548f223135c9653391cabc2cc6716197
768799d4150530890c70509f8411c650b85ce65babdfa420fcc2262f622ec0e3
GET /eW5zcksYDBAfdBhTEVQ+CwJOV3k/S0E0L0hXQQB+FVZLBTkXCURcKBUBBhYtCwEdBmUXCwdXeT9bEiQvPjQ3FQA2LRQxCQFeVkAJMAIYMBNLOEEkGgE+IyYeNTgbHjozFClDBgMnATF5EiE2Njw0JhtCPzACGDsfAx0dMSdAOxAhBjI5QiAmIC8lEQhLHgojIA40PDF6Iz0xFSYpCT0TCDojQzYzTQ09HDgzOAs/bkssOBUjIzo0JwosPCkoKBc8JjcJTUtBMAA4LCs6IisEJRUsMSdBPBw6KBscKj8/FyUjLwQlFSwcPhoaGD0rCxkJPCs4JRhAGSYwehgoJF8FLi0xASMgXxdHHD4KCSEsES8QHBksNgQFezU/ABYcAShDJAoVNClBLywtJgonHQk5IAwDJxQxezsjKSMJLy01Cn4dBTk8HT43VRg4FgADTyorIykXJhY/FDUxEQ HTTP/1.1
Host: ladiathdefinishe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Sun, 20 Nov 2022 20:54:18 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gFYBN0d0KfRdhhqfgjLcMM8lCbO9oCe8eYhGH9tosq4Xj57iZmR01g==
X-Firefox-Spdy: h2
dentcontrader.com/UEpUblZ/dTcdawR4GhgyBX9xXBQFJiQoMBgiAjlmYX4xXxw2GAxWcCQjMFNvZnttW2B2Oj0Ka2N4ch0iMT4hHWtiemRZcDkkMgFrYWwiU2Z+cnpfZn57chtrYWwgHjc3d2VIJiQ+OFNnZnxsV2FnfGFWYWB+
204 No Content 0 B URL HTTP/2 dentcontrader.com/UEpUblZ/dTcdawR4GhgyBX9xXBQFJiQoMBgiAjlmYX4xXxw2GAxWcCQjMFNvZnttW2B2Oj0Ka2N4ch0iMT4hHWtiemRZcDkkMgFrYWwiU2Z+cnpfZn57chtrYWwgHjc3d2VIJiQ+OFNnZnxsV2FnfGFWYWB+
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UEpUblZ/dTcdawR4GhgyBX9xXBQFJiQoMBgiAjlmYX4xXxw2GAxWcCQjMFNvZnttW2B2Oj0Ka2N4ch0iMT4hHWtiemRZcDkkMgFrYWwiU2Z+cnpfZn57chtrYWwgHjc3d2VIJiQ+OFNnZnxsV2FnfGFWYWB+ HTTP/1.1
Host: dentcontrader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 20 Nov 2022 20:54:18 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hs9ac6qF0JMy%2FFQFsdd%2B4DkeJ2muG0Ey%2FDwT0KBJ2rbRd2MyIQRwxJ5FM2x8mHCAlSjBCEowCFri61ryONMBBv6dj3XBbkvEPnFIkYIk2sdRqLlPwXF9UkZvGhgRDiXPtEWnHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d4147efff7b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/6d4ciwz8i6A
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6d4ciwz8i6A
IP
Hash aa9101f284523747b0142cf1f6a60440
d83053a5538153f27991608c0af49dfb6992c605
82e7d0766326ce37c34adc530e8f6d5b6a326623e8643b3105bab6689b010d9a
POST /s/gts1p5/6d4ciwz8i6A HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/6d4ciwz8i6A
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6d4ciwz8i6A
IP
Hash aa9101f284523747b0142cf1f6a60440
d83053a5538153f27991608c0af49dfb6992c605
82e7d0766326ce37c34adc530e8f6d5b6a326623e8643b3105bab6689b010d9a
POST /s/gts1p5/6d4ciwz8i6A HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/6d4ciwz8i6A
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/6d4ciwz8i6A
IP
Hash aa9101f284523747b0142cf1f6a60440
d83053a5538153f27991608c0af49dfb6992c605
82e7d0766326ce37c34adc530e8f6d5b6a326623e8643b3105bab6689b010d9a
POST /s/gts1p5/6d4ciwz8i6A HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dentcontrader.com/a3dGUjdESCUhCiYyNSpkPiYEN1A5QiI1U1I1HhROKT8pEFIzImAmXg9Kf2QGUkJwdEcCE3thBU0EMjNDHgR7YxECGSA9Ck0Be2IZU1l3YhlaUTNvBk0DNjNQVkZgIkMfG3tjAV1Pf2UAXUJ+ZQda
204 No Content 0 B URL HTTP/2 dentcontrader.com/a3dGUjdESCUhCiYyNSpkPiYEN1A5QiI1U1I1HhROKT8pEFIzImAmXg9Kf2QGUkJwdEcCE3thBU0EMjNDHgR7YxECGSA9Ck0Be2IZU1l3YhlaUTNvBk0DNjNQVkZgIkMfG3tjAV1Pf2UAXUJ+ZQda
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a3dGUjdESCUhCiYyNSpkPiYEN1A5QiI1U1I1HhROKT8pEFIzImAmXg9Kf2QGUkJwdEcCE3thBU0EMjNDHgR7YxECGSA9Ck0Be2IZU1l3YhlaUTNvBk0DNjNQVkZgIkMfG3tjAV1Pf2UAXUJ+ZQda HTTP/1.1
Host: dentcontrader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 20 Nov 2022 20:54:18 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9zr%2B6pic4HdzT4gvppVI6%2FQxRd2f30IPCznxOkojWfUjwINSEi5MaFpXEVSqm5yScEnAH7D81u04Efs3xCjMTrDGQM87C%2BcNZzGVsgRQvMNvVDhk%2FvmJ%2F6R7BLBM113fpHuw5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d4147fc8eab511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dentcontrader.com/N04wY3kYcVMQRFZ8BBoacD5SNB55B2dSN1EPAAcdbyJbIShbKRYXEFNzCVVLB38CRQleKg1SQRE9RAINQj0NUl9eIFYMRBE4DVJXB2ACTUgROw1SX0M+UQREBmhAFw1bcwFVTw93B1RPAnYHUUk
204 No Content 0 B URL HTTP/2 dentcontrader.com/N04wY3kYcVMQRFZ8BBoacD5SNB55B2dSN1EPAAcdbyJbIShbKRYXEFNzCVVLB38CRQleKg1SQRE9RAINQj0NUl9eIFYMRBE4DVJXB2ACTUgROw1SX0M+UQREBmhAFw1bcwFVTw93B1RPAnYHUUk
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /N04wY3kYcVMQRFZ8BBoacD5SNB55B2dSN1EPAAcdbyJbIShbKRYXEFNzCVVLB38CRQleKg1SQRE9RAINQj0NUl9eIFYMRBE4DVJXB2ACTUgROw1SX0M+UQREBmhAFw1bcwFVTw93B1RPAnYHUUk HTTP/1.1
Host: dentcontrader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 20 Nov 2022 20:54:18 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n7g%2FpIaa3Ui3kuQdZfZBBnMkYgIBa%2B2QYjjAVYCVIpstN%2FeeOLPlJRK98zX45BKE9V3jWRpzp1XJUoXYqUUR99aNzCP2IH89X0GCN4qCcvkw92PXOdQcApTgBWavP28FG%2BjVOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d4147fd8f6b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/tRzF3SFQkXhkuazNYE3VtcQBOfWJhWwQnOjcMNCchHmMaMTEoBlE8LiMMR244Jl8QdXIiXxR1ZWFQEyppcxcDODssDAImMCJXHiYxIxcCKWkqXg0hOCtQUnoSch9HbWZ3GQAhOiNeADtxdQEZPHF1AUZ4encURApxdQEAITpxBVJ7FmIDRzBicxRECnF1AQ-U+cXRwRnhhaQFebWZ3VhIrPygURQ5mdwBHeGV3AFJ6ZCFYBS0yKElSehJ2AUJmZGFESnk
200 OK 331 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/tRzF3SFQkXhkuazNYE3VtcQBOfWJhWwQnOjcMNCchHmMaMTEoBlE8LiMMR244Jl8QdXIiXxR1ZWFQEyppcxcDODssDAImMCJXHiYxIxcCKWkqXg0hOCtQUnoSch9HbWZ3GQAhOiNeADtxdQEZPHF1AUZ4encURApxdQEAITpxBVJ7FmIDRzBicxRECnF1AQ-U+cXRwRnhhaQFebWZ3VhIrPygURQ5mdwBHeGV3AFJ6ZCFYBS0yKElSehJ2AUJmZGFESnk
IP
File type ASCII text, with very long lines (410), with no line terminators
Hash 48c65bae7e9a5b6c0dcab39d5ca85e9b
45d63b8a7a957c1c58745b8cc64049e65e4ac5f8
70062bf6489706cd04a2fadad71ff30386c96bbe65a84e812366c393a5c49a49
GET /tRzF3SFQkXhkuazNYE3VtcQBOfWJhWwQnOjcMNCchHmMaMTEoBlE8LiMMR244Jl8QdXIiXxR1ZWFQEyppcxcDODssDAImMCJXHiYxIxcCKWkqXg0hOCtQUnoSch9HbWZ3GQAhOiNeADtxdQEZPHF1AUZ4encURApxdQEAITpxBVJ7FmIDRzBicxRECnF1AQ-U+cXRwRnhhaQFebWZ3VhIrPygURQ5mdwBHeGV3AFJ6ZCFYBS0yKElSehJ2AUJmZGFESnk HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ladiathdefinishe.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 331
date: Sun, 20 Nov 2022 20:54:18 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _sx7J97yXGhAV35XFTeoEYnI9W6Vj-CUmv3CQzpLJ1MALQ0M9qcq7A==
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/YOWp1V3daBRsxSE0DEWpOD1hFZkUfAAY4GUlXAy8vcQgvZCJ4KFMjDV1XRXEbWAQSalFcBBZqRh8LETVKDUwANkpUBQ8+G1ULUGUxDERFckUJQgI+GV0FAiRSC1obI1ILWkRnWQlPRhVSC1oCPhkPXlBkNRxYRS9BDU9GFVILWgchUgorRGdCF1pcckUJDR-A0HFZPRxFFCVtFZ0YJW1BlR18DBzIRVhJQZTEIWkB5Rx8fSGY
200 OK 191 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/YOWp1V3daBRsxSE0DEWpOD1hFZkUfAAY4GUlXAy8vcQgvZCJ4KFMjDV1XRXEbWAQSalFcBBZqRh8LETVKDUwANkpUBQ8+G1ULUGUxDERFckUJQgI+GV0FAiRSC1obI1ILWkRnWQlPRhVSC1oCPhkPXlBkNRxYRS9BDU9GFVILWgchUgorRGdCF1pcckUJDR-A0HFZPRxFFCVtFZ0YJW1BlR18DBzIRVhJQZTEIWkB5Rx8fSGY
IP
File type ASCII text, with no line terminators
Hash b5793af1d234afde9b039d2f40e4f8cd
30c125af6f92561a8869f5437cd27ad39a0ddf76
e24d0f1666dd96ddbbff6894abe3e5b3fcfa20bb323d50522b3f2cb3413c8407
GET /YOWp1V3daBRsxSE0DEWpOD1hFZkUfAAY4GUlXAy8vcQgvZCJ4KFMjDV1XRXEbWAQSalFcBBZqRh8LETVKDUwANkpUBQ8+G1ULUGUxDERFckUJQgI+GV0FAiRSC1obI1ILWkRnWQlPRhVSC1oCPhkPXlBkNRxYRS9BDU9GFVILWgchUgorRGdCF1pcckUJDR-A0HFZPRxFFCVtFZ0YJW1BlR18DBzIRVhJQZTEIWkB5Rx8fSGY HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ladiathdefinishe.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 191
date: Sun, 20 Nov 2022 20:54:18 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: v2I1Ts3lTUcrcC6nCVy_9oSzshLRGcoN12FAdsCuB0Vl-E3e52SQEA==
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/5aVdGZDgKOCgCBx0+IlkBX2V2VQxPPTULVhlqJzZ1MzIrC2kOEDwMHh0tIlkITzsnCl9UcSMKW1RmYAVcC2pyQkwZOC1ZSBgmPgNaCCM0Dx4cNnsJVxM+KghZTGUAURZZcnRUEB4+KABXHiRjVggHI2NWCFhnaFQdWhVjVggePihSDExkBEEKWS9wUB1aFW-NWCBshY1d5WGdzSghAcnRUXww0LQsdWxF0VAlZZ3dUCUxldgJRGzIgC0BMZQBVCFx5dkJNVGY
200 OK 607 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/5aVdGZDgKOCgCBx0+IlkBX2V2VQxPPTULVhlqJzZ1MzIrC2kOEDwMHh0tIlkITzsnCl9UcSMKW1RmYAVcC2pyQkwZOC1ZSBgmPgNaCCM0Dx4cNnsJVxM+KghZTGUAURZZcnRUEB4+KABXHiRjVggHI2NWCFhnaFQdWhVjVggePihSDExkBEEKWS9wUB1aFW-NWCBshY1d5WGdzSghAcnRUXww0LQsdWxF0VAlZZ3dUCUxldgJRGzIgC0BMZQBVCFx5dkJNVGY
IP
File type ASCII text, with very long lines (832), with no line terminators
Hash 44b55c5591564135b5d4c6d7f77e3cf3
bfc2b260694b4018a5e281f18e4566b71caf71e0
6d93476372960beda6c6b82c72f012d8746b7982198c018e777c0b8f5f5fa4a7
GET /5aVdGZDgKOCgCBx0+IlkBX2V2VQxPPTULVhlqJzZ1MzIrC2kOEDwMHh0tIlkITzsnCl9UcSMKW1RmYAVcC2pyQkwZOC1ZSBgmPgNaCCM0Dx4cNnsJVxM+KghZTGUAURZZcnRUEB4+KABXHiRjVggHI2NWCFhnaFQdWhVjVggePihSDExkBEEKWS9wUB1aFW-NWCBshY1d5WGdzSghAcnRUXww0LQsdWxF0VAlZZ3dUCUxldgJRGzIgC0BMZQBVCFx5dkJNVGY HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ladiathdefinishe.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 607
date: Sun, 20 Nov 2022 20:54:19 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WB6neWOGFjKmXJiAA_v1UbYkRrPeU15XRi2VZ5bjCi52rgJpazuaTg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash d397e1f6b0e954e44f5c8f009f16772c
ca453d329e4791a70748ba799f19ae7df62b52a4
8a7c0c104c01c7799b7a0cbdb3ff8342271d664fcde1a105919fe57a57225a1a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2350
Cache-Control: max-age=110002
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:19 GMT
Etag: "6379957f-1d7"
Expires: Tue, 22 Nov 2022 03:27:41 GMT
Last-Modified: Sun, 20 Nov 2022 02:48:31 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 65b6382722e890c64ed9b9771b16b16f
864eff411d3e0cb6fff8c13b6b8ba973be69b7d1
a92698c9ca01797748e2b1722ea068d8a0497594b765373bc385164d501144a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 249a03d473e2b3945b51b4fee6de62de
3440cda38a9a1ed4b1cead521941cabd14f281d6
19cb950927bb0aaf6895a950006a7254a0b26d8163ae6341ab29fd4bb5f08477
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "19CB950927BB0AAF6895A950006A7254A0B26D8163AE6341AB29FD4BB5F08477"
Last-Modified: Sun, 20 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5007
Expires: Sun, 20 Nov 2022 22:17:46 GMT
Date: Sun, 20 Nov 2022 20:54:19 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 249a03d473e2b3945b51b4fee6de62de
3440cda38a9a1ed4b1cead521941cabd14f281d6
19cb950927bb0aaf6895a950006a7254a0b26d8163ae6341ab29fd4bb5f08477
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "19CB950927BB0AAF6895A950006A7254A0B26D8163AE6341AB29FD4BB5F08477"
Last-Modified: Sun, 20 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5007
Expires: Sun, 20 Nov 2022 22:17:46 GMT
Date: Sun, 20 Nov 2022 20:54:19 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 65b6382722e890c64ed9b9771b16b16f
864eff411d3e0cb6fff8c13b6b8ba973be69b7d1
a92698c9ca01797748e2b1722ea068d8a0497594b765373bc385164d501144a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ladiathdefinishe.com/utx?cb=jT1JpsFnIN2r&top=xfantazy.com&tid=962014
204 No Content 0 B URL HTTP/2 ladiathdefinishe.com/utx?cb=jT1JpsFnIN2r&top=xfantazy.com&tid=962014
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=jT1JpsFnIN2r&top=xfantazy.com&tid=962014 HTTP/1.1
Host: ladiathdefinishe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 20 Nov 2022 20:54:19 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 20 Nov 2022 20:55:19 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: eF0GRIJDY4lZs7xtPMMZMqVdAQomtOCfvKs175p-SAoIfqfaAlHSmA==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 388 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (377)
Hash f39f59cf9535bae7d37f38393167efc6
1a33c3cc3204bbe8ba5a37f0149db265ac28e628
25ebb8ff26a781db62c905dfab15822cc096c9e088e69893e98f8f966f217d5f
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 20 Nov 2022 20:54:19 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S956658550%3A1668977659083126&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAs2roDAgQ4fsFVydMVRMJ2QLqdR07PaJM0JlhFEPUKLaaOmb8QPbMuAyUoh_j7qtfONCfrc
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-hTmg5NZX5bOvBkqyY_73sA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 388
server: GSE
set-cookie: __Host-GAPS=1:PIxu-SLbPED7Dl8Xac8JEufcODcx2w:VFJqTvgKUe3aA7SL;Path=/;Expires=Tue, 19-Nov-2024 20:54:19 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash b9142bd37aca4f0ad6dd93d499a35bb5
5b750135c4189ac1617f9c2c78ff50f9149490e8
0af9d4d761db9bc669be2840a3fecbde8b2c4e48d2137a89e763bdf31892d237
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 20 Nov 2022 20:54:19 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1525929054%3A1668977659109276&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvYXbVTGjsWWDllaHUc7P7rdsaWuoYxrk71DztSo45TBajbWxsY4KOIuiV28u4QuKxMP-Nd
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-OqFuDqj6qfUvz5VgJzsqUA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:agksas4kYsVJ8Yv5JlNvkXqpwFxd_g:MmNmKQj9qxUZMcEK;Path=/;Expires=Tue, 19-Nov-2024 20:54:19 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ladiathdefinishe.com/utx?cb=fiikouwK5pUY&top=xfantazy.com&tid=961956
204 No Content 0 B URL HTTP/2 ladiathdefinishe.com/utx?cb=fiikouwK5pUY&top=xfantazy.com&tid=961956
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=fiikouwK5pUY&top=xfantazy.com&tid=961956 HTTP/1.1
Host: ladiathdefinishe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 20 Nov 2022 20:54:19 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 20 Nov 2022 20:55:19 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: dkFWcjApLBjezJiejk2j_mNKazyyjjgAb_oDMM5pz5cLfBs54lhRog==
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 249a03d473e2b3945b51b4fee6de62de
3440cda38a9a1ed4b1cead521941cabd14f281d6
19cb950927bb0aaf6895a950006a7254a0b26d8163ae6341ab29fd4bb5f08477
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "19CB950927BB0AAF6895A950006A7254A0B26D8163AE6341AB29FD4BB5F08477"
Last-Modified: Sun, 20 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5007
Expires: Sun, 20 Nov 2022 22:17:46 GMT
Date: Sun, 20 Nov 2022 20:54:19 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 507 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash c248cc7739fffebc2fcc6e51ebf1d31b
ba7ad5143c63116f0e2e4e86a2a3819af1fad0d0
2a480f0e2489c2423b6d663938fecc2538a8eab1a1f5b8130986da75fc5430cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash d397e1f6b0e954e44f5c8f009f16772c
ca453d329e4791a70748ba799f19ae7df62b52a4
8a7c0c104c01c7799b7a0cbdb3ff8342271d664fcde1a105919fe57a57225a1a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2350
Cache-Control: max-age=110002
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:19 GMT
Etag: "6379957f-1d7"
Expires: Tue, 22 Nov 2022 03:27:41 GMT
Last-Modified: Sun, 20 Nov 2022 02:48:31 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
accounts.google.com/v3/signin/identifier?dsh=S-1525929054%3A1668977659109276&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvYXbVTGjsWWDllaHUc7P7rdsaWuoYxrk71DztSo45TBajbWxsY4KOIuiV28u4QuKxMP-Nd
403 Forbidden 808 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1525929054%3A1668977659109276&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvYXbVTGjsWWDllaHUc7P7rdsaWuoYxrk71DztSo45TBajbWxsY4KOIuiV28u4QuKxMP-Nd
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash 04ba619977923251ad307cd89a42a6f2
8b79a019f3e5bd59856ca6de7aa1d1184e6e56e1
9afcc382fd1d6d7e980c0a81a2d794073b774cbe5c275c4ec7619f43981f6662
GET /v3/signin/identifier?dsh=S-1525929054%3A1668977659109276&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvYXbVTGjsWWDllaHUc7P7rdsaWuoYxrk71DztSo45TBajbWxsY4KOIuiV28u4QuKxMP-Nd HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 20 Nov 2022 20:54:19 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-RAqIDTc15Xf1fY_bUXsVag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 388648aa8935226839e4c566f2d0ed3e
f4e45b06da9aef5572ed32d03eb3e783bbaccf3a
9ecf8e838b61430b58fa5562359370208a2ed8af96d3ae86e11f1e4d8c9713db
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6400
Cache-Control: max-age=133172
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:19 GMT
Etag: "6379e02f-117"
Expires: Tue, 22 Nov 2022 09:53:51 GMT
Last-Modified: Sun, 20 Nov 2022 08:07:11 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ocsp.sectigo.com/
200 OK 472 B IP
Hash 0d6b5fbe737beee6ac042c55d32e9d35
bfeeba309273245ab6a4aa86e043da6ba3623e6c
a89731c3a476ed07f083c9b5e58712a69cae64888434dfba50cd92e2491830fc
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 03:14:19 GMT
Expires: Sat, 26 Nov 2022 03:14:18 GMT
Etag: "bfeeba309273245ab6a4aa86e043da6ba3623e6c"
Cache-Control: max-age=454198,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d414836ecd1c12-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2abbdf55809bda9c06fcd5d64d0e93b3
4a6965c1c0b751476b833cc8e8096c5de70a374c
38c6b0aa039d879d656d43b81b823e34f49501b82bf891efa086bea9cd763789
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "38C6B0AA039D879D656D43B81B823E34F49501B82BF891EFA086BEA9CD763789"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7064
Expires: Sun, 20 Nov 2022 22:52:03 GMT
Date: Sun, 20 Nov 2022 20:54:19 GMT
Connection: keep-alive
static-cache.k2s.cc/thumbnail/cryU7COmzqfqrTmTrA/w320h240/0.jpeg
200 OK 9.5 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cryU7COmzqfqrTmTrA/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash e3004daaebbebbd57c927405d02a5748
7d24dbf19bf143fbadb1c88101dd1808eaf55aba
b313763ec7c63fb2f05d2150bfc3fa8c1cc58e1ef3a461a12928483ae79f9dc2
GET /thumbnail/cryU7COmzqfqrTmTrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: image/jpeg
content-length: 9537
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Je6b6yemw_jt_DjB_w/w320h240/0.jpeg
200 OK 18 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Je6b6yemw_jt_DjB_w/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7f9f2ac54db27f604877f01d514b6823
a0db42a02eb4012f68972861c4bf55a3401dc681
9bac0ebeffba2cadadd336468561ceab77216a84301ae934c5012cd19aab81a7
GET /thumbnail/Je6b6yemw_jt_DjB_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: image/jpeg
content-length: 18511
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 388648aa8935226839e4c566f2d0ed3e
f4e45b06da9aef5572ed32d03eb3e783bbaccf3a
9ecf8e838b61430b58fa5562359370208a2ed8af96d3ae86e11f1e4d8c9713db
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6400
Cache-Control: max-age=133172
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:19 GMT
Etag: "6379e02f-117"
Expires: Tue, 22 Nov 2022 09:53:51 GMT
Last-Modified: Sun, 20 Nov 2022 08:07:11 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
static-cache.k2s.cc/thumbnail/cumV6CXwz_rr-zrCqQ/w320h240/0.jpeg
200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cumV6CXwz_rr-zrCqQ/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash ffe084bf5230945c9b11e151857b5fb7
ad5d5c281b1e576a29b9dc1f8bc3da2918f4887c
92797a0af458a2d68b161a418723ceed633ea6909f4bd60f67407ac53acceac4
GET /thumbnail/cumV6CXwz_rr-zrCqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: image/jpeg
content-length: 15269
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/duyS7yOhm6rl8G-W_Q/w320h240/0.jpeg
200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/duyS7yOhm6rl8G-W_Q/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash f84207fcaa6f813e7e7e69306c557eca
9c4b37d9633c5d5fb810a4fd1da92d8b1727d3d4
da53a32cde271c816aad183d85da3d079e915217b37ff0ff6662fd002b047de7
GET /thumbnail/duyS7yOhm6rl8G-W_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: image/jpeg
content-length: 10726
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: MISS, HIT
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 110 kB IP
Size 110 kB (109974 bytes)
Hash f050b5b200259547dc37d555c124336f
e39c27c9eece84b87a629e95db7a6d157f4fbe04
2ecc78ca5d1f157a8ad400c1d3eb33f38070ce2dba88ff53d912ddb0e13b3a3b
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4496
last-modified: Sun, 20 Nov 2022 19:39:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2FgmxhK6fMvTXWAk3AgJ37HPCg%2F5mfI3sXt48oyaHVxIGtSHOWNEGSnbmC5mePjS83LA54RRQslPjmX0G3Y7Tz%2BZbIcbSwB1sAV5IkCpRCfAXAxbQTt0mh1UGfPpDFAX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d41481481fd174-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9dd5f49412837644dd22419e6f945a56
267ad897ad79ac81633b2d95e98a535d44edee68
269b3777a75a5e672b120b2658fe3893006d790df27e21ef4614010a571c8f97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "269B3777A75A5E672B120B2658FE3893006D790DF27E21EF4614010A571C8F97"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18763
Expires: Mon, 21 Nov 2022 02:07:02 GMT
Date: Sun, 20 Nov 2022 20:54:19 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 472 B IP
Hash 0d6b5fbe737beee6ac042c55d32e9d35
bfeeba309273245ab6a4aa86e043da6ba3623e6c
a89731c3a476ed07f083c9b5e58712a69cae64888434dfba50cd92e2491830fc
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 03:14:19 GMT
Expires: Sat, 26 Nov 2022 03:14:18 GMT
Etag: "bfeeba309273245ab6a4aa86e043da6ba3623e6c"
Cache-Control: max-age=454198,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d4148368c2b4f9-OSL
ocsp.sectigo.com/
200 OK 472 B IP
Hash 0d6b5fbe737beee6ac042c55d32e9d35
bfeeba309273245ab6a4aa86e043da6ba3623e6c
a89731c3a476ed07f083c9b5e58712a69cae64888434dfba50cd92e2491830fc
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 03:14:19 GMT
Expires: Sat, 26 Nov 2022 03:14:18 GMT
Etag: "bfeeba309273245ab6a4aa86e043da6ba3623e6c"
Cache-Control: max-age=454198,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d414836f40fab8-OSL
ocsp.sectigo.com/
200 OK 472 B IP
Hash 0d6b5fbe737beee6ac042c55d32e9d35
bfeeba309273245ab6a4aa86e043da6ba3623e6c
a89731c3a476ed07f083c9b5e58712a69cae64888434dfba50cd92e2491830fc
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 03:14:19 GMT
Expires: Sat, 26 Nov 2022 03:14:18 GMT
Etag: "bfeeba309273245ab6a4aa86e043da6ba3623e6c"
Cache-Control: max-age=454198,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d414836e181c0e-OSL
a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
200 OK 4.3 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
Hash 7369fa2eb05c80da6e6805997e7e9b5f
d77c7fc6160b46988d642418c5ea46f71ecd2adf
97920a835ce62513c052358a826969c40ba9c1786650b1bc8ed2e471be0744a0
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EIbn42VUZuqPSTlYGM2s
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ladiathdefinishe.com/floater?cs=ZFJqbFRVY19cZlNkXlRiUGNaXGU&abt=0&red=1&sm=83&k=xfantazy%20czech%20catch&v=0.8.10.1&sts=0&prn=1&emb=0&tid=961956&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=207.0393374741201&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_k1Wg=1668977659254&crc=1
200 OK 917 B URL HTTP/2 ladiathdefinishe.com/floater?cs=ZFJqbFRVY19cZlNkXlRiUGNaXGU&abt=0&red=1&sm=83&k=xfantazy%20czech%20catch&v=0.8.10.1&sts=0&prn=1&emb=0&tid=961956&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=207.0393374741201&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_k1Wg=1668977659254&crc=1
IP
File type ASCII text, with very long lines (1290), with no line terminators
Hash 3d5ce7d5be7c9cd1bf2f4ee11780d4e6
cbc8d01eaab5ae199392cbc84afbe5c626f661b8
8fef06eb87483e948b77976414a37899fc4e55fae0328b4d2f8aa53cabafaaa7
GET /floater?cs=ZFJqbFRVY19cZlNkXlRiUGNaXGU&abt=0&red=1&sm=83&k=xfantazy%20czech%20catch&v=0.8.10.1&sts=0&prn=1&emb=0&tid=961956&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=207.0393374741201&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_k1Wg=1668977659254&crc=1 HTTP/1.1
Host: ladiathdefinishe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 917
date: Sun, 20 Nov 2022 20:54:19 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=df226c6e-9970-4b70-b165-be6607be6e9b
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: GuGDGLt-39qjrd3nd5WJ7w_WU0LDS0aypZ3aeVaOMBK5XZlAAeu8GQ==
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IO6QvXShw6q9-T6V9g/w320h240/0.jpeg
200 OK 6.3 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IO6QvXShw6q9-T6V9g/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash bedba06824590e803f4c956ab9d0c2ae
dc2354e68ef40d953925d9ec5941881dfa09757d
d4ec695f81f0d4690ed8e69a42232701f46e3594bbfd3d2e5186b0fdd48932fb
GET /thumbnail/IO6QvXShw6q9-T6V9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: image/jpeg
content-length: 6337
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ceqWvnT1nvzqrDnC9w/w320h240/0.jpeg
200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ceqWvnT1nvzqrDnC9w/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 549385bf19c6c7e341aa2adf4fdafa3c
cee20aee004f95206afd4b85554a1a7be29462a0
13e9089d9b663ef2bc53f5a5039fa21cd6cbbaedf05bf829939752af452e73e5
GET /thumbnail/ceqWvnT1nvzqrDnC9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: image/jpeg
content-length: 10303
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 8.9 kB IP
File type ASCII text, with no line terminators
Hash 1b225c0709c694a6b309894c102ce384
6da0a509de1194d199359ed0f40c606dfaf15640
2a9476046b0c0ececfe3b0564ca7a7c14e0f9799f9f18ea06319b35ccd398fc3
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/plain
set-cookie: csu=1070443546404186@1@1668977659; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xV1YVICjck6MAh11dWE2QpinUGAXzdJMw0mhZnDD2OoSqwagbvWcX3D9FsO4jO1DynI3qC0wKJpnlbIP6EEuMwhNDfTVSZr8cDXwTmbZu3ytNCGs7S9UhPz%2FzDGyT3zC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d41481583dd174-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JriVvCeuw6e48TnD_A/w320h240/0.jpeg
200 OK 9.9 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JriVvCeuw6e48TnD_A/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 6c21de9b2762070f34d3314c80d22719
ca274611176c13965e9b68930302f49a18999cca
341c9dd1df4dffbebdac2742dccacedad0e584c4132edd2192d57ca07c909178
GET /thumbnail/JriVvCeuw6e48TnD_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: image/jpeg
content-length: 9858
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
200 OK 2.5 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5372), with no line terminators
Hash 5eca9e7454c7f6b75b00ce9bc1b7f160
f19fd985f42a13dedd14990127faf92876f5d3e4
6447c9739993e17bc9b69a235d0fdbd798ce21266c1a93174d02b6a6050f52a1
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Nov 2022 20:54:19 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22637a93fbac3a78.839361261917536802%22%3B%7D; expires=Tue, 19-Nov-2024 20:54:19 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.sectigo.com/
200 OK 471 B IP
Hash 50999c69ce146c0b37ec6bc155985b91
3773d0054a8ce6e4dd8522a9b47c5c390fe5cfa4
d426e6eda4818f5c4447d955fd8f80c94435f77e59de5d6d0d01abd0c20858df
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 18 Nov 2022 05:56:27 GMT
Expires: Fri, 25 Nov 2022 05:56:26 GMT
Etag: "3773d0054a8ce6e4dd8522a9b47c5c390fe5cfa4"
Cache-Control: max-age=377526,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d414849ffb1c12-OSL
syndication.realsrv.com/v1/api.php
200 OK 2.4 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5321), with no line terminators
Hash ea1150f840d29bb76248aaead1fe7561
eca7ec37136721a616e89780f5250dc49946c7bf
c287b4d5dd6a5ccb22cf9981bb7d83da5edf00a7f98458c4b3dbf987035eafa2
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Nov 2022 20:54:19 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22637a93fbb1df01.93193200494098378%22%3B%7D; expires=Tue, 19-Nov-2024 20:54:19 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.sectigo.com/
200 OK 471 B IP
Hash 50999c69ce146c0b37ec6bc155985b91
3773d0054a8ce6e4dd8522a9b47c5c390fe5cfa4
d426e6eda4818f5c4447d955fd8f80c94435f77e59de5d6d0d01abd0c20858df
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 18 Nov 2022 05:56:27 GMT
Expires: Fri, 25 Nov 2022 05:56:26 GMT
Etag: "3773d0054a8ce6e4dd8522a9b47c5c390fe5cfa4"
Cache-Control: max-age=377526,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d41484cb00b4f9-OSL
cdn.tsyndicate.com/sdk/v1/master.spot.js
200 OK 13 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/master.spot.js
IP
File type ASCII text, with very long lines (28267)
Hash 81c9789ddb52cec0702af4f5ce8a65d2
931287a53562385f78543175e6e780f59a92f874
46849aa9c0b1efd7edb830d08a8f1247e07a7c214acab0dd8595d95d60aae0e1
GET /sdk/v1/master.spot.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: application/javascript
content-length: 12770
last-modified: Wed, 02 Nov 2022 12:56:41 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"63626909-890f"
age: 1583241
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/master.spot.js
304 Not Modified 0 B URL HTTP/2 cdn.tsyndicate.com/sdk/v1/master.spot.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/master.spot.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 02 Nov 2022 12:56:41 GMT
If-None-Match: W/"63626909-890f"
TE: trailers
HTTP/2 304 Not Modified
date: Sun, 20 Nov 2022 20:54:19 GMT
last-modified: Wed, 02 Nov 2022 12:56:41 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"63626909-890f"
age: 1583241
X-Firefox-Spdy: h2
cdn.tubecorp.com/i/b.html?spot=6394&src=909432711&pid=19775&width=900&height=250&spaceid=1018
200 OK 201 B URL HTTP/2 cdn.tubecorp.com/i/b.html?spot=6394&src=909432711&pid=19775&width=900&height=250&spaceid=1018
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5bded3f4348d3d706e6a87ab69825251
59fc9f0c5059ebdf64a0c33f0c7fd416aa58711f
0ed82ba42eaeb9d0be38c31abf76c090c91da7afd92e727ddf40f09ba5a2e599
GET /i/b.html?spot=6394&src=909432711&pid=19775&width=900&height=250&spaceid=1018 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.20.1
last-modified: Sat, 20 Nov 2021 06:50:54 GMT
etag: W/"df-5d132d02c9e77"
x-request-id: 8c46ca7baaece52ea1ce890878e43519
content-encoding: gzip
expires: Sun, 20 Nov 2022 21:54:19 GMT
cache-control: max-age=3600
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/623611/d072faccd5bf786646901428e54895921ab50f73.jpg
200 OK 34 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/d072faccd5bf786646901428e54895921ab50f73.jpg
IP
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash b91c96358753ce1ab4086e875c84c4e8
d072faccd5bf786646901428e54895921ab50f73
3be413c893134d87bd9a4532d47ad5726d31893c10330b23e8c6fb7935d307c5
GET /library/623611/d072faccd5bf786646901428e54895921ab50f73.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: image/jpeg
content-length: 34098
last-modified: Thu, 14 May 2020 09:51:02 GMT
etag: "5ebd1486-8532"
expires: Fri, 30 Jun 2023 11:33:09 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195214
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ0Yrgf/7fa7AA
x-77-nzt-ray: c0a4cc28d1c998ebfb937a63bcf0be39
x-cache: HIT
x-age: 12318445
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/623611/ed0885e8288645e4cca003a57f3a486611122606.jpg
200 OK 29 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/ed0885e8288645e4cca003a57f3a486611122606.jpg
IP
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash de65c02764f5d04b7ac0a815d366c969
ed0885e8288645e4cca003a57f3a486611122606
05e417d7c0294dfb542e9de1f1f8c763d8bbfe3f08316fd1b0c78ebb1c22e7f9
GET /library/623611/ed0885e8288645e4cca003a57f3a486611122606.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: image/jpeg
content-length: 28796
last-modified: Mon, 25 May 2020 13:58:36 GMT
etag: "5ecbcf0c-707c"
expires: Fri, 30 Jun 2023 11:10:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195204
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1PlAn/9/a7AA
x-77-nzt-ray: c0a4cc28d1c998ebfb937a635bad803a
x-cache: HIT
x-age: 12318455
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOSWoDQQz8Sj7gRlurWz4n1wQc/IDOLPgwOOAFEqjHpycmc4sKREkqSSUksmPeCT1x3mfbcyA4BSWTxNnw+naAMc7tdr+05TS15Xa6ft4vw5SG5f4BF3VmZHcLRxQidVipnqMiU4UG5/Daj9SiVQhGUFCHZDVbWSIiQSW8HA84vj/3TpScwejynlcPK7XO6Wtd9XmkUkpurkrRNMpAk5mMnj1mnVchWvrXNT2Q2Lr3/uavAWVTMcGOt8LQg/A7btfv8wBs8od/5O0CAyrFq7C3Mg9lMh8kRvU6sVSZgsYf8SuFv3MBAAA=
200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOSWoDQQz8Sj7gRlurWz4n1wQc/IDOLPgwOOAFEqjHpycmc4sKREkqSSUksmPeCT1x3mfbcyA4BSWTxNnw+naAMc7tdr+05TS15Xa6ft4vw5SG5f4BF3VmZHcLRxQidVipnqMiU4UG5/Daj9SiVQhGUFCHZDVbWSIiQSW8HA84vj/3TpScwejynlcPK7XO6Wtd9XmkUkpurkrRNMpAk5mMnj1mnVchWvrXNT2Q2Lr3/uavAWVTMcGOt8LQg/A7btfv8wBs8od/5O0CAyrFq7C3Mg9lMh8kRvU6sVSZgsYf8SuFv3MBAAA=
IP
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VOSWoDQQz8Sj7gRlurWz4n1wQc/IDOLPgwOOAFEqjHpycmc4sKREkqSSUksmPeCT1x3mfbcyA4BSWTxNnw+naAMc7tdr+05TS15Xa6ft4vw5SG5f4BF3VmZHcLRxQidVipnqMiU4UG5/Daj9SiVQhGUFCHZDVbWSIiQSW8HA84vj/3TpScwejynlcPK7XO6Wtd9XmkUkpurkrRNMpAk5mMnj1mnVchWvrXNT2Q2Lr3/uavAWVTMcGOt8LQg/A7btfv8wBs8od/5O0CAyrFq7C3Mg9lMh8kRvU6sVSZgsYf8SuFv3MBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22637a93fbb1df01.93193200494098378%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22637a93fbac3a78.839361261917536802%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Nov 2022 20:54:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22637a93fbb1df01.93193200494098378%22%3B%7D; expires=Tue, 19 Nov 2024 20:54:19 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22637a93fbac3a78.839361261917536802%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Tue, 19 Nov 2024 20:54:19 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ads.adxadserv.com/ad?spotid=636bce3b61d6e21d427d4d81&type=300x250&output=html
200 OK 37 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=636bce3b61d6e21d427d4d81&type=300x250&output=html
IP
ASN #39572 DataWeb Global Group B.V.
Hash 4774276855d2efbdf9a13f1b823b043a
6ad8034d2890ee5b92365002f7a070e7055c5375
db25cc6a6d11fb0d460d81d7bb5071f076afb1658840c89ec51ba248c6821e77
GET /ad?spotid=636bce3b61d6e21d427d4d81&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2bc09af1ad2686db7351c4dd0cbf4cac
e0f8d39aa931959c01c31998f3d451ec89c6de2a
fd9772fc6b061e8b815346686c8b059b7478e3e1712e920f4d87aa7265eda598
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD9772FC6B061E8B815346686C8B059B7478E3E1712E920F4D87AA7265EDA598"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17730
Expires: Mon, 21 Nov 2022 01:49:50 GMT
Date: Sun, 20 Nov 2022 20:54:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2bc09af1ad2686db7351c4dd0cbf4cac
e0f8d39aa931959c01c31998f3d451ec89c6de2a
fd9772fc6b061e8b815346686c8b059b7478e3e1712e920f4d87aa7265eda598
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD9772FC6B061E8B815346686C8B059B7478E3E1712E920F4D87AA7265EDA598"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17730
Expires: Mon, 21 Nov 2022 01:49:50 GMT
Date: Sun, 20 Nov 2022 20:54:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6d2987a752c3a499edf69310854cc5e8
bdc71c94c5a794b285b414324aac086d180866e3
f5310f41f55d370305aaa39c23ab9f41a0e82a4d37024bd64c1a8dd8dd598533
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F5310F41F55D370305AAA39C23AB9F41A0E82A4D37024BD64C1A8DD8DD598533"
Last-Modified: Sun, 20 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5364
Expires: Sun, 20 Nov 2022 22:23:44 GMT
Date: Sun, 20 Nov 2022 20:54:20 GMT
Connection: keep-alive
adxadserv.com/ascripts/pxl.js
200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 72d1139e9f2e6ebe3f51c9193edb4439
cd356eb9eaab433ac792406ba36d4304b6450571
74553d0effe74cd6a4f1424940f7fd133c5457ff1d5c53030e651ec6612bec88
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: W/"5f6dbe8d-12fee"
Expires: Sun, 20 Nov 2022 08:33:10 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgqztXb/ta0AAA
X-77-NZT-Ray: 2109d11073edb854fc937a6374e91110
X-Cache: HIT
X-Age: 44469
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
200 OK 70 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
Hash 647079412255ff306446188b3da9de01
aad0a11563b696f32b201c99cf90e8ab50a1a2a6
6138c2a297afafa5627cd813beb6dc0ab3f94b0fd4d462ef5bac2224c60820a1
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EIbn42VUZuqPSTlYGM2s
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=4837642&cookieconsent=true
200 OK 2.7 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4837642&cookieconsent=true
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1570)
Hash 11a2c2fbe32e2d07b4307597a064ab4a
6a39f26a8f4756b9aee87805fd7fc59143381428
e5dce4d5364b56b48a0124e6be8d59e8eb472839030ed6c98a8885bf1427e9bd
GET /splash.php?idzone=4837642&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22637a93fbb1df01.93193200494098378%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22637a93fbac3a78.839361261917536802%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22637a93fbb1df01.93193200494098378%22%3B%7D; expires=Tue, 19 Nov 2024 20:54:20 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4837642%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C637a93fbb1df01.93193200494098378%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Mon, 21 Nov 2022 20:54:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
static.adxadserv.com/css/wm.css
200 OK 2.0 kB URL HTTP/2 static.adxadserv.com/css/wm.css
IP
ASN #60068 Datacamp Limited
File type ASCII text, with CRLF line terminators
Hash fc1035b9d36b5b8504c9b0285159db24
082f643b2df2929de491bf767d08e521b10d5e87
bbd7b25ef2f1b3f049dcadd6c2fb92a8db253f782da684cee7f25e74e1f3f7d2
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1669892870
server: CDN77-Turbo
x-77-nzt: AblMCRTFJL3/9doBAA
x-77-nzt-ray: af58563031aaa1dafb937a63b3924331
x-cache: HIT
x-age: 121589
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 901e7cadfb81c1f38eb5c6c9d4c143fb
c6db75e4f133a4fe17f448b7a1381ee45596e405
3ae3a139dcf6ea551a2ff987cefe946253d206d066aaf7e6eb626a3f9cf37b94
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3AE3A139DCF6EA551A2FF987CEFE946253D206D066AAF7E6EB626A3F9CF37B94"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11245
Expires: Mon, 21 Nov 2022 00:01:45 GMT
Date: Sun, 20 Nov 2022 20:54:20 GMT
Connection: keep-alive
media.aso1.net/js/ifr.html
200 OK 4.7 kB URL HTTP/2 media.aso1.net/js/ifr.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6d8cb74a664de05cbf58e7a701ab8fcc
373f647bd78c010afc9f3a41c22b307c31476810
dde327be3a0a222be360bedde51f7dc8e3d3485b4cf181a823077ff4acd51c12
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/html
last-modified: Thu, 10 Nov 2022 13:01:32 GMT
etag: W/"636cf62c-6ff"
expires: Mon, 14 Nov 2022 07:22:27 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 484542
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S42Z2ALQBV77QbZizu5OzCGPbSyh30OoPyU3h93sBTbbOx8eGLLiBSdFSrLFMUrz17xF2fnll7zwH1MYcVS2tkIMOf73Qbz3B1jAYep3ZTShH2JBvHYTdmVSydwbG9d9BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d414838c3572d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d371e00ad8de3cbdb4e93cf2a2f61d2b
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.tubecorp.com/i/b.html?spot=4692&src=562949385&pid=19775&width=300&height=250&spaceid=859
200 OK 182 B URL HTTP/2 cdn.tubecorp.com/i/b.html?spot=4692&src=562949385&pid=19775&width=300&height=250&spaceid=859
IP
ASN #39572 DataWeb Global Group B.V.
Hash e22b6bdd1c428d0692394e20565de01d
94f59414c1e6396e0b2d42f314a9841f0663c5ad
fbae815b8762db906692cd030ab5868252fd20b63968e65c28d1ffd13d711697
GET /i/b.html?spot=4692&src=562949385&pid=19775&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.20.1
last-modified: Sat, 20 Nov 2021 06:50:54 GMT
etag: W/"df-5d132d02c9e77"
x-request-id: 3a6a04d519ea1a3ed9093f154c6f957b
content-encoding: gzip
expires: Sun, 20 Nov 2022 21:54:19 GMT
cache-control: max-age=3600
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3e7031cb31e8a3eb0070dc44951f9254
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
200 OK 467 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP
ASN #39572 DataWeb Global Group B.V.
File type gzip compressed data, max compression\012- data
Hash 74d590a841c67e1d9a1cb8a0c94c2f45
7802b3c998de3154ce303a9ada46a8ac215a6ef4
4b4ff489e98e604a0ede4307d49efbe87504276bd8f115783a8d3aea684db45b
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=e95838e0-0bbe-4494-a1d7-4b5924e8b115&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 12e25cfc72f3cc51b705793ecc973b75
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
200 OK 7.8 kB IP
File type gzip compressed data, from Unix\012- data
Hash f0ba014345d29f795a73ddeb6b33a07d
e8c9bf72041b2414d6129bb74427b85e6251ff9d
8f151d197624b8aa9126320085f01c0094483c03073a870d4a14e39760a5d3c1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4268
Cache-Control: max-age=158398
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:20 GMT
Etag: "637a4b0e-118"
Expires: Tue, 22 Nov 2022 16:54:18 GMT
Last-Modified: Sun, 20 Nov 2022 15:43:10 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 280
go.goaserv.com/imp.go?nr=1&xref=DdaWhmOO5zsUJ4o0CQHzdmNy13Sox7tf_1MVEGaRxmFTl7EGEHSjzWh2rx9FTEYXFwoaQJZtNLL9_DNcoMExe1c8AhiAnooxDy8pzbT75lDMQWIZk2VGiNgiSzrWsjFEYZpXWGSE5wh-Nbo4RliFVG35g8_cYojOF35DtqH_QcVQBg9lO4UmJhoUiAuKmFO49HoZTMEXyMyKV_AuDNy1yZj-pjyXviuY7SfZZlfwDgm7AniscBo7O7TG2AqbRr_MV51OZb12rneRQipqchPdExAS3E0zpXRtB4bH3Thtoj9UWLoOL-geyWCkF05VoJefKWSHKHWustrze6ePgfYKbfaABIs22Can0_faHsu1vA7oR1nkXSmdxaph-7lRjMgXHUNgLREEGRwd0zfOHjOGNjS8D9aUuD2ZT_0cbTfmhprZ3sjjIlmVen6bds5yl2eqW_SGi0yOBHOty5qRMW3qmoXYmWtctkA_znl9Dw7Mz_ePlFPfxJuqsEz_AzLPobOuuhdSnR56lo5xxFq9g8e1_9bTLQOLnvBGX__IEEwTt2jr0NLKzItfLGiULADWYwURldmC7ycnnqPx9Yeb3tlnCpHsmpRQjONNnWgIuS5GRwIYOPPX6a4ROUAtD7-j2qmwlsy_kxcAnaPPZ5qmN5VpF_gu9teqGxvNOiLY8m9FJ2dMrXP4cf-Jcc7SbWIC1-8g_ezJRhOw9miJAR8gGenqrPgvhdtOvzylYpdLFva0mXYfv-PZHkBZbnLGLfpKGyHxZxewzHDSBVdIqZyEpGZCQN-u9ttd7lGCMcHNtJ-erl373yM0OugBc5zYYTj1fa4aZHRJW2ka4-WNfJRcsZlm3GtMcz3_61Y=
200 OK 0 B URL HTTP/2 go.goaserv.com/imp.go?nr=1&xref=DdaWhmOO5zsUJ4o0CQHzdmNy13Sox7tf_1MVEGaRxmFTl7EGEHSjzWh2rx9FTEYXFwoaQJZtNLL9_DNcoMExe1c8AhiAnooxDy8pzbT75lDMQWIZk2VGiNgiSzrWsjFEYZpXWGSE5wh-Nbo4RliFVG35g8_cYojOF35DtqH_QcVQBg9lO4UmJhoUiAuKmFO49HoZTMEXyMyKV_AuDNy1yZj-pjyXviuY7SfZZlfwDgm7AniscBo7O7TG2AqbRr_MV51OZb12rneRQipqchPdExAS3E0zpXRtB4bH3Thtoj9UWLoOL-geyWCkF05VoJefKWSHKHWustrze6ePgfYKbfaABIs22Can0_faHsu1vA7oR1nkXSmdxaph-7lRjMgXHUNgLREEGRwd0zfOHjOGNjS8D9aUuD2ZT_0cbTfmhprZ3sjjIlmVen6bds5yl2eqW_SGi0yOBHOty5qRMW3qmoXYmWtctkA_znl9Dw7Mz_ePlFPfxJuqsEz_AzLPobOuuhdSnR56lo5xxFq9g8e1_9bTLQOLnvBGX__IEEwTt2jr0NLKzItfLGiULADWYwURldmC7ycnnqPx9Yeb3tlnCpHsmpRQjONNnWgIuS5GRwIYOPPX6a4ROUAtD7-j2qmwlsy_kxcAnaPPZ5qmN5VpF_gu9teqGxvNOiLY8m9FJ2dMrXP4cf-Jcc7SbWIC1-8g_ezJRhOw9miJAR8gGenqrPgvhdtOvzylYpdLFva0mXYfv-PZHkBZbnLGLfpKGyHxZxewzHDSBVdIqZyEpGZCQN-u9ttd7lGCMcHNtJ-erl373yM0OugBc5zYYTj1fa4aZHRJW2ka4-WNfJRcsZlm3GtMcz3_61Y=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imp.go?nr=1&xref=DdaWhmOO5zsUJ4o0CQHzdmNy13Sox7tf_1MVEGaRxmFTl7EGEHSjzWh2rx9FTEYXFwoaQJZtNLL9_DNcoMExe1c8AhiAnooxDy8pzbT75lDMQWIZk2VGiNgiSzrWsjFEYZpXWGSE5wh-Nbo4RliFVG35g8_cYojOF35DtqH_QcVQBg9lO4UmJhoUiAuKmFO49HoZTMEXyMyKV_AuDNy1yZj-pjyXviuY7SfZZlfwDgm7AniscBo7O7TG2AqbRr_MV51OZb12rneRQipqchPdExAS3E0zpXRtB4bH3Thtoj9UWLoOL-geyWCkF05VoJefKWSHKHWustrze6ePgfYKbfaABIs22Can0_faHsu1vA7oR1nkXSmdxaph-7lRjMgXHUNgLREEGRwd0zfOHjOGNjS8D9aUuD2ZT_0cbTfmhprZ3sjjIlmVen6bds5yl2eqW_SGi0yOBHOty5qRMW3qmoXYmWtctkA_znl9Dw7Mz_ePlFPfxJuqsEz_AzLPobOuuhdSnR56lo5xxFq9g8e1_9bTLQOLnvBGX__IEEwTt2jr0NLKzItfLGiULADWYwURldmC7ycnnqPx9Yeb3tlnCpHsmpRQjONNnWgIuS5GRwIYOPPX6a4ROUAtD7-j2qmwlsy_kxcAnaPPZ5qmN5VpF_gu9teqGxvNOiLY8m9FJ2dMrXP4cf-Jcc7SbWIC1-8g_ezJRhOw9miJAR8gGenqrPgvhdtOvzylYpdLFva0mXYfv-PZHkBZbnLGLfpKGyHxZxewzHDSBVdIqZyEpGZCQN-u9ttd7lGCMcHNtJ-erl373yM0OugBc5zYYTj1fa4aZHRJW2ka4-WNfJRcsZlm3GtMcz3_61Y= HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.goaserv.com/banner.go?spaceid=1230942&keywords=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:20 GMT
content-type: text/html; charset=utf-8
content-length: 0
x-backend-server: nl2-go-web-243
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptosrpndVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOroszuo400m24lmjuomuonllpuplutostc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&sourceId=4837642&p1=4581534&skipOffset=00:00:05
302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptosrpndVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOroszuo400m24lmjuomuonllpuplutostc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&sourceId=4837642&p1=4581534&skipOffset=00:00:05
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptosrpndVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOroszuo400m24lmjuomuonllpuplutostc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&sourceId=4837642&p1=4581534&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 20 Nov 2022 20:54:20 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptosrpndVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOroszuo400m24lmjuomuonllpuplutostc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4837642&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
access-control-allow-origin: https://media.aso1.net
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.29475; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLEYZnx7gpY7A8k; SameSite=None; Secure; path=/; expires=Mon, 21-Nov-22 19:54:20 GMT; HttpOnly
server: cloudflare
cf-ray: 76d4148acad7b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 931a1d3bc7e7b4da43a1d07253c21f66
35f30f76df2fd2176fb35ceb9eefc58512f75a93
6afacc56865066968e49c61e52eb560689a83fca9a71bc5dc5493680d3431922
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4268
Cache-Control: max-age=158398
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:20 GMT
Etag: "637a4b0e-118"
Expires: Tue, 22 Nov 2022 16:54:18 GMT
Last-Modified: Sun, 20 Nov 2022 15:43:10 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 280
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659733&t_i=1668977660197&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=eb6e4890-6225-4e6c-bb0b-7541aee42d84&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=80d5dd14-6915-11ed-9b66-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1668977660197&fpid=&feid_sa=1668977660197&sid_sa=1668977660197&feid=917d3a1923adf23de8cec8a0d196c2f3&sid=7ba2dbb785dc5243a2f936c7c120bb77&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.562
200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659733&t_i=1668977660197&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=eb6e4890-6225-4e6c-bb0b-7541aee42d84&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=80d5dd14-6915-11ed-9b66-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1668977660197&fpid=&feid_sa=1668977660197&sid_sa=1668977660197&feid=917d3a1923adf23de8cec8a0d196c2f3&sid=7ba2dbb785dc5243a2f936c7c120bb77&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.562
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659733&t_i=1668977660197&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=eb6e4890-6225-4e6c-bb0b-7541aee42d84&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=80d5dd14-6915-11ed-9b66-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1668977660197&fpid=&feid_sa=1668977660197&sid_sa=1668977660197&feid=917d3a1923adf23de8cec8a0d196c2f3&sid=7ba2dbb785dc5243a2f936c7c120bb77&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.562 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Length: 0
Connection: keep-alive
s3t3d2y8.afcdn.net/library/140058/4fc3ba4067f4b3772519d60893ebbd7d4d94d5c0.jpg
200 OK 25 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/140058/4fc3ba4067f4b3772519d60893ebbd7d4d94d5c0.jpg
IP
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 826a5cbc231cecbd3ef2a3ca030e9d5e
4fc3ba4067f4b3772519d60893ebbd7d4d94d5c0
43a0b245a25ef8e392d484296f840f74778ae7de9801505508309fe9e428ef1a
GET /library/140058/4fc3ba4067f4b3772519d60893ebbd7d4d94d5c0.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:20 GMT
content-type: image/jpeg
content-length: 24758
last-modified: Mon, 12 Nov 2018 03:43:40 GMT
etag: "5be8f6ec-60b6"
expires: Fri, 30 Jun 2023 11:13:03 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195284
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ12jO//qPa7AA
x-77-nzt-ray: c0a4cc28d1c998ebfc937a63f598662c
x-cache: HIT
x-age: 12318376
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PS07FMAy8Chdo5fEnn7dmDRKIA6RtIipEWbyHBJIPT1qgHjm2k2hmzMQ8AAPTHexiemHyjDHTqDzC1B8en1zh69vna91uZR23enMokSWPEcTwrJlycE0Sg6gbJWeJJrbXHA3ZXMnFqYNNVI8uRn95vj8SHV24n7vc3u439EUeJJYsbZqwNOq+BFmYSLNS7nrdw9Ra0QCtU0KiuSAGDqEF0hprSzuPv9dlLWO5fuCwT78YgbAL/88uUGFlH3AO6j3Ij+dy/d5m9/P73x52MsA9tRnKsWFupiVTVZ1tkQmlLg1T+wEDmkkqcAEAAA==
200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PS07FMAy8Chdo5fEnn7dmDRKIA6RtIipEWbyHBJIPT1qgHjm2k2hmzMQ8AAPTHexiemHyjDHTqDzC1B8en1zh69vna91uZR23enMokSWPEcTwrJlycE0Sg6gbJWeJJrbXHA3ZXMnFqYNNVI8uRn95vj8SHV24n7vc3u439EUeJJYsbZqwNOq+BFmYSLNS7nrdw9Ra0QCtU0KiuSAGDqEF0hprSzuPv9dlLWO5fuCwT78YgbAL/88uUGFlH3AO6j3Ij+dy/d5m9/P73x52MsA9tRnKsWFupiVTVZ1tkQmlLg1T+wEDmkkqcAEAAA==
IP
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PS07FMAy8Chdo5fEnn7dmDRKIA6RtIipEWbyHBJIPT1qgHjm2k2hmzMQ8AAPTHexiemHyjDHTqDzC1B8en1zh69vna91uZR23enMokSWPEcTwrJlycE0Sg6gbJWeJJrbXHA3ZXMnFqYNNVI8uRn95vj8SHV24n7vc3u439EUeJJYsbZqwNOq+BFmYSLNS7nrdw9Ra0QCtU0KiuSAGDqEF0hprSzuPv9dlLWO5fuCwT78YgbAL/88uUGFlH3AO6j3Ij+dy/d5m9/P73x52MsA9tRnKsWFupiVTVZ1tkQmlLg1T+wEDmkkqcAEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22637a93fbb1df01.93193200494098378%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22637a93fbac3a78.839361261917536802%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4837642%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C637a93fbb1df01.93193200494098378%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22637a93fbb1df01.93193200494098378%22%3B%7D; expires=Tue, 19 Nov 2024 20:54:20 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22637a93fbac3a78.839361261917536802%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Tue, 19 Nov 2024 20:54:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.sectigo.com/
200 OK 472 B IP
Hash ef2aceee096d1a9dbfb103cbd1e82554
1ef6a489b4bef7718f2d48d150ff009343b3c72e
258693485f637a449d8e28f673a65b19660b0387b4c6edb2669a4dbc01ebf4ba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 15:56:21 GMT
Expires: Sat, 26 Nov 2022 15:56:20 GMT
Etag: "1ef6a489b4bef7718f2d48d150ff009343b3c72e"
Cache-Control: max-age=499919,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d4148bbeb91c12-OSL
lcdn.tsyndicate.com/images/e/8/f0cf9e3416e794586e8316a63d12b73d8e43f1/main.jpg
200 OK 13 kB URL HTTP/2 lcdn.tsyndicate.com/images/e/8/f0cf9e3416e794586e8316a63d12b73d8e43f1/main.jpg
IP
File type JPEG image data, baseline, precision 8, 300x250, components 3\012- data
Hash fd6b4701b301e2f50f77f45ee694e822
2877836675b27818dc765cadebdeefafcd691e9e
1fa628f1c7af23a1a0946907838f29ac6f22ab395b8498b8498c38b348332e95
GET /images/e/8/f0cf9e3416e794586e8316a63d12b73d8e43f1/main.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=6d11e000-ad4f-45c3-b90e-bc5b547eb14d; bfq=APeIECNCx5YZMWLgqBHDBguEChnW6MJCxJiCW2SwiEFRRBmMDW3kgGGDBkkYG22IJGnSBowufRQE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:20 GMT
content-type: image/jpeg
content-length: 12552
last-modified: Sun, 20 Nov 2022 12:06:53 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"637a185d-313d"
age: 30575
accept-ranges: bytes
X-Firefox-Spdy: h2
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bce3b61d6e21d427d4d81%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659735&t_i=1668977660213&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=3f558f64-e4ee-47e5-887d-b5bc80a37763&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=80d6ac1c-6915-11ed-b056-e2e38133f3a0&spid=636bce3b61d6e21d427d4d81&fpid_sa=1668977660197&fpid=&feid_sa=1668977660197&sid_sa=1668977660197&feid=917d3a1923adf23de8cec8a0d196c2f3&sid=7ba2dbb785dc5243a2f936c7c120bb77&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=0&e_d=%7B%7D&t_op=0.697
200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bce3b61d6e21d427d4d81%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659735&t_i=1668977660213&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=3f558f64-e4ee-47e5-887d-b5bc80a37763&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=80d6ac1c-6915-11ed-b056-e2e38133f3a0&spid=636bce3b61d6e21d427d4d81&fpid_sa=1668977660197&fpid=&feid_sa=1668977660197&sid_sa=1668977660197&feid=917d3a1923adf23de8cec8a0d196c2f3&sid=7ba2dbb785dc5243a2f936c7c120bb77&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=0&e_d=%7B%7D&t_op=0.697
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bce3b61d6e21d427d4d81%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659735&t_i=1668977660213&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=3f558f64-e4ee-47e5-887d-b5bc80a37763&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=80d6ac1c-6915-11ed-b056-e2e38133f3a0&spid=636bce3b61d6e21d427d4d81&fpid_sa=1668977660197&fpid=&feid_sa=1668977660197&sid_sa=1668977660197&feid=917d3a1923adf23de8cec8a0d196c2f3&sid=7ba2dbb785dc5243a2f936c7c120bb77&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=0&e_d=%7B%7D&t_op=0.697 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Length: 0
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a7d3686b10e193f9a0511936aad248bc
3a103449029c34a3f8eb807bab467e86e9ca325f
701127741161154f62e04ebedd4708b9b5e9d7499b73154fa2242aa7a6391e35
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "701127741161154F62E04EBEDD4708B9B5E9D7499B73154FA2242AA7A6391E35"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3054
Expires: Sun, 20 Nov 2022 21:45:14 GMT
Date: Sun, 20 Nov 2022 20:54:20 GMT
Connection: keep-alive
lcdn.tsyndicate.com/images/0/6/9283b01585f11be3909a5e8e44ef7abe0bd037.gif
200 OK 1.9 MB URL HTTP/2 lcdn.tsyndicate.com/images/0/6/9283b01585f11be3909a5e8e44ef7abe0bd037.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Size 1.9 MB (1925333 bytes)
Hash cb8ce8cf8c5772cfe00e48a7cb589c36
6e4873d3144512396d9837c1c0eb62751fdf97cc
8436e8df41d411295ee1e4642ed53924af0708162587de612dfbf3ff40800fd8
GET /images/0/6/9283b01585f11be3909a5e8e44ef7abe0bd037.gif HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:20 GMT
content-type: image/gif
content-length: 1925333
etag: "637a185d-1d60d5"
last-modified: Sun, 20 Nov 2022 12:06:53 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 30572
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash ef2aceee096d1a9dbfb103cbd1e82554
1ef6a489b4bef7718f2d48d150ff009343b3c72e
258693485f637a449d8e28f673a65b19660b0387b4c6edb2669a4dbc01ebf4ba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 15:56:21 GMT
Expires: Sat, 26 Nov 2022 15:56:20 GMT
Etag: "1ef6a489b4bef7718f2d48d150ff009343b3c72e"
Cache-Control: max-age=499919,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d4148bbc8db4f9-OSL
ocsp.sectigo.com/
200 OK 472 B IP
Hash ef2aceee096d1a9dbfb103cbd1e82554
1ef6a489b4bef7718f2d48d150ff009343b3c72e
258693485f637a449d8e28f673a65b19660b0387b4c6edb2669a4dbc01ebf4ba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 15:56:21 GMT
Expires: Sat, 26 Nov 2022 15:56:20 GMT
Etag: "1ef6a489b4bef7718f2d48d150ff009343b3c72e"
Cache-Control: max-age=499919,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d4148bbe781c0e-OSL
ocsp.sectigo.com/
200 OK 472 B IP
Hash ef2aceee096d1a9dbfb103cbd1e82554
1ef6a489b4bef7718f2d48d150ff009343b3c72e
258693485f637a449d8e28f673a65b19660b0387b4c6edb2669a4dbc01ebf4ba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:20 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 15:56:21 GMT
Expires: Sat, 26 Nov 2022 15:56:20 GMT
Etag: "1ef6a489b4bef7718f2d48d150ff009343b3c72e"
Cache-Control: max-age=499919,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d4148bbd4bb517-OSL
lcdn.tsyndicate.com/images/0/6/9283b01585f11be3909a5e8e44ef7abe0bd037/main.jpg
200 OK 11 kB URL HTTP/2 lcdn.tsyndicate.com/images/0/6/9283b01585f11be3909a5e8e44ef7abe0bd037/main.jpg
IP
File type JPEG image data, baseline, precision 8, 300x250, components 3\012- data
Hash 7aef6459f87e1014cbe621b87458f1e8
b6527516f168aa36d970ceb1f73b9b06794d2e67
5ec40320e6a4b8b2d77b4cd5d86a92dd887ed9ac09bac703ddbfbfa7f1ffe1f0
GET /images/0/6/9283b01585f11be3909a5e8e44ef7abe0bd037/main.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=6d11e000-ad4f-45c3-b90e-bc5b547eb14d; bfq=APeIECNCx5YZMWLgqBHDBguEChnW6MJCxJiCW2SwiEFRRBmMDW3kgGGDBkkYG22IJGnSBowufRQE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: image/jpeg
content-length: 10834
last-modified: Sun, 20 Nov 2022 12:06:54 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"637a185e-2a67"
age: 30576
accept-ranges: bytes
X-Firefox-Spdy: h2
tsyndicate.com/do2/4K7esoiMRbdmWXtGu7Vp9FjsD2M7K5vE/master?w=1280&h=1024&tz=0&count=10
200 OK 22 kB URL HTTP/2 tsyndicate.com/do2/4K7esoiMRbdmWXtGu7Vp9FjsD2M7K5vE/master?w=1280&h=1024&tz=0&count=10
IP
ASN #24940 Hetzner Online GmbH
Hash 8d47c708c8f3e88f441982b0382c1134
617af18ee58445ca3855c76aa180140c4c79d201
9f092471e773553c75c30b74c5a6d3f4c7a865f5a60df6a1e05b20e3afcca0ac
GET /do2/4K7esoiMRbdmWXtGu7Vp9FjsD2M7K5vE/master?w=1280&h=1024&tz=0&count=10 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:20 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.naturalhealthsource.club
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: d126b22caf1ffac1
set-cookie: ts_uid=6d11e000-ad4f-45c3-b90e-bc5b547eb14d; expires=Sat, 20 May 2023 20:54:20 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMWLgqBHDBguEChnW6MJCxJiCW2SwiEFRRBmMDW3kgGGDBkkYG22IJGnSBowufRQE; expires=Mon, 21 Nov 2022 20:54:20 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bce3b61d6e21d427d4d81%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659735&t_i=1668977660212&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=3e0ac274-b728-4024-acb6-7eab68480bd5&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=4ba7c4092ba6c512c67abbe36802932f&sid=9c23ccf90d6163ba4f566348b1c54e4f&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=0&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bce3b61d6e21d427d4d81%22%2C%22impressionId%22%3A%2280d6ac1c-6915-11ed-b056-e2e38133f3a0%22%7D&t_op=1.028&cb=gl.cb.pv
200 OK 65 B URL HTTP/1.1 adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bce3b61d6e21d427d4d81%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659735&t_i=1668977660212&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=3e0ac274-b728-4024-acb6-7eab68480bd5&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=4ba7c4092ba6c512c67abbe36802932f&sid=9c23ccf90d6163ba4f566348b1c54e4f&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=0&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bce3b61d6e21d427d4d81%22%2C%22impressionId%22%3A%2280d6ac1c-6915-11ed-b056-e2e38133f3a0%22%7D&t_op=1.028&cb=gl.cb.pv
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash ce049628e46feedc7d32e1538049bc6a
831fba120a026fdc33d40016c72230e2e7d97fea
42256da556be8e1374ec8905fa97c9f19790b4b8075b0eff5f9e0c9a43277e33
GET /t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bce3b61d6e21d427d4d81%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659735&t_i=1668977660212&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=3e0ac274-b728-4024-acb6-7eab68480bd5&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=4ba7c4092ba6c512c67abbe36802932f&sid=9c23ccf90d6163ba4f566348b1c54e4f&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=0&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bce3b61d6e21d427d4d81%22%2C%22impressionId%22%3A%2280d6ac1c-6915-11ed-b056-e2e38133f3a0%22%7D&t_op=1.028&cb=gl.cb.pv HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 20 Nov 2022 20:54:21 GMT
Content-Type: text/javascript
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=baacd7d8880724e8f210caa7991f7027; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.adxadserv.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
rtbrennab.com/banner/in/show/?mid=7214860019833631732&pid=0&site=6394&sc=NO&usage_type=DCH&subid=909432711&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=a.naturalhealthsource.club&hostname=auc-banner-hz-2&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=6394&utm_campaign=19775&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&ttl=&space_id=1018&banner_width=900&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D909432711%26idzone%3D3902668%26w%3D900%26h%3D250%26mo%3D%26ve%3D%26site_id%3D6394%26utm1%3Dtcban_i%26utm2%3D6394%26utm3%3D19775%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttps%253A%252F%252Fa.naturalhealthsource.club%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=7214860019833631732&pid=0&site=6394&sc=NO&usage_type=DCH&subid=909432711&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=a.naturalhealthsource.club&hostname=auc-banner-hz-2&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=6394&utm_campaign=19775&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&ttl=&space_id=1018&banner_width=900&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D909432711%26idzone%3D3902668%26w%3D900%26h%3D250%26mo%3D%26ve%3D%26site_id%3D6394%26utm1%3Dtcban_i%26utm2%3D6394%26utm3%3D19775%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttps%253A%252F%252Fa.naturalhealthsource.club%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=7214860019833631732&pid=0&site=6394&sc=NO&usage_type=DCH&subid=909432711&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=a.naturalhealthsource.club&hostname=auc-banner-hz-2&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=6394&utm_campaign=19775&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&ttl=&space_id=1018&banner_width=900&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D909432711%26idzone%3D3902668%26w%3D900%26h%3D250%26mo%3D%26ve%3D%26site_id%3D6394%26utm1%3Dtcban_i%26utm2%3D6394%26utm3%3D19775%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttps%253A%252F%252Fa.naturalhealthsource.club%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sun, 20 Nov 2022 20:54:21 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=909432711&idzone=3902668&w=900&h=250&mo=&ve=&site_id=6394&utm1=tcban_i&utm2=6394&utm3=19775&utm4=&ad_tags=&spot_id=0&p=https%3A%2F%2Fa.naturalhealthsource.club%2F&katds_labels=&btype=0&score=1&bf=0.0001
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=3882398581081128260&pid=0&site=4692&sc=NO&usage_type=DCH&subid=562949385&sid=0&cid=11391&price=0&is_cpm=1&cpm=0.0085&ecpm=0.007536950000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.naturalhealthsource.club&hostname=auc-banner-hz-4&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4692&utm_campaign=19775&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=&min_cpm=0.0001127777151234916&placement_type_id=0&skin_test=&verify_hash=&score=1&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=3882398581081128260&pid=0&site=4692&sc=NO&usage_type=DCH&subid=562949385&sid=0&cid=11391&price=0&is_cpm=1&cpm=0.0085&ecpm=0.007536950000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.naturalhealthsource.club&hostname=auc-banner-hz-4&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4692&utm_campaign=19775&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=&min_cpm=0.0001127777151234916&placement_type_id=0&skin_test=&verify_hash=&score=1&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=3882398581081128260&pid=0&site=4692&sc=NO&usage_type=DCH&subid=562949385&sid=0&cid=11391&price=0&is_cpm=1&cpm=0.0085&ecpm=0.007536950000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.naturalhealthsource.club&hostname=auc-banner-hz-4&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4692&utm_campaign=19775&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=&min_cpm=0.0001127777151234916&placement_type_id=0&skin_test=&verify_hash=&score=1&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sun, 20 Nov 2022 20:54:21 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://preroll.hostave3.net/notifications/zeropixel.png
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 31c97349f991b44bfc7a957a23817f62
74757e3f593a37acf169ba7859474fd3272693b0
8d42992797eba3d1a248d2307b6e4317172efc09550e546230f9da3fdb5554a6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8D42992797EBA3D1A248D2307B6E4317172EFC09550E546230F9DA3FDB5554A6"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11923
Expires: Mon, 21 Nov 2022 00:13:04 GMT
Date: Sun, 20 Nov 2022 20:54:21 GMT
Connection: keep-alive
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsSIMUMDR4wwNVrEgDEjTAsaZcyMaWEwTJkWGsOYuTFjRpkxZMLYEOFwjpg0ZBTq2CKihg0ZOWjkmIGjhoguDse4ERpDhgwbDsPUGYORKQ4ZM3I09QjDY9WvNmDwzAgUYxo6Zdp8ibHWoJ2FMs7OcAinjpiFNWbUkJEVDhy8NmLEoNETjkQdYW_AgFGDsYgyeOh8meMYo0E9b9yU-dI0x9oxbQ7rUDpj8t6HZMxMdCjGjZuFMxQ3jVHDYRs3F3UgrUGS7-_gMSTDwCqijhw2uGfcyHHDBvM6MjCioUMHzhwdL160wXPGRZsweNKcCdPmvIsxb9q8kAFDTI0cZMa8hEFj5skaNYjBkkwh8TYGaziEIUZeNvwwBntwANUDa65xUcdkV40hxxcS5hbDbjVYiKEND9LRQxBk1MEGHSAcUYZocoTBhogwXDVHDD1QlwONNr5VRhVSMNEDHX4hVAYb78XHow1z-MghGT1cpRgNS5YBR3w97GFlfH0saRBnb2jWIXWTVeZljjUuaQYbb9zxZJZrtvlklxfWSCIbaYyxxptKHKEHG0UwJYQaOchQBgxqEJGDFmdY8cUYY2ChxQxr5GCFEmpMkcUdZ4yhRBViWMEGEVfcYAYWdNRARQ5HfCFFGFmUwcQdRgxhx4Y1rFRHGjMkIUUUUehBxBlJJEFDHHgwYUcUbVARQxFwrJEHG0zgoMQcbsghBg0tBEEHDGN8cUYVSRAhRRVprEVGfJ654EYYRMbIBkEy0oHGHG84p997bPh1GrwLbZEbVCLAIQdXOsSwX28ZyaYDDC7AQJEIY8Ahl8EIQzxZUw7JYYdqvDl0k8ULaTxxHbtipJZDaagmQg4xuJADxDTI4AJvNKxVRxgYNfGGHmmwwUYYL9QQMQgoXJGGG-veMQcITlABwkgR7wCC0m7YQIPVeGhttccJUxZxCi3etMYb80k82UgxgGBEGnKk9AYeL4xk9MoUIyyCE0-s9caGkGLE91ps6F2EE-qWYccXcUOXcA033IDDDDbgMFnHZ9wmXA04NCTCQYuLIcdCOODgEOhftPEGGXjhkNjpcryBm0NvCGWZwXPnsZBlZOShOR1y1FFGxylpx5134L0QhrvwOicjvSvem-_BZfDr1wtrzeExRrHTAe_fLdThxlsiQZzfDerqfdAX569FRxsTWYcDddWlVVEb2SUsP_3W8cdfVmRgXBk48wWA6a9y_LPfZRYnI4TQQSgCqwHBFPSYz6VEKytaCxwKV7KoBAcGfVBAQAA%3D&r=1&s=0793bed3e26186fb17614d4039127846daebdfda20c4385b976a83ac40778dd51668977660&w=t
200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsSIMUMDR4wwNVrEgDEjTAsaZcyMaWEwTJkWGsOYuTFjRpkxZMLYEOFwjpg0ZBTq2CKihg0ZOWjkmIGjhoguDse4ERpDhgwbDsPUGYORKQ4ZM3I09QjDY9WvNmDwzAgUYxo6Zdp8ibHWoJ2FMs7OcAinjpiFNWbUkJEVDhy8NmLEoNETjkQdYW_AgFGDsYgyeOh8meMYo0E9b9yU-dI0x9oxbQ7rUDpj8t6HZMxMdCjGjZuFMxQ3jVHDYRs3F3UgrUGS7-_gMSTDwCqijhw2uGfcyHHDBvM6MjCioUMHzhwdL160wXPGRZsweNKcCdPmvIsxb9q8kAFDTI0cZMa8hEFj5skaNYjBkkwh8TYGaziEIUZeNvwwBntwANUDa65xUcdkV40hxxcS5hbDbjVYiKEND9LRQxBk1MEGHSAcUYZocoTBhogwXDVHDD1QlwONNr5VRhVSMNEDHX4hVAYb78XHow1z-MghGT1cpRgNS5YBR3w97GFlfH0saRBnb2jWIXWTVeZljjUuaQYbb9zxZJZrtvlklxfWSCIbaYyxxptKHKEHG0UwJYQaOchQBgxqEJGDFmdY8cUYY2ChxQxr5GCFEmpMkcUdZ4yhRBViWMEGEVfcYAYWdNRARQ5HfCFFGFmUwcQdRgxhx4Y1rFRHGjMkIUUUUehBxBlJJEFDHHgwYUcUbVARQxFwrJEHG0zgoMQcbsghBg0tBEEHDGN8cUYVSRAhRRVprEVGfJ654EYYRMbIBkEy0oHGHG84p997bPh1GrwLbZEbVCLAIQdXOsSwX28ZyaYDDC7AQJEIY8Ahl8EIQzxZUw7JYYdqvDl0k8ULaTxxHbtipJZDaagmQg4xuJADxDTI4AJvNKxVRxgYNfGGHmmwwUYYL9QQMQgoXJGGG-veMQcITlABwkgR7wCC0m7YQIPVeGhttccJUxZxCi3etMYb80k82UgxgGBEGnKk9AYeL4xk9MoUIyyCE0-s9caGkGLE91ps6F2EE-qWYccXcUOXcA033IDDDDbgMFnHZ9wmXA04NCTCQYuLIcdCOODgEOhftPEGGXjhkNjpcryBm0NvCGWZwXPnsZBlZOShOR1y1FFGxylpx5134L0QhrvwOicjvSvem-_BZfDr1wtrzeExRrHTAe_fLdThxlsiQZzfDerqfdAX569FRxsTWYcDddWlVVEb2SUsP_3W8cdfVmRgXBk48wWA6a9y_LPfZRYnI4TQQSgCqwHBFPSYz6VEKytaCxwKV7KoBAcGfVBAQAA%3D&r=1&s=0793bed3e26186fb17614d4039127846daebdfda20c4385b976a83ac40778dd51668977660&w=t
IP
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsSIMUMDR4wwNVrEgDEjTAsaZcyMaWEwTJkWGsOYuTFjRpkxZMLYEOFwjpg0ZBTq2CKihg0ZOWjkmIGjhoguDse4ERpDhgwbDsPUGYORKQ4ZM3I09QjDY9WvNmDwzAgUYxo6Zdp8ibHWoJ2FMs7OcAinjpiFNWbUkJEVDhy8NmLEoNETjkQdYW_AgFGDsYgyeOh8meMYo0E9b9yU-dI0x9oxbQ7rUDpj8t6HZMxMdCjGjZuFMxQ3jVHDYRs3F3UgrUGS7-_gMSTDwCqijhw2uGfcyHHDBvM6MjCioUMHzhwdL160wXPGRZsweNKcCdPmvIsxb9q8kAFDTI0cZMa8hEFj5skaNYjBkkwh8TYGaziEIUZeNvwwBntwANUDa65xUcdkV40hxxcS5hbDbjVYiKEND9LRQxBk1MEGHSAcUYZocoTBhogwXDVHDD1QlwONNr5VRhVSMNEDHX4hVAYb78XHow1z-MghGT1cpRgNS5YBR3w97GFlfH0saRBnb2jWIXWTVeZljjUuaQYbb9zxZJZrtvlklxfWSCIbaYyxxptKHKEHG0UwJYQaOchQBgxqEJGDFmdY8cUYY2ChxQxr5GCFEmpMkcUdZ4yhRBViWMEGEVfcYAYWdNRARQ5HfCFFGFmUwcQdRgxhx4Y1rFRHGjMkIUUUUehBxBlJJEFDHHgwYUcUbVARQxFwrJEHG0zgoMQcbsghBg0tBEEHDGN8cUYVSRAhRRVprEVGfJ654EYYRMbIBkEy0oHGHG84p997bPh1GrwLbZEbVCLAIQdXOsSwX28ZyaYDDC7AQJEIY8Ahl8EIQzxZUw7JYYdqvDl0k8ULaTxxHbtipJZDaagmQg4xuJADxDTI4AJvNKxVRxgYNfGGHmmwwUYYL9QQMQgoXJGGG-veMQcITlABwkgR7wCC0m7YQIPVeGhttccJUxZxCi3etMYb80k82UgxgGBEGnKk9AYeL4xk9MoUIyyCE0-s9caGkGLE91ps6F2EE-qWYccXcUOXcA033IDDDDbgMFnHZ9wmXA04NCTCQYuLIcdCOODgEOhftPEGGXjhkNjpcryBm0NvCGWZwXPnsZBlZOShOR1y1FFGxylpx5134L0QhrvwOicjvSvem-_BZfDr1wtrzeExRrHTAe_fLdThxlsiQZzfDerqfdAX569FRxsTWYcDddWlVVEb2SUsP_3W8cdfVmRgXBk48wWA6a9y_LPfZRYnI4TQQSgCqwHBFPSYz6VEKytaCxwKV7KoBAcGfVBAQAA%3D&r=1&s=0793bed3e26186fb17614d4039127846daebdfda20c4385b976a83ac40778dd51668977660&w=t HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ad57bb49fd0a0c51f775f8333c8f95eb
d03e1d15330f9766d1cc213e094bc435d820ce19
634779e6e6297d3e57bd60235f64d0b6aed60a39c81fd152cd3b69cf6225edd7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "634779E6E6297D3E57BD60235F64D0B6AED60A39C81FD152CD3B69CF6225EDD7"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12081
Expires: Mon, 21 Nov 2022 00:15:42 GMT
Date: Sun, 20 Nov 2022 20:54:21 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6edbbadad8b5d639393e9223a860eb07
d0d4259967faaf1b7e699f27c2b41a9f423512cd
253a9641d1f2d348ffc2b3ba7db1e2254bccfdef0b478acfd0820527ab17cebb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "253A9641D1F2D348FFC2B3BA7DB1E2254BCCFDEF0B478ACFD0820527AB17CEBB"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11297
Expires: Mon, 21 Nov 2022 00:02:38 GMT
Date: Sun, 20 Nov 2022 20:54:21 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash dae75e2f728ea5cd3637b623370b43a8
3c533b402997a53db2c8f202721a542ac3153782
e9aa2e3df6f36e7dfe7e98e4246119388e74ab9f473b556e258b45148c98cae7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2393
Cache-Control: max-age=113670
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:21 GMT
Etag: "6379a3aa-117"
Expires: Tue, 22 Nov 2022 04:28:51 GMT
Last-Modified: Sun, 20 Nov 2022 03:48:58 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
xml.serve-servee.com/thumbnail?i=kQmwQRJREyM_0&imgt=icon
302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=kQmwQRJREyM_0&imgt=icon
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=kQmwQRJREyM_0&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 20 Nov 2022 20:54:21 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/300x300_Wg3cKTLuRj8HdExmdUYY.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2uF2l2FmYSprTRjc%2B6YZVzv0dosdGNwazYagM6QkX%2BHew4yUVgJbgbbkeCPL8q18dH6D7rEvPCMF13xXpMIUY79E0vEq3LsSoj9zZc2JudyFpebREtFTkAP%2BIN4x1UA6pGNFqdI8Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d4148f2faa7691-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=0&source=909432711&idzone=3902668&w=900&h=250&mo=&ve=&site_id=6394&utm1=tcban_i&utm2=6394&utm3=19775&utm4=&ad_tags=&spot_id=0&p=https%3A%2F%2Fa.naturalhealthsource.club%2F&katds_labels=&btype=0&score=1&bf=0.0001
302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=909432711&idzone=3902668&w=900&h=250&mo=&ve=&site_id=6394&utm1=tcban_i&utm2=6394&utm3=19775&utm4=&ad_tags=&spot_id=0&p=https%3A%2F%2Fa.naturalhealthsource.club%2F&katds_labels=&btype=0&score=1&bf=0.0001
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=909432711&idzone=3902668&w=900&h=250&mo=&ve=&site_id=6394&utm1=tcban_i&utm2=6394&utm3=19775&utm4=&ad_tags=&spot_id=0&p=https%3A%2F%2Fa.naturalhealthsource.club%2F&katds_labels=&btype=0&score=1&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://12007250.pix-cdn.org/a/pjexo.html?idzone=3902668&w=900&h=250&ad_sub=&ad_tags=
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Mon, 21 Nov 2022 20:54:20 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
analitits.com/t/xfeid?cb=gl.cb.xf
200 OK 65 B URL HTTP/1.1 analitits.com/t/xfeid?cb=gl.cb.xf
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 4699603ac5b01463d5d4687a142e987d
a4267ff3121bd840ae8a990838aa6f8851ca812b
f16d0c27435fd4c8f9c374936600537c9886e85ca9a147bf28db83d8926ae761
GET /t/xfeid?cb=gl.cb.xf HTTP/1.1
Host: analitits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Sun, 20 Nov 2022 20:54:21 GMT
Content-Type: application/octet-stream
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=f4d7af4084dfb1649a837e103f011e71; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.analitits.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659733&t_i=1668977660195&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=0d30587c-631b-4e84-ae11-7b0a38579b3e&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=4ba7c4092ba6c512c67abbe36802932f&sid=9c23ccf90d6163ba4f566348b1c54e4f&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%2280d5dd14-6915-11ed-9b66-52ca5d2668e1%22%7D&t_op=1.294&cb=gl.cb.pv
200 OK 65 B URL HTTP/1.1 adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659733&t_i=1668977660195&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=0d30587c-631b-4e84-ae11-7b0a38579b3e&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=4ba7c4092ba6c512c67abbe36802932f&sid=9c23ccf90d6163ba4f566348b1c54e4f&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%2280d5dd14-6915-11ed-9b66-52ca5d2668e1%22%7D&t_op=1.294&cb=gl.cb.pv
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 35eea4ecba9a207914849cc58fb74fc1
faa12e8f2508b5489a96f5fc755e25e2f884e63e
250da57fc879af422bf1c5af0be5004e7b0ce4d3f4da294f37d67a973b0f3120
GET /t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1668977659733&t_i=1668977660195&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=0d30587c-631b-4e84-ae11-7b0a38579b3e&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=4ba7c4092ba6c512c67abbe36802932f&sid=9c23ccf90d6163ba4f566348b1c54e4f&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%2280d5dd14-6915-11ed-9b66-52ca5d2668e1%22%7D&t_op=1.294&cb=gl.cb.pv HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 20 Nov 2022 20:54:21 GMT
Content-Type: text/javascript
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=737e564b5059846c4b23aafe11e8edb3; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.adxadserv.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
ocsp.digicert.com/
200 OK 279 B IP
Hash 5b8f6c87767039d13ab0754c2c3ea35b
9d23130ff062ed89a55685a5d6b9a2e45561d45d
cffd4cf9d40eb0cd09de21389673ccba014c20576ec42429b19f142a3436b9f8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4850
Cache-Control: max-age=91296
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:21 GMT
Etag: "637942ab-117"
Expires: Mon, 21 Nov 2022 22:15:57 GMT
Last-Modified: Sat, 19 Nov 2022 20:55:07 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 312 B IP
Hash a23b54d00ded2ba5099a3383220716eb
5ece4d175b9c4141968df4b070a39d320bccbde0
a051bc7178760f0f69b463eedfedf4eade8cef03bfd1a4cc9348c2610b3b24f8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4689
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:21 GMT
Last-Modified: Sun, 20 Nov 2022 19:36:12 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 312
preroll.hostave3.net/notifications/zeropixel.png
200 OK 42 B URL HTTP/2 preroll.hostave3.net/notifications/zeropixel.png
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /notifications/zeropixel.png HTTP/1.1
Host: preroll.hostave3.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: image/png
content-length: 42
last-modified: Tue, 11 Sep 2018 08:40:52 GMT
etag: "5b977f94-2a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 33744631
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5YbsJkGfQk7lJTIC4NFfrh92cz9HwG1w0OGduGiv7pvlmP6iwGXSBS9GBuC0609bzlQSP11kDRDgcuUhn6l3R%2BWyK8LRRNbuCdfzzxtKfn%2F6RcYd13LI8tDV1fDmRBNP%2Fxn%2B6O4u1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 76d414900ede7521-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analitits.com/t/xfeid?cb=gl.cb.xf
200 OK 65 B URL HTTP/1.1 analitits.com/t/xfeid?cb=gl.cb.xf
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 2f36f90037c7bc3dc3037928105824ee
f88115579b03071392e45ad290c817ead1bd7bdd
501dbfc5c86494800b7cde5ff5058404d159362d4ed18d5af7f287fccdd5e23d
GET /t/xfeid?cb=gl.cb.xf HTTP/1.1
Host: analitits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Sun, 20 Nov 2022 20:54:21 GMT
Content-Type: application/octet-stream
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=4ece691504495010f44fb9ee3d196e95; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.analitits.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 31c97349f991b44bfc7a957a23817f62
74757e3f593a37acf169ba7859474fd3272693b0
8d42992797eba3d1a248d2307b6e4317172efc09550e546230f9da3fdb5554a6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8D42992797EBA3D1A248D2307B6E4317172EFC09550E546230F9DA3FDB5554A6"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11923
Expires: Mon, 21 Nov 2022 00:13:04 GMT
Date: Sun, 20 Nov 2022 20:54:21 GMT
Connection: keep-alive
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 20 Nov 2022 20:54:21 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbsNzFiVVEqfg7W; SameSite=None; Secure; path=/; expires=Mon, 21-Nov-22 19:54:21 GMT; HttpOnly
server: cloudflare
cf-ray: 76d414903f681c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.serve-servee.com/n337/ad/300x300_Wg3cKTLuRj8HdExmdUYY.png
200 OK 57 kB URL HTTP/2 static.serve-servee.com/n337/ad/300x300_Wg3cKTLuRj8HdExmdUYY.png
IP
File type PNG image data, 300 x 300, 8-bit colormap, non-interlaced\012- data
Hash 8fb7974a9de3f02e9f39d1f4c17db32f
104f49b5b0cdfea9be62c26f23e69a182e76fd51
66ce08a16a71f8c8a8df525201f2e3bbb0ddd71e65fc3f69242014378e6c82f0
GET /n337/ad/300x300_Wg3cKTLuRj8HdExmdUYY.png HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: image/png
content-length: 56756
last-modified: Sat, 12 Nov 2022 11:18:07 GMT
accept-ranges: bytes
etag: "636f80ef-ddb4"
cache-control: max-age=86400
x-hw: 1668977661.cds298.lo4.h2,1668977661.cds090.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pYUhnHQSULX6KMdZXbNuHC2R5ZAhpaA%2Fd9pAw46oIeb6W0a5IXBhDAYPx2p38rsrknG6LgHtlKYKqj7MRLK5r6Ef3ugj%2BFipov4Xlg7%2BUOmdVZIxxg6JuNFSQ%2FHdjD5PMJ4ogD%2BLVKbO%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d4149059877691-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash dae75e2f728ea5cd3637b623370b43a8
3c533b402997a53db2c8f202721a542ac3153782
e9aa2e3df6f36e7dfe7e98e4246119388e74ab9f473b556e258b45148c98cae7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2393
Cache-Control: max-age=113670
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:21 GMT
Etag: "6379a3aa-117"
Expires: Tue, 22 Nov 2022 04:28:51 GMT
Last-Modified: Sun, 20 Nov 2022 03:48:58 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 5b8f6c87767039d13ab0754c2c3ea35b
9d23130ff062ed89a55685a5d6b9a2e45561d45d
cffd4cf9d40eb0cd09de21389673ccba014c20576ec42429b19f142a3436b9f8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4850
Cache-Control: max-age=91296
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:21 GMT
Etag: "637942ab-117"
Expires: Mon, 21 Nov 2022 22:15:57 GMT
Last-Modified: Sat, 19 Nov 2022 20:55:07 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aa85d99752e8ff07e3d47ce0df455293
909e86510b9b29d5d3b5ed48cc5d41dcd3b16297
e30ec93c737f6ae9ea0cc0fc8aea00864029cc67530a4842d3e69652cfbac735
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E30EC93C737F6AE9EA0CC0FC8AEA00864029CC67530A4842D3E69652CFBAC735"
Last-Modified: Sat, 19 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2098
Expires: Sun, 20 Nov 2022 21:29:19 GMT
Date: Sun, 20 Nov 2022 20:54:21 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 312 B IP
Hash a23b54d00ded2ba5099a3383220716eb
5ece4d175b9c4141968df4b070a39d320bccbde0
a051bc7178760f0f69b463eedfedf4eade8cef03bfd1a4cc9348c2610b3b24f8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4689
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:21 GMT
Last-Modified: Sun, 20 Nov 2022 19:36:12 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 312
lcdn.tsyndicate.com/sdk/v1/b.b.js
200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=6d11e000-ad4f-45c3-b90e-bc5b547eb14d; bfq=APeIECNCx5YZMWLgqBHDBguEChnW6MJCxJiCW2SwiEFRRBmMDW3kgGGDBkkYG22IJGnSBowufRQE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 22243398
accept-ranges: bytes
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=6d11e000-ad4f-45c3-b90e-bc5b547eb14d; bfq=APeIECNCx5YZMWLgqBHDBguEChnW6MJCxJiCW2SwiEFRRBmMDW3kgGGDBkkYG22IJGnSBowufRQE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Sun, 20 Nov 2022 20:54:21 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 22243398
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=6d11e000-ad4f-45c3-b90e-bc5b547eb14d; bfq=APeIECNCx5YZMWLgqBHDBguEChnW6MJCxJiCW2SwiEFRRBmMDW3kgGGDBkkYG22IJGnSBowufRQE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Sun, 20 Nov 2022 20:54:21 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 22243398
X-Firefox-Spdy: h2
ads.realsrv.com/ads.js
200 OK 842 B IP
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (2475), with no line terminators
Hash 35a88a436a88107c799abfccce89717f
9bad40fd8dfa6124db191b4b4997fc9a0a14d406
0e7421355d020ce90cdd30e493afd253dd8bd3899561bd9675655bcbdb1cd23c
GET /ads.js HTTP/1.1
Host: ads.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22637a93fbb1df01.93193200494098378%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22637a93fbac3a78.839361261917536802%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4837642%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C637a93fbb1df01.93193200494098378%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: application/javascript
etag: W/"f4fddb85b686269b678e3caf766"
expires: Fri, 18 Nov 2022 18:55:20 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1668981369
server: CDN77-Turbo
x-77-nzt: AblMCQ37DCj/tBsAAA
x-77-nzt-ray: c0a4cc28d1d638e6fd937a63d080a62c
x-cache: HIT
x-age: 7092
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Sun, 20 Nov 2022 20:54:21 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 22243398
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 236025dd0741366b355a4789e4221bcf
bdd3204737d7a4c57f4f5be4178e3f37f059b7bd
4307fc086be6748dd542d489f0c973a5597c543a10e2bf1a3291a4d732874e06
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3950
Cache-Control: max-age=110923
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:21 GMT
Etag: "637992da-118"
Expires: Tue, 22 Nov 2022 03:43:04 GMT
Last-Modified: Sun, 20 Nov 2022 02:37:14 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 280
syndication.realsrv.com/ads-iframe-display.php?idzone=3902668&type=900x250&p=https%3A//rtbbnr.com/&dt=1668977661856&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
200 OK 146 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=3902668&type=900x250&p=https%3A//rtbbnr.com/&dt=1668977661856&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP
ASN #60781 LeaseWeb Netherlands B.V.
Hash ee2446b9d5b951271f22f42c6ae4e938
6338d64ab18ad24562d465315e570d277e2544ef
595873b9e53154efa5f60ffb39fea3fa9211bf14b8fcd6b10d85cbeea5fd749a
GET /ads-iframe-display.php?idzone=3902668&type=900x250&p=https%3A//rtbbnr.com/&dt=1668977661856&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22637a93fbb1df01.93193200494098378%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22637a93fbac3a78.839361261917536802%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4837642%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C637a93fbb1df01.93193200494098378%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Nov 2022 20:54:21 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22637a93fbb1df01.93193200494098378%22%3B%7D; expires=Tue, 19 Nov 2024 20:54:21 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Sun, 20 Nov 2022 20:54:21 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 22243398
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 3450
expires: Mon, 21 Nov 2022 00:54:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d414925ec10b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 236025dd0741366b355a4789e4221bcf
bdd3204737d7a4c57f4f5be4178e3f37f059b7bd
4307fc086be6748dd542d489f0c973a5597c543a10e2bf1a3291a4d732874e06
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3950
Cache-Control: max-age=110923
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:21 GMT
Etag: "637992da-118"
Expires: Tue, 22 Nov 2022 03:43:04 GMT
Last-Modified: Sun, 20 Nov 2022 02:37:14 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 280
lcdn.tsyndicate.com/images/e/8/f0cf9e3416e794586e8316a63d12b73d8e43f1/main.jpg
304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/images/e/8/f0cf9e3416e794586e8316a63d12b73d8e43f1/main.jpg
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/e/8/f0cf9e3416e794586e8316a63d12b73d8e43f1/main.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Sun, 20 Nov 2022 12:06:53 GMT
If-None-Match: W/"637a185d-313d"
TE: trailers
HTTP/2 304 Not Modified
date: Sun, 20 Nov 2022 20:54:21 GMT
last-modified: Sun, 20 Nov 2022 12:06:53 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"637a185d-313d"
age: 30576
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/0/6/9283b01585f11be3909a5e8e44ef7abe0bd037/main.jpg
304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/images/0/6/9283b01585f11be3909a5e8e44ef7abe0bd037/main.jpg
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/0/6/9283b01585f11be3909a5e8e44ef7abe0bd037/main.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Sun, 20 Nov 2022 12:06:54 GMT
If-None-Match: W/"637a185e-2a67"
TE: trailers
HTTP/2 304 Not Modified
date: Sun, 20 Nov 2022 20:54:21 GMT
last-modified: Sun, 20 Nov 2022 12:06:54 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"637a185e-2a67"
age: 30576
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUoCFDzAwcOHK0IEPDBo4WNMTIECkmTAwZLWSEsTEDxgwxNsSEFCPiYZg6YzKO6WgjxowaNUaWIUMGZY0bMVqIyQEjaRmZMmjUwDEjRkMZPSGSsbNQxkuuD-HU4clwJYyKEOHAWYjjBo0ZD-fAmaiDBgwbNWLkwCuijV6-fgELvvFwTJu5fQfDsOmTjBmKD8W4cbOwawwcgR0WdoNRx8oalEXAaUN6IWAacOvIYdN5xo0cN2zYeFgHrI6BdOjAmaPjxYs2eM64aBMGT5ozYdowdzHmTZsXMmCIqZGDzJgyLWDQMHPDaQ0xLcKEMZO04Rgag3GEURnDxo8x0eGkIdMDfk2bXNQxmQw2jCHHF_v14BloDQU4YIFh0NFDEGTUwQYdIBxRhhsIhcGGgzAQOEcMPeCWA4gipkFHGVVIwUQPeJgRhht0hKFHHtRZh6INc6hYBoL81XXXjmXAYV0PexRpXR87GqTXG3QA2d9fgQ3WZIkh7mgGG2_cIeUeW3YJJJMChlggG2mMsYaUeWhhRRFf6HEEEnc4IYcQbUCxRg54JJFGDVbgocUaU9SxxhpkONFCFkaEYUUeckzRRh0t4HFEHjEwEcMYTdCBBg1MzMFGCzkkEQMRWARxQx1LoCFFGkFI0QYRN-gRxxtmSGHFEVN8YYcTZyxxBgxSEIhFEU-QIQMSVaghxEhfiPHFGVUkQYQUVaQRFhnWZRSGC25EKJuHBHno6RxvyPYddWysFRZ-fG3RVRdpyREUQ-BVldllOsDgwluNrfYFHPYu5O9koD0khx2QNfRQGWOsZvC_sdWh7W-W3ZDdDWbYEB5sJ91VQxgtcHVDU2KYMZgMH6mcw11hpQGZCDnE4AJVLnDkQkM0hHWgzBnVfLO_OvMcVh1hZNTEG3qkwQYbYbxQw78goHBFGm5we8ccIDhBBQgxHLwDCFe7YQMNY-Nx9tgLM1TVvylkCPEab2D31mRhxwCCEWnIUYYZb-DxQthTw_DuvSI48URYbxw4BuKKh8UG4kU4sW0ZdnzhN20MPXUDVyZNpvAZnJm2FWMiHJS5GHLQhcNDqn_RxhtklIVDUbDL8UZnD72hUF_1Bp7HQjTAnkfpdMhRRxkK_50RGsENV9wL34ZLx7hslHshGuiqWwa7a70Q1h0ZnWX4Q2iUH2LPeS2cke410tF4C3W4oWJ4Mrig7LaIH_TF_hZpA0V0E5Ib5MYGMAigb-pjEtwc0CYrqYzmyqCXL0RogA00oG4SCBEx8CV1f_vJhcICh8kZrDGlgUEfFBAQ&s=f2995d42f4d2df35cc4bf7507a7b2538576c8132be292e3bb21497704a232e331668977660&w=t&r=1&d=29&priv=false
200 OK 1.3 kB URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUoCFDzAwcOHK0IEPDBo4WNMTIECkmTAwZLWSEsTEDxgwxNsSEFCPiYZg6YzKO6WgjxowaNUaWIUMGZY0bMVqIyQEjaRmZMmjUwDEjRkMZPSGSsbNQxkuuD-HU4clwJYyKEOHAWYjjBo0ZD-fAmaiDBgwbNWLkwCuijV6-fgELvvFwTJu5fQfDsOmTjBmKD8W4cbOwawwcgR0WdoNRx8oalEXAaUN6IWAacOvIYdN5xo0cN2zYeFgHrI6BdOjAmaPjxYs2eM64aBMGT5ozYdowdzHmTZsXMmCIqZGDzJgyLWDQMHPDaQ0xLcKEMZO04Rgag3GEURnDxo8x0eGkIdMDfk2bXNQxmQw2jCHHF_v14BloDQU4YIFh0NFDEGTUwQYdIBxRhhsIhcGGgzAQOEcMPeCWA4gipkFHGVVIwUQPeJgRhht0hKFHHtRZh6INc6hYBoL81XXXjmXAYV0PexRpXR87GqTXG3QA2d9fgQ3WZIkh7mgGG2_cIeUeW3YJJJMChlggG2mMsYaUeWhhRRFf6HEEEnc4IYcQbUCxRg54JJFGDVbgocUaU9SxxhpkONFCFkaEYUUeckzRRh0t4HFEHjEwEcMYTdCBBg1MzMFGCzkkEQMRWARxQx1LoCFFGkFI0QYRN-gRxxtmSGHFEVN8YYcTZyxxBgxSEIhFEU-QIQMSVaghxEhfiPHFGVUkQYQUVaQRFhnWZRSGC25EKJuHBHno6RxvyPYddWysFRZ-fG3RVRdpyREUQ-BVldllOsDgwluNrfYFHPYu5O9koD0khx2QNfRQGWOsZvC_sdWh7W-W3ZDdDWbYEB5sJ91VQxgtcHVDU2KYMZgMH6mcw11hpQGZCDnE4AJVLnDkQkM0hHWgzBnVfLO_OvMcVh1hZNTEG3qkwQYbYbxQw78goHBFGm5we8ccIDhBBQgxHLwDCFe7YQMNY-Nx9tgLM1TVvylkCPEab2D31mRhxwCCEWnIUYYZb-DxQthTw_DuvSI48URYbxw4BuKKh8UG4kU4sW0ZdnzhN20MPXUDVyZNpvAZnJm2FWMiHJS5GHLQhcNDqn_RxhtklIVDUbDL8UZnD72hUF_1Bp7HQjTAnkfpdMhRRxkK_50RGsENV9wL34ZLx7hslHshGuiqWwa7a70Q1h0ZnWX4Q2iUH2LPeS2cke410tF4C3W4oWJ4Mrig7LaIH_TF_hZpA0V0E5Ib5MYGMAigb-pjEtwc0CYrqYzmyqCXL0RogA00oG4SCBEx8CV1f_vJhcICh8kZrDGlgUEfFBAQ&s=f2995d42f4d2df35cc4bf7507a7b2538576c8132be292e3bb21497704a232e331668977660&w=t&r=1&d=29&priv=false
IP
ASN #24940 Hetzner Online GmbH
Hash 71a5798387480ca79bab342aa80d4db7
1f9e0dfb4167d31c6f2e8700fabb3af38a4702bc
a9d6470203ee5112f1c8156c088afe0234080b0e702437b2651d7504a46276c6
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUoCFDzAwcOHK0IEPDBo4WNMTIECkmTAwZLWSEsTEDxgwxNsSEFCPiYZg6YzKO6WgjxowaNUaWIUMGZY0bMVqIyQEjaRmZMmjUwDEjRkMZPSGSsbNQxkuuD-HU4clwJYyKEOHAWYjjBo0ZD-fAmaiDBgwbNWLkwCuijV6-fgELvvFwTJu5fQfDsOmTjBmKD8W4cbOwawwcgR0WdoNRx8oalEXAaUN6IWAacOvIYdN5xo0cN2zYeFgHrI6BdOjAmaPjxYs2eM64aBMGT5ozYdowdzHmTZsXMmCIqZGDzJgyLWDQMHPDaQ0xLcKEMZO04Rgag3GEURnDxo8x0eGkIdMDfk2bXNQxmQw2jCHHF_v14BloDQU4YIFh0NFDEGTUwQYdIBxRhhsIhcGGgzAQOEcMPeCWA4gipkFHGVVIwUQPeJgRhht0hKFHHtRZh6INc6hYBoL81XXXjmXAYV0PexRpXR87GqTXG3QA2d9fgQ3WZIkh7mgGG2_cIeUeW3YJJJMChlggG2mMsYaUeWhhRRFf6HEEEnc4IYcQbUCxRg54JJFGDVbgocUaU9SxxhpkONFCFkaEYUUeckzRRh0t4HFEHjEwEcMYTdCBBg1MzMFGCzkkEQMRWARxQx1LoCFFGkFI0QYRN-gRxxtmSGHFEVN8YYcTZyxxBgxSEIhFEU-QIQMSVaghxEhfiPHFGVUkQYQUVaQRFhnWZRSGC25EKJuHBHno6RxvyPYddWysFRZ-fG3RVRdpyREUQ-BVldllOsDgwluNrfYFHPYu5O9koD0khx2QNfRQGWOsZvC_sdWh7W-W3ZDdDWbYEB5sJ91VQxgtcHVDU2KYMZgMH6mcw11hpQGZCDnE4AJVLnDkQkM0hHWgzBnVfLO_OvMcVh1hZNTEG3qkwQYbYbxQw78goHBFGm5we8ccIDhBBQgxHLwDCFe7YQMNY-Nx9tgLM1TVvylkCPEab2D31mRhxwCCEWnIUYYZb-DxQthTw_DuvSI48URYbxw4BuKKh8UG4kU4sW0ZdnzhN20MPXUDVyZNpvAZnJm2FWMiHJS5GHLQhcNDqn_RxhtklIVDUbDL8UZnD72hUF_1Bp7HQjTAnkfpdMhRRxkK_50RGsENV9wL34ZLx7hslHshGuiqWwa7a70Q1h0ZnWX4Q2iUH2LPeS2cke410tF4C3W4oWJ4Mrig7LaIH_TF_hZpA0V0E5Ib5MYGMAigb-pjEtwc0CYrqYzmyqCXL0RogA00oG4SCBEx8CV1f_vJhcICh8kZrDGlgUEfFBAQ&s=f2995d42f4d2df35cc4bf7507a7b2538576c8132be292e3bb21497704a232e331668977660&w=t&r=1&d=29&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 312 B IP
Hash 0c68ebfa9c9ad7762cd9daaaf14837b1
0b2691fcd253b47c1645b0987b808466af3dafc5
39585f35078d1caab367dbb85ab4fab59605e038ed1dcea140cf5bfba43078df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5396
Cache-Control: max-age=93999
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:22 GMT
Etag: "63794b1a-138"
Expires: Mon, 21 Nov 2022 23:01:01 GMT
Last-Modified: Sat, 19 Nov 2022 21:31:06 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
200 OK 312 B IP
Hash 0c68ebfa9c9ad7762cd9daaaf14837b1
0b2691fcd253b47c1645b0987b808466af3dafc5
39585f35078d1caab367dbb85ab4fab59605e038ed1dcea140cf5bfba43078df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5396
Cache-Control: max-age=93999
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:22 GMT
Etag: "63794b1a-138"
Expires: Mon, 21 Nov 2022 23:01:01 GMT
Last-Modified: Sat, 19 Nov 2022 21:31:06 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
200 OK 312 B IP
Hash 0c68ebfa9c9ad7762cd9daaaf14837b1
0b2691fcd253b47c1645b0987b808466af3dafc5
39585f35078d1caab367dbb85ab4fab59605e038ed1dcea140cf5bfba43078df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5396
Cache-Control: max-age=93999
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:22 GMT
Etag: "63794b1a-138"
Expires: Mon, 21 Nov 2022 23:01:01 GMT
Last-Modified: Sat, 19 Nov 2022 21:31:06 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 312
roomimg.stream.highwebmedia.com/riw/x_lily_x.jpg?1668977640
200 OK 10 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/x_lily_x.jpg?1668977640
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 2d43fbaa97910b6aafa404869e04a8a6
fab176a6c4f0442798a13fa322b10fa8396beb57
ddf2c602dddbb006214dbadfdf6aec9d16dc3948682027459d22fc7f700a1a86
GET /riw/x_lily_x.jpg?1668977640 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: image/jpeg
content-length: 10003
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 16
last-modified: Sun, 20 Nov 2022 20:54:06 GMT
expires: Sun, 20 Nov 2022 20:54:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djjqHWA4TIiu6HHtPAESD6WRe4EiavgcIKGstt5LsfCeR80N6BhCHhrIS%2B7iU2kO0tZMHRsO1WLB1UgceCaGqUbnyLRQe4ojtdJ5zWsep8mVCZbtesxagiSiHtMs19fzjiIsv1PBegS4ixpWHbjN0ys%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=FLJK9mZaX6e8D1dSZwZM8grR4NMezp2VbKZ8Cpo7VeY-1668977662054-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76d41493ca17b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgCIMjRpgyOWi0EDMjhpgWNHCIgTEyzAwyLWCIkWFGTBkxNsOYiSHiYZg6YzIWfCkDxgwbLXCUuYkShscWOW6UidFCxpgZYWjCgBEmRw0bPSGSsbNQRgwZOGY8hFNHDEUZOZz6hANnIY4bNNSKmANnog4aMGzUqAEjx8M2fP0CFlwjRkURY9rU_Ztjxla9Bs1QfCjGjZuFJWPgaGzjsBuMOuAS1gunzemFgmk8riOHDegZN6LauPGwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0ae5izJs2L4qKqZGDzJgyMWmYuYFy8MkwOmu0aDiGRuWNM2PY-DFGOpw0ZHq4t2yUS52tMtgwhhxf4NdDaKPJ5x-AAoZBRw9BkFEHG3SAcEQZbiAUBhsLwhDgHDH0EFUOHX6YBh1lVCEFEz3gYUYYbtARhh55VHddiTbMcWIZBeZ3V144lgHHdT3sIeR1feBoEF9v0NGjfoENVpiSInqIoxlsvHHHk3tgqWWPSf7noYBspDHGGk_SoQQVU-BxQxxRNPGFFl8QEQNLUtxhQxlsiCGEFUfM4QZgcUAxxBhGODGGFmoQYUYZdUCRRxs1kBHEEWfc0MYXN5hBRhJnEDFGEU_I4YYadqCRwxdWFGFDck4ckUUSMBxxohZrmOEEGWZoEUYROLxxRRtIMBEEUGzAoQeaZ1SRBBFSVJFGWGRcl1EYLrjhIG0bErQhHWjM8QZt31XHRlth1efXFiV1sZYcQTEEHgwOiSCGZjrA4IJckLX2BRzwLqTvVqM9JIcdkzX0UBljtCbwvrPVMa0OIthAhmNlbMWSQeKVd9VIcYEnxhg1bEeDVGLEQAMZYaUxmQg5xOBCXC7QIIMLDdEQFoEuZxTzzPrajHMNOvcWRkZNvKFHGmywEcYLNewLAgpXpOFGtXfMAYITVIBw5747gFC1GzbQEDYeZYd9MEP07puChQyv8UZ2Tm11ZwwgGJGGHGWY8QYeL9wZNQzpxiuCE0-E9QaBYxiOeFhsGF6EE9SWYccXfNvGUA033JCWDThsZfAZn6VWw10PHXS5GHLYhUPqln_Rxhssp4aDDY-RIccboD30hkJ_vft3HgvRkHoepdMhRx1lGNw3cMIRZ9wL2GpLB7dseEthuOPCW4a5bb0Q1h0ZnRV6WGiU72HRex2c0e4y0rF4C3W4ceJ6NrhAxm-pG37QF_sLCx3aQBEbgC4qNzAgDCzSht8wxIA4QKACZxAgn5ABc2XgyxccVMADdk6BPhGDX0RwkBdNaCJriZzAHjIG1MCgDwoICA%3D%3D&s=e8fc9236de55f1962e122c055c70c86f42cf70704efd0be59c9c88f031161c311668977660&w=t&r=1&d=49&priv=false
200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgCIMjRpgyOWi0EDMjhpgWNHCIgTEyzAwyLWCIkWFGTBkxNsOYiSHiYZg6YzIWfCkDxgwbLXCUuYkShscWOW6UidFCxpgZYWjCgBEmRw0bPSGSsbNQRgwZOGY8hFNHDEUZOZz6hANnIY4bNNSKmANnog4aMGzUqAEjx8M2fP0CFlwjRkURY9rU_Ztjxla9Bs1QfCjGjZuFJWPgaGzjsBuMOuAS1gunzemFgmk8riOHDegZN6LauPGwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0ae5izJs2L4qKqZGDzJgyMWmYuYFy8MkwOmu0aDiGRuWNM2PY-DFGOpw0ZHq4t2yUS52tMtgwhhxf4NdDaKPJ5x-AAoZBRw9BkFEHG3SAcEQZbiAUBhsLwhDgHDH0EFUOHX6YBh1lVCEFEz3gYUYYbtARhh55VHddiTbMcWIZBeZ3V144lgHHdT3sIeR1feBoEF9v0NGjfoENVpiSInqIoxlsvHHHk3tgqWWPSf7noYBspDHGGk_SoQQVU-BxQxxRNPGFFl8QEQNLUtxhQxlsiCGEFUfM4QZgcUAxxBhGODGGFmoQYUYZdUCRRxs1kBHEEWfc0MYXN5hBRhJnEDFGEU_I4YYadqCRwxdWFGFDck4ckUUSMBxxohZrmOEEGWZoEUYROLxxRRtIMBEEUGzAoQeaZ1SRBBFSVJFGWGRcl1EYLrjhIG0bErQhHWjM8QZt31XHRlth1efXFiV1sZYcQTEEHgwOiSCGZjrA4IJckLX2BRzwLqTvVqM9JIcdkzX0UBljtCbwvrPVMa0OIthAhmNlbMWSQeKVd9VIcYEnxhg1bEeDVGLEQAMZYaUxmQg5xOBCXC7QIIMLDdEQFoEuZxTzzPrajHMNOvcWRkZNvKFHGmywEcYLNewLAgpXpOFGtXfMAYITVIBw5747gFC1GzbQEDYeZYd9MEP07puChQyv8UZ2Tm11ZwwgGJGGHGWY8QYeL9wZNQzpxiuCE0-E9QaBYxiOeFhsGF6EE9SWYccXfNvGUA033JCWDThsZfAZn6VWw10PHXS5GHLYhUPqln_Rxhssp4aDDY-RIccboD30hkJ_vft3HgvRkHoepdMhRx1lGNw3cMIRZ9wL2GpLB7dseEthuOPCW4a5bb0Q1h0ZnRV6WGiU72HRex2c0e4y0rF4C3W4ceJ6NrhAxm-pG37QF_sLCx3aQBEbgC4qNzAgDCzSht8wxIA4QKACZxAgn5ABc2XgyxccVMADdk6BPhGDX0RwkBdNaCJriZzAHjIG1MCgDwoICA%3D%3D&s=e8fc9236de55f1962e122c055c70c86f42cf70704efd0be59c9c88f031161c311668977660&w=t&r=1&d=49&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgCIMjRpgyOWi0EDMjhpgWNHCIgTEyzAwyLWCIkWFGTBkxNsOYiSHiYZg6YzIWfCkDxgwbLXCUuYkShscWOW6UidFCxpgZYWjCgBEmRw0bPSGSsbNQRgwZOGY8hFNHDEUZOZz6hANnIY4bNNSKmANnog4aMGzUqAEjx8M2fP0CFlwjRkURY9rU_Ztjxla9Bs1QfCjGjZuFJWPgaGzjsBuMOuAS1gunzemFgmk8riOHDegZN6LauPGwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0ae5izJs2L4qKqZGDzJgyMWmYuYFy8MkwOmu0aDiGRuWNM2PY-DFGOpw0ZHq4t2yUS52tMtgwhhxf4NdDaKPJ5x-AAoZBRw9BkFEHG3SAcEQZbiAUBhsLwhDgHDH0EFUOHX6YBh1lVCEFEz3gYUYYbtARhh55VHddiTbMcWIZBeZ3V144lgHHdT3sIeR1feBoEF9v0NGjfoENVpiSInqIoxlsvHHHk3tgqWWPSf7noYBspDHGGk_SoQQVU-BxQxxRNPGFFl8QEQNLUtxhQxlsiCGEFUfM4QZgcUAxxBhGODGGFmoQYUYZdUCRRxs1kBHEEWfc0MYXN5hBRhJnEDFGEU_I4YYadqCRwxdWFGFDck4ckUUSMBxxohZrmOEEGWZoEUYROLxxRRtIMBEEUGzAoQeaZ1SRBBFSVJFGWGRcl1EYLrjhIG0bErQhHWjM8QZt31XHRlth1efXFiV1sZYcQTEEHgwOiSCGZjrA4IJckLX2BRzwLqTvVqM9JIcdkzX0UBljtCbwvrPVMa0OIthAhmNlbMWSQeKVd9VIcYEnxhg1bEeDVGLEQAMZYaUxmQg5xOBCXC7QIIMLDdEQFoEuZxTzzPrajHMNOvcWRkZNvKFHGmywEcYLNewLAgpXpOFGtXfMAYITVIBw5747gFC1GzbQEDYeZYd9MEP07puChQyv8UZ2Tm11ZwwgGJGGHGWY8QYeL9wZNQzpxiuCE0-E9QaBYxiOeFhsGF6EE9SWYccXfNvGUA033JCWDThsZfAZn6VWw10PHXS5GHLYhUPqln_Rxhssp4aDDY-RIccboD30hkJ_vft3HgvRkHoepdMhRx1lGNw3cMIRZ9wL2GpLB7dseEthuOPCW4a5bb0Q1h0ZnRV6WGiU72HRex2c0e4y0rF4C3W4ceJ6NrhAxm-pG37QF_sLCx3aQBEbgC4qNzAgDCzSht8wxIA4QKACZxAgn5ABc2XgyxccVMADdk6BPhGDX0RwkBdNaCJriZzAHjIG1MCgDwoICA%3D%3D&s=e8fc9236de55f1962e122c055c70c86f42cf70704efd0be59c9c88f031161c311668977660&w=t&r=1&d=49&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/mashayang.jpg?1668977640
200 OK 8.9 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/mashayang.jpg?1668977640
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash b7703a2312ab97a37c3c50fca75fcf69
a2852034698d135d8bb2317a09b037b376fc5ef0
638ff0a4ab7931e5481044ee0274017e36804f313e8aea1034e9d3d993a64258
GET /riw/mashayang.jpg?1668977640 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: image/jpeg
content-length: 8929
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=8969
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 4
last-modified: Sun, 20 Nov 2022 20:54:18 GMT
expires: Sun, 20 Nov 2022 20:54:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VOpsIRZJ8lI5cAUtwIGp4Emd%2F0Dx0D%2FIyJrOdbiECJG73XfwmMTRg1tEvP5SHlvVxDE3ZOb9jGZbWZdVDPhI1Tzf1wrqHoN%2BSaktAW1XVE6Q31ZQOsz%2B%2FME66Uxrrq4rP2qz%2FPnv2ZlNBQi%2BPsJfkfI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=eNoCNYtt2m1tan9Bk8UTA_oU2kV6XiyXDzXsDA5schI-1668977662055-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76d41493ca1ab509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0U0rCEjjI0xZFrcqFEjJI0yNsq0CCMDRo4WMWKwxFFjjBkZNcKEEfEwTJ0xGQvOINNyho0WOMqUEdOCBgyZLXLcKBOjhYwxM1iagQEjTI4aNnhCJGNnoYwYMnDMeAinjhiKMnI87QkHzkIcN2isFTEHzkQdTm2QdPmwTd-_gUnGfDimjV3AOWZw3WvQDMWHYty4WTgjJs2Ghd1g1BG3Boy9cNqIXiiYRkURdeSw4TzjhlQbNh7WkZERDR06cOboePGiDZ4zLtqEwZPmTJg2yl2MedPmRUsxNXKQGaMSBg0zN5qSZKrTTA2YNWlExhFGzFkbP8Y8h5OGTA_1kk9zqcNVxkc5X9TXQ2cxfFbDfv19FAYdPQRBRh1s0AHCEWW4gVAYbCAIg39zxNCDVDloyGEadJRRhRRM9ICHGWG4QUcYeuQhHXUi2jAHiWUEaB9eetVYBhzU9bDHj9T1UaNBfb1Bh473wSCYaSHyt6ENYXy4YY1msPHGHUzukeWWOhoppX9jsJHGGGswyYQdQVSBhhVxZEGFGVacgYVTQlBBxB1ZHDGEGUXYcMZISOBwhBVO2JDFElUEAQUWd5jhhBFHGGEHEmScJscdS9whAxZ6FJGHGGSEMQcWRhBBBlFkIHFHDmEckcYNVQiBwxtyuIFGEzAQgUMWkwYhxA14PIFEGGd8EYMbYnxxRhVJECFFFWmIRQZ1GYXhghsLxoYhQRjSgcYcb8TGnXRsuCWWfH9t0VkXbMkBFEPdOSSCGJbpAIMLc4kwRmpfwCHvQvtyRdNDctjxGGgilPFvGwTz-1oddVSrgwg2kBFTGVzBsBIZ34mHVQtiyKWSGGPUgB0NU4kRAw1kiJXGYyLkEIMLcrlAgwwuNESDWADOnJHNOO-7c881_KzbThc38YYeabDBRhgv1MAvCChckYYb194xBwhOUAFCDAXvAILWbthAg9l4qG12wgzBYDUMKUzo8BpvWPcUV2THAIIRachRhhlv4PEC2XOvO68ITjwhFq5fjLF442KxsXgRTlhbhh1fCD4bQzXccINaNuDAFcJnbEZaDXg9dBDnYshxFw6ub_5FG2_ETBoONrxGhhxvcPbQGwoBFm_heSxEg-t5qE6HHHWUgfDgvf0W3HAvaMstHd6yAW6E45YrbxnouvWCWHdkhJbpYqGh_oZK85VwRsC_SAeuLdThBokw2eACUdZa3EG-AECLQIwhuMGBVG6AGxgYkDcILN0CGzgD__SEDJ0rQ1--sCCKJHCCNnAgRMTwFxEchEUQmghbLEcwxowGBn1QQEAA&s=16e0395a0f52d36ac9cc77e50e3668b7e4c8d74262f7b352a0b07f74e6190d6d1668977660&w=t&r=1&d=39&priv=false
200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0U0rCEjjI0xZFrcqFEjJI0yNsq0CCMDRo4WMWKwxFFjjBkZNcKEEfEwTJ0xGQvOINNyho0WOMqUEdOCBgyZLXLcKBOjhYwxM1iagQEjTI4aNnhCJGNnoYwYMnDMeAinjhiKMnI87QkHzkIcN2isFTEHzkQdTm2QdPmwTd-_gUnGfDimjV3AOWZw3WvQDMWHYty4WTgjJs2Ghd1g1BG3Boy9cNqIXiiYRkURdeSw4TzjhlQbNh7WkZERDR06cOboePGiDZ4zLtqEwZPmTJg2yl2MedPmRUsxNXKQGaMSBg0zN5qSZKrTTA2YNWlExhFGzFkbP8Y8h5OGTA_1kk9zqcNVxkc5X9TXQ2cxfFbDfv19FAYdPQRBRh1s0AHCEWW4gVAYbCAIg39zxNCDVDloyGEadJRRhRRM9ICHGWG4QUcYeuQhHXUi2jAHiWUEaB9eetVYBhzU9bDHj9T1UaNBfb1Bh473wSCYaSHyt6ENYXy4YY1msPHGHUzukeWWOhoppX9jsJHGGGswyYQdQVSBhhVxZEGFGVacgYVTQlBBxB1ZHDGEGUXYcMZISOBwhBVO2JDFElUEAQUWd5jhhBFHGGEHEmScJscdS9whAxZ6FJGHGGSEMQcWRhBBBlFkIHFHDmEckcYNVQiBwxtyuIFGEzAQgUMWkwYhxA14PIFEGGd8EYMbYnxxRhVJECFFFWmIRQZ1GYXhghsLxoYhQRjSgcYcb8TGnXRsuCWWfH9t0VkXbMkBFEPdOSSCGJbpAIMLc4kwRmpfwCHvQvtyRdNDctjxGGgilPFvGwTz-1oddVSrgwg2kBFTGVzBsBIZ34mHVQtiyKWSGGPUgB0NU4kRAw1kiJXGYyLkEIMLcrlAgwwuNESDWADOnJHNOO-7c881_KzbThc38YYeabDBRhgv1MAvCChckYYb194xBwhOUAFCDAXvAILWbthAg9l4qG12wgzBYDUMKUzo8BpvWPcUV2THAIIRachRhhlv4PEC2XOvO68ITjwhFq5fjLF442KxsXgRTlhbhh1fCD4bQzXccINaNuDAFcJnbEZaDXg9dBDnYshxFw6ub_5FG2_ETBoONrxGhhxvcPbQGwoBFm_heSxEg-t5qE6HHHWUgfDgvf0W3HAvaMstHd6yAW6E45YrbxnouvWCWHdkhJbpYqGh_oZK85VwRsC_SAeuLdThBokw2eACUdZa3EG-AECLQIwhuMGBVG6AGxgYkDcILN0CGzgD__SEDJ0rQ1--sCCKJHCCNnAgRMTwFxEchEUQmghbLEcwxowGBn1QQEAA&s=16e0395a0f52d36ac9cc77e50e3668b7e4c8d74262f7b352a0b07f74e6190d6d1668977660&w=t&r=1&d=39&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0U0rCEjjI0xZFrcqFEjJI0yNsq0CCMDRo4WMWKwxFFjjBkZNcKEEfEwTJ0xGQvOINNyho0WOMqUEdOCBgyZLXLcKBOjhYwxM1iagQEjTI4aNnhCJGNnoYwYMnDMeAinjhiKMnI87QkHzkIcN2isFTEHzkQdTm2QdPmwTd-_gUnGfDimjV3AOWZw3WvQDMWHYty4WTgjJs2Ghd1g1BG3Boy9cNqIXiiYRkURdeSw4TzjhlQbNh7WkZERDR06cOboePGiDZ4zLtqEwZPmTJg2yl2MedPmRUsxNXKQGaMSBg0zN5qSZKrTTA2YNWlExhFGzFkbP8Y8h5OGTA_1kk9zqcNVxkc5X9TXQ2cxfFbDfv19FAYdPQRBRh1s0AHCEWW4gVAYbCAIg39zxNCDVDloyGEadJRRhRRM9ICHGWG4QUcYeuQhHXUi2jAHiWUEaB9eetVYBhzU9bDHj9T1UaNBfb1Bh473wSCYaSHyt6ENYXy4YY1msPHGHUzukeWWOhoppX9jsJHGGGswyYQdQVSBhhVxZEGFGVacgYVTQlBBxB1ZHDGEGUXYcMZISOBwhBVO2JDFElUEAQUWd5jhhBFHGGEHEmScJscdS9whAxZ6FJGHGGSEMQcWRhBBBlFkIHFHDmEckcYNVQiBwxtyuIFGEzAQgUMWkwYhxA14PIFEGGd8EYMbYnxxRhVJECFFFWmIRQZ1GYXhghsLxoYhQRjSgcYcb8TGnXRsuCWWfH9t0VkXbMkBFEPdOSSCGJbpAIMLc4kwRmpfwCHvQvtyRdNDctjxGGgilPFvGwTz-1oddVSrgwg2kBFTGVzBsBIZ34mHVQtiyKWSGGPUgB0NU4kRAw1kiJXGYyLkEIMLcrlAgwwuNESDWADOnJHNOO-7c881_KzbThc38YYeabDBRhgv1MAvCChckYYb194xBwhOUAFCDAXvAILWbthAg9l4qG12wgzBYDUMKUzo8BpvWPcUV2THAIIRachRhhlv4PEC2XOvO68ITjwhFq5fjLF442KxsXgRTlhbhh1fCD4bQzXccINaNuDAFcJnbEZaDXg9dBDnYshxFw6ub_5FG2_ETBoONrxGhhxvcPbQGwoBFm_heSxEg-t5qE6HHHWUgfDgvf0W3HAvaMstHd6yAW6E45YrbxnouvWCWHdkhJbpYqGh_oZK85VwRsC_SAeuLdThBokw2eACUdZa3EG-AECLQIwhuMGBVG6AGxgYkDcILN0CGzgD__SEDJ0rQ1--sCCKJHCCNnAgRMTwFxEchEUQmghbLEcwxowGBn1QQEAA&s=16e0395a0f52d36ac9cc77e50e3668b7e4c8d74262f7b352a0b07f74e6190d6d1668977660&w=t&r=1&d=39&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/vanandjuani.jpg?1668977640
200 OK 12 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/vanandjuani.jpg?1668977640
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash a10012c631a44c5d10dcba8bde52fa49
e14f62294302db3bdec2f03a2006f81282f6c096
246c1d8ca522de077635021bd8f3898911f480efd963c5a5e768a86d327ee461
GET /riw/vanandjuani.jpg?1668977640 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: image/jpeg
content-length: 12254
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=12307
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 28
last-modified: Sun, 20 Nov 2022 20:53:54 GMT
expires: Sun, 20 Nov 2022 20:54:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YEZiZ4HWM9D5PQI%2FRZIsoVRcGM1zNQEAwk%2BeEr9yAbne7rJYesdiVDIYsQDflKGOdHlKoQdhmycq%2B39GqHNQKQabfZcLjQXcMpO7%2B5fSoVjqSSdN8M3hE6ae%2Bx2jAp8YWjjfePsnJBt7J7kADpxeJSM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=eteGK44qtfNx.TbvJOKT9PPWGIHRlHNOPy9RnQh9xkE-1668977662064-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76d41493da2bb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
200 OK 549 B URL HTTP/2 static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
IP
File type PNG image data, 13 x 15, 8-bit colormap, non-interlaced\012- data
Hash 4437b02e2efeaa0eb69858a7eb957af6
2dfa9c3fa2fc56c7504c043876eaad9526abed62
52dc5730b7afd3f35531dcca2bd7b9984f0271d15c8b449c4b1d425dddf12a33
GET /images/ico-cams.png?829027f88094 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
Cookie: _cfuvid=FLJK9mZaX6e8D1dSZwZM8grR4NMezp2VbKZ8Cpo7VeY-1668977662054-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: image/png
content-length: 549
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri,csam-hash
cf-polished: origSize=1457
etag: "58ecd9d7af4908cce84eccd4cbd6f0d0"
last-modified: Tue, 19 Jan 2021 22:03:22 GMT
x-amz-id-2: uk+Y+mMt51OLA32rfvOrwKQRVhebnzwVD7WNGN89HYS/N/FIKgMltVMzadOcg1MyUuhiPycAlHk=
x-amz-meta-s3cmd-attrs: md5:58ecd9d7af4908cce84eccd4cbd6f0d0
x-amz-request-id: 2BDHEK7PHQPF17BP
cf-cache-status: HIT
age: 576441
expires: Tue, 20 Dec 2022 20:54:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qw6e41SGiMb8lC7uugh20CE2N7JSXJg6Q94V73JG2WRBEQPeQkvSvwB%2F9mpw8a5IC9hFX0%2FkWmihpkaFmectKERIx7Hu3d35UMrZt2AJpf0gHSCgefxLGdjzQdjBLgaH0Jw%2BEgtOZo9%2BeWFxEc3fRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d41493ff590afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAiBHDRo4xY2K0qEEjRpgWNEiKaYEDJIwWZHLIgCHDRkwaZG7MEPEwTJ0xGQvOIDNzhg2WZcqspLHxZI4bZUTKGDMjjAwzMGCEyVHDBk-IZOwslBFDBo4ZD-HUEUNRRo6NPeHAWYjjBg20IubAmaiDqY0aNWDkeNhGL1-_gDk-HNNmbt8cM7LiNWiG4kMxbtwsnMERR42OhN1g1OE2MF44bUQv_FvyYR05bDbPuPHUxg3XMjKioUMHzhwdL160wXPGRZsweNKcCdPmuIsxb9q8mCmmRg4yY8q0gEHDzA2UgFeGCWOmRouGY2hAxhFGDFkbP8Ywh5OGTA_1kWHM4FIna80xcnxRXw-cxeBZR_z5Z4N8dPQQBBl1sEEHCEeU4QZCYbCRIE02zBFDD0_lsGFNc6RBRxlVSMFED3iYEYYbdIShRx7PRTdihyaWIaB9dd11YxlwRNfDHkBG18eNBun1Bh073gfDX4GJ2B-HYYBI041msPHGHU3ukeWWOx455X9spDHGGk3GcIYMdgjBRBQ2zOBEFFQQwUYUeshARR1CyIAFGkdMIYMeUbTwxgx2uPcGG1mwgYMWNjyhhBEwFGGHHmpIUQcRVMTABgxH2GBFDWwsgUUcSijRhhZVHAFFHHbAocYZSeSQxRJLCFoFFk1IYcYTUdSQRx44ffGGGi0g8QQcfn5xRhVJECFFFWl8RUZ0GYXhghth0PFahgRlSAcac7zxWnbPsbHWVwwutAVnXaQlB1AMaQeDQyKIUZkOMLgAlwhjoPYFHPMu1G9Wnj0kR6wU4VtGwG0Y7G9FItRRR7U6iGATR2Vk9ZJB3YFHVQtivKWdGGPUUB0NUIkRA05fpeGYCDnE4MJbLtAggwsN0fBVgDJnVPPN_erMM0lf1RFGRk28oUcabLARxgs1-AsCClek4ca1d8wBghNUgBDDwTuAkLUbNtBQNh5pl70wQ_f6mwKFD6_xxnQbZTV2DCAYkYYcZZjxBh4vjF01DOzSK4ITT3z1RoAgZcT4V2woXoQT1pZhxxeAx8ZQDTfccJYNOGSl8BmakVZDXQ8dtLkYctCFQ-uaf9HGG2SMhYMNFJMhxxubPfSGQn3JO3geC9HQeh6p0yFHHWUoHLhuvPkG3AvacuutHOAWJCG55s5bRrprvfDVHRmVVfpXaKRPk88PzbFwRr_HSMfjLdThhonn2eACUdZS3EG-AECLRIwhNiDdU26QQBgYMDcIVGDoGjiDmvSEDJwrg16-0C2KJBAHC2xgT8TAFxEcxEURmkhaKmewxYwGBn1QQEAA&s=0b19d3fc7ac1149f43c610d9a71c875dfd56371e957499ea9305f19f6cc5f3391668977660&w=t&r=1&d=50&priv=false
200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAiBHDRo4xY2K0qEEjRpgWNEiKaYEDJIwWZHLIgCHDRkwaZG7MEPEwTJ0xGQvOIDNzhg2WZcqspLHxZI4bZUTKGDMjjAwzMGCEyVHDBk-IZOwslBFDBo4ZD-HUEUNRRo6NPeHAWYjjBg20IubAmaiDqY0aNWDkeNhGL1-_gDk-HNNmbt8cM7LiNWiG4kMxbtwsnMERR42OhN1g1OE2MF44bUQv_FvyYR05bDbPuPHUxg3XMjKioUMHzhwdL160wXPGRZsweNKcCdPmuIsxb9q8mCmmRg4yY8q0gEHDzA2UgFeGCWOmRouGY2hAxhFGDFkbP8Ywh5OGTA_1kWHM4FIna80xcnxRXw-cxeBZR_z5Z4N8dPQQBBl1sEEHCEeU4QZCYbCRIE02zBFDD0_lsGFNc6RBRxlVSMFED3iYEYYbdIShRx7PRTdihyaWIaB9dd11YxlwRNfDHkBG18eNBun1Bh073gfDX4GJ2B-HYYBI041msPHGHU3ukeWWOx455X9spDHGGk3GcIYMdgjBRBQ2zOBEFFQQwUYUeshARR1CyIAFGkdMIYMeUbTwxgx2uPcGG1mwgYMWNjyhhBEwFGGHHmpIUQcRVMTABgxH2GBFDWwsgUUcSijRhhZVHAFFHHbAocYZSeSQxRJLCFoFFk1IYcYTUdSQRx44ffGGGi0g8QQcfn5xRhVJECFFFWl8RUZ0GYXhghth0PFahgRlSAcac7zxWnbPsbHWVwwutAVnXaQlB1AMaQeDQyKIUZkOMLgAlwhjoPYFHPMu1G9Wnj0kR6wU4VtGwG0Y7G9FItRRR7U6iGATR2Vk9ZJB3YFHVQtivKWdGGPUUB0NUIkRA05fpeGYCDnE4MJbLtAggwsN0fBVgDJnVPPN_erMM0lf1RFGRk28oUcabLARxgs1-AsCClek4ca1d8wBghNUgBDDwTuAkLUbNtBQNh5pl70wQ_f6mwKFD6_xxnQbZTV2DCAYkYYcZZjxBh4vjF01DOzSK4ITT3z1RoAgZcT4V2woXoQT1pZhxxeAx8ZQDTfccJYNOGSl8BmakVZDXQ8dtLkYctCFQ-uaf9HGG2SMhYMNFJMhxxubPfSGQn3JO3geC9HQeh6p0yFHHWUoHLhuvPkG3AvacuutHOAWJCG55s5bRrprvfDVHRmVVfpXaKRPk88PzbFwRr_HSMfjLdThhonn2eACUdZS3EG-AECLRIwhNiDdU26QQBgYMDcIVGDoGjiDmvSEDJwrg16-0C2KJBAHC2xgT8TAFxEcxEURmkhaKmewxYwGBn1QQEAA&s=0b19d3fc7ac1149f43c610d9a71c875dfd56371e957499ea9305f19f6cc5f3391668977660&w=t&r=1&d=50&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAiBHDRo4xY2K0qEEjRpgWNEiKaYEDJIwWZHLIgCHDRkwaZG7MEPEwTJ0xGQvOIDNzhg2WZcqspLHxZI4bZUTKGDMjjAwzMGCEyVHDBk-IZOwslBFDBo4ZD-HUEUNRRo6NPeHAWYjjBg20IubAmaiDqY0aNWDkeNhGL1-_gDk-HNNmbt8cM7LiNWiG4kMxbtwsnMERR42OhN1g1OE2MF44bUQv_FvyYR05bDbPuPHUxg3XMjKioUMHzhwdL160wXPGRZsweNKcCdPmuIsxb9q8mCmmRg4yY8q0gEHDzA2UgFeGCWOmRouGY2hAxhFGDFkbP8Ywh5OGTA_1kWHM4FIna80xcnxRXw-cxeBZR_z5Z4N8dPQQBBl1sEEHCEeU4QZCYbCRIE02zBFDD0_lsGFNc6RBRxlVSMFED3iYEYYbdIShRx7PRTdihyaWIaB9dd11YxlwRNfDHkBG18eNBun1Bh073gfDX4GJ2B-HYYBI041msPHGHU3ukeWWOx455X9spDHGGk3GcIYMdgjBRBQ2zOBEFFQQwUYUeshARR1CyIAFGkdMIYMeUbTwxgx2uPcGG1mwgYMWNjyhhBEwFGGHHmpIUQcRVMTABgxH2GBFDWwsgUUcSijRhhZVHAFFHHbAocYZSeSQxRJLCFoFFk1IYcYTUdSQRx44ffGGGi0g8QQcfn5xRhVJECFFFWl8RUZ0GYXhghth0PFahgRlSAcac7zxWnbPsbHWVwwutAVnXaQlB1AMaQeDQyKIUZkOMLgAlwhjoPYFHPMu1G9Wnj0kR6wU4VtGwG0Y7G9FItRRR7U6iGATR2Vk9ZJB3YFHVQtivKWdGGPUUB0NUIkRA05fpeGYCDnE4MJbLtAggwsN0fBVgDJnVPPN_erMM0lf1RFGRk28oUcabLARxgs1-AsCClek4ca1d8wBghNUgBDDwTuAkLUbNtBQNh5pl70wQ_f6mwKFD6_xxnQbZTV2DCAYkYYcZZjxBh4vjF01DOzSK4ITT3z1RoAgZcT4V2woXoQT1pZhxxeAx8ZQDTfccJYNOGSl8BmakVZDXQ8dtLkYctCFQ-uaf9HGG2SMhYMNFJMhxxubPfSGQn3JO3geC9HQeh6p0yFHHWUoHLhuvPkG3AvacuutHOAWJCG55s5bRrprvfDVHRmVVfpXaKRPk88PzbFwRr_HSMfjLdThhonn2eACUdZS3EG-AECLRIwhNiDdU26QQBgYMDcIVGDoGjiDmvSEDJwrg16-0C2KJBAHC2xgT8TAFxEcxEURmkhaKmewxYwGBn1QQEAA&s=0b19d3fc7ac1149f43c610d9a71c875dfd56371e957499ea9305f19f6cc5f3391668977660&w=t&r=1&d=50&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkwJFjDA0ZZci0IANDho0WNMrQEImDxowZLcqMMZOjjA0cNzbegCHiYZg6YzKOkSHGRowZNWqMDCmSRo0bMVqIyQFDaRkZYWQ4xTEjRkMZPSGSsbNQRgwZXB_CqSOGogyqFSHCgbMQp8uHc-BM1EEDho0aMXLMeNgm796-fwPfeDimDV2-gmHAGCzWDMWHYty4Wdg1Bg7ANgi7wajjbY3JatuMXviXRtw6cthwnpHzho3FIuqA1TGQDh04c3S8eNEGzxkXbcLgSXMmTJvkLsa8afNCBgwxNXKQGVOmBQwaZm6gTCqmRZgwZpQ29CgYRxgxZm38GOMcThoyPWhEnsyljmSTY8jxxX09dPZZDDb0958N9NHRQxBk1MEGHSAcUYYbCIXBhoIl2TBHDD3kkBOHJs2RBh1lVCEFEz3gYUYYbtARhh55RDcdiR6eWMaA-Nk1A45lwDFdD3sEOV0fOBqU1xt08JifX4AJlmSIJeFoBhtv3OHkHldmySOS_nU4BhtpjLGGk0FYgYMQZ6KhRQ1BqFHGFWjAcMYZcuTgxBtZvGHFHWnQkEQTM8z0xRJo6CGEEzJs51UVNiwxhwx33EGGDXDEkQUTRASxhhpIGCHFVVU0AeEbMKDRhBxjFEGoGF9QgUQZdcSQRQxXlOEEHm7EUYMZaAyRQxtIOKHFEVl8cUYVSRAhRRVphEXGdBmF4YIbYdABm4YEaUgHGnO8ARt30bHBVlgNLrRFV12oxSpF3VWFmWU6wOACDHGNAUcbX8Dxbr33wvDZQ3LY8VhDD8m070L24vtQHXVEyxsZ4Vl3gxknfecZSkiF0QJXN4gkBk0zyDADDjTl4FJYaTymUQwuUOXCRy40RENYAracUQ4wy0yzzWHVEUZGTbyhRxpssBHGCzXcCwIKV6ThxrR3zAGCE1SAEEPDO4AQtRs20NA1HmF3XTBDVd2bQoUyrfFGdfhKtnUMIBiRhhxlmPEGHi9s3TRPjAXFmxNPhPWGgGMILgLhYbGheBFOSFuGHV_gLRtDT93A1U2SEXzGZqXVgNNDB1Euhhx14UD65F-08QYZZeFgFOlyvMHZQ28oxJe7e-exEA2k5wE6HXLUUQbBeWeEhm_ACfeCtdhqKwe3BU0IrrisllEuWy-EdUdGZ-EA-EDgl3QzXgVnVLuMdBzeQh1unOidDC6QARbpih_0hf1h0dEGRTa4iYhsYwMYWKQNu0GQAG9AwMmgxSdkqFwZ8vKFbAFwgQ30iRj2IoKDvEhCE1GL4xjGGNLAoA8KCAg%3D&s=f7cada08062de01ab1ceef7ad7f695b9e6c61efa2250a648692aa5a065a94a7e1668977660&w=t&r=1&d=31&priv=false
200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkwJFjDA0ZZci0IANDho0WNMrQEImDxowZLcqMMZOjjA0cNzbegCHiYZg6YzKOkSHGRowZNWqMDCmSRo0bMVqIyQFDaRkZYWQ4xTEjRkMZPSGSsbNQRgwZXB_CqSOGogyqFSHCgbMQp8uHc-BM1EEDho0aMXLMeNgm796-fwPfeDimDV2-gmHAGCzWDMWHYty4Wdg1Bg7ANgi7wajjbY3JatuMXviXRtw6cthwnpHzho3FIuqA1TGQDh04c3S8eNEGzxkXbcLgSXMmTJvkLsa8afNCBgwxNXKQGVOmBQwaZm6gTCqmRZgwZpQ29CgYRxgxZm38GOMcThoyPWhEnsyljmSTY8jxxX09dPZZDDb0958N9NHRQxBk1MEGHSAcUYYbCIXBhoIl2TBHDD3kkBOHJs2RBh1lVCEFEz3gYUYYbtARhh55RDcdiR6eWMaA-Nk1A45lwDFdD3sEOV0fOBqU1xt08JifX4AJlmSIJeFoBhtv3OHkHldmySOS_nU4BhtpjLGGk0FYgYMQZ6KhRQ1BqFHGFWjAcMYZcuTgxBtZvGHFHWnQkEQTM8z0xRJo6CGEEzJs51UVNiwxhwx33EGGDXDEkQUTRASxhhpIGCHFVVU0AeEbMKDRhBxjFEGoGF9QgUQZdcSQRQxXlOEEHm7EUYMZaAyRQxtIOKHFEVl8cUYVSRAhRRVphEXGdBmF4YIbYdABm4YEaUgHGnO8ARt30bHBVlgNLrRFV12oxSpF3VWFmWU6wOACDHGNAUcbX8Dxbr33wvDZQ3LY8VhDD8m070L24vtQHXVEyxsZ4Vl3gxknfecZSkiF0QJXN4gkBk0zyDADDjTl4FJYaTymUQwuUOXCRy40RENYAracUQ4wy0yzzWHVEUZGTbyhRxpssBHGCzXcCwIKV6ThxrR3zAGCE1SAEEPDO4AQtRs20NA1HmF3XTBDVd2bQoUyrfFGdfhKtnUMIBiRhhxlmPEGHi9s3TRPjAXFmxNPhPWGgGMILgLhYbGheBFOSFuGHV_gLRtDT93A1U2SEXzGZqXVgNNDB1Euhhx14UD65F-08QYZZeFgFOlyvMHZQ28oxJe7e-exEA2k5wE6HXLUUQbBeWeEhm_ACfeCtdhqKwe3BU0IrrisllEuWy-EdUdGZ-EA-EDgl3QzXgVnVLuMdBzeQh1unOidDC6QARbpih_0hf1h0dEGRTa4iYhsYwMYWKQNu0GQAG9AwMmgxSdkqFwZ8vKFbAFwgQ30iRj2IoKDvEhCE1GL4xjGGNLAoA8KCAg%3D&s=f7cada08062de01ab1ceef7ad7f695b9e6c61efa2250a648692aa5a065a94a7e1668977660&w=t&r=1&d=31&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkwJFjDA0ZZci0IANDho0WNMrQEImDxowZLcqMMZOjjA0cNzbegCHiYZg6YzKOkSHGRowZNWqMDCmSRo0bMVqIyQFDaRkZYWQ4xTEjRkMZPSGSsbNQRgwZXB_CqSOGogyqFSHCgbMQp8uHc-BM1EEDho0aMXLMeNgm796-fwPfeDimDV2-gmHAGCzWDMWHYty4Wdg1Bg7ANgi7wajjbY3JatuMXviXRtw6cthwnpHzho3FIuqA1TGQDh04c3S8eNEGzxkXbcLgSXMmTJvkLsa8afNCBgwxNXKQGVOmBQwaZm6gTCqmRZgwZpQ29CgYRxgxZm38GOMcThoyPWhEnsyljmSTY8jxxX09dPZZDDb0958N9NHRQxBk1MEGHSAcUYYbCIXBhoIl2TBHDD3kkBOHJs2RBh1lVCEFEz3gYUYYbtARhh55RDcdiR6eWMaA-Nk1A45lwDFdD3sEOV0fOBqU1xt08JifX4AJlmSIJeFoBhtv3OHkHldmySOS_nU4BhtpjLGGk0FYgYMQZ6KhRQ1BqFHGFWjAcMYZcuTgxBtZvGHFHWnQkEQTM8z0xRJo6CGEEzJs51UVNiwxhwx33EGGDXDEkQUTRASxhhpIGCHFVVU0AeEbMKDRhBxjFEGoGF9QgUQZdcSQRQxXlOEEHm7EUYMZaAyRQxtIOKHFEVl8cUYVSRAhRRVphEXGdBmF4YIbYdABm4YEaUgHGnO8ARt30bHBVlgNLrRFV12oxSpF3VWFmWU6wOACDHGNAUcbX8Dxbr33wvDZQ3LY8VhDD8m070L24vtQHXVEyxsZ4Vl3gxknfecZSkiF0QJXN4gkBk0zyDADDjTl4FJYaTymUQwuUOXCRy40RENYAracUQ4wy0yzzWHVEUZGTbyhRxpssBHGCzXcCwIKV6ThxrR3zAGCE1SAEEPDO4AQtRs20NA1HmF3XTBDVd2bQoUyrfFGdfhKtnUMIBiRhhxlmPEGHi9s3TRPjAXFmxNPhPWGgGMILgLhYbGheBFOSFuGHV_gLRtDT93A1U2SEXzGZqXVgNNDB1Euhhx14UD65F-08QYZZeFgFOlyvMHZQ28oxJe7e-exEA2k5wE6HXLUUQbBeWeEhm_ACfeCtdhqKwe3BU0IrrisllEuWy-EdUdGZ-EA-EDgl3QzXgVnVLuMdBzeQh1unOidDC6QARbpih_0hf1h0dEGRTa4iYhsYwMYWKQNu0GQAG9AwMmgxSdkqFwZ8vKFbAFwgQ30iRj2IoKDvEhCE1GL4xjGGNLAoA8KCAg%3D&s=f7cada08062de01ab1ceef7ad7f695b9e6c61efa2250a648692aa5a065a94a7e1668977660&w=t&r=1&d=31&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 312 B IP
Hash 0c68ebfa9c9ad7762cd9daaaf14837b1
0b2691fcd253b47c1645b0987b808466af3dafc5
39585f35078d1caab367dbb85ab4fab59605e038ed1dcea140cf5bfba43078df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5396
Cache-Control: max-age=93999
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:22 GMT
Etag: "63794b1a-138"
Expires: Mon, 21 Nov 2022 23:01:01 GMT
Last-Modified: Sat, 19 Nov 2022 21:31:06 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 312
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcOJhjTIwZOVrIgBGmRgsaZmrAaFEyhowWN8yMvEEDRhkaMsbAEPEwTJ0xGcfIEGPjYw2TB8mQOVnjRowWYnLAMFlGRhgZNGrgmBGjoQyeEMnYWSjD5daHcOqIoShDakWIcOAsxEFzxsM5cCbqqGmjRowcdkW0wauXr98cNx6OaSN3L2AYMAIbNEPxoRg3bhZyjYHDr4yHbdxg1NFWZWA4oUf3pfG2jhw2mmfcQGwjcJ2vOgbSoQNnjo4XL9rgOeOiTRg8ac6EaWPcxZg3bV6MFFMjB5kxZVrAQHmDaQ0xLMOkbNFwDA3AOMKIKWvjx5jlcNKQ6XF-BuQZXOpAlmFjjJwv8vWwWWcu5bdff2HQ0UMQZNTBBh0gHFGGGwiFwYaBMPA3Rww9IJYDhhqmQUcZVUjBRA94mBGGG3SEoUcezkEHog1ziFgGgPPRRQN--mVoQxlwQNfDHkBC18eMBuH1Bh040gdDX3_xeGAYHWY4oxlsvHFHk3tgqSWOR_bI3xhspDHGGk0W0YQcTNBRwxBv0JBHGlB8ZMMVV0gBwxdfKNUGFmTkkMMQR0DhxAxOPEGDE3Q0IYMaNjQRhhxaPOEGDkyEscQNdKTxpBFoRKHEFUR8sUYca7CBBBlNjOEGFHpYkccYQqBBhxFH3NDUFXTkUIUROGDRRh11FPHFGFWwSYcdX5xRRRJESFFFGmCRAV1GYbjgRoKuWUiQhXSgMccbrmHnHBtqgfWeXltw1QVacgDFUHZTWUaZDjC4AMNbY6D2BRzxLpQvZJ09JIcdjTX0UBn9tiGwvq3VQW1uZJhxw0xm2KAdazicNEMNYbSw1UZQmQGYDDPgYHIOO4KVRmMi5BCDC1K5gJMLDdEA1n8vZyQzzfnenDNYdYSRURNv6JEGG2yE8UIN-oKAwhVpuGHtHXOA4AQVIMQw8A4gUO2GDTSAjQfZYB_M0FT6phAhw2u8Id2-kHkdAwhGpCFHGWa8gccLXkO9k2LyipAoWG_8N0bhhz_ERuFFOFFtGczuDRtDTd2wlQ04QGbwGZmRplViIhzErBhyzIXDQ6Z_0cYbZJCFQ1Gsy_GGZg-9odBe8Pqdx0I0sJ5H6HTIUUcZBvOdka28-QZcttvS0S0b3z4oLrnxlnGuWi-AdUdGZg0-EPgZ6nzXwRnZ3iIdibdQhxsiaieDC2R8xXrhB_Vpvwh0OMyQDZxDzA0ACAOLtAE3MQAgDgRIwBnIYHVh-cLe8PKFBFFEgQy0QQEhIga9lI5vPnkQWODwOIEpZjQw6IMCAgI%3D&s=216347a048d23093856e96ef6b90db71df2982e3e491d586bc5e314af616bf8a1668977660&w=t&r=1&d=26&priv=false
200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcOJhjTIwZOVrIgBGmRgsaZmrAaFEyhowWN8yMvEEDRhkaMsbAEPEwTJ0xGcfIEGPjYw2TB8mQOVnjRowWYnLAMFlGRhgZNGrgmBGjoQyeEMnYWSjD5daHcOqIoShDakWIcOAsxEFzxsM5cCbqqGmjRowcdkW0wauXr98cNx6OaSN3L2AYMAIbNEPxoRg3bhZyjYHDr4yHbdxg1NFWZWA4oUf3pfG2jhw2mmfcQGwjcJ2vOgbSoQNnjo4XL9rgOeOiTRg8ac6EaWPcxZg3bV6MFFMjB5kxZVrAQHmDaQ0xLMOkbNFwDA3AOMKIKWvjx5jlcNKQ6XF-BuQZXOpAlmFjjJwv8vWwWWcu5bdff2HQ0UMQZNTBBh0gHFGGGwiFwYaBMPA3Rww9IJYDhhqmQUcZVUjBRA94mBGGG3SEoUcezkEHog1ziFgGgPPRRQN--mVoQxlwQNfDHkBC18eMBuH1Bh040gdDX3_xeGAYHWY4oxlsvHFHk3tgqSWOR_bI3xhspDHGGk0W0YQcTNBRwxBv0JBHGlB8ZMMVV0gBwxdfKNUGFmTkkMMQR0DhxAxOPEGDE3Q0IYMaNjQRhhxaPOEGDkyEscQNdKTxpBFoRKHEFUR8sUYca7CBBBlNjOEGFHpYkccYQqBBhxFH3NDUFXTkUIUROGDRRh11FPHFGFWwSYcdX5xRRRJESFFFGmCRAV1GYbjgRoKuWUiQhXSgMccbrmHnHBtqgfWeXltw1QVacgDFUHZTWUaZDjC4AMNbY6D2BRzxLpQvZJ09JIcdjTX0UBn9tiGwvq3VQW1uZJhxw0xm2KAdazicNEMNYbSw1UZQmQGYDDPgYHIOO4KVRmMi5BCDC1K5gJMLDdEA1n8vZyQzzfnenDNYdYSRURNv6JEGG2yE8UIN-oKAwhVpuGHtHXOA4AQVIMQw8A4gUO2GDTSAjQfZYB_M0FT6phAhw2u8Id2-kHkdAwhGpCFHGWa8gccLXkO9k2LyipAoWG_8N0bhhz_ERuFFOFFtGczuDRtDTd2wlQ04QGbwGZmRplViIhzErBhyzIXDQ6Z_0cYbZJCFQ1Gsy_GGZg-9odBe8Pqdx0I0sJ5H6HTIUUcZBvOdka28-QZcttvS0S0b3z4oLrnxlnGuWi-AdUdGZg0-EPgZ6nzXwRnZ3iIdibdQhxsiaieDC2R8xXrhB_Vpvwh0OMyQDZxDzA0ACAOLtAE3MQAgDgRIwBnIYHVh-cLe8PKFBFFEgQy0QQEhIga9lI5vPnkQWODwOIEpZjQw6IMCAgI%3D&s=216347a048d23093856e96ef6b90db71df2982e3e491d586bc5e314af616bf8a1668977660&w=t&r=1&d=26&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcOJhjTIwZOVrIgBGmRgsaZmrAaFEyhowWN8yMvEEDRhkaMsbAEPEwTJ0xGcfIEGPjYw2TB8mQOVnjRowWYnLAMFlGRhgZNGrgmBGjoQyeEMnYWSjD5daHcOqIoShDakWIcOAsxEFzxsM5cCbqqGmjRowcdkW0wauXr98cNx6OaSN3L2AYMAIbNEPxoRg3bhZyjYHDr4yHbdxg1NFWZWA4oUf3pfG2jhw2mmfcQGwjcJ2vOgbSoQNnjo4XL9rgOeOiTRg8ac6EaWPcxZg3bV6MFFMjB5kxZVrAQHmDaQ0xLMOkbNFwDA3AOMKIKWvjx5jlcNKQ6XF-BuQZXOpAlmFjjJwv8vWwWWcu5bdff2HQ0UMQZNTBBh0gHFGGGwiFwYaBMPA3Rww9IJYDhhqmQUcZVUjBRA94mBGGG3SEoUcezkEHog1ziFgGgPPRRQN--mVoQxlwQNfDHkBC18eMBuH1Bh040gdDX3_xeGAYHWY4oxlsvHFHk3tgqSWOR_bI3xhspDHGGk0W0YQcTNBRwxBv0JBHGlB8ZMMVV0gBwxdfKNUGFmTkkMMQR0DhxAxOPEGDE3Q0IYMaNjQRhhxaPOEGDkyEscQNdKTxpBFoRKHEFUR8sUYca7CBBBlNjOEGFHpYkccYQqBBhxFH3NDUFXTkUIUROGDRRh11FPHFGFWwSYcdX5xRRRJESFFFGmCRAV1GYbjgRoKuWUiQhXSgMccbrmHnHBtqgfWeXltw1QVacgDFUHZTWUaZDjC4AMNbY6D2BRzxLpQvZJ09JIcdjTX0UBn9tiGwvq3VQW1uZJhxw0xm2KAdazicNEMNYbSw1UZQmQGYDDPgYHIOO4KVRmMi5BCDC1K5gJMLDdEA1n8vZyQzzfnenDNYdYSRURNv6JEGG2yE8UIN-oKAwhVpuGHtHXOA4AQVIMQw8A4gUO2GDTSAjQfZYB_M0FT6phAhw2u8Id2-kHkdAwhGpCFHGWa8gccLXkO9k2LyipAoWG_8N0bhhz_ERuFFOFFtGczuDRtDTd2wlQ04QGbwGZmRplViIhzErBhyzIXDQ6Z_0cYbZJCFQ1Gsy_GGZg-9odBe8Pqdx0I0sJ5H6HTIUUcZBvOdka28-QZcttvS0S0b3z4oLrnxlnGuWi-AdUdGZg0-EPgZ6nzXwRnZ3iIdibdQhxsiaieDC2R8xXrhB_Vpvwh0OMyQDZxDzA0ACAOLtAE3MQAgDgRIwBnIYHVh-cLe8PKFBFFEgQy0QQEhIga9lI5vPnkQWODwOIEpZjQw6IMCAgI%3D&s=216347a048d23093856e96ef6b90db71df2982e3e491d586bc5e314af616bf8a1668977660&w=t&r=1&d=26&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=df7207f6-0418-435a-837d-bf93238f9943; bfq=APeIECNCx5YZMWLgqBHDBguEChnKeJhwYYwaXViIGFNwSwwWH2NkFFGmY0MbOWDYoKESBkgbKFWytOHyZMqVLbv0URAQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash be7134a63264c8b6e699a5f5889e3bb6
b03b02817c015e78dbee1c22af46e0c2f4fb718f
ac27fccf3449ad101536631e0d221759fe71a35141767f8d48af49b0149d9057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 419
Cache-Control: max-age=119640
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:22 GMT
Etag: "6379c2b3-117"
Expires: Tue, 22 Nov 2022 06:08:22 GMT
Last-Modified: Sun, 20 Nov 2022 06:01:23 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
200 OK 22 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
IP
File type ASCII text, with very long lines (24522), with no line terminators
Hash fd70a4aa7f80105b7ea0a8eab006f047
8e64f329a27b387e5f2b65632fd46b0f59a44083
1eab84fe8afb480ca970070faf23167c6fc9dead3ff93ddbe3d3cffb81f502c2
GET /CACHE/css/output.ef7436bc2788.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29618
etag: W/"ade681e2fa92be6f93f43294ddc58941"
last-modified: Thu, 17 Nov 2022 16:34:23 GMT
x-amz-id-2: azvjfLhsZQz0cag4muV1nCoqw4kMQf5PSauhF7VXnYrO6hWxTMgQHmT8X4/+31fVT28kfu+Uu6Q=
x-amz-meta-s3cmd-attrs: md5:ade681e2fa92be6f93f43294ddc58941
x-amz-request-id: X33R15MJ639RYB32
cf-cache-status: HIT
age: 274668
expires: Tue, 20 Dec 2022 20:54:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LItQJUXCrlX4AuXFYJedQ7T81LmEDtddCIDzJesx1HWa6mxRIRx5Jtkhp%2Fjz0dZiByACY2yBMtu9fEK6pK7eYFBE4uhIvQJHXfATFn%2FXXvErGN65VPwEpcWQPV6U%2FJwllIR8l9IklNYuRc7bO8Pb9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=A0VIW4WtN5nfOVPwrgnW0HZk.DSlOAflI75qwHo68Mk-1668977662027-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76d414939e980afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash be7134a63264c8b6e699a5f5889e3bb6
b03b02817c015e78dbee1c22af46e0c2f4fb718f
ac27fccf3449ad101536631e0d221759fe71a35141767f8d48af49b0149d9057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 419
Cache-Control: max-age=119640
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:54:22 GMT
Etag: "6379c2b3-117"
Expires: Tue, 22 Nov 2022 06:08:22 GMT
Last-Modified: Sun, 20 Nov 2022 06:01:23 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
js-agent.newrelic.com/nr-spa-1216.min.js
200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sun, 20 Nov 2022 20:54:22 GMT
via: 1.1 varnish
x-served-by: cache-bma1651-BMA
x-cache: HIT
x-cache-hits: 13
x-timer: S1668977662.309716,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=981&ck=1&ref=https://chaturbate.com/tours/3/&ap=23&be=562&fe=799&dc=704&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1668977661481,%22n%22:0,%22r%22:0,%22re%22:252,%22f%22:252,%22dn%22:252,%22dne%22:252,%22c%22:252,%22s%22:252,%22ce%22:252,%22rq%22:256,%22rp%22:448,%22rpe%22:449,%22dl%22:543,%22di%22:688,%22ds%22:703,%22de%22:708,%22dc%22:797,%22l%22:797,%22le%22:800%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=662&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFBdAQgFWAAPBAcFVQEAWBh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1hQUAFdUl8NGAtSWFcUVVRaVk5fDFQBHAICDVMBVABVBQFRDxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsNDgMEBApWUFUFVQcbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZeE93DUZ6FUJBSEEDVVxeWANdXD4REwgKEmZBXEIVQmYPEUFeQUZUQ2ZXDUZmAhZDRh4b&jsonp=NREUM.setToken
200 OK 1.8 kB URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=981&ck=1&ref=https://chaturbate.com/tours/3/&ap=23&be=562&fe=799&dc=704&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1668977661481,%22n%22:0,%22r%22:0,%22re%22:252,%22f%22:252,%22dn%22:252,%22dne%22:252,%22c%22:252,%22s%22:252,%22ce%22:252,%22rq%22:256,%22rp%22:448,%22rpe%22:449,%22dl%22:543,%22di%22:688,%22ds%22:703,%22de%22:708,%22dc%22:797,%22l%22:797,%22le%22:800%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=662&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFBdAQgFWAAPBAcFVQEAWBh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1hQUAFdUl8NGAtSWFcUVVRaVk5fDFQBHAICDVMBVABVBQFRDxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsNDgMEBApWUFUFVQcbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZeE93DUZ6FUJBSEEDVVxeWANdXD4REwgKEmZBXEIVQmYPEUFeQUZUQ2ZXDUZmAhZDRh4b&jsonp=NREUM.setToken
IP
Hash 4cea77c197ae43a923e67e5517e50900
45db504866fc50b1cefd227bb3479eddfcc1d73d
39212cffbf45d1994bb56d7b59ae65158d0d1ae253d92e408fb0e8b0af1361ed
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=981&ck=1&ref=https://chaturbate.com/tours/3/&ap=23&be=562&fe=799&dc=704&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1668977661481,%22n%22:0,%22r%22:0,%22re%22:252,%22f%22:252,%22dn%22:252,%22dne%22:252,%22c%22:252,%22s%22:252,%22ce%22:252,%22rq%22:256,%22rp%22:448,%22rpe%22:449,%22dl%22:543,%22di%22:688,%22ds%22:703,%22de%22:708,%22dc%22:797,%22l%22:797,%22le%22:800%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=662&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFBdAQgFWAAPBAcFVQEAWBh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1hQUAFdUl8NGAtSWFcUVVRaVk5fDFQBHAICDVMBVABVBQFRDxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsNDgMEBApWUFUFVQcbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZeE93DUZ6FUJBSEEDVVxeWANdXD4REwgKEmZBXEIVQmYPEUFeQUZUQ2ZXDUZmAhZDRh4b&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:22 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 76d414961a43b518-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=699a30a92db597ba; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1182&ck=1&ref=https://chaturbate.com/tours/3/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1182&ck=1&ref=https://chaturbate.com/tours/3/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1182&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1781
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:54:22 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 76d414974be8b518-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
xfantazy.com/video/5bfbc50b365d5b12daa46988
200 OK 0 B URL HTTP/2 xfantazy.com/video/5bfbc50b365d5b12daa46988
IP
GET /video/5bfbc50b365d5b12daa46988 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=0gn898l65tujegvyprfvhba; Domain=xfantazy.com; Path=/; Expires=Sat, 20 Nov 2032 20:54:14 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Sun, 27 Nov 2022 20:54:14 GMT
experiment-save-to-button-2=0; Path=/; Expires=Sun, 27 Nov 2022 20:54:14 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a96uH4L0TwQH%2FVZ9ocKGUaTTOHsIQJJNI2h5d9U98f1DmYZcgp0hWgHuwB%2FRqsum%2BOKn%2FMnxrPeHHa%2Bzh9%2BUhhfzT2QdErWe8xjtfsjjV17NXjPzfnreH8641w4Qixk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d414633b6c0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/_app.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/_app.js
IP
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5bfbc50b365d5b12daa46988
Cookie: visitorId=0gn898l65tujegvyprfvhba; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-183501608c8"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5480034
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2BbUR%2BUDZ01kVZ17QWF%2FMCUKj6PH5v6Ab3DLNN95O3rRPVbVIPTckdW%2BbsRm6atkzyWDITg3QQNhepOMiiOWx%2BiNOUydujEYB8w86azk8RcNXc3hGMsIGUC93qRwZCk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d41467990b0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1411%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977656%3Ac%3A1%3Arn%3A920576233%3Arqn%3A1%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C86%2C602%2C0%2C353%2C0%2C%2C193%2C7%2C%2C%2C%2C1430%3Ans%3A1668977653884%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977656%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1411%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977656%3Ac%3A1%3Arn%3A920576233%3Arqn%3A1%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C86%2C602%2C0%2C353%2C0%2C%2C193%2C7%2C%2C%2C%2C1430%3Ans%3A1668977653884%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977656%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1411%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977656%3Ac%3A1%3Arn%3A920576233%3Arqn%3A1%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C86%2C602%2C0%2C353%2C0%2C%2C193%2C7%2C%2C%2C%2C1430%3Ans%3A1668977653884%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977656%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1411%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205416%3Aet%3A1668977656%3Ac%3A1%3Arn%3A920576233%3Arqn%3A1%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C86%2C602%2C0%2C353%2C0%2C%2C193%2C7%2C%2C%2C%2C1430%3Ans%3A1668977653884%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977656%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Sun, 20 Nov 2022 20:54:16 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=6971167841668977656; Expires=Mon, 20-Nov-2023 20:54:16 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6971167841668977656; Expires=Mon, 20-Nov-2023 20:54:16 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=845139131668977656; Path=/; SameSite=None; Secure
i=dePO0dojPuCd87z2WDlbYlWudbreURhIUL4otblwsIojiMCuN7Kpx9zHMOysyymAx/YkkSnaXt3bmpepqQD/X+9dpRs=; Expires=Wed, 17-Nov-2032 20:54:15 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1700513656.yc.1668977656#1700513656.yrts.1668977656#1700513656.yrtsi.1668977656; Expires=Mon, 20-Nov-2023 20:54:16 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:16 GMT
last-modified: Sun, 20-Nov-2022 20:54:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Fri, 25-Nov-2022 20:54:21 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Tue, 20-Dec-2022 20:54:21 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Mon, 21-Nov-2022 02:54:21 GMT; Max-Age=21600; Path=/
stcki="xYqZj9=0"; expires=Tue, 20-Dec-2022 20:54:21 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrcee83d53-ac7f-4032-903f-feddb668c8e2:1owrKX:W01xEH_v5Q0VBmx53Rt0WFniq-8; Domain=.chaturbate.com; expires=Fri, 15-Aug-2025 20:54:21 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=gymqZb2NHhMbb0kFuk5xfRrvoViYmNI01iYB34DE_tI-1668977661-0-AUDc9ctI07gl03jctgrLn1HBDWn3yDcBJZ8D+WEz+V49pG7/m+zp2JbRSlJ1lEIv8RjVn5EurB5O6kAjJw9K5mM=; path=/; expires=Sun, 20-Nov-22 21:24:21 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 76d414905db91bfa-OSL
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/js/script.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/whatsapp/js/script.js
IP
GET /sb/ssp/utility/social-media/whatsapp/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:17 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 457230
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NjDHz1BxYAeZmvXVFq8uEBBcnExpGqgt%2FyEyN7Ioik4XRXcY1E5ddTuJwC%2BgcFnCRX0IHh%2FA3zhIta1lqqSqr78Atziu420MinyO0WJWMoi30iwXspIg5uqZWFHxyPmnv%2FhKQk3xlwD4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d4147a4e947780-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EIbn42VUZuqPSTlYGM2s
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
200 OK 0 B URL HTTP/2 a.realsrv.com/ad-provider.js
IP
ASN #60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: application/javascript
etag: W/"8a1c299d9cff368e594ca42b1af"
expires: Fri, 18 Nov 2022 18:55:20 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1668981368
server: CDN77-Turbo
x-77-nzt: AblMCQ1dSrD/sxsAAA
x-77-nzt-ray: c0a4cc28d1d638e6fb937a632e6b081f
x-cache: HIT
x-age: 7091
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205418%3Aet%3A1668977659%3Ac%3A1%3Arn%3A280847658%3Arqn%3A8%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668977653884%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977659%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)rqnl(1)ti(2)
302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205418%3Aet%3A1668977659%3Ac%3A1%3Arn%3A280847658%3Arqn%3A8%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668977653884%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977659%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)rqnl(1)ti(2)
IP
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205418%3Aet%3A1668977659%3Ac%3A1%3Arn%3A280847658%3Arqn%3A8%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668977653884%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977659%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5bfbc50b365d5b12daa46988&charset=utf-8&hittoken=1668977656_e3075b1be7aa50cef98b751665fa84cd4a4eb0611deaacb62680fe0c0b468b38&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A391315740010%3Ahid%3A530834751%3Az%3A0%3Ai%3A20221120205418%3Aet%3A1668977659%3Ac%3A1%3Arn%3A280847658%3Arqn%3A8%3Au%3A1668977656979671413%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668977653884%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668977659%3At%3ACzech%20Catch%205%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
date: Sun, 20 Nov 2022 20:54:18 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=2626405641668977658; Expires=Mon, 20-Nov-2023 20:54:18 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=2626405641668977658; Expires=Mon, 20-Nov-2023 20:54:18 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2523266381668977658; Path=/; SameSite=None; Secure
i=wVbewAZ0yd+X8BrW7rMCUhNmoYDQkWEte3Tcruaw9c7Tg++tlUohZEynVK2S2qmr6LLeh2e8FZt091rLrnszr/z9dG0=; Expires=Wed, 17-Nov-2032 20:54:15 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1700513658.yc.1668977658#1700513658.yrts.1668977658#1700513658.yrtsi.1668977658; Expires=Mon, 20-Nov-2023 20:54:18 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 20-Nov-2022 20:54:18 GMT
last-modified: Sun, 20-Nov-2022 20:54:18 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5bfbc50b365d5b12daa46988
Cookie: visitorId=0gn898l65tujegvyprfvhba; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-1826d2bb0af"
last-modified: Fri, 05 Aug 2022 08:42:36 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9288595
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HDGh8LPJeKoKEAn955DasZeQ6nSxFzOxIBjet%2Fbma02OF2Vz3FGQbup2CeaVaRylhSspWGKjsus041orM7DeS8xN2T0isT%2BsuVN1yEZwvgNpWHY8taof045SbqosqHs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d41467990c0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
200 OK 0 B URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=gymqZb2NHhMbb0kFuk5xfRrvoViYmNI01iYB34DE_tI-1668977661-0-AUDc9ctI07gl03jctgrLn1HBDWn3yDcBJZ8D+WEz+V49pG7/m+zp2JbRSlJ1lEIv8RjVn5EurB5O6kAjJw9K5mM=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: stcki="xYqZj9=0"; expires=Tue, 20-Dec-2022 20:54:21 GMT; Max-Age=2592000; Path=/
affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Tue, 20-Dec-2022 20:54:21 GMT; Max-Age=2592000; Path=/
sbr=sec:sbra12b9194-2c9f-4692-95a8-c342c7d6c8d6:1owrKX:XghRidWoa6t_rEJXQgFtYnH5kec; Domain=.chaturbate.com; expires=Fri, 15-Aug-2025 20:54:21 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 76d414916eef1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5bfbc50b365d5b12daa46988
Cookie: visitorId=0gn898l65tujegvyprfvhba; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-181397f9e59"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 14418815
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EffhjDSGGqgUd7RhWDCUxEVzVzSGhWPjpb5H3%2FW0DHdpJrxuHhOSKzaCahBAVzu0VHgbT76OZGYfGcZBWEOV17QZ1wEo4X2jr3EBqHPeapumv9GjkrdZnmVfLgubONs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d41467a9260b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html
200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html
IP
ASN #39572 DataWeb Global Group B.V.
GET /sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:17 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Tue, 29 Mar 2022 08:27:42 GMT
etag: W/"6242c2fe-ba1"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 20 Nov 2022 21:54:17 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4496
last-modified: Sun, 20 Nov 2022 19:39:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sIJoMtuGrlNwySkXnD2KjBTzfLAP%2FQivbdeEv142MYfCNXByAhm%2BKi209GoIZEGpmGHkdX5iX%2BpOjaSkaatWsSxI6GxJSNfNCp%2B2L4nGL7zWm%2BqX7WSXkkNpBiSya8m%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d414813ff1d174-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ2OTIsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ2OTIsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI1NjI5NDkzODUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NjkyIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NjkyIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjA2YmU0ZmNmOWMxOTdjOTM2M2U5Y2U4MTAzNDJhZjZiIn0sImV4dCI6eyJkdCI6MTY2ODk3NzY2MDMyMX19
200 OK 0 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ2OTIsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ2OTIsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI1NjI5NDkzODUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NjkyIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NjkyIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjA2YmU0ZmNmOWMxOTdjOTM2M2U5Y2U4MTAzNDJhZjZiIn0sImV4dCI6eyJkdCI6MTY2ODk3NzY2MDMyMX19
IP
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ2OTIsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ2OTIsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI1NjI5NDkzODUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NjkyIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NjkyIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6IjA2YmU0ZmNmOWMxOTdjOTM2M2U5Y2U4MTAzNDJhZjZiIn0sImV4dCI6eyJkdCI6MTY2ODk3NzY2MDMyMX19 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 20:54:20 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EIbn42VUZuqPSTlYGM2s
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
data.goasrv.com/data/creatives/1164/36415.mp4
206 Partial Content 0 B URL HTTP/2 data.goasrv.com/data/creatives/1164/36415.mp4
IP
GET /data/creatives/1164/36415.mp4 HTTP/1.1
Host: data.goasrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.goaserv.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
server: nginx
date: Sun, 20 Nov 2022 20:54:20 GMT
content-type: video/mp4
content-length: 885546
last-modified: Fri, 07 Oct 2022 10:34:01 GMT
etag: "63400099-d832a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-221
content-range: bytes 0-885545/885546
X-Firefox-Spdy: h2
cams.gratis/banner/300x250.php?site=xfanta
200 OK 0 B URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CzBncrjtP4PG3Dc6h3rLxz88bUDiBPi7SP5T0ZucC5Cv4NVxUB2HKu5do3GjmjejJcaqJumUnQEIKPYXZdZ0TMM4%2FXx9GVvXX5lDmI9IVPjDJqJVLbPis2fRXhi8%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d4148edf377691-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5bfbc50b365d5b12daa46988
Cookie: visitorId=0gn898l65tujegvyprfvhba; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-183501656fb"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 329207
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cqvh9gPlmXbdSlsy7TxNsP6kBQsreM2Ukt8EWEBGJiYQqx%2BEaO1X7mVeZY8b95bZA3CFa3Od3A2FUNVkwIKlfmzXemUaBjHaBj52aWahTf3g6zWmVwzREGbBoSSFiSY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d41467a9250b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.tubecorp.com/b/tcbanner.js?v=21
200 OK 0 B URL HTTP/2 cdn.tubecorp.com/b/tcbanner.js?v=21
IP
ASN #39572 DataWeb Global Group B.V.
GET /b/tcbanner.js?v=21 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.tubecorp.com/i/b.html?spot=4692&src=562949385&pid=19775&width=300&height=250&spaceid=859
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.20.1
last-modified: Sat, 20 Nov 2021 06:50:35 GMT
etag: W/"61989abb-c604"
cache-control: max-age=3600
x-request-id: 6f1daecf978b48536956fdbfd14a730e
content-encoding: gzip
expires: Sun, 20 Nov 2022 21:54:19 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/images/ico-female.svg?818c9c4c368f
200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/images/ico-female.svg?818c9c4c368f
IP
GET /images/ico-female.svg?818c9c4c368f HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
Cookie: _cfuvid=FLJK9mZaX6e8D1dSZwZM8grR4NMezp2VbKZ8Cpo7VeY-1668977662054-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: image/svg+xml
x-amz-id-2: SJJrNwVRov8N2XC88Y79re1WW5F9HPkqgb23MKyJYfSKA/6A8G8zqZPx3mPabUpoYiIi2DaJyOo=
x-amz-request-id: B65B7C33MY399T80
last-modified: Tue, 09 Mar 2021 22:37:01 GMT
etag: W/"304b64c8f4b6c7e0c36c86b419151c45"
x-amz-meta-s3cmd-attrs: md5:304b64c8f4b6c7e0c36c86b419151c45
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 1967976
expires: Tue, 20 Dec 2022 20:54:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azOcqhbC5SAK5OLUIPLEW23MZUrKR1H1d3ShY9Iqs6CmVLSVTzD1B%2B1x9eozDRoVwLjsHCGCVyly%2FYHUbIY%2B70%2BxuElPL5uVybHQUtBA8Taar3Q9PfPNtwesXpaTz3NdPAZWc4ea4p13TDCIzuEjow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d41493ff540afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5bfbc50b365d5b12daa46988
Cookie: visitorId=0gn898l65tujegvyprfvhba; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-181397f9e55"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 14418413
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nb4GA5gPhrQlWZy0%2B0CeVKVoVRjqqTNKJTmX1BhY%2BVX52uO5H%2BqVGu54dCmIT706qr6oMLdfFujpUamkl131vo5EoedOhUmGFATGuv7cNe8ttggitPDGNSGV9YJcAvo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d41467a9210b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
200 OK 0 B URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP
ASN #39572 DataWeb Global Group B.V.
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:22 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 343619
expires: Tue, 20 Dec 2022 20:54:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cE%2FS%2B%2Fb4q0R58G%2BeOd7rKr%2F47nV8LQBX4FcIRLnKoL%2FXnLut1nWcokYPxn34meLOqD3%2BSbM7iEzRSdPzoHsYjg%2BJ5IuxyWMF8sCVxEhgYd2NOTHcTKwBL5xRmeaMTxljkqIDTtiCzEjYXw6jnpX4OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=zD0E4H3HO58MzMqMHMqZvXeJVsNsDDjdJEXMeuGtOdM-1668977662049-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76d41493bf130afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: MkFk2u++PbDwCcNuBy20fkOW1gurV7xObuCahLWE42YN5DCpoS2f2ncSSUi2lzd3NneQAqWt+NonpXBr5FXZkg==
date: Sun, 20 Nov 2022 20:54:19 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EIbn42VUZuqPSTlYGM2s
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:54:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S956658550%3A1668977659083126&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAs2roDAgQ4fsFVydMVRMJ2QLqdR07PaJM0JlhFEPUKLaaOmb8QPbMuAyUoh_j7qtfONCfrc
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S956658550%3A1668977659083126&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAs2roDAgQ4fsFVydMVRMJ2QLqdR07PaJM0JlhFEPUKLaaOmb8QPbMuAyUoh_j7qtfONCfrc
IP
GET /v3/signin/identifier?dsh=S956658550%3A1668977659083126&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAs2roDAgQ4fsFVydMVRMJ2QLqdR07PaJM0JlhFEPUKLaaOmb8QPbMuAyUoh_j7qtfONCfrc HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 20 Nov 2022 20:54:19 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-phCWsWrXkOSDt2wW0X_FHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
12007250.pix-cdn.org/a/pjexo.html?idzone=3902668&w=900&h=250&ad_sub=&ad_tags=
200 OK 0 B URL HTTP/2 12007250.pix-cdn.org/a/pjexo.html?idzone=3902668&w=900&h=250&ad_sub=&ad_tags=
IP
ASN #39572 DataWeb Global Group B.V.
GET /a/pjexo.html?idzone=3902668&w=900&h=250&ad_sub=&ad_tags= HTTP/1.1
Host: 12007250.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: text/html; charset=UTF-8
last-modified: Wed, 20 May 2020 13:08:32 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dkdNcPwT61NNMoLC5BC%2FaaqIk7Sh0KZvV%2F504ocxwRxlD6G8CEH7gS6vcRIizamuyNdNuERg4eVq4b2taF%2FyFUt3B1kGHLMqQgXB5TH8Ohk8vcYPNIAuFMQOL%2Bx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 76ac1204aa046d85-MUC
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 20 Nov 2022 21:54:21 GMT
cache-control: max-age=3600
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5bfbc50b365d5b12daa46988
Cookie: visitorId=0gn898l65tujegvyprfvhba; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:14 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3896107
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8Er6f8PFOmlPvktGICzneZdeXv6QBrhAIeEFSv4Iq734uUHgngWrHhMG9EjSsh3MpEQSESkPEpaXjoAly3Yb2fni%2F29s12qKEXAEblYYG6SbJt6uMCvTDjKkKG26%2FM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d41467a9240b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjYzOTQsImlkIjoxMDE4LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo2Mzk0LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxOCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjY4LCJ6b25lIjoidGNfcGFiXzkwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjkwOTQzMjcxMSIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjYzOTQiLCJ1dG0zIjoiMTk3NzUiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3Ijo5MDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYzOTQiLCJwYWdlIjoiaHR0cHM6Ly9hLm5hdHVyYWxoZWFsdGhzb3VyY2UuY2x1Yi8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiMWEwM2MxOTc1ZDQxMzQ3MWZhZDg4NzlhN2M0NmM2YTAifSwiZXh0Ijp7ImR0IjoxNjY4OTc3NjYwNDI4fX0=
200 OK 0 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjYzOTQsImlkIjoxMDE4LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo2Mzk0LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxOCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjY4LCJ6b25lIjoidGNfcGFiXzkwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjkwOTQzMjcxMSIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjYzOTQiLCJ1dG0zIjoiMTk3NzUiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3Ijo5MDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYzOTQiLCJwYWdlIjoiaHR0cHM6Ly9hLm5hdHVyYWxoZWFsdGhzb3VyY2UuY2x1Yi8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiMWEwM2MxOTc1ZDQxMzQ3MWZhZDg4NzlhN2M0NmM2YTAifSwiZXh0Ijp7ImR0IjoxNjY4OTc3NjYwNDI4fX0=
IP
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjYzOTQsImlkIjoxMDE4LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo2Mzk0LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxOCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjY4LCJ6b25lIjoidGNfcGFiXzkwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjkwOTQzMjcxMSIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjYzOTQiLCJ1dG0zIjoiMTk3NzUiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3Ijo5MDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYzOTQiLCJwYWdlIjoiaHR0cHM6Ly9hLm5hdHVyYWxoZWFsdGhzb3VyY2UuY2x1Yi8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiMWEwM2MxOTc1ZDQxMzQ3MWZhZDg4NzlhN2M0NmM2YTAifSwiZXh0Ijp7ImR0IjoxNjY4OTc3NjYwNDI4fX0= HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 20 Nov 2022 20:54:20 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
200 OK 0 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP
GET /widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 20 Nov 2022 20:54:21 GMT
content-type: text/html
last-modified: Wed, 16 Nov 2022 07:56:27 GMT
expires: Sun, 20 Nov 2022 20:54:18 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 3
vary: Accept-Encoding
server: cloudflare
cf-ray: 76d41490d8411c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.137.4
185.98.53.2
104.21.234.223
157.240.200.35
23.36.76.226
151.101.86.137
159.69.163.6
135.181.208.216
93.184.220.29
77.88.21.119