r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b44b6d7bebf34d0393567b22a63a93fa
a1a85b268bc8073d8e4622ceb78b78a1b39af96a
4b69973af6e9c5a78d94e8661b08d9349176a515e7bfb3386b10ace4c6f1ae21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B69973AF6E9C5A78D94E8661B08D9349176A515E7BFB3386B10ACE4C6F1AE21"
Last-Modified: Tue, 28 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9532
Expires: Thu, 02 Mar 2023 16:29:13 GMT
Date: Thu, 02 Mar 2023 13:50:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 96abc4d0be3e74da1484937a66c5ff39
357520bead07e25b52d4ca0c0c69db60cfaa0d7c
32c544ef8b8a3faaf08bdb76f8a387510037dfc15a022fd59457cf45215a6ba8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "32C544EF8B8A3FAAF08BDB76F8A387510037DFC15A022FD59457CF45215A6BA8"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5479
Expires: Thu, 02 Mar 2023 15:21:40 GMT
Date: Thu, 02 Mar 2023 13:50:21 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Retry-After, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Mar 2023 13:12:54 GMT
content-type: application/json
age: 2247
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8a6910c4b385d6caba875fb44203db1b
848defdfa687238d0127ec3a018dc189a2fbaa86
11f09b2206ce9e486e3d044159c0f0d4bda658e14230ab8f71f136b802b422d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11F09B2206CE9E486E3D044159C0F0D4BDA658E14230AB8F71F136B802B422D3"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6995
Expires: Thu, 02 Mar 2023 15:46:56 GMT
Date: Thu, 02 Mar 2023 13:50:21 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OnL4sUBGT5toJeM04uZPZUtwIuG42leC4w/CQMjg5rOwHbcCZ7ZD7Ra88NwejjQLheXR5LJaGlQ=
x-amz-request-id: MVGH7STFXNFJX13F
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Mar 2023 13:15:26 GMT
age: 2095
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:21 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Retry-After, Alert, Content-Length, Backoff, ETag, Content-Type, Cache-Control, Last-Modified, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Mar 2023 13:03:36 GMT
age: 2806
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 51e95d61b93964116033d39ca29d8e87
f4b94d787ce49da21c28fe7853b1a85d2b9494dc
083c886afce548aad4f54caa7f7766e38d9376d55077d4072dbddbdafa086f85
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "083C886AFCE548AAD4F54CAA7F7766E38D9376D55077D4072DBDDBDAFA086F85"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Thu, 02 Mar 2023 15:31:16 GMT
Date: Thu, 02 Mar 2023 13:50:22 GMT
Connection: keep-alive
push.services.mozilla.com/
35.162.92.33101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.92.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 61fYR9fTTagKALv0niS7bA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6bTnFkdw3dNmYOUpOlgXqJ8wRCs=
cdn.tsyndicate.com/sdk/v1/bi.js
8.247.219.249200 OK 3.3 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.247.219.249:0
File type C source, ASCII text, with very long lines (7738)
Hash 8451e5dafd8a46d84dfb845e40aae4e3
678a14552fe93ad4a16459eb7ce62c03b46b33b8
ca130d9f8ce433253a9bd811632314ea5d20283d7e5c9117170523d21196268d
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 12:53:24 GMT
Content-Type: application/javascript
Content-Length: 3312
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 6569819
Accept-Ranges: bytes
cdn.tubecorp.com/b/loader.js?v=3
45.133.44.24200 OK 831 B URL HTTP/1.1 cdn.tubecorp.com/b/loader.js?v=3
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (1745), with no line terminators
Hash 8143f2c692706afd858455911eb34152
0e9051df8fcf7a51281db01a28185679f5c32c81
03959f368154cb76dbd9d598d9a7efde0005a1f5fb62d5cd60d6e874bbb7abce
GET /b/loader.js?v=3 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Wed, 14 Oct 2020 08:55:58 GMT
ETag: W/"5f86bd1e-6d1"
Cache-Control: max-age=3600
X-Request-ID: fcf2ffedfa7ab8fb037af1f8f32a431b
Content-Encoding: gzip
Expires: Thu, 02 Mar 2023 14:50:23 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a79d96dbf19e3f8bde91b4549f860038
6e4afbd1ede1bf15fc28cfc3f643dbaaf86a6792
b1360bd703ddeddda005cdf9a887890b89a733b6df31ecbb9b06f7dc4b15bb68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 95e893745105e71d23c6d353b90d2cb9
0f1392e453835ba0885a760d2a49557535ca71a7
36c8801dd99f83185d4331e07221971d010e76c6d8cb73be4b73562440adb2bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
142.250.74.42200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (32025)
Hash 83b3b5729cdff3976db52c51831e96b8
d23dc823e37f58e5366340be755730f3fa9a850d
675fa88b39008a09994460a93b310a7d4593735009a9b24b6f176c347ad12421
GET /ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29725
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 26 Feb 2023 15:16:58 GMT
expires: Mon, 26 Feb 2024 15:16:58 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 340405
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-98275526-8
142.250.74.40200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-98275526-8
IP 142.250.74.40:0
File type ASCII text, with very long lines (2206)
Hash 0a1f1a0d0ebccb2213ce543b6684de8e
b6b4186faed2809f566ebb9cb5e7f17d46ebdf94
18bd4599403748800ef20595334bc30cc4ad796e4dc79c8bd1dfc27ca702432f
GET /gtag/js?id=UA-98275526-8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 Mar 2023 13:50:23 GMT
expires: Thu, 02 Mar 2023 13:50:23 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 Mar 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44584
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a79d96dbf19e3f8bde91b4549f860038
6e4afbd1ede1bf15fc28cfc3f643dbaaf86a6792
b1360bd703ddeddda005cdf9a887890b89a733b6df31ecbb9b06f7dc4b15bb68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
104.18.10.207200 OK 6.6 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 104.18.10.207:0
File type ASCII text, with very long lines (27303)
Hash 43857c197da2ef0eabb4ce74ab6b9f36
591f128d8f6ab4e8696624a97d652ed75a39a3ae
cbdaddf683d39bfc4ee7862241877916131357cf6c997e2cfdbb167942d2853d
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:23 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"4fbd15cb6047af93373f4f895639c8bf"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 11/11/2022 02:14:45
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1047
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2c94e87943a3198082c660259166c73b
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7a1a1bc23cbeb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 6569819
cdn.tsyndicate.com/sdk/v1/bi.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 6569819
xxxlongmove.gigixo.com/
139.99.56.17200 OK 35 kB IP 139.99.56.17:0
Hash eb95699409381dd844996029e87f3c1f
0f7ddc587c99eee9960f6bc495b70659b19ede16
f4c1fd706651f34ce46f150a0a3150738e589296370f1631f929544d89a53e9b
GET / HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.tsyndicate.com/sdk/v1/bi.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 6569819
cdn.tsyndicate.com/sdk/v1/bi.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 6569819
maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
104.18.10.207200 OK 18 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
IP 104.18.10.207:0
File type Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Hash 448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
GET /bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:23 GMT
content-type: font/woff2
content-length: 18028
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "448c34a56d699c29117adc64c43affeb"
last-modified: Mon, 25 Jan 2021 22:04:28 GMT
cdn-cachedat: 01/17/2023 10:41:56
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1049
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: e7173b71d4cb5853d203cc7b39d4ff24
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7a1a1bc36e53b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e18ff1e2252ecce939469b25f783640b
f620a4c0231151a300fd90adf7ee8cc9771d7769
d85391f2386974ba86f7e481ec3c5561f6da8097bf0ce792a08759698829fed5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 767700fa76bd54aea98b413969cfe310
c1dd26fcd79419edeec6ab69b21c29a86b557288
982a2586e3941ebd84010bb1d54ec9fdc96251584f672fea315d13620cd81efe
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 28 Feb 2023 14:42:59 GMT
Expires: Tue, 07 Mar 2023 14:42:58 GMT
Etag: "c1dd26fcd79419edeec6ab69b21c29a86b557288"
Cache-Control: max-age=434554,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7a1a1bc26c880b65-OSL
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Feb 2023 18:52:41 GMT
expires: Tue, 27 Feb 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 241062
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?
136.243.51.205200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/663422ed4341433597d6546506d00321.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 7b6a35af99cf6eda
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
poweredby.jads.co/js/jads.js
185.94.237.102301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 8965c4b6c59ac3113b43f35cfd454a8b
97abbd2b3831821e1153ecc34832785aa10dfa46
5b9b0cb0dec676c04528139f7b435c7b1084a809ad71f2ee585b78a4dd199dba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 27 Feb 2023 01:38:50 GMT
Expires: Mon, 06 Mar 2023 01:38:49 GMT
Etag: "97abbd2b3831821e1153ecc34832785aa10dfa46"
Cache-Control: max-age=301105,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7a1a1bc3efe6b515-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211200 OK 2.8 kB URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Tue, 08 Mar 2022 10:11:03 GMT
Content-Type: application/javascript
Content-Length: 2808
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030760
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e18ff1e2252ecce939469b25f783640b
f620a4c0231151a300fd90adf7ee8cc9771d7769
d85391f2386974ba86f7e481ec3c5561f6da8097bf0ce792a08759698829fed5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lcdn.tsyndicate.com/error/banner.html
8.254.252.211200 OK 355 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8b1f15be621db10926fe9a4cf5e065a7
cbf25705dce9a6cdc92fca1b42924c31a4325b09
0a9c708f0537719d5a20bfaa8343363a0283320fb1776657d913a6a4f2030287
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 00:07:36 GMT
Content-Type: text/html
Content-Length: 355
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 15687767
Accept-Ranges: bytes
tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.51.205200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/663422ed4341433597d6546506d00321.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: e5f423577402e3be
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030760
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249200 OK 1.2 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
File type ASCII text, with very long lines (563)
Hash aaa716b051d8f7e39379acf7dd390b58
a3e9ad6eb9c80ace589dc0fc5f1005f90374938a
8db10d074ca346ebf2267e92e83105ec60527d7e3b4e3f4ddb9157f83715402d
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 12:53:28 GMT
Content-Type: application/javascript
Content-Length: 1197
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569815
Accept-Ranges: bytes
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.51.205200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: ce9b21ed3f343e89
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
poweredby.jads.co/js/jads2.js
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.237.102:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://xxxlongmove.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Nov 2022 05:24:20 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"637b0b84-eae"
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030760
cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
8.247.219.249200 OK 21 kB URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
IP 8.247.219.249:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 250x150, components 3\012- data
Hash 59daf16e56e34dea2bd62621de9ea715
f05218f39e0082340140e64e0484ff70de180e03
f16ad4fde634d96b645fe569313dd0d873a848207de7e2cddc4d3afef16e3b81
GET /imges/backup/banner/250x150.jpeg HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Date: Wed, 22 Jun 2022 09:42:10 GMT
Content-Type: image/jpeg
Content-Length: 20831
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62b2dfdb-5180"
Age: 21874093
Accept-Ranges: bytes
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 767700fa76bd54aea98b413969cfe310
c1dd26fcd79419edeec6ab69b21c29a86b557288
982a2586e3941ebd84010bb1d54ec9fdc96251584f672fea315d13620cd81efe
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 28 Feb 2023 14:42:59 GMT
Expires: Tue, 07 Mar 2023 14:42:58 GMT
Etag: "c1dd26fcd79419edeec6ab69b21c29a86b557288"
Cache-Control: max-age=434554,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7a1a1bc3cfe9b50b-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030760
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.51.205200 OK 2.4 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3556)
Hash 507469eb9130452931a0dee2be598c06
ebaaf8bf0849dc3d20541d0b7c510c7be134239c
51e0387d5f77e42156d18b426b2a30fccfc792522788dbfe860d3ae5d2c2c265
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: ddf8c05d2f5e27bc
Set-Cookie: ts_uid=aaeaf626-9f7b-4cb3-9879-83f9403cf08f; expires=Sat, 02 Sep 2023 13:50:23 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMBLioBGjCwsRYwpuafiwjMQYNm7cwFEjBg0ZM7r0URAQ; expires=Fri, 03 Mar 2023 13:50:23 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 15687767
tsyndicate.com/iframes2/4cac9064b352472ab0c635df56b56283.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.51.205200 OK 3.4 kB URL HTTP/1.1 tsyndicate.com/iframes2/4cac9064b352472ab0c635df56b56283.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5889)
Hash 4b839c8acc0fa3c51784d6e4dc594f46
8a7702f17c721c5bbea155d7a8dc8d22b0573237
9058c6fd44c8f60672b76126170956f3811b39c10aff45ef83c8aad1877ec2f9
GET /iframes2/4cac9064b352472ab0c635df56b56283.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/images/f/b/2c0e713c0761c4c20a0af89a5bd30389f9ee28/300x250.jpg>; rel=preload; as=image
X-Request-Id: 9bd170eb93e1fb9f
Set-Cookie: ts_uid=46eb4a74-fe5a-42d8-b302-a02be750674c; expires=Sat, 02 Sep 2023 13:50:23 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOGzAkEHjRhcWIsYU3BLjoYgyE2PYuHEDR40YNGTM6NJH; expires=Fri, 03 Mar 2023 13:50:23 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 15687767
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030760
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569815
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030760
p395024.clksite.com/adServe/banners?tid=395024_794246_2
52.116.53.147301 Moved Permanently 162 B URL HTTP/2 p395024.clksite.com/adServe/banners?tid=395024_794246_2
IP 52.116.53.147:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /adServe/banners?tid=395024_794246_2 HTTP/1.1
Host: p395024.clksite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 02 Mar 2023 13:50:23 GMT
content-type: text/html
content-length: 162
location: https://mybettermb.com/adServe/banners?tid=395024_794246_2
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/bannerNativeTrackImpression.js
8.254.252.211200 OK 372 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/bannerNativeTrackImpression.js
IP 8.254.252.211:0
File type ASCII text, with very long lines (520)
Hash be3cdbe4d0f092fee1683f527459600b
de2cd939e706b5c99516e9acafc4652ae03faba2
b241f4702289d99b4d0a65deb39e088243abf1c7c21a4957130089c720ff6a50
GET /sdk/v1/bannerNativeTrackImpression.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Sat, 04 Jun 2022 22:52:58 GMT
Content-Type: application/javascript
Content-Length: 372
Connection: keep-alive
Last-Modified: Wed, 01 Jun 2022 12:19:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62975939-28f"
Age: 23381845
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/n.css
8.254.252.211200 OK 19 kB URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/n.css
IP 8.254.252.211:0
File type ASCII text, with very long lines (19411), with no line terminators
Hash f0c8bad08999a9d413b61c81c0e2a606
ebb86ba43d0f2386f2f3cdbb57f4746a1d8bcaf5
79ebc0f15cd767ec1f7e624730bedc0fdac746e41dbb8b2fbf1a1d1ec3b6877d
GET /sdk/v1/n.css HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 12:49:23 GMT
Content-Type: text/css
Content-Length: 19411
Connection: keep-alive
ETag: "639c6765-4bd3"
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Age: 6570060
Accept-Ranges: bytes
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569815
lcdn.tsyndicate.com/sdk/v1/native-banner-default.css
8.254.252.211200 OK 4.0 kB URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/native-banner-default.css
IP 8.254.252.211:0
File type ASCII text, with very long lines (4026), with no line terminators
Hash 1df9f39a5a093634d0eb36a0c05bdecd
6c296914236f24256018fdd02dccb5f0ec5af9be
16933ec5edea2ccaa38e2d5913406da7d00513d7ff6b1e967e6f19190be0643c
GET /sdk/v1/native-banner-default.css HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Fri, 10 Jun 2022 13:42:23 GMT
Content-Type: text/css
Content-Length: 4026
Connection: keep-alive
ETag: "62975939-fba"
Last-Modified: Wed, 01 Jun 2022 12:19:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Age: 22896480
Accept-Ranges: bytes
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
136.243.51.205200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/250x150.jpeg HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Wed, 22 Jun 2022 09:24:43 GMT
If-None-Match: W/"62b2dfdb-5180"
HTTP/1.1 304 Not Modified
Date: Wed, 22 Jun 2022 09:42:10 GMT
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62b2dfdb-5180"
Age: 21874093
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash ae303cdd3c01550883c11ca35b70c8e0
6be953042fcc00a49442208adacce0674c765f74
bb57e565c13ad1b0ea2b08d6c3b4ee22371956d54db55c9dc44c3bb92c74a881
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Mar 2023 04:35:53 GMT
Expires: Wed, 08 Mar 2023 04:35:52 GMT
Etag: "6be953042fcc00a49442208adacce0674c765f74"
Cache-Control: max-age=484528,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7a1a1bc58fb10b65-OSL
chaturbate.com/in/?track=kwd-t1-notc&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1
104.18.100.40301 Moved Permanently 0 B URL HTTP/1.1 chaturbate.com/in/?track=kwd-t1-notc&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1
IP 104.18.100.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?track=kwd-t1-notc&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: https://chaturbate.com:443/in/?track=kwd-t1-notc&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=XmOt1pJsdCObOOEtXPawfhHZCFy8uTO7AgUU2NMDo70-1677765023-0-AT/EWPmAjIWNKUg1FL1na4S8dFhylE4qAQ2vVMxnSIQXWrUDfig2oibYV18vMaXbiJSAJqnmNf8JYGdKrLyGYHw=; path=/; expires=Thu, 02-Mar-23 14:20:23 GMT; domain=.chaturbate.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ck1MqPZwIqaFaZx15u5FanqEbtQMpo6YEsP3VWtUQB%2BD8wDd3P6slcO%2Ft0LSXqoQ0GL0B1rLsMUB80qk3d%2BB1IxReLG%2Fxa0TCj8yCrzv4k7ih%2FzFLT7CRQq7O13l8mhA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7a1a1bc59d6b0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
lcdn.tsyndicate.com/images/f/b/2c0e713c0761c4c20a0af89a5bd30389f9ee28/300x250.jpg
8.254.252.211200 OK 7.8 kB URL HTTP/2 lcdn.tsyndicate.com/images/f/b/2c0e713c0761c4c20a0af89a5bd30389f9ee28/300x250.jpg
IP 8.254.252.211:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 229x250, components 3\012- data
Hash 38d8bb3766d048711203d048c4f82c9d
d54ae2d1410942fd72ec7426d5f0c9ed4fbede7b
25554360d5cd0016ffaad2e4ba38fb603a6ba929c300f47500ad95d454873812
GET /images/f/b/2c0e713c0761c4c20a0af89a5bd30389f9ee28/300x250.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:23 GMT
content-type: image/jpeg
content-length: 7774
last-modified: Tue, 05 Jul 2022 07:44:37 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"62c3ebe5-1eed"
age: 7712672
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.247.219.249200 OK 102 kB URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.247.219.249:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 102 kB (102388 bytes)
Hash b761fe954e9423addda999b0975f1ee1
7baeb7f4b5824624fbe3f2dd6b8e8b291996fd89
824c9ecf5047e7d7f90fbc438be225dbc6c3e2513fca402294432c04667a8509
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Date: Fri, 15 Jul 2022 19:08:50 GMT
Content-Type: image/png
Content-Length: 102388
Connection: keep-alive
Last-Modified: Thu, 14 Jul 2022 11:57:00 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62d0048c-18fbf"
Age: 19852893
Accept-Ranges: bytes
tsyndicate.com/iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.51.205200 OK 2.8 kB URL HTTP/1.1 tsyndicate.com/iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4352)
Hash 503188c048e7e6e33928b20f2fb32850
f3f8f3f1b9b53712fd9b29b5ba4041855ba0cf03
9d39b2b0a7a55cc14ed58244e41c8bc2ec90d52aba8158d75948512ff01e3446
GET /iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 689a638e458f8130
Set-Cookie: ts_uid=86b83488-af29-4d8f-938b-c2b9b23fc60f; expires=Sat, 02 Sep 2023 13:50:23 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=663422ed4341433597d6546506d00321&hn=xxxlongmove.gigixo.com&et=118
136.243.51.205200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=663422ed4341433597d6546506d00321&hn=xxxlongmove.gigixo.com&et=118
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20250x150&sc=663422ed4341433597d6546506d00321&hn=xxxlongmove.gigixo.com&et=118 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030760
xxxlongmove.gigixo.com/s3/mx-wide/p3.gif
139.99.56.17200 OK 7.4 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/mx-wide/p3.gif
IP 139.99.56.17:0
File type GIF image data, version 89a, 300 x 100\012- data
Hash 663afc8606c0026bae45f5fec73a32a0
740c7aed86a2cc4656f44bc62f48a41ac789a2a5
7f15ca7f6d1a0bcd2b8449975709535f9568e1375496f05f99ed730431fe7b94
GET /s3/mx-wide/p3.gif HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: image/gif
Content-Length: 7351
Connection: keep-alive
Last-Modified: Mon, 21 Sep 2020 20:05:16 GMT
ETag: "5f69077c-1cb7"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 7a1a10ea5eba6bd3-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
go.xlivrdr.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&tag=men%2C-men
104.18.59.150301 Moved Permanently 0 B URL HTTP/1.1 go.xlivrdr.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&tag=men%2C-men
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&tag=men%2C-men HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Mar 2023 13:50:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 02 Mar 2023 14:50:23 GMT
Location: https://go.xlivrdr.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&tag=men%2C-men
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a1a1bc64c390b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=4cac9064b352472ab0c635df56b56283&hn=xxxlongmove.gigixo.com&et=246
136.243.51.205200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=4cac9064b352472ab0c635df56b56283&hn=xxxlongmove.gigixo.com&et=246
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20250x150&sc=4cac9064b352472ab0c635df56b56283&hn=xxxlongmove.gigixo.com&et=246 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
tsyndicate.com/iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.51.205200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 62021aeff5e453e8
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
xxxlongmove.gigixo.com/s3/wc_oct20/0010.jpeg
139.99.56.17200 OK 7.1 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/wc_oct20/0010.jpeg
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 9b62d6d9472df254e25d460215b31a45
0b0085e75e0b7469a10c5751e7b55c9849b1fe2b
5c775528cd5468b43aaf16b0c6c01d1ae7b808c9c5b8c6570df553f3934647c0
GET /s3/wc_oct20/0010.jpeg HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: image/jpeg
Content-Length: 7112
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:48:38 GMT
ETag: "5f80cca6-1bc8"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 7a19f5bd18334014-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash 49664e8641f1466fd9b4d4f2403a9380
15567b46d3560865706113a3c420351f177d0d74
b3a5ab2b4df3ec2a5062d1d979092ce8fad493922fe3385d8716cde8ba11e94c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 156436
Cache-Control: max-age=165377
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:50:23 GMT
Etag: "63fe298c-118"
Expires: Sat, 04 Mar 2023 11:46:40 GMT
Last-Modified: Tue, 28 Feb 2023 16:19:24 GMT
Server: ECAcc (ska/F73A)
X-Cache: HIT
Content-Length: 280
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 15687767
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569815
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XksHGjjAwaMMS0kJGDDJkWNHCYKdMiDA4yNFrACBNDxo0cYmyYqUHGhoiHYeqMyehyjMcYOcy0_CgDZY4ZY1q8zBFGZpkxY8LYGHOjRowYYn5CJGNnoQ0aDkXAqRNWh42vN4DCgUMRxo0YNh7OgTNRx4y7N0jmFTGmDV0dNGg0fAuUjBmzMh6KceNmoQwcNmB8jCuijRuMiEHiiKzWM2gbNRQ_rCOHzcIZNW_AmL1aRkY0dOjAmaPjxYs5ZfDkaVOmDJ06u128kXPm9xwXcNDA-UGkjJ00RntUn7OGzhs4XOrMlmFjSBjDYdKccZOESI_Ei2OEH29jyhvW2Ytgma_ZhpAwlCHUg3zi9ecEdgRpFwYdaXzGH3lUhMGccQN-8VcMgW30oA1BkGHEcm0s2IMTC6ZhRxkbDvHGHHT0AMOGUMiBXYNnNPHGQWz0MAQUTWxIBBMupviGG1TkAUcZPQTBBBNC1uEGHXLkMeITG1IhR0RrCBgDDGKR8UYbGeEhJhtDntHGGye6cIZ6aeDxhgtjfClWVn1tcUMXD8Ehx1AMsQRDWmI8pgMMLsBQEWFwtPGFnnwSOhtncthx2AwwPHRVogs5emgddaSREQ02lCEGDWHcENNKNVRFgwxk4NCCGJQ2FYZmYpTRFQwc0TDUQ2kcplEMLuRA6KouNESDWHJ80WtGOQArrAvEGitWHWFkZKMeabDBRhgv1FAoCChc0aCXd8wBghNUgLBloTuAIK4bZ7WLR7wgRMrQn4WmAMIRV63xxgsyGDrbljGAYEQacpRhxht4vLClt1w-hFVGTjwh1nJfTKyDCBWLxQafIhThRJfWfZGwawzVcMMNOMxgAw60icBcZTrIUAMOnB1kxxdiyLEQDjg8pPMXZ5JhGWaHkiHHG689tOJCNOS5tHBQP5SwoAPlBkdvL4iJB5mfnZnmmmu6CeeXL4h1R0Y1wSwWGmxrdqxekWa0NB0LLteCk2nQgZIMLpAxRk1dgnzQF4ITbhGYDHG0MmqazbC4bY2vfAPkMsyQ2qEGmVzGXl8sSJHjl9cQuaU7h8EGQnQopMMWM8iAJ0Ri9CXCQWYExcZEeX6cqcSJ7nwlg0wzJDFoNfWhQEA%3D&r=1&s=ed535b9adeac547a7d190ea77c2afb9b0e5da9e42a5881b2162a688d599717351677765023&w=t
136.243.51.205200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XksHGjjAwaMMS0kJGDDJkWNHCYKdMiDA4yNFrACBNDxo0cYmyYqUHGhoiHYeqMyehyjMcYOcy0_CgDZY4ZY1q8zBFGZpkxY8LYGHOjRowYYn5CJGNnoQ0aDkXAqRNWh42vN4DCgUMRxo0YNh7OgTNRx4y7N0jmFTGmDV0dNGg0fAuUjBmzMh6KceNmoQwcNmB8jCuijRuMiEHiiKzWM2gbNRQ_rCOHzcIZNW_AmL1aRkY0dOjAmaPjxYs5ZfDkaVOmDJ06u128kXPm9xwXcNDA-UGkjJ00RntUn7OGzhs4XOrMlmFjSBjDYdKccZOESI_Ei2OEH29jyhvW2Ytgma_ZhpAwlCHUg3zi9ecEdgRpFwYdaXzGH3lUhMGccQN-8VcMgW30oA1BkGHEcm0s2IMTC6ZhRxkbDvHGHHT0AMOGUMiBXYNnNPHGQWz0MAQUTWxIBBMupviGG1TkAUcZPQTBBBNC1uEGHXLkMeITG1IhR0RrCBgDDGKR8UYbGeEhJhtDntHGGye6cIZ6aeDxhgtjfClWVn1tcUMXD8Ehx1AMsQRDWmI8pgMMLsBQEWFwtPGFnnwSOhtncthx2AwwPHRVogs5emgddaSREQ02lCEGDWHcENNKNVRFgwxk4NCCGJQ2FYZmYpTRFQwc0TDUQ2kcplEMLuRA6KouNESDWHJ80WtGOQArrAvEGitWHWFkZKMeabDBRhgv1FAoCChc0aCXd8wBghNUgLBloTuAIK4bZ7WLR7wgRMrQn4WmAMIRV63xxgsyGDrbljGAYEQacpRhxht4vLClt1w-hFVGTjwh1nJfTKyDCBWLxQafIhThRJfWfZGwawzVcMMNOMxgAw60icBcZTrIUAMOnB1kxxdiyLEQDjg8pPMXZ5JhGWaHkiHHG689tOJCNOS5tHBQP5SwoAPlBkdvL4iJB5mfnZnmmmu6CeeXL4h1R0Y1wSwWGmxrdqxekWa0NB0LLteCk2nQgZIMLpAxRk1dgnzQF4ITbhGYDHG0MmqazbC4bY2vfAPkMsyQ2qEGmVzGXl8sSJHjl9cQuaU7h8EGQnQopMMWM8iAJ0Ri9CXCQWYExcZEeX6cqcSJ7nwlg0wzJDFoNfWhQEA%3D&r=1&s=ed535b9adeac547a7d190ea77c2afb9b0e5da9e42a5881b2162a688d599717351677765023&w=t
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XksHGjjAwaMMS0kJGDDJkWNHCYKdMiDA4yNFrACBNDxo0cYmyYqUHGhoiHYeqMyehyjMcYOcy0_CgDZY4ZY1q8zBFGZpkxY8LYGHOjRowYYn5CJGNnoQ0aDkXAqRNWh42vN4DCgUMRxo0YNh7OgTNRx4y7N0jmFTGmDV0dNGg0fAuUjBmzMh6KceNmoQwcNmB8jCuijRuMiEHiiKzWM2gbNRQ_rCOHzcIZNW_AmL1aRkY0dOjAmaPjxYs5ZfDkaVOmDJ06u128kXPm9xwXcNDA-UGkjJ00RntUn7OGzhs4XOrMlmFjSBjDYdKccZOESI_Ei2OEH29jyhvW2Ytgma_ZhpAwlCHUg3zi9ecEdgRpFwYdaXzGH3lUhMGccQN-8VcMgW30oA1BkGHEcm0s2IMTC6ZhRxkbDvHGHHT0AMOGUMiBXYNnNPHGQWz0MAQUTWxIBBMupviGG1TkAUcZPQTBBBNC1uEGHXLkMeITG1IhR0RrCBgDDGKR8UYbGeEhJhtDntHGGye6cIZ6aeDxhgtjfClWVn1tcUMXD8Ehx1AMsQRDWmI8pgMMLsBQEWFwtPGFnnwSOhtncthx2AwwPHRVogs5emgddaSREQ02lCEGDWHcENNKNVRFgwxk4NCCGJQ2FYZmYpTRFQwc0TDUQ2kcplEMLuRA6KouNESDWHJ80WtGOQArrAvEGitWHWFkZKMeabDBRhgv1FAoCChc0aCXd8wBghNUgLBloTuAIK4bZ7WLR7wgRMrQn4WmAMIRV63xxgsyGDrbljGAYEQacpRhxht4vLClt1w-hFVGTjwh1nJfTKyDCBWLxQafIhThRJfWfZGwawzVcMMNOMxgAw60icBcZTrIUAMOnB1kxxdiyLEQDjg8pPMXZ5JhGWaHkiHHG689tOJCNOS5tHBQP5SwoAPlBkdvL4iJB5mfnZnmmmu6CeeXL4h1R0Y1wSwWGmxrdqxekWa0NB0LLteCk2nQgZIMLpAxRk1dgnzQF4ITbhGYDHG0MmqazbC4bY2vfAPkMsyQ2qEGmVzGXl8sSJHjl9cQuaU7h8EGQnQopMMWM8iAJ0Ri9CXCQWYExcZEeX6cqcSJ7nwlg0wzJDFoNfWhQEA%3D&r=1&s=ed535b9adeac547a7d190ea77c2afb9b0e5da9e42a5881b2162a688d599717351677765023&w=t HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=xxxlongmove.gigixo.com&et=153
136.243.51.205200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=xxxlongmove.gigixo.com&et=153
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=xxxlongmove.gigixo.com&et=153 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
go.xlivrdr.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&tag=men%2C-men
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&tag=men%2C-men
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&tag=men%2C-men HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 02 Mar 2023 13:50:23 GMT
content-length: 0
location: https://creative.xliirdr.com/widgets/v4/Universal?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef&iterationId=402088&masterSmartpopId=1605&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sortBy=stripRanking&sourceId=349000&tag=men%2C-men&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30279
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=808613.30279; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbrBiXgohg4TCXE; SameSite=None; Secure; path=/; expires=Fri, 03-Mar-23 12:50:23 GMT; HttpOnly
server: cloudflare
cf-ray: 7a1a1bc69be2b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/250x150.jpeg HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Wed, 22 Jun 2022 09:24:43 GMT
If-None-Match: W/"62b2dfdb-5180"
HTTP/1.1 304 Not Modified
Date: Wed, 22 Jun 2022 09:42:10 GMT
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62b2dfdb-5180"
Age: 21874093
xxxlongmove.gigixo.com/s3/ad_oct20/0017.jpeg
139.99.56.17200 OK 32 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/ad_oct20/0017.jpeg
IP 139.99.56.17:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=528, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=704], baseline, precision 8, 200x200, components 3\012- data
Hash 1eb5a3ef7b7d10964792d7f2de100043
8abbd26143d917a2e95cb9d4d9be02e283b5c3db
40d72c21c4517ff742072a165af643e95a53db0af49ed88e62e537e9a487ec31
GET /s3/ad_oct20/0017.jpeg HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: image/jpeg
Content-Length: 32144
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:41:11 GMT
ETag: "5f80cae7-7d90"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 7a14d87fdcf344a2-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
136.243.51.205200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash 49664e8641f1466fd9b4d4f2403a9380
15567b46d3560865706113a3c420351f177d0d74
b3a5ab2b4df3ec2a5062d1d979092ce8fad493922fe3385d8716cde8ba11e94c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 156316
Cache-Control: max-age=165256
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:50:24 GMT
Etag: "63fe298c-118"
Expires: Sat, 04 Mar 2023 11:44:40 GMT
Last-Modified: Tue, 28 Feb 2023 16:19:24 GMT
Server: ECAcc (ska/F77E)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash 7fb65f3c93ef9108c179065299824293
f7c86f1063bb5b5dba45c8e27137262d28721a4a
9211129fe6c24c2b85687758e76d53facd9de8ccfa105266eb3312e6c9771a4c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 40387
Cache-Control: max-age=86399
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:50:24 GMT
Etag: "63feba5c-118"
Expires: Fri, 03 Mar 2023 13:50:23 GMT
Last-Modified: Wed, 01 Mar 2023 02:37:16 GMT
Server: ECAcc (ska/F7A7)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7806
Expires: Thu, 02 Mar 2023 16:00:30 GMT
Date: Thu, 02 Mar 2023 13:50:24 GMT
Connection: keep-alive
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcEEMGRgwcMWa0GDMmR5gWNGDYENMiBw4aY0aaiREGhpiGMziGEfEwTJ0xGcvYmFFmxowYZlrIoEFGBsoaZkSGsSHjJNIxNcLEYHpjjEeeEMnYofjS5UM4dcQstBEjxo2ecOBQnJGDxsM5cCbqmGHj5Y0bMB6OaSN3L40cMBL3JGNmoYwZD8W4ceOYhgwblh2KaOMGI8MZMmQEFgGHs2cbNWhUFFEnRkY0dOjAmaPjxYszb1zgYZPGjhwyclyMedPmxZw2YeTIfgPnxZgZZsLMoHFDBg4YNW7gKIM4TI4yOMLcFGodhteibGssJdMwBpkxYswIFSOmhpjq0Mtwpz4GPI4fdcyBUBJk9FAGGTQURcNholW1YBjRgXRUDTDc4B17VcVQElWgfWQDDGXQEB9JVWklhlFa4YBDDht9WAYXdSR22Rxv1CFHfwT2MB1iicEoow1tlNGGGAMW2IYaaQxBhxpv3HAFHmQUMQQSRdRghBo5TAEFDHbcQEQQUbYQBxI2SBFGEWHAccQXUlRhBxtwsDQHHkNY4QYeRUCRAxJ61AhHFTmYQcQbTQixRhVzoLGGEktI0cZKSyDxhRk4tGaEDUiw8UUSNyCRBRJ4VKEEDTWAWgcdLSBxBx5X0NBCGF-cUUUSRLSZho8wXAZHDDr2RR1guF5GRxhn9BCkGyXIMEQLx4JFBnEZ4SEtG2901sYbdpThwhlpcItHbsO1AdYYYei1RWhdRNaYDjC44NFDcthR2Ayj1VFHGhnhsBIO06n4qhky5IASGTgklcMMOLA0hgxi5CDGY2aM8WFjD6VRmAg5xOACYi5Y5kJDNIAlxxcWZ5Txxu16DDJYdeykgwhNvKFHGmywEcYLNbgLAgpXpOHGs3fMAYITVIAQQ7sw7ABCz25gpjQeToMQL0PYuZsCCEeUMcYab7wg2tEeeQSCEWnIUYYZb-DxwtE5wzAuUC878QRYb4xMUkZyg8UG3CIU4YSzZdjxhdlsUJSddnxdN5ocZ1Cmgww14PCWCAcJLoYcC6n4UOVfXEuGY_quBtwbC0EmwhsK6WAXaXKkncdCq5u97kCxwVHbC9LuVu0Z12a7bbdpfCsccS-AdUdGMZQHFhrI5xryXfFm1PqwdNTdQh1upIGqDDe48F7yzvJ90BffywAWHeIyZMNfN6CWq-nom68---4_ZgNqiw1eBl5flEvR-n-pn-kC1z82IIQOqdvCdNIFETHohXJn8wkbJnKWvS1kNGPwDAz6oICAAA%3D%3D&s=8d3dbc9c51f0f3b9a620b0ba9130d62a82b0f6febf0becea2d0de0489aeaa2f21677765023&w=t&r=1&d=278&priv=false
136.243.51.205200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcEEMGRgwcMWa0GDMmR5gWNGDYENMiBw4aY0aaiREGhpiGMziGEfEwTJ0xGcvYmFFmxowYZlrIoEFGBsoaZkSGsSHjJNIxNcLEYHpjjEeeEMnYofjS5UM4dcQstBEjxo2ecOBQnJGDxsM5cCbqmGHj5Y0bMB6OaSN3L40cMBL3JGNmoYwZD8W4ceOYhgwblh2KaOMGI8MZMmQEFgGHs2cbNWhUFFEnRkY0dOjAmaPjxYszb1zgYZPGjhwyclyMedPmxZw2YeTIfgPnxZgZZsLMoHFDBg4YNW7gKIM4TI4yOMLcFGodhteibGssJdMwBpkxYswIFSOmhpjq0Mtwpz4GPI4fdcyBUBJk9FAGGTQURcNholW1YBjRgXRUDTDc4B17VcVQElWgfWQDDGXQEB9JVWklhlFa4YBDDht9WAYXdSR22Rxv1CFHfwT2MB1iicEoow1tlNGGGAMW2IYaaQxBhxpv3HAFHmQUMQQSRdRghBo5TAEFDHbcQEQQUbYQBxI2SBFGEWHAccQXUlRhBxtwsDQHHkNY4QYeRUCRAxJ61AhHFTmYQcQbTQixRhVzoLGGEktI0cZKSyDxhRk4tGaEDUiw8UUSNyCRBRJ4VKEEDTWAWgcdLSBxBx5X0NBCGF-cUUUSRLSZho8wXAZHDDr2RR1guF5GRxhn9BCkGyXIMEQLx4JFBnEZ4SEtG2901sYbdpThwhlpcItHbsO1AdYYYei1RWhdRNaYDjC44NFDcthR2Ayj1VFHGhnhsBIO06n4qhky5IASGTgklcMMOLA0hgxi5CDGY2aM8WFjD6VRmAg5xOACYi5Y5kJDNIAlxxcWZ5Txxu16DDJYdeykgwhNvKFHGmywEcYLNbgLAgpXpOHGs3fMAYITVIAQQ7sw7ABCz25gpjQeToMQL0PYuZsCCEeUMcYab7wg2tEeeQSCEWnIUYYZb-DxwtE5wzAuUC878QRYb4xMUkZyg8UG3CIU4YSzZdjxhdlsUJSddnxdN5ocZ1Cmgww14PCWCAcJLoYcC6n4UOVfXEuGY_quBtwbC0EmwhsK6WAXaXKkncdCq5u97kCxwVHbC9LuVu0Z12a7bbdpfCsccS-AdUdGMZQHFhrI5xryXfFm1PqwdNTdQh1upIGqDDe48F7yzvJ90BffywAWHeIyZMNfN6CWq-nom68---4_ZgNqiw1eBl5flEvR-n-pn-kC1z82IIQOqdvCdNIFETHohXJn8wkbJnKWvS1kNGPwDAz6oICAAA%3D%3D&s=8d3dbc9c51f0f3b9a620b0ba9130d62a82b0f6febf0becea2d0de0489aeaa2f21677765023&w=t&r=1&d=278&priv=false
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcEEMGRgwcMWa0GDMmR5gWNGDYENMiBw4aY0aaiREGhpiGMziGEfEwTJ0xGcvYmFFmxowYZlrIoEFGBsoaZkSGsSHjJNIxNcLEYHpjjEeeEMnYofjS5UM4dcQstBEjxo2ecOBQnJGDxsM5cCbqmGHj5Y0bMB6OaSN3L40cMBL3JGNmoYwZD8W4ceOYhgwblh2KaOMGI8MZMmQEFgGHs2cbNWhUFFEnRkY0dOjAmaPjxYszb1zgYZPGjhwyclyMedPmxZw2YeTIfgPnxZgZZsLMoHFDBg4YNW7gKIM4TI4yOMLcFGodhteibGssJdMwBpkxYswIFSOmhpjq0Mtwpz4GPI4fdcyBUBJk9FAGGTQURcNholW1YBjRgXRUDTDc4B17VcVQElWgfWQDDGXQEB9JVWklhlFa4YBDDht9WAYXdSR22Rxv1CFHfwT2MB1iicEoow1tlNGGGAMW2IYaaQxBhxpv3HAFHmQUMQQSRdRghBo5TAEFDHbcQEQQUbYQBxI2SBFGEWHAccQXUlRhBxtwsDQHHkNY4QYeRUCRAxJ61AhHFTmYQcQbTQixRhVzoLGGEktI0cZKSyDxhRk4tGaEDUiw8UUSNyCRBRJ4VKEEDTWAWgcdLSBxBx5X0NBCGF-cUUUSRLSZho8wXAZHDDr2RR1guF5GRxhn9BCkGyXIMEQLx4JFBnEZ4SEtG2901sYbdpThwhlpcItHbsO1AdYYYei1RWhdRNaYDjC44NFDcthR2Ayj1VFHGhnhsBIO06n4qhky5IASGTgklcMMOLA0hgxi5CDGY2aM8WFjD6VRmAg5xOACYi5Y5kJDNIAlxxcWZ5Txxu16DDJYdeykgwhNvKFHGmywEcYLNbgLAgpXpOHGs3fMAYITVIAQQ7sw7ABCz25gpjQeToMQL0PYuZsCCEeUMcYab7wg2tEeeQSCEWnIUYYZb-DxwtE5wzAuUC878QRYb4xMUkZyg8UG3CIU4YSzZdjxhdlsUJSddnxdN5ocZ1Cmgww14PCWCAcJLoYcC6n4UOVfXEuGY_quBtwbC0EmwhsK6WAXaXKkncdCq5u97kCxwVHbC9LuVu0Z12a7bbdpfCsccS-AdUdGMZQHFhrI5xryXfFm1PqwdNTdQh1upIGqDDe48F7yzvJ90BffywAWHeIyZMNfN6CWq-nom68---4_ZgNqiw1eBl5flEvR-n-pn-kC1z82IIQOqdvCdNIFETHohXJn8wkbJnKWvS1kNGPwDAz6oICAAA%3D%3D&s=8d3dbc9c51f0f3b9a620b0ba9130d62a82b0f6febf0becea2d0de0489aeaa2f21677765023&w=t&r=1&d=278&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c11090649145c4a1c0c07000a4a070b094b054b2250543c013e33120d05551c013106122c3420002b254b5454544b5053564b5d5d524b51505c3b555454544a0e1403
139.99.56.17200 167 B URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c11090649145c4a1c0c07000a4a070b094b054b2250543c013e33120d05551c013106122c3420002b254b5454544b5053564b5d5d524b51505c3b555454544a0e1403
IP 139.99.56.17:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c11090649145c4a1c0c07000a4a070b094b054b2250543c013e33120d05551c013106122c3420002b254b5454544b5053564b5d5d524b51505c3b555454544a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 485736c79ab1bb9ff80e720abb720c0f
fc5e279f6934fabf728995d0a7ed1d365a6ac50a
a7983666699216cbaa4a410279505cb643b19c3184df32b95c8e2d96c929f7de
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 02 Mar 2023 08:54:16 GMT
Expires: Thu, 09 Mar 2023 08:54:15 GMT
Etag: "fc5e279f6934fabf728995d0a7ed1d365a6ac50a"
Cache-Control: max-age=586430,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7a1a1bc87aa30b65-OSL
poweredby.jads.co/adshow.php?adzone=830926
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830926
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (418), with CRLF, LF line terminators
Hash 662b2ff28200b329b1d345076daed12c
e201bc5a9d4f424614a6a143f1c6d292dbc40668
c37da430d8a894f62a5716ec2ff0fcd225dbb49c47ad276d344abe8f83d38ae3
GET /adshow.php?adzone=830926 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=e10ee270a043d6d07df1cdf87d67cf06; expires=Fri, 01-Mar-2024 13:50:23 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps52802=1; expires=Fri, 03-Mar-2023 13:50:23 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE2MjU5MTg7aToxNjc4MDI0MjIzO30%3D; expires=Sun, 05-Mar-2023 13:50:23 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:23 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4b6a552-99ee-4553-9f49-e91b95645e26.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4b6a552-99ee-4553-9f49-e91b95645e26.jpeg
IP 34.120.237.76:0
Hash 3a5b73169f1669f74cbeab5fa062f19d
4a91d52e529ad0f72972a175448bec391ced7244
b68b1b5f7e34ca9b9f5a9e4921728eef5792841e8a1c38e41b799474884845fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4b6a552-99ee-4553-9f49-e91b95645e26.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13658
x-amzn-requestid: 66b11a7b-6720-4be4-a874-c52e7e2bc738
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BHwNYGLUIAMFrqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ffc722-1159cbbf3448ee55435d73bf;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 21:44:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: IbJnp3QbzRlqH6eao_8qRAWnsZ0dsE5HmOn2Q8nNQPgJtyU8HslYCg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5c35539543902c678280929df206948c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 21:51:16 GMT
etag: "0b832c73eca6a196fe66c4b2f2a95c6440360295"
content-type: image/jpeg
age: 57548
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc65f862a-23bb-447f-98c4-c7bdb442e1fe.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc65f862a-23bb-447f-98c4-c7bdb442e1fe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df30be373b0d59ce754af229b2846059
8901a9ae409a2d84b5450599a529d8d27117385f
4fe8e7f3196851316e5cbcaff1f11fd296914ded9bc53ab4c772d99bc8c91905
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc65f862a-23bb-447f-98c4-c7bdb442e1fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10174
x-amzn-requestid: 477ce38b-e948-4349-9da5-699a19a1d41f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BHuzAHBkIAMFQZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ffc4df-3c6ab62d47fe8d794da8ecb7;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: LJ38TALPaoEv_JDm5EZ2gzOwrfsk6OjRmvZu_seMp_ZwZrqargo7jA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 2c6b5dd77f1abe60653ce0454f344b64.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 21:44:01 GMT
age: 57983
etag: "8901a9ae409a2d84b5450599a529d8d27117385f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F749c9bae-5b66-459e-8826-3e69595a8135.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F749c9bae-5b66-459e-8826-3e69595a8135.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fb6cf25f51d819358cb2cd6a11c033de
eb41ce1c7d4e370d65806c3e33141037c6c5309b
06af18ff07ea35e35e9c527f6ea66aac5ec5b2363825814eaf7859c77ebf8e58
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F749c9bae-5b66-459e-8826-3e69595a8135.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11181
x-amzn-requestid: 57b145c4-449e-47bf-b870-c65af509af31
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BHuxKEobIAMFVag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ffc4d3-3ed3a2f62cd6d2271018e7c0;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 21:34:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 7MPc8DCN9Z-SFi8nW9v0uK_sz5SEiUxyMXrhT0QQFdr1QePN5aAolw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 0ec9ddba08fcd99386924593dbdbd44a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 21:51:09 GMT
age: 57555
etag: "eb41ce1c7d4e370d65806c3e33141037c6c5309b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.62.235200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.62.235:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xliirdr.com/
Origin: https://creative.xliirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: 82LrMcdTIgiiUrI9u3lX3tFHaCLr3ymHKLkEwNLyokkeYiwFlIM4yC4yCFQnnUQuIMhDhYz/PaY=
x-amz-request-id: G1890SVVQRD857Z0
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xliirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 6249
expires: Thu, 02 Mar 2023 17:50:24 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bc8be2fb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2508da1-4567-4abe-a1fd-fb1112625c4e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2508da1-4567-4abe-a1fd-fb1112625c4e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 840d414b9e8187cdc769a303ae74967b
8f41fe3cbb20bd9e66eb39eedd284c2a18a63955
04d7871a2cff1b3a6020907137a7e7bc9b4873adc983ac0ab89d8c0f88ad108e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2508da1-4567-4abe-a1fd-fb1112625c4e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12271
x-amzn-requestid: de545cf0-f4a6-4cd6-81dd-7eb29bf92256
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BHu76EA8IAMFiig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ffc518-7de203e72a78415a0780d6c8;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 4jz6gy6eI6O0Y94NdaLvc36dBI-W-gVcpxA21d8k5s1SuSCl0uXVYw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 21:48:18 GMT
age: 57726
etag: "8f41fe3cbb20bd9e66eb39eedd284c2a18a63955"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b1c0168-4740-44b9-9660-75189c0d7b28.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b1c0168-4740-44b9-9660-75189c0d7b28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4620c9948405eff4716c7de8b0d04449
9a94a55a4617248262d589eb2b11a9075e6c874c
021284ada9d5c502588669f8cc96588c358b5e842c0f68dfeaedf1951d008eeb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b1c0168-4740-44b9-9660-75189c0d7b28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5249
x-amzn-requestid: 93d067ee-dc4b-421e-8178-efb03780c978
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BHuxKH5joAMFV9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ffc4d3-4fc9b9ad7439876d36493211;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 21:34:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: A-0twk3dKt6f9e15kasICwkeDI_WPda131VVl78Veu1EjUcu2I1jFg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 21:51:04 GMT
age: 57560
etag: "9a94a55a4617248262d589eb2b11a9075e6c874c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=xxxlongmove.gigixo.com&et=376
136.243.51.205200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=xxxlongmove.gigixo.com&et=376
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=xxxlongmove.gigixo.com&et=376 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
poweredby.jads.co/adshow.php?adzone=910216
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=910216
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (419), with CRLF, LF line terminators
Hash 29708287ee9a7013a52dca1e2176efc8
dcd8a9b93b8b386a6b8badbf1b9ed518bd544628
cf4d61c2dd48dfad096a89c49e46a2347b344a771eae3108d38413b91946fe28
GET /adshow.php?adzone=910216 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=e10ee270a043d6d07df1cdf87d67cf06; expires=Fri, 01-Mar-2024 13:50:23 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps52802=1; expires=Fri, 03-Mar-2023 13:50:23 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE0Njc0MjI7aToxNjc4MDI0MjIzO30%3D; expires=Sun, 05-Mar-2023 13:50:23 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:23 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
i.jads.co/network/user78082/52802-1677680268-0579981001677680268.gif
69.16.175.10200 OK 59 kB URL HTTP/1.1 i.jads.co/network/user78082/52802-1677680268-0579981001677680268.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 468 x 60\012- data
Hash 8d35095336b5bcb4c327c928195f7eec
171fea0cfd3a04da7ff49ea316de1bc82ac83c24
52671f60b8bc80b98e8d1875d151e4e3efe45e8cc2be3a466fdb16b191a9c35f
GET /network/user78082/52802-1677680268-0579981001677680268.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:24 GMT
Connection: Keep-Alive
ETag: "1677680268"
Cache-Control: max-age=31499290
Content-Length: 59167
Content-Type: image/gif
Last-Modified: Wed, 01 Mar 2023 14:17:48 GMT
Accept-Ranges: bytes
X-HW: 1677765024.dop021.sk1.t,1677765024.cds016.sk1.c
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7806
Expires: Thu, 02 Mar 2023 16:00:30 GMT
Date: Thu, 02 Mar 2023 13:50:24 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c90f3f3c30ccabe15a126a13f8a3c35f
c03af0489b8406a2f9c31823159480b9f4c3b5a8
bc111f63bc9e6d8aa52995fcbfaa48c9685693c99a0d69179ecc92811028e804
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC111F63BC9E6D8AA52995FCBFAA48C9685693C99A0D69179ECC92811028E804"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17702
Expires: Thu, 02 Mar 2023 18:45:26 GMT
Date: Thu, 02 Mar 2023 13:50:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4726917eabc29a977873ad26e264e70d
4619a0418ee08d6618ead537f31823c98f355b5a
d3c6b43d46ccff30f0003a063b6c4c78d4a782262bfdeb138e6c015555ce2dcb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3381
x-amzn-requestid: 8b89e7ab-b8b3-45cd-af3a-cc419e61f1fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A-PNPFynoAMFn8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fbf8ba-616bedc230d1c2b13a09beae;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 00:26:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 7f5O-v2e1_OXVVveu0_kNtjOTnUAC5shUmd4JejtlrnliJsxeitcYA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 06:58:27 GMT
age: 24717
etag: "4619a0418ee08d6618ead537f31823c98f355b5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=xxxlongmove.gigixo.com&et=429
136.243.51.205200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=xxxlongmove.gigixo.com&et=429
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=xxxlongmove.gigixo.com&et=429 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash 7fb65f3c93ef9108c179065299824293
f7c86f1063bb5b5dba45c8e27137262d28721a4a
9211129fe6c24c2b85687758e76d53facd9de8ccfa105266eb3312e6c9771a4c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 40390
Cache-Control: max-age=86402
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:50:24 GMT
Etag: "63feba5c-118"
Expires: Fri, 03 Mar 2023 13:50:26 GMT
Last-Modified: Wed, 01 Mar 2023 02:37:16 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 280
i.jads.co/network/user78082/52802-1664514077-0879009001664514077.gif
69.16.175.10200 OK 2.0 MB URL HTTP/1.1 i.jads.co/network/user78082/52802-1664514077-0879009001664514077.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 2.0 MB (2048226 bytes)
Hash f711971636f8b6d184b45bbf10e7e375
cb7fed25d1b4c33bbe14460fe1e2eb0a606b6ccd
365bc5df1159f029a0650f26553a2ee3f09c9e491f1bb97d85ac7029fa341464
GET /network/user78082/52802-1664514077-0879009001664514077.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:24 GMT
Connection: Keep-Alive
ETag: "1664514078"
Cache-Control: max-age=31498420
Content-Length: 2048226
Content-Type: image/gif
Last-Modified: Fri, 30 Sep 2022 05:01:18 GMT
Accept-Ranges: bytes
X-HW: 1677765024.dop021.sk1.t,1677765024.cds214.sk1.c
xxxlongmove.gigixo.com/s3/ad_amt1_h_01/260.jpg
139.99.56.17200 OK 24 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/ad_amt1_h_01/260.jpg
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 768x60, components 3\012- data
Hash 41020492c459bb1d60a66f9e82ca670b
837692c68814066b83b0147b440cc7a006605ace
24f208469cccd37cd2f6d2fbe3b6165a560d4f3d497a8032cd49994318a473e3
GET /s3/ad_amt1_h_01/260.jpg HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: image/jpeg
Content-Length: 24204
Connection: keep-alive
Last-Modified: Fri, 02 Apr 2021 20:38:54 GMT
ETag: "606780de-5e8c"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 7a1a1bc40f910972-HKG
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
poweredby.jads.co/adshow.php?adzone=873032
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=873032
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (416), with CRLF, LF line terminators
Hash 4a621c47e0984fe0d51fc0a39e855887
0eb6b32b37c407dc5ceee9f5c0f6ccbbebbdbe21
62d62164c8a9751fd20d30eb4508ece86494f73ade088518e283f0fdde63fba1
GET /adshow.php?adzone=873032 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=e10ee270a043d6d07df1cdf87d67cf06; expires=Fri, 01-Mar-2024 13:50:23 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps42805=1; expires=Fri, 03-Mar-2023 13:50:23 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExODgyNTQ7aToxNjc4MDI0MjIzO30%3D; expires=Sun, 05-Mar-2023 13:50:23 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:23 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675302&keywords=&maincat=
217.22.19.194200 OK 2.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675302&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2524), with no line terminators
Hash bb804cac6e48028bf912b0b2cc30f0f5
24ee4f8f0aef0ac59d76dd996cba99566c4fc362
83e06d0806aeb51d7dd5a4c41a4519e851e4849280d157929e1974c173028fd5
GET /banner.go?spaceid=5675302&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2524
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:24 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-200
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 735 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (735), with no line terminators
Hash eff099f6b8cbb440712b68f2024b9108
9ad5c930ae65a35d61792dbd6a5293ed0d450632
53380173a894a9984ea166981ad174be87e015ea9e737de4f7ca862de04b4ae1
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 735
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:24 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-205
cdn.tubecorp.com/b/tcbanner.js?v=9
45.133.44.24200 OK 18 kB URL HTTP/1.1 cdn.tubecorp.com/b/tcbanner.js?v=9
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (50685), with no line terminators
Hash cdf1ca2de3be908c01fc475c284bd396
41d93ac6b9d836e4ee2317d00b977bc4edd6a294
14b531a858232cd186a0a4c7070ddde07e950a8e7adf0940835f6adf86600590
GET /b/tcbanner.js?v=9 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:35 GMT
ETag: W/"61989abb-c604"
Cache-Control: max-age=3600
X-Request-ID: 6f1daecf978b48536956fdbfd14a730e
Content-Encoding: gzip
Expires: Thu, 02 Mar 2023 14:50:24 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
i.jads.co/network/user500/42805-1620419809-0253172001620419809.gif
69.16.175.10200 OK 38 kB URL HTTP/1.1 i.jads.co/network/user500/42805-1620419809-0253172001620419809.gif
IP 69.16.175.10:0
Hash 7cd65b43a7a8e6f96929f2bf14672d9b
6eaad78ff69bbc904aff7bbe31b09e02a51e9ef0
d194c38cb9b44ec8a0cca999be3681e1cc14b7049d0a84fe2b35c9002515ed51
GET /network/user500/42805-1620419809-0253172001620419809.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:24 GMT
Connection: Keep-Alive
ETag: "1620419809"
Cache-Control: max-age=5740734
Content-Length: 8325
Content-Type: image/gif
Last-Modified: Fri, 07 May 2021 20:36:49 GMT
Accept-Ranges: bytes
X-HW: 1677765024.dop021.sk1.t,1677765024.cds261.sk1.c
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b5455554b5457534b535c554b555151515c535551554b4c095901491d0505231505054d4c090c590a055254232d085c1e2225312d0b5d1d4d0b160d030d0a05083b555151515c535551554a0e1403
139.99.56.17200 38 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b5455554b5457534b535c554b555151515c535551554b4c095901491d0505231505054d4c090c590a055254232d085c1e2225312d0b5d1d4d0b160d030d0a05083b555151515c535551554a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 575x383, components 3\012- data
Hash 901e0cf16e3ab4a63ab3cb8c1f955dcb
bd64082744281f52462a54d3b55406b6a8a830fb
65f9fcb8f9488ad7e46c113d182998f218a0e7854a69ab9b068052f55223a834
GET /viewImage3?data=0c101014175e4b4b000d4a140c0a07000a4a070b094b140d07174b0508061109174b5455554b5457534b535c554b555151515c535551554b4c095901491d0505231505054d4c090c590a055254232d085c1e2225312d0b5d1d4d0b160d030d0a05083b555151515c535551554a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Length: 37950
Connection: keep-alive
Cache-Control: max-age=31418383
comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
173.233.137.44200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
IP 173.233.137.44:0
File type exported SGML document, ASCII text, with very long lines (26996), with no line terminators
Hash 6ec23e60c3ab498414724ec290616efe
c7ad9cc1ea146935b9ba727efbde443a878eab62
d0469959aedef961cc2942eb87992be42bebb22709eff13966962a596ec647dd
GET /539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5fa6027d8128495bc0080da8bc0b7a9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b533d01023d2911312f282232011622353c20000620134b5454544b5052564b5556504b5450573b555454544a0e1403
139.99.56.17200 167 B URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b533d01023d2911312f282232011622353c20000620134b5454544b5052564b5556504b5450573b555454544a0e1403
IP 139.99.56.17:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b533d01023d2911312f282232011622353c20000620134b5454544b5052564b5556504b5450573b555454544a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-CORE: core4
X-LB: core4
poweredby.jads.co/adshow.php?adzone=962234
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=962234
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (419), with CRLF, LF line terminators
Hash 34233ac9fb457e5119120cbe6642f102
9d78beacd6fe74318811a07e14bf37696ab91939
6895f2bd150242c2dff56161dc959b7a2c193f5ec1d5a5512f63ce5ec8335fc4
GET /adshow.php?adzone=962234 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=e10ee270a043d6d07df1cdf87d67cf06; expires=Fri, 01-Mar-2024 13:50:23 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps52802=1; expires=Fri, 03-Mar-2023 13:50:23 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 03-Mar-2023 13:50:23 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjE0Njc0MjI7aToxNjc4MDI0MjIzO2k6NTkyOTgwO2k6MTY3ODAyNDIyMzt9; expires=Sun, 05-Mar-2023 13:50:23 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:23 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
xxxlongmove.gigixo.com/s3/ad_tf1/744.jpg
139.99.56.17200 OK 52 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/ad_tf1/744.jpg
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x751, components 3\012- data
Hash 1fc8383cb87f169f3fde11c9c47538ab
e0716d901ee182eb6a84f271d66288c15624695a
f8104264e8b5802f9a538e0514da7819bc2b273b31e92386b4a8354dc6b62772
GET /s3/ad_tf1/744.jpg HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:23 GMT
Content-Type: image/jpeg
Content-Length: 52449
Connection: keep-alive
Last-Modified: Tue, 20 Apr 2021 20:23:20 GMT
ETag: "607f3838-cce1"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 7a1a024cf9576bdb-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
poweredby.jads.co/adshow.php?adzone=962246
185.94.237.102200 OK 1.9 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=962246
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1589), with CRLF, LF line terminators
Hash f23133f9593cbf9200e085373ba4a045
8b343261907651c7aa67513d9aa751191e52a4e0
3d176cb6a2c3cc088bcbbd81ead85e995b846914d0e1df4d2634a1ac7755f25e
GET /adshow.php?adzone=962246 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=e10ee270a043d6d07df1cdf87d67cf06; expires=Fri, 01-Mar-2024 13:50:23 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps30216=1; expires=Fri, 03-Mar-2023 13:50:23 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Fri, 03-Mar-2023 13:50:23 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjc3Nzc5OTtpOjE2NzgwMjQyMjM7aToxMTk2NzEzO2k6MTY3ODAyNDIyMzt9; expires=Sun, 05-Mar-2023 13:50:23 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:23 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
bngpt.com/promo.php?c=688955&subid=2|159344|449252|no|112022|40568593|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|1677765024&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192301 Moved Permanently 0 B URL HTTP/1.1 bngpt.com/promo.php?c=688955&subid=2|159344|449252|no|112022|40568593|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|1677765024&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /promo.php?c=688955&subid=2|159344|449252|no|112022|40568593|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|1677765024&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://bngpt.com/promo.php?c=688955&subid=2|159344|449252|no|112022|40568593|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|1677765024&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
poweredby.jads.co/adshow.php?adzone=941000
185.94.237.102200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=941000
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1589), with CRLF, LF line terminators
Hash b75d698f05807ff57a21be61e643ab2b
7dad65564aa0e5f59543fe9b89e42ef43b3eb33d
33b6cb8a2cc64fd06b41fee070c7e9b23aa8c41a6d2836f5a4973a339627f40d
GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=14748b2ad6f919ef8376153391ca0206; expires=Fri, 01-Mar-2024 13:50:24 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 03-Mar-2023 13:50:24 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3NjtpOjE2NzgwMjQyMjQ7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:24 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:24 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
ocsp.usertrust.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 215b63c0c67c86fc37cc98ead6991851
1d5b191cc89bce2eaff2cf648f201210f1fca67f
840608e916a3fb6ef9492ab89c1dea2dbcbc82fb75267ca55ca89071db20de2a
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 27 Feb 2023 16:14:42 GMT
Expires: Mon, 06 Mar 2023 16:14:41 GMT
Etag: "1d5b191cc89bce2eaff2cf648f201210f1fca67f"
Cache-Control: max-age=512751,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 216
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a1a1bcd5b511c16-OSL
comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
173.233.137.44200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
IP 173.233.137.44:0
File type exported SGML document, ASCII text, with very long lines (27002), with no line terminators
Hash 532bafba637063a01b3ea63889d46fc9
21c9c6293d88d2db2e62ff2a7b2cf91e5416db01
5f4703e7eaa8506e98c361fec23fafd0b77753bed79ebad163c08d8871391a62
GET /11115435c35e6b966b90a5f936e0edcc/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4a24acab6e9a862e102215e0c84b50d6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
xxxlongmove.gigixo.com/xo1/xo-am1?&se_referrer=&default_keyword=Sex%20Pics%2C%20Free%20Porn%20Galleries%2C%20Hot%20Girls%20Pictures&&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb2392
139.99.56.17200 OK 180 B URL HTTP/1.1 xxxlongmove.gigixo.com/xo1/xo-am1?&se_referrer=&default_keyword=Sex%20Pics%2C%20Free%20Porn%20Galleries%2C%20Hot%20Girls%20Pictures&&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb2392
IP 139.99.56.17:0
File type HTML document, ASCII text
Hash 99f87e715cf8ce79c9ce59b5346661b4
830f4e1a7a03b72097f1955315fb64efed867543
387c5589554bd851904d1d2aa04c5daaabb6acc49e45a102eea550e55fe5ff4c
GET /xo1/xo-am1?&se_referrer=&default_keyword=Sex%20Pics%2C%20Free%20Porn%20Galleries%2C%20Hot%20Girls%20Pictures&&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb2392 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 180
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Set-Cookie: _subid=s8hnpa26cc8m;Expires=Sunday, 02-Apr-2023 13:51:56 GMT;Max-Age=2678400;Path=/
61f26=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNjc3NzY1MTE2fSxcImNhbXBhaWduc1wiOntcIjRcIjoxNjc3NzY1MTE2fSxcInRpbWVcIjoxNjc3NzY1MTE2fSJ9.4XbLCjmULp4RBknefdb2C3UcfN4KZZEUaY9Ewst_gHA;Expires=Saturday, 02-May-2076 03:43:52 GMT;Max-Age=1677851516;Path=/
_token=uuid_s8hnpa26cc8m_s8hnpa26cc8m6400a9fc879e79.59781726;Expires=Sunday, 02-Apr-2023 13:51:56 GMT;Max-Age=2678400;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
xxxlongmove.gigixo.com/s3/ad_amt1_v-01/449.jpg
139.99.56.17200 OK 28 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/ad_amt1_v-01/449.jpg
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 77x600, components 3\012- data
Hash 9da91478df969282dab7c87441ad352c
8b62795926af36f574aa6c2cb7c5f63444e8f704
203d7544a1ff810d34a43082dc9446aeab31b7ddd44c390bd612d55951b142cb
GET /s3/ad_amt1_v-01/449.jpg HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: image/jpeg
Content-Length: 28252
Connection: keep-alive
Last-Modified: Wed, 31 Mar 2021 20:30:40 GMT
ETag: "6064dbf0-6e5c"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 7a1a1bc6f999019b-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
poweredby.jads.co/adshow.php?adzone=962237
185.94.237.102200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=962237
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1589), with CRLF, LF line terminators
Hash cdb3319ca73a8145430b78b538839479
0dad2cd3c6421b1fee2538b466301d6d255ea63b
22e85cfbe094eb43750c7c021364a9fc7d9bc0c03734b771436eb0dc4146d5d0
GET /adshow.php?adzone=962237 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=14748b2ad6f919ef8376153391ca0206; expires=Fri, 01-Mar-2024 13:50:24 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps52802=1; expires=Fri, 03-Mar-2023 13:50:24 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE0Njc0MjI7aToxNjc4MDI0MjI0O30%3D; expires=Sun, 05-Mar-2023 13:50:24 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:24 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
i.jads.co/1x1.gif
69.16.175.10200 OK 43 B IP 69.16.175.10:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:25 GMT
Connection: Keep-Alive
ETag: "1457030838"
Cache-Control: max-age=9460241
Content-Length: 43
Content-Type: image/gif
Last-Modified: Thu, 03 Mar 2016 18:47:18 GMT
Accept-Ranges: bytes
X-HW: 1677765025.dop206.sk1.t,1677765025.cds264.sk1.c
i.jads.co/network/user1037/1-1619547642-0028094001619547642.jpg
69.16.175.10200 OK 55 kB URL HTTP/1.1 i.jads.co/network/user1037/1-1619547642-0028094001619547642.jpg
IP 69.16.175.10:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x600, components 3\012- data
Hash dc758a7ea885c9e45ccbf2bb315cf2fa
e00e03b7f8648b660ca4d485ec65b6439d4b0762
86bb80e5cee68b62da1c0f9d3a9c80940f39812d43dd00b671f6a2acce62e8ff
GET /network/user1037/1-1619547642-0028094001619547642.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:25 GMT
Connection: Keep-Alive
ETag: "1619547642"
Cache-Control: max-age=4876982
Content-Length: 55292
Content-Type: image/jpeg
Last-Modified: Tue, 27 Apr 2021 18:20:42 GMT
Accept-Ranges: bytes
X-HW: 1677765025.dop225.sk1.t,1677765025.cds250.sk1.c
i.jads.co/network/user500/22340-1505050856.gif
69.16.175.10200 OK 171 kB URL HTTP/1.1 i.jads.co/network/user500/22340-1505050856.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 171 kB (171317 bytes)
Hash 180dc33ec80c6b74134c11cef704f1d7
a080dac3932e29bfdd11bf105be49a5193a7ed7e
aca783083a2095296ec6d146027df96f66b465bb3ac713d14c1ff9965cce38d5
GET /network/user500/22340-1505050856.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:25 GMT
Connection: Keep-Alive
ETag: "1505050856"
Cache-Control: max-age=7242303
Content-Length: 171317
Content-Type: image/gif
Last-Modified: Sun, 10 Sep 2017 13:40:56 GMT
Accept-Ranges: bytes
X-HW: 1677765025.dop021.sk1.t,1677765025.cds257.sk1.c
cdn.tsyndicate.com/sdk/v1/bi.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 6569821
static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
104.16.94.42200 OK 84 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
IP 104.16.94.42:0
File type Unicode text, UTF-8 text, with very long lines (35319), with LF, NEL line terminators
Hash 2b96647abde832b3b41f604799675ca7
455e44f78f582797e92f7280e71ad959df94a355
dbd8dabafba2b053b1d1641e3f7b19393dfaa8574a9341918274e1b28199e683
GET /CACHE/js/output.9b823bb2f723.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"1360376b8f5657814f662391b765d655"
last-modified: Tue, 24 May 2022 17:14:17 GMT
x-amz-id-2: KTWJY/HCZAzfCN7zvoTtoCRDkjCDtsx43npe+RSp0Ebo2HF6WHgess4Ct9QL7Zi8XExzaRuhmCw=
x-amz-meta-s3cmd-attrs: md5:1360376b8f5657814f662391b765d655
x-amz-request-id: M1HHWCFNA8C6CV81
cf-cache-status: HIT
age: 2470594
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2BEFl7PX138EoVfN0u0cooiHiCO8HxQjvUp8NzyUAzlfVmo2R7%2BceuQ2gQEelc4Ni2dl%2BY4af2QLNAbtvmBiSLY2gMh2%2BPn8GlvLCGwj8blINnWO5XZBCDUnGThsPbSOGER0wIM0I4iTAZlq6b9D7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=ZQSk1szUCHSHQt_OL9Y9h9TsbCM4XB6QADUyod3mDK8-1677765024724-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc7a0afabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
riotousunspeakablestreet.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 riotousunspeakablestreet.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37133), with no line terminators
Hash 95b803f5cd815632279ddec777592a13
4092d566dc099eaefb75389e86d26ebcf9f99fe0
6c0d5976529145fcbd72620f2863e5c0b880e224a5737dded730756010715b89
GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: riotousunspeakablestreet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b8fe24b765f85a0fd2145c96bd9257d4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static-assets.highwebmedia.com/CACHE/css/output.afba3b126870.css
104.16.94.42200 OK 14 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.afba3b126870.css
IP 104.16.94.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash b88f2686e3d7d44498e58fb499bb3f03
c1454748943f3b0f2c67e1addfc4f73560535f72
7b13bf28bcd621ff244c1add968b521db528c8cea71b3d2fd4f7f6d37ebc7108
GET /CACHE/css/output.afba3b126870.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=84490
etag: W/"4764f207929e629d2219e52494cd870c"
last-modified: Tue, 21 Feb 2023 23:20:42 GMT
x-amz-id-2: mxdyNrPvEJOnrw7eR8dWb++CjNKt75KW4UfXbRgrE/w/5xjVm7K/38u8xvWEUF0b4ya/+AGnAdc=
x-amz-meta-s3cmd-attrs: md5:4764f207929e629d2219e52494cd870c
x-amz-request-id: 08YMZ9283PTWNB64
cf-cache-status: HIT
age: 743206
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=31KaezZU%2BZFb93Jb%2FZQX0YIprM%2B99dKxV8%2BEs9UZZeeLqLPlwTajM7KPqjGjbLghNGoTh9rY19x5rCp2etSJWD65Htt8NTry9141H8TFdDwROnpAwV3TF7S%2B0JwOuKoChYvnQfdSE%2B%2BuPfpNjQoIpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Jyg5OGf6FlBXDv9TxHysRrkg6sSzZ4v8R0.hFJYVihw-1677765024698-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc49f1fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 2.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2537), with no line terminators
Hash 3b607ad47cd21b51feac172bc7239c98
9d24fb871752e0299e015fabdef7e69308335b7e
3d8793b296e3228e3455237c0b42a56d0673d04214d11c4458e4f53eb75ce2aa
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2537
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:25 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-205
cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
45.133.44.24200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d021cf80"
X-Request-ID: 914868fb7bac51d034870396a0f39bea
Content-Encoding: gzip
Expires: Thu, 02 Mar 2023 14:50:25 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
45.133.44.24200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d021cf80"
X-Request-ID: 914868fb7bac51d034870396a0f39bea
Content-Encoding: gzip
Expires: Thu, 02 Mar 2023 14:50:25 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
static-assets.highwebmedia.com/CACHE/js/output.22fcc6ddd7fb.js
104.16.94.42200 OK 53 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.22fcc6ddd7fb.js
IP 104.16.94.42:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 4732305f71f786dd4149379f4b58d454
9cd8be3958a88f51b1a534190afeeb3faf9bdfc9
e65e6242a63dd206ad8ca590b957263d9339a0fbd33ce3d9fa61c186e2d91046
GET /CACHE/js/output.22fcc6ddd7fb.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"b6478c81f6d00fc5f5f8c5c8a83e7def"
last-modified: Thu, 09 Feb 2023 22:37:40 GMT
x-amz-id-2: 58VSmCG/Ais5R9oTrtzfDhSSC99nuUTKfyZeoiSGQK03lg9TlssnatC6ZW+83j/+Kf251otKLQQ=
x-amz-meta-s3cmd-attrs: md5:b6478c81f6d00fc5f5f8c5c8a83e7def
x-amz-request-id: 9N425M5WQWDTXJ5C
cf-cache-status: HIT
age: 1782567
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eN0og66Xjzg9Lltw95IwJkyapt4XILkL%2FqETwJXGh0lKUFjY25oQ0nq7E3t75YDYKZfsO1gYCyVEyiH3XA6MiITLD6%2B0xvqxJFSD55SQorDV%2Fx2zQqIRFF9Ccl3kpF0UbFX%2FU5FYVsxStHR3ozD5OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc19acfabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b575c4b51515056525351564b51515056525351563b5454533b535456004a0e1403
139.99.56.17200 12 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b575c4b51515056525351564b51515056525351563b5454533b535456004a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 100x150, components 3\012- data
Hash 788e685f524fb5d2b3906870a5edeee2
852f3eb1a4c4fec23dabccd5830fbb7d6c89fc11
714975fe0bbc0d3067817b1470315d4a58bdd5a33641ef693389c3b31b0fc8fc
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b575c4b51515056525351564b51515056525351563b5454533b535456004a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Length: 12446
Connection: keep-alive
Cache-Control: max-age=31418383
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 6f999996f8625076a19dfee5628381fc
52e947ace48a1e5fd8ca62460bf168ff6342740c
62c27034032269a1ca1958c03dac4360110d12dfab4b8d98728c880489e38eb6
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 02 Mar 2023 13:50:25 GMT
Last-Modified: Thu, 02 Mar 2023 00:43:39 GMT
Server: ECAcc (nya/789C)
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: QjL7sfL9qzT9C_aG46_s5qrixe6d3CgGOBX8D-wXaK7nnFKYQhVXmw==
Age: 47207
i.jads.co/network/user500/30216-1561026164-0152310001561026164.gif
69.16.175.10200 OK 514 kB URL HTTP/1.1 i.jads.co/network/user500/30216-1561026164-0152310001561026164.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 514 kB (514504 bytes)
Hash bb3a8da690c1fa3e6bc3ec2a286db225
3762be777a2b9f575b08e1e4086b6b71d9c895b9
a5cc1f03000042ed17bb4bc203ab714f9d44ebe002739018886ce8aef1c11b63
GET /network/user500/30216-1561026164-0152310001561026164.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:25 GMT
Connection: Keep-Alive
ETag: "1561026164"
Cache-Control: max-age=12248296
Content-Length: 514504
Content-Type: image/gif
Last-Modified: Thu, 20 Jun 2019 10:22:44 GMT
Accept-Ranges: bytes
X-HW: 1677765025.dop215.sk1.t,1677765025.cds211.sk1.c
go.xliirdr.com/api/models?quality=optimal&sortBy=stripRanking&tag=men%2C-men&forceClient=1&stripcashR=0&limit=6
104.18.59.150200 OK 402 kB URL HTTP/2 go.xliirdr.com/api/models?quality=optimal&sortBy=stripRanking&tag=men%2C-men&forceClient=1&stripcashR=0&limit=6
IP 104.18.59.150:0
File type JSON data\012- , ASCII text, with very long lines (9929), with no line terminators
Size 402 kB (401577 bytes)
Hash 4fa03507adec8f255b50d6eed203af5a
b713bba29e1a0805941ad113c541c14f436afc98
e3da13434391070993d87ddf5a994a06fc6dfb52bbe4f81446ef1b909f8bb76b
GET /api/models?quality=optimal&sortBy=stripRanking&tag=men%2C-men&forceClient=1&stripcashR=0&limit=6 HTTP/1.1
Host: go.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xliirdr.com/
Origin: https://creative.xliirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/json
access-control-allow-origin: https://creative.xliirdr.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
last-modified: Thu, 02 Mar 2023 13:10:10 GMT
cf-cache-status: EXPIRED
set-cookie: __cflb=02DiuDfsBaY2bRYJiCddNhqGgfsRfgxdZ2mp5U69osiya; SameSite=None; Secure; path=/; expires=Fri, 03-Mar-23 12:50:24 GMT; HttpOnly
server: cloudflare
cf-ray: 7a1a1bca6807b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/825-react-bb8e2b5d8559102e7274.js
104.16.94.42200 OK 54 kB URL HTTP/2 static-assets.highwebmedia.com/cachebust/825-react-bb8e2b5d8559102e7274.js
IP 104.16.94.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c0b8376c947a862791038ff4638cb21e
5cbd3e4194bffe1b67a32452587c9903ac0af477
43bc0fadbb46bcf9ba5b366161b31bbee29530513db638f593c13e027fa226f4
GET /cachebust/825-react-bb8e2b5d8559102e7274.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=161808
etag: W/"7a130551f6e927ecc9daaab2d085fc21"
last-modified: Fri, 03 Feb 2023 01:47:49 GMT
x-amz-id-2: m26geDVZRxhFy0Qd/ImOpZZNsTEArJr8X5QBNJsWjUDPUxnCKgxago9I2SYbzspSbFfVNONjf3U=
x-amz-meta-s3cmd-attrs: md5:7a130551f6e927ecc9daaab2d085fc21
x-amz-request-id: 8ZDMJ16KJWKK3FPS
cf-cache-status: HIT
age: 2375995
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HP9LsBNHTSW%2FI62emgm6xArUaVCuWX38p6znvxg8l2g9acE59N6wXQGKk%2BYvlTV3r27FHS%2BjssOBpghV0miA3gHW4YhTkR6Mcu9s%2BwhcALLoAT1AKyjgivVNKKlAD6BvkPAEek4SKrbk4VZfFF9GNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc19aefabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 2.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2537), with no line terminators
Hash 59c5dd58222b322824c43ddcb92fe1e8
7864aac7b38eb3d5b73de7358f42f89687a8ec03
a078329c0d22b810511a7b2f4f1f564e12ef4a98113a5dda6aa8c2c3e01f4287
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2537
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:25 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-200
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 41c9d22d2a8dc1757f35e2719006b7e0
522e1104da2cce260569bdf9109eebc2ffbe120f
f6cfe2372af7f67435c7cda01dcaaa4bea5469bef4e020ae4a66fa1823eb3180
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
set-cookie: uid_id2=51534cfd-f052-41c9-82c6-7a962b874f24:1:1; expires=Sun, 27 Feb 2033 13:50:25 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
xxxlongmove.gigixo.com/viewImage3?data=0a110808
139.99.56.17200 167 B URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0a110808
IP 139.99.56.17:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0a110808 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-CORE: core4
X-LB: core4
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
set-cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1; expires=Sun, 27 Feb 2033 13:50:25 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
104.16.94.42200 OK 722 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
IP 104.16.94.42:0
File type ASCII text, with very long lines (1105)
Hash e93135de234091cfa4566ab0f342cd12
117acee4c49d79e9514e975bd8637d2aefcdf9c9
418ade0b90725505d5ce55d52565ec82c465d0803f3da81caf37b9410f05b888
GET /CACHE/js/output.caee332d326d.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"b61e15511bf0db70d0d422e98c465403"
last-modified: Thu, 24 Jun 2021 21:24:08 GMT
x-amz-id-2: HeoCFEUKzTihPkh1D1dueOkltnCJFjGi5HuYWiCUmgPBwm4469ef2j6fTJmt3Rc9WX3D61SDttc=
x-amz-meta-s3cmd-attrs: md5:b61e15511bf0db70d0d422e98c465403
x-amz-request-id: 75T4PX5CV0NYCRDS
cf-cache-status: HIT
age: 1069485
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6kI%2F0ENe01fMMxlrWjIQIp3uSXyzRtdBXgTNeS4U0DWMaRSqEPE81snf4wB8HR%2B0ax7DuKRTOKt60HUPopDMH2bZcCeMMIntEyTTlHWMrt4FktkZonHwQx%2FiTkLkcJqHtkZEUo4zo4unlG2Qu6nDyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=LN.bqUcb1vwuJZenV91.pX.POn1fBzf0oOeEcvTlhkE-1677765024706-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc59f5fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=941000
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=941000
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (409), with CRLF, LF line terminators
Hash 8da6067f61a1f3715a9f004089fed797
4e43c0db94669c33727ae9810968a5881250035a
98cc53f3ccf15a255f7abb69d9253d93e4d2c714ea518d9e3af7b912a35ccce9
GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=14748b2ad6f919ef8376153391ca0206; expires=Fri, 01-Mar-2024 13:50:24 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 03-Mar-2023 13:50:24 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3NjtpOjE2NzgwMjQyMjQ7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:24 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:24 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.51.205200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: b9f283a1c91cfbc6
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.51.205200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: af8764f6bb02e07b
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
ocsp.usertrust.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c43474d987e226b2ff9ffdfb2da68a55
dbb186f8cf38b7ab28640253e8e891c2e680a099
8f3cfa81da1fa4b95f806b02b069a315d010dfa0e64f3046a8a53145bec7dca1
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 27 Feb 2023 15:16:15 GMT
Expires: Mon, 06 Mar 2023 15:16:14 GMT
Etag: "dbb186f8cf38b7ab28640253e8e891c2e680a099"
Cache-Control: max-age=512202,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 476
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a1a1bd0fdd41c16-OSL
frailcockroachconfiguration.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
173.233.139.164200 OK 13 kB URL HTTP/1.1 frailcockroachconfiguration.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
IP 173.233.139.164:0
File type ASCII text, with very long lines (37190), with no line terminators
Hash 63fc14b2d405f8372b25bb2e32495fd9
a21581075d92c1517e4d168576fd3392f25c25db
34f5453847ddf5878e054e295318563f3660509863ac3d2d22416256e6097bca
GET /8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js HTTP/1.1
Host: frailcockroachconfiguration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4869f4fc01c3f3cb93e43362e210e1f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
104.21.234.92200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 104.21.234.92:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 6f2548adc97b3bcce030a8bec8e784c2
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Thu, 02 Mar 2023 13:50:25 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vfmtSUZJytpFJg4ut6b6%2FElWMcAvwRUcHJtvpzBuCx1IeK%2B%2FS73udhXbPFtIHGROEWIw%2FgEsSaUnlXErA0ihxuFpsc61rT9od2WWUkZOELJWpS2tsf0U5pWiKAc4BNKeU85301A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a1a1bd08c4623d4-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=a67e5757c6f1
104.16.94.42200 OK 94 kB URL HTTP/2 static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=a67e5757c6f1
IP 104.16.94.42:0
File type ASCII text, with very long lines (1358)
Hash f3d675ae3da1956a537444ef9a4d990e
a83071b686f84535228c9f0b24ddb2ecc861f951
e1b8528a4067a80ada4b7c74e54e5a4b0d96b8ef75178d14395050d0859ba8a3
GET /jsi18n/en/djangojs.js?hash=a67e5757c6f1 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=3271
etag: W/"32cad827f4958bb8450fc33065ba4b42"
last-modified: Thu, 28 Apr 2022 02:42:35 GMT
x-amz-id-2: IfJwsrMyHWMoRi6pTl71JC51Iq180W+YX84qDhO/HnTTEZl2fnLjuPyGpxl3GmphKjssLtfmAUM=
x-amz-meta-s3cmd-attrs: md5:32cad827f4958bb8450fc33065ba4b42
x-amz-request-id: 7EA7DCMBMJWVTVE3
cf-cache-status: HIT
age: 26243
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJzS75yXERxD6dsoPXKhmC0wEQCHjBNaTRLdKqROMPHlscHSHC9iX0PIec578RlvG5KFWdKiMvdFzZT2frOPSvNdMkqgLSB3Y%2FGMZJX1ihFaj7r2Fm0IKC8u2fwpoxpmO7EywqW66ZBYot6FgZOx6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=7aRscZf1tg.sI.eQAlpbn2NvGDL508NJX1x8uqxGS1Q-1677765024701-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc59f4fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
173.233.137.44200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
IP 173.233.137.44:0
File type exported SGML document, ASCII text, with very long lines (26978), with no line terminators
Hash c17c35e32120a97d1c6f17fd2f47354d
bcbd9677c265d9483e17a17af2698ecb6ad29f53
8e8f0e07883fe69c97d31e7bc4a380a9ac511a03357af62402913bbaebf2ba0b
GET /11115435c35e6b966b90a5f936e0edcc/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 53f50995a97a3651b6efce149fb380e9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.eabids.com/data/bannerpools/94553/59046.gif
217.22.19.195200 OK 290 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/59046.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 290 kB (290105 bytes)
Hash 85f3b2d4c0b1a3d0d312a45623e35d09
b6989270c0c4e009917306ba7d75282078b7b81a
20974d388b69eb5cac325e5b721bce8bb5bbe6d1190acce03c9d91d949ee3a88
GET /data/bannerpools/94553/59046.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:24 GMT
Content-Type: image/gif
Content-Length: 290105
Last-Modified: Thu, 28 Apr 2022 14:45:43 GMT
Connection: keep-alive
ETag: "626aa897-46d39"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes
cdn.tubecorp.com/b/tcbanner.js?v=21
45.133.44.24200 OK 18 kB URL HTTP/1.1 cdn.tubecorp.com/b/tcbanner.js?v=21
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (50685), with no line terminators
Hash cdf1ca2de3be908c01fc475c284bd396
41d93ac6b9d836e4ee2317d00b977bc4edd6a294
14b531a858232cd186a0a4c7070ddde07e950a8e7adf0940835f6adf86600590
GET /b/tcbanner.js?v=21 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:35 GMT
ETag: W/"61989abb-c604"
Cache-Control: max-age=3600
X-Request-ID: 6f1daecf978b48536956fdbfd14a730e
Content-Encoding: gzip
Expires: Thu, 02 Mar 2023 14:50:25 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
variedslimecloset.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
192.243.61.227200 OK 13 kB URL HTTP/1.1 variedslimecloset.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37133), with no line terminators
Hash 95b803f5cd815632279ddec777592a13
4092d566dc099eaefb75389e86d26ebcf9f99fe0
6c0d5976529145fcbd72620f2863e5c0b880e224a5737dded730756010715b89
Analyzer Verdict Alert quad9 Sinkholed
GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: variedslimecloset.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6b50bd1f30d189ae307994bc4a58a748
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.eabids.com/data/bannerpools/112022/33929.gif
217.22.19.195200 OK 130 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/33929.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 130 kB (129611 bytes)
Hash 820797e463eb448c5a41858b36949b91
c99c786464a5232847110c0c2982e60f99b41e1f
d3d055f2b47ea13bf462e0a71b8eccfa9e300b9ffc7e952198cd47b741534e6b
GET /data/bannerpools/112022/33929.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: image/gif
Content-Length: 129611
Last-Modified: Thu, 28 Apr 2022 14:46:26 GMT
Connection: keep-alive
ETag: "626aa8c2-1fa4b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
static.eabids.com/data/bannerpools/94553/24626.jpg
217.22.19.195200 OK 23 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/24626.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash f9e6baae8e20d80231917f19c06ed299
27704006f0c34d1abec89df632502c8eb5af08b5
11592c12c29e6160394bc9434953a33184bdd8a614768d9542e731bab818c612
GET /data/bannerpools/94553/24626.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: image/jpeg
Content-Length: 23248
Last-Modified: Thu, 28 Apr 2022 14:45:36 GMT
Connection: keep-alive
ETag: "626aa890-5ad0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.43911359730322497
131.153.88.93200 OK 29 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.43911359730322497
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 0a6ca00bb1ed681a47270a0fdcd974a2
1acb54f847662a8696c21a557f3756d0fd945d3e
73af152c6cc74877b97b5abff56e34e2a822b8f9d5acb448cae9e2839ddf1764
GET /stream?room=mashayang&f=0.43911359730322497 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:25 GMT
content-type: image/jpeg
content-length: 29065
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
static.eabids.com/data/bannerpools/94553/59490.jpg
217.22.19.195200 OK 65 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/59490.jpg
IP 217.22.19.195:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash f00251f4cdb98d2647186b8687e962aa
0fe8ceb8d60b00b8941896d7b93bc4aa6630b5a0
b0b30e324f1e14b26a9ef248b22540a044108bb3cc5f6c0fadea8a2e0a73d76a
GET /data/bannerpools/94553/59490.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: image/jpeg
Content-Length: 64855
Last-Modified: Thu, 28 Apr 2022 14:45:45 GMT
Connection: keep-alive
ETag: "626aa899-fd57"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b28563c0e25282b020e1c21301436201d2234090217354b5454544b5053514b5153574b53535d3b555454544a0e1403
139.99.56.17200 110 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b28563c0e25282b020e1c21301436201d2234090217354b5454544b5053514b5153574b53535d3b555454544a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 750x1000, components 3\012- data
Size 110 kB (110224 bytes)
Hash 46bf6ff6bc8b9d3fec96726f33d829e4
dcab7c95df1c90e8faebfd084b7cc66d72312053
02a871b2ab7682195b93f33f3d9455ed4e180acfeb0960eae54bb03c6b65b1d6
GET /viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b28563c0e25282b020e1c21301436201d2234090217354b5454544b5053514b5153574b53535d3b555454544a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Length: 110224
Connection: keep-alive
Cache-Control: max-age=31418383
simplewebanalysis.com/stats
3.124.100.190200 OK 100 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
Hash c1a035b51e96737fafb63594e88ed82d
8aa098c494e8ea1a6671940cee0382caab4b26c4
893d8fbaa429d48f5487dbca45cdb4229d28f46a7fe52b811e5e8aa395122535
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 6 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash 7d14c6d06a6075d413d43d381c992eba
49bdfc1145f7c7a7bf870f069b9d23a97966cb30
f48bd14f1f30b485d99a2904d06cbd9fa03ccaa5779105a3d3cf963edb2ac385
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030763
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030763
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.51.205200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: efdcf9dfa4c7cfde
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
173.233.137.44200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
IP 173.233.137.44:0
File type exported SGML document, ASCII text, with very long lines (26978), with no line terminators
Hash b368f71ef4c4be7afb9d4aa2343f619b
70c526217f50d5d6450e6ac4926a08c0cb8ffedf
1e583eeda5146325f29adf6b9f6d2890482177ca0e3f963c57ac1a0973c6071c
GET /539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b75907d5b92453fc101dfb4940ede5bf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
puddingdefeated.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
173.233.137.44200 OK 13 kB URL HTTP/1.1 puddingdefeated.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
IP 173.233.137.44:0
File type ASCII text, with very long lines (37136), with no line terminators
Hash b605256bc7ff45db5aac8ff43acf8e44
eab39a804ec1527ff8ca6d147d35c5d8720426e6
1a133ce1590def54d89676e7e011184841b0e0a58ce8990ec8644b634db9d44f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js HTTP/1.1
Host: puddingdefeated.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c8d9b8ce19dec1dfbf364cf32e65ffab
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
xxxlongmove.gigixo.com/s3/ad_tf1/2129.jpg
139.99.56.17200 OK 54 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/ad_tf1/2129.jpg
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x1034, components 3\012- data
Hash 1af10e106f8e75f50a448c9939dc38e2
8f1dab5327e1fe1e6b23151fdcab7bcd46448e7e
fb53ecb0ad8c49ed033b2555119cf5441f63bf3e5f6d91f751050795a58bf751
GET /s3/ad_tf1/2129.jpg HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: image/jpeg
Content-Length: 53459
Connection: keep-alive
Last-Modified: Tue, 20 Apr 2021 20:23:23 GMT
ETag: "607f383b-d0d3"
X-Cluster: web-cdn2
X-Cache: EXPIRED
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 7a1a1bcc6e12204a-NRT
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.7888695005818048
131.153.88.93200 OK 29 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.7888695005818048
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 9d49e137d14f32d4479fe2f7d8448833
cc42cde1a207f6d12debe8f0b9631206e450c01d
f8bfb44591bca7781374d655c1208f6422e2a47504d43226fc249b614d338f07
GET /stream?room=mashayang&f=0.7888695005818048 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:26 GMT
content-type: image/jpeg
content-length: 29099
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIoXGwRo0xMlrkiDGyBQ0YNmiIvEEjTIsZYmTAwJGDDAybZsaIeBimjk4dInLYIFNDBo4aYl7GuJGUBksYLXCIqWEjKowYYsKEmWEDRpmjOyGSsbNQhg0cMWg8hFNHzEIbMZbyhAOH4owcakXMgTNRxwwcNGjIuDHj4Zg2df3-pWEjB08yZig-FOPGzcIZMDIDriiijRuMOgLPlLHWM2gbNWhwrhMjIxo6dODM0fHixRg0YejUkZOVThkXY960eZHGzYsfdOREXNNjzR0yLejEaOHmDZ0xXOpkNkvnze4eNt7AEJN9u40xYRCHSXPGTQ8nRKYMmVEehlkyaeaEEcOmzJc53rlBRg8x1GdWG2-IkUZ_UpSBnxxlSNRDT90ZaEMZbYjh4Bd2pHHQG1-84QYbeRAYFhnCZYTHimyIeAaCdvx2Bntp4PEGcCkalttCW8ggQxdryfHTDGW0AINDGkWmAwwuXGUYHG18AYeQCzFpH2dy2JEYZg9FCGWVTRYmQh11pJGRVgWZYYNZIpnBlEljiDGDSDjckENUM5iBFwwzjGHGTJE9lEZiQcXgQg5MCuZCQzSEJccXg2Y00qGJyrBoamHVEUZGTbyhx4JshPFCDU2CgMIVxaF4xxwgOEEFCDFYuQMIqLqR0qx43ApClgwd2WQKIBwR4RpvvCBTrFddBYIRaUBoxht4vBArqTCENcZPIjjxRFhvPHptRtqGxQa2RThxYhl2fAEhGxTVcMMNOHCFQ2YPydFeWTXU-dBB6Yohx0I44LAvul8gSEZZOMC1rxxvXPbQGwqFFiS0eSyUFxl5WKZDcnWUUW8ZSg4EGxy0vbAiHi1-BqOMNNqI43Bh3ZFRDEZV-xAaM9vX6ENzZJkRw3Tk1m0LdbiRBh0txICDC2SMQfOJ2B70RdNPW9QGRTa8ewNq9olJRxsyYK011zLMUBRnBqlbxl5f7MhQ1u-SLeZ-fYlwkBk9sTHRWuNWaRhoMPShQEA%3D&s=62044f1f8669061ed2c5b97cb522279f6bb2a80230c41b7619b43f85dbfd18c61677765023&w=t&r=1&d=2874&priv=false
136.243.51.205200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIoXGwRo0xMlrkiDGyBQ0YNmiIvEEjTIsZYmTAwJGDDAybZsaIeBimjk4dInLYIFNDBo4aYl7GuJGUBksYLXCIqWEjKowYYsKEmWEDRpmjOyGSsbNQhg0cMWg8hFNHzEIbMZbyhAOH4owcakXMgTNRxwwcNGjIuDHj4Zg2df3-pWEjB08yZig-FOPGzcIZMDIDriiijRuMOgLPlLHWM2gbNWhwrhMjIxo6dODM0fHixRg0YejUkZOVThkXY960eZHGzYsfdOREXNNjzR0yLejEaOHmDZ0xXOpkNkvnze4eNt7AEJN9u40xYRCHSXPGTQ8nRKYMmVEehlkyaeaEEcOmzJc53rlBRg8x1GdWG2-IkUZ_UpSBnxxlSNRDT90ZaEMZbYjh4Bd2pHHQG1-84QYbeRAYFhnCZYTHimyIeAaCdvx2Bntp4PEGcCkalttCW8ggQxdryfHTDGW0AINDGkWmAwwuXGUYHG18AYeQCzFpH2dy2JEYZg9FCGWVTRYmQh11pJGRVgWZYYNZIpnBlEljiDGDSDjckENUM5iBFwwzjGHGTJE9lEZiQcXgQg5MCuZCQzSEJccXg2Y00qGJyrBoamHVEUZGTbyhx4JshPFCDU2CgMIVxaF4xxwgOEEFCDFYuQMIqLqR0qx43ApClgwd2WQKIBwR4RpvvCBTrFddBYIRaUBoxht4vBArqTCENcZPIjjxRFhvPHptRtqGxQa2RThxYhl2fAEhGxTVcMMNOHCFQ2YPydFeWTXU-dBB6Yohx0I44LAvul8gSEZZOMC1rxxvXPbQGwqFFiS0eSyUFxl5WKZDcnWUUW8ZSg4EGxy0vbAiHi1-BqOMNNqI43Bh3ZFRDEZV-xAaM9vX6ENzZJkRw3Tk1m0LdbiRBh0txICDC2SMQfOJ2B70RdNPW9QGRTa8ewNq9olJRxsyYK011zLMUBRnBqlbxl5f7MhQ1u-SLeZ-fYlwkBk9sTHRWuNWaRhoMPShQEA%3D&s=62044f1f8669061ed2c5b97cb522279f6bb2a80230c41b7619b43f85dbfd18c61677765023&w=t&r=1&d=2874&priv=false
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIoXGwRo0xMlrkiDGyBQ0YNmiIvEEjTIsZYmTAwJGDDAybZsaIeBimjk4dInLYIFNDBo4aYl7GuJGUBksYLXCIqWEjKowYYsKEmWEDRpmjOyGSsbNQhg0cMWg8hFNHzEIbMZbyhAOH4owcakXMgTNRxwwcNGjIuDHj4Zg2df3-pWEjB08yZig-FOPGzcIZMDIDriiijRuMOgLPlLHWM2gbNWhwrhMjIxo6dODM0fHixRg0YejUkZOVThkXY960eZHGzYsfdOREXNNjzR0yLejEaOHmDZ0xXOpkNkvnze4eNt7AEJN9u40xYRCHSXPGTQ8nRKYMmVEehlkyaeaEEcOmzJc53rlBRg8x1GdWG2-IkUZ_UpSBnxxlSNRDT90ZaEMZbYjh4Bd2pHHQG1-84QYbeRAYFhnCZYTHimyIeAaCdvx2Bntp4PEGcCkalttCW8ggQxdryfHTDGW0AINDGkWmAwwuXGUYHG18AYeQCzFpH2dy2JEYZg9FCGWVTRYmQh11pJGRVgWZYYNZIpnBlEljiDGDSDjckENUM5iBFwwzjGHGTJE9lEZiQcXgQg5MCuZCQzSEJccXg2Y00qGJyrBoamHVEUZGTbyhx4JshPFCDU2CgMIVxaF4xxwgOEEFCDFYuQMIqLqR0qx43ApClgwd2WQKIBwR4RpvvCBTrFddBYIRaUBoxht4vBArqTCENcZPIjjxRFhvPHptRtqGxQa2RThxYhl2fAEhGxTVcMMNOHCFQ2YPydFeWTXU-dBB6Yohx0I44LAvul8gSEZZOMC1rxxvXPbQGwqFFiS0eSyUFxl5WKZDcnWUUW8ZSg4EGxy0vbAiHi1-BqOMNNqI43Bh3ZFRDEZV-xAaM9vX6ENzZJkRw3Tk1m0LdbiRBh0txICDC2SMQfOJ2B70RdNPW9QGRTa8ewNq9olJRxsyYK011zLMUBRnBqlbxl5f7MhQ1u-SLeZ-fYlwkBk9sTHRWuNWaRhoMPShQEA%3D&s=62044f1f8669061ed2c5b97cb522279f6bb2a80230c41b7619b43f85dbfd18c61677765023&w=t&r=1&d=2874&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 15687770
creative.xliirdr.com/widgets/v4/Universal?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef&iterationId=402088&masterSmartpopId=1605&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sortBy=stripRanking&sourceId=349000&tag=men%2C-men&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30279
104.18.59.150200 OK 537 B URL HTTP/2 creative.xliirdr.com/widgets/v4/Universal?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef&iterationId=402088&masterSmartpopId=1605&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sortBy=stripRanking&sourceId=349000&tag=men%2C-men&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30279
IP 104.18.59.150:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ffeccff85cec566a3cbbc829c7a2ec38
44e602f19f164f15c95dc9062871786f5547010d
516acef3953bdd67d3f8215b0dc2722d5d87e5be76cdcefbbcfee45ce0b3baa9
GET /widgets/v4/Universal?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef&iterationId=402088&masterSmartpopId=1605&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sortBy=stripRanking&sourceId=349000&tag=men%2C-men&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30279 HTTP/1.1
Host: creative.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:23 GMT
content-type: text/html
last-modified: Thu, 02 Mar 2023 12:46:34 GMT
expires: Thu, 02 Mar 2023 13:50:19 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 7
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bc70c54b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
js-agent.newrelic.com/lazy-loader.48127245-1225.min.js
151.101.66.137200 OK 520 B URL HTTP/2 js-agent.newrelic.com/lazy-loader.48127245-1225.min.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (1626), with no line terminators
Hash dac2dcb0be1ec3567fd43c71533f9349
7884cfed34956988b073997edea42ef48bf12bbb
e64fd50eed1865917d16e1cfaf4cf06eeae9c5c8ebcb17485fbc6ccf87fe254e
GET /lazy-loader.48127245-1225.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: RNs9TGhWBSGVzizY9pww9fV2VrZVZ8t0QuRIBzuQtFH0w3ZNnoZI2Jfxp2FVqoydSCyjOhLxNeo=
x-amz-request-id: ZQ50CT91R6736TYW
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
etag: "a3759bbbd15fffd73531bda1e8166ae7"
x-amz-server-side-encryption: AES256
x-amz-version-id: x72sIi24uKUpr9UhD5QY7PCKtNgMfeY4
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Mar 2023 13:50:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 4658
x-timer: S1677765027.661223,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 520
X-Firefox-Spdy: h2
js-agent.newrelic.com/async-api.6bb277af-1225.min.js
151.101.66.137200 OK 1.1 kB URL HTTP/2 js-agent.newrelic.com/async-api.6bb277af-1225.min.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (2040), with no line terminators
Hash 58d9e96cdc32504fb45373f15ebdedda
26d4bd4290dad12187fb807c1bf3e5bbe13841e7
96aa6e169e4b557b3c12652ea21fa40e6dc30c8d4ee7fd2d5dfaa89d40d8110e
GET /async-api.6bb277af-1225.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: dEkmjh6xnYyORi5cv4XK2h6jk4xwZeDSORn1PMMhmFz5ut5cUaQFDjD2NQVQZkNOsdJIvYEn1Xk=
x-amz-request-id: ZQ59A607WBD0HSPF
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
etag: "dd573d973dfb2a2559befdfb616d511d"
x-amz-server-side-encryption: AES256
x-amz-version-id: ccu4IA9M.iSFjMQAJQZ9WRC6vNK74xfk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Mar 2023 13:50:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 4685
x-timer: S1677765027.668654,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1094
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=e5937915a343437993bcb6ac18eb41d4&hn=xxxlongmove.gigixo.com&et=224
136.243.51.205200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=e5937915a343437993bcb6ac18eb41d4&hn=xxxlongmove.gigixo.com&et=224
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=e5937915a343437993bcb6ac18eb41d4&hn=xxxlongmove.gigixo.com&et=224 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 692 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (692), with no line terminators
Hash f2d63c3a94c0dc8ef119dc30ced43249
76192239a03965e77dc4322d022517052abe818f
3a4431ed3bf0574faf0c5886ad878bcf91a4c8ee3fb47ee0b67b53d3fd6b7395
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 692
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-200
puddingdefeated.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
173.233.137.44200 OK 13 kB URL HTTP/1.1 puddingdefeated.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP 173.233.137.44:0
File type ASCII text, with very long lines (37133), with no line terminators
Hash 95b803f5cd815632279ddec777592a13
4092d566dc099eaefb75389e86d26ebcf9f99fe0
6c0d5976529145fcbd72620f2863e5c0b880e224a5737dded730756010715b89
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: puddingdefeated.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 04d0decac0a056b5d9a0393ba8f0da3f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36301 Moved Permanently 162 B URL HTTP/1.1 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b56544b515c575c525654524b515c575c525654523b5454523b015152564a0e1403
139.99.56.17200 242 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b56544b515c575c525654524b515c575c525654523b5454523b015152564a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 853x1280, components 3\012- data
Size 242 kB (242146 bytes)
Hash 602a9f6dd4b43c06370a537a17159a70
0ac2496e95950a37830ab47666136c08924f9d70
6be3d896ea50157a562e47bb5baf0aef66e5b9c96572b347259d3dab131c9ba6
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b56544b515c575c525654524b515c575c525654523b5454523b015152564a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Length: 242146
Connection: keep-alive
Cache-Control: max-age=31418383
xxxlongmove.gigixo.com/cdn-v3/xo-data/am1/231.jpg
139.99.56.17200 OK 37 kB URL HTTP/1.1 xxxlongmove.gigixo.com/cdn-v3/xo-data/am1/231.jpg
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x774, components 3\012- data
Hash 6d4621cc1c17a21b196cea2656e04115
241980734e04f8f206a81ca5e907a486b94175ad
952717e581093f091b1960500d2b6a62b18d57c48266a2cdbd7f2b2c0e36e7ab
GET /cdn-v3/xo-data/am1/231.jpg HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: _subid=s8hnpa26cc8m; 61f26=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNjc3NzY1MTE2fSxcImNhbXBhaWduc1wiOntcIjRcIjoxNjc3NzY1MTE2fSxcInRpbWVcIjoxNjc3NzY1MTE2fSJ9.4XbLCjmULp4RBknefdb2C3UcfN4KZZEUaY9Ewst_gHA; _token=uuid_s8hnpa26cc8m_s8hnpa26cc8m6400a9fc879e79.59781726
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: image/jpeg
Content-Length: 37414
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d4621cc1c17a21b196cea2656e04115"
Last-Modified: Sat, 17 Dec 2022 21:45:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Replication-Status: REPLICA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-version-id: e5910a54-8243-41ec-be4a-87231b2f1552
X-CDN-Backend: cdn-v3-web1
X-CDN: cdn-v3
alt-svc: h2=":443"; ma=60
X-Cache-Status: HIT, MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
js-agent.newrelic.com/spa-aggregate.6bec5056-1225.min.js
151.101.66.137200 OK 6.7 kB URL HTTP/2 js-agent.newrelic.com/spa-aggregate.6bec5056-1225.min.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (18769), with no line terminators
Hash 516108be92f71c9755071dfe737c1d87
7f5bf5f38224f72b7e95b2f5cb71751163590700
63f3ef3423fac80426ea194131413755cf29638bb8242e28cc5f0270323a6b7d
GET /spa-aggregate.6bec5056-1225.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: BJVHgIl1rIkB1ZnNxsUYhQzzHHvecXUhnsoQXDX7ojCadkd06mKyhvxtUMELYRVvNn914T+/Ki8=
x-amz-request-id: ZQ5D0MC9VRBPCCS2
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
etag: "4ef5a28c37c21f283a99a9932c1a7799"
x-amz-server-side-encryption: AES256
x-amz-version-id: svOBdF4N1y6yNVbjkxlscNzjeBM5BNX2
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Mar 2023 13:50:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 1914
x-timer: S1677765027.780113,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 6654
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.21e4d7885076.js
104.16.94.42200 OK 56 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.21e4d7885076.js
IP 104.16.94.42:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 7d8bd89642868e76a17d06e6374d9985
2684571d45c5737ae6163a9edc9898bf96fcfcf2
0e46d356a55ec50b1e0ecb8e653eef7ccf446edc563e856c43f0ccfda7445abf
GET /CACHE/js/output.21e4d7885076.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=114830
etag: W/"b4ad9510a310ef8a83f71a5f317f091d"
last-modified: Wed, 02 Nov 2022 16:55:42 GMT
x-amz-id-2: PsN3iv65Njn7hNZwOdYd1oAvY+pAIQWUXN9tndhJWmeM1MvoPlyG8vIpgAHr+IS5kjdZ1+l3zUY=
x-amz-meta-s3cmd-attrs: md5:b4ad9510a310ef8a83f71a5f317f091d
x-amz-request-id: QXPZJGZRTB4AE79K
cf-cache-status: HIT
age: 2580729
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uR26V4YuEmZ2U4hkhBERf7zZyjPF0YFajQLg%2FVxAMl5M2pO9szm55q3gwWQtLGYwoo9lg%2Byld7eA7z8nbsYRR9Xtbds8dA1F2fTvQesMkDgUmVGCyOLvR4yullgb%2F1MTm2tE3qLQs3NAVYXSk%2FsLYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=7aRscZf1tg.sI.eQAlpbn2NvGDL508NJX1x8uqxGS1Q-1677765024701-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc59f3fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js-agent.newrelic.com/page_view_event-aggregate.29613e65-1225.min.js
151.101.66.137200 OK 1.7 kB URL HTTP/2 js-agent.newrelic.com/page_view_event-aggregate.29613e65-1225.min.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (3756), with no line terminators
Hash 35fdcaafba8f604fe8152190954d93eb
e1537f360e464c093387edd97026ddca78c1ea6d
2fb9729a1dcfdd833a779d62dcbfaaebd9b71af424780d482ab744f75a2cb881
GET /page_view_event-aggregate.29613e65-1225.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: tVo3dBmHRPLBzchaHF3IAalzlkfVpZwkmFI5LpsWWlIe9B6UtZMMScx1uy6d1VHQFyheQmwBC8E=
x-amz-request-id: ZQ56GAAQPVX3904M
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
etag: "0743ee0ec30428f3654ee07d779efb64"
x-amz-server-side-encryption: AES256
x-amz-version-id: Q2wYJMaFVSMNo7QiSpnsS727o5X3kt_1
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Mar 2023 13:50:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 4713
x-timer: S1677765027.784343,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1682
X-Firefox-Spdy: h2
js-agent.newrelic.com/page_view_timing-aggregate.e791ce32-1225.min.js
151.101.66.137200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/page_view_timing-aggregate.e791ce32-1225.min.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (5466), with no line terminators
Hash abf4524d0219c4c6f7a4ee0febe89bdd
e0eb8cf49aad5c169c95d94b4c3a3c22e1ea8368
21997de34bc02fcbc7814b704b1c9d925a692c318ff60f125a9300c0b0c521fb
GET /page_view_timing-aggregate.e791ce32-1225.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: VFVbQ4oA/V5+DzfY+0wD5KsGoxpoHWkzi3jythlHRFlLdOqYqVZh9y9MD1WhtbYILaPgR9JfLI0=
x-amz-request-id: ZQ5AF3TCAN1CZ8XZ
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
etag: "84ba19034cf0206a49ecf68893086bdd"
x-amz-server-side-encryption: AES256
x-amz-version-id: 5Hc0bLUe_lA8zF4035AV9Xl5FkevBdYq
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Mar 2023 13:50:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 4727
x-timer: S1677765027.786161,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2248
X-Firefox-Spdy: h2
xxxlongmove.gigixo.com/s3/wc_oct20/0027.jpeg
139.99.56.17200 OK 44 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/wc_oct20/0027.jpeg
IP 139.99.56.17:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=455, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=704], baseline, precision 8, 200x200, components 3\012- data
Hash 39a23b841ff8a9860fc7468a756deb10
1be83b32178a24e6196e5cd48e2ab5c71a2e56c0
853623f5dcd97c93b6214621c54c6b2a91bf327a3d7791b695c8218f0498da35
GET /s3/wc_oct20/0027.jpeg HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:25 GMT
Content-Type: image/jpeg
Content-Length: 44397
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:49:58 GMT
ETag: "5f80ccf6-ad6d"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
CF-RAY: 7a17ed5fbc403f9b-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: REVALIDATED
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
chaturbate.com/in/?track=kwd-t1-notc&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1
104.18.100.40302 Found 38 kB URL HTTP/2 chaturbate.com/in/?track=kwd-t1-notc&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1
IP 104.18.100.40:0
Hash bdb700fbafc1c7e430619a1010a3358b
7e40d3afbc205dec2f25e1100c068a07daf15076
c3e75730c819a860c24842efb0549d5e503e8778cd54423954740c6344080e98
GET /in/?track=kwd-t1-notc&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 02 Mar 2023 13:50:23 GMT
content-type: text/html; charset=utf-8
location: /topembed/female/?join_overlay=1&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_6o0b=1; expires=Tue, 07 Mar 2023 13:50:23 GMT; Max-Age=432000; Path=/
us_6o0b=1; Path=/
affkey="eJyrVipRslJQMss3SFLSUVBKzi0Acf1cgp2NQfySomwQP7s8RbfEUDcvvyQZJFoEEssoKSmw0tcvKa7MS8lMTixJ1UvOz9UHSSempYEUJGcUZRYn5uSChMCmGhkq1QIAwF0fQg=="; Domain=.chaturbate.com; expires=Sat, 01 Apr 2023 13:50:23 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Thu, 02 Mar 2023 19:50:23 GMT; Max-Age=21600; Path=/
sbr=sec:sbr416b0470-87bd-440f-bb73-00ff0122b576:1pXjKB:-Ax2ek3JitYLaKo4U5yEu4ad6pM; Domain=.chaturbate.com; expires=Tue, 25 Nov 2025 13:50:23 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=LJomrqXHXLPoW6Im5NfTmvoqjfVFSwgTHQ_n46utOic-1677765023-0-AbvlM4k1OMk6txR8sW2jUg00L1eE7VrPNJ5N17iMgw+QMzrwupElVUG8imHnxEIMvO1vSGqJ35Vpd7cq4PHMBH8=; path=/; expires=Thu, 02-Mar-23 14:20:23 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7a1a1bc62eeeb521-OSL
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=940998
185.94.237.102200 OK 2.1 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=940998
IP 185.94.237.102:0
Hash 92235fe980dcf54d50c679394ba9f1bf
b4abf8ab022816d1b7660fca37dbba53b6af2aba
200ac22ecf85fd01ccdc1d6c126991364ad6f947024c3c63b958241312542daa
GET /adshow.php?adzone=940998 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=53e84fe34b7bd4d0c97262f2ece13c2e; expires=Fri, 01-Mar-2024 13:50:26 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps8605=1; expires=Fri, 03-Mar-2023 13:50:26 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjg4NDM5ODtpOjE2NzgwMjQyMjY7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:26 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:26 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
js-agent.newrelic.com/jserrors-aggregate.ef250e1c-1225.min.js
151.101.66.137200 OK 2.9 kB URL HTTP/2 js-agent.newrelic.com/jserrors-aggregate.ef250e1c-1225.min.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (7709), with no line terminators
Hash 93b16d74ffff600a49c849121f467e4a
4366b5a47fbe40c3c34c70cc76c62920a1758541
38c3b144396986326f7b13d2e061895faea00ae13c3b45bf42220ad4dec61d8d
GET /jserrors-aggregate.ef250e1c-1225.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Byy0zvlzsjzCj6Jz3UBLhK+mizKVaCvscpDFk7UPi/mhZqrQTZIRbWb4Yt0P1FEgTmuqvUgLyjY=
x-amz-request-id: ZQ5D70FNE6WN6R4P
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
etag: "57226211458d66408fe8e6f2a870ac73"
x-amz-server-side-encryption: AES256
x-amz-version-id: ZOM52KkW0qOLL2pO6zep8b6LBe5eLeAu
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Mar 2023 13:50:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 2634
x-timer: S1677765027.786837,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2947
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030763
static-assets.highwebmedia.com/cachebust/129-react-839eb3d82e529c7a8058.js
104.16.94.42200 OK 15 kB URL HTTP/2 static-assets.highwebmedia.com/cachebust/129-react-839eb3d82e529c7a8058.js
IP 104.16.94.42:0
File type ASCII text, with very long lines (50443), with no line terminators
Hash 258dec350be131c96e879494c493f6e0
2fd7682122a6bf25415370fe94afe059312441cf
6dbbfa5a66fb2bd5ed97c0ebe301bfb94c83c6260e7c77dd527833c6562216df
GET /cachebust/129-react-839eb3d82e529c7a8058.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=50502
etag: W/"7e83fb279c733323ac8538db356504fe"
last-modified: Fri, 03 Feb 2023 01:47:49 GMT
x-amz-id-2: KOCwc83dSK5pILYtmTEw9s25CFFq8Mta1iKUvqJDs/NLC8fzgK0lGCZLyBtN4WI15iziSEDN7DOcio/RyW26mQ==
x-amz-meta-s3cmd-attrs: md5:7e83fb279c733323ac8538db356504fe
x-amz-request-id: CRXR10HN1XY66QBJ
cf-cache-status: HIT
age: 1184804
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqAp9fTON0aDh6GOfFNe70G5jWe42VeLvJi8knV%2FnKPW4UBwWHelVdNUYertmzqrRtGs2bi76ySjo87ZHNzFn3IYYkXMZEkz11e5lDQY0Fa0BIxYJKenWoP4butP2oN8oFJPMuCr53Qc%2FYHqQIhB4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=X5ln4afvaju00kvYzDQFsVNs8rPAtzbyCWEYF2BBBIc-1677765024672-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc19b0fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 2.7 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2656), with no line terminators
Hash 77882c2887c9d56e288263d25ef7c266
233db3de80b88b9378f9d531915a9f70e04a95e6
d2d41a7e2f1b4394bd62dbac4db9471108979605781c9145a5149647e89fd29c
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2656
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-205
static-assets.highwebmedia.com/cachebust/runtime-react-afb237e8b31275fe8b77.js
104.16.94.42200 OK 4.9 kB URL HTTP/2 static-assets.highwebmedia.com/cachebust/runtime-react-afb237e8b31275fe8b77.js
IP 104.16.94.42:0
File type ASCII text, with very long lines (2499), with no line terminators
Hash 8d3067174a215c7eb7564cf431648a02
367941a3efcc322344c1a506fe92e207b06afb30
df6e1dbc5db02bf9893d5a3594f9afe65a7b2f950defa14358a719f2014aea71
GET /cachebust/runtime-react-afb237e8b31275fe8b77.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=2562
etag: W/"cf9f6aa238586d52f229a7c69315220c"
last-modified: Fri, 03 Feb 2023 01:47:49 GMT
x-amz-id-2: H+OQOab8jyLazuGfQcb1jQRjUx4B9zVTBWfSw3aGbiSYmTrYEVMTDuafkHv7StkOxiSFsJEDYvQ=
x-amz-meta-s3cmd-attrs: md5:cf9f6aa238586d52f229a7c69315220c
x-amz-request-id: 8ZDGPX65Q0PQ1773
cf-cache-status: HIT
age: 2375995
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BSvb9093wrn%2F23LjrU6nJK2%2B0p3vBuE3EeYNezRqeNpIUwWwSwK66uq%2FBvwGq4ZkrDXyNcvgifkrOcjvNheK1vrG2Vw6e%2F8VISYE7DqaorIa1SJMmGdds6dxfakvoUinnUwqOYfW79VowMLwRtvq0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc19adfabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js-agent.newrelic.com/page_action-aggregate.92657d87-1225.min.js
151.101.66.137200 OK 1.2 kB URL HTTP/2 js-agent.newrelic.com/page_action-aggregate.92657d87-1225.min.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (2764), with no line terminators
Hash a10c648bfb16e18d740e933a115900fe
080d355914831b974d8dd335f10934ecc908e9a8
8fb60609f9109b4f410f2647db66c510cef20365d1d789d53a60a0794e7cc5d0
GET /page_action-aggregate.92657d87-1225.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: q2wpAgQXGu/O+546PsxsUVkdFg6TJVocTOxLEJ1dvS18dPajFpueDvCVilNhjKfFu54p6O+hS/w=
x-amz-request-id: ZQ5715FMDGM1A8V2
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
etag: "44fd542c32559790db696a8ee7ade0b1"
x-amz-server-side-encryption: AES256
x-amz-version-id: LWJLU5TdVV0.TfnYrT4knyPvYg1S141q
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 02 Mar 2023 13:50:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 2640
x-timer: S1677765027.788628,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1200
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.18530755313907543
131.153.88.93200 OK 29 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.18530755313907543
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash b9ba4da30736e8d889c06c3a47bc1ea3
248f5c9fc8ab269bce15385d207fe3743020429b
260acd5e8e698a70a09db17b71c71b7b57ba4e55c98a58dca4a060ea4255695e
GET /stream?room=mashayang&f=0.18530755313907543 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:26 GMT
content-type: image/jpeg
content-length: 29103
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash db1295b8485c840ea60d9225040cc7ac
114d6d877719768a37aa5347afe55651d7490157
2914050542b68828ba5ec470bfb4933c234d9c2d648f70a716a8074f43bb0c9c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2914050542B68828BA5EC470BFB4933C234D9C2D648F70A716A8074F43BB0C9C"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17157
Expires: Thu, 02 Mar 2023 18:36:23 GMT
Date: Thu, 02 Mar 2023 13:50:26 GMT
Connection: keep-alive
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
217.22.19.194200 OK 36 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP 217.22.19.194:0
Hash fe3d83a3ff8c62056b797bf419ea78fe
0017a6f1db7270b3b78ab3650a5ba0c0e571ea2e
b825af740a0830270fa7e7a208142ad5f8b184c27cf1ad4aacec3acaafa3807d
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2677
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-205
xxxlongmove.gigixo.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b57014b56545550555757564b575049565c541c5551534a0e1403
139.99.56.17200 167 B URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b57014b56545550555757564b575049565c541c5551534a0e1403
IP 139.99.56.17:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b57014b56545550555757564b575049565c541c5551534a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-CORE: core4
X-LB: core4
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569819
static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
104.16.94.42200 OK 40 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
IP 104.16.94.42:0
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /CACHE/js/output.97a5db11ca63.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=827275
etag: W/"692ec922d2a39b4037073f70286968b3"
last-modified: Fri, 13 May 2022 09:09:46 GMT
x-amz-id-2: cm1wH1tB3VPUytbB+ZVpHkw/m3SedhP243fBi2a1vig2wRGFAOdRFt9NQ1zfS8O0H/B731DXlN8=
x-amz-meta-s3cmd-attrs: md5:692ec922d2a39b4037073f70286968b3
x-amz-request-id: 932N29A1CDHYXHRM
cf-cache-status: HIT
age: 1069486
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OICvshTMM%2Fltt28sg%2BAK0p9BLfRxWnFNcMgBIlamDKjLJAbpTunAqMO2F1MPRh5Q9ggaXvrtJuVRl1T3EwKdInNno8LmUGYZdvdA5tB9CtEb9V9ln1nnHpzAqsloy%2FlzDEXOjRbLTjRb4FvzniI6zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc19abfabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569819
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 15687771
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36404 Not Found 0 B URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://xxxlongmove.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: nginx
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: application/javascript
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1225.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3324&ck=0&s=e73cbc4e48625b93&ref=https://chaturbate.com/embed/mashayang/&ap=168&be=1010&fe=1856&dc=754&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1677765022902,%22n%22:0,%22f%22:497,%22dn%22:497,%22dne%22:497,%22c%22:497,%22s%22:497,%22ce%22:497,%22rq%22:511,%22rp%22:848,%22rpe%22:852,%22dl%22:879,%22di%22:1715,%22ds%22:1763,%22de%22:1770,%22dc%22:2863,%22l%22:2863,%22le%22:2874%7D,%22navigation%22:%7B%7D%7D&fcp=2650&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAcIVAhTAgkABFoGBlcAABh2Yi0TFUMhJTshCU0XAwBNE3onPSELFyNBQUtQQwsbBwMPFwZKX1RVQgQTFUMQBgUPOVBFGwtDCAhPW1NKV1QXBAwFQx0bAAwMCjwAVVReQkMLG0NOQQYGFU1qXkQEQko%2BCxNGWUQABBcIUR8NU0xSUVdEFRdbVBJFZgYXBhcQOV5QVhNbE3cuQE9GChZmVlZED0VLGEBZRi0pGxkbWBFuWg4XDRARH2ZWVl8HWF0EDAABQVwbDAATTRNQET0NARcRVkdSE1sTWw0LG0oACVQXFRMIQWYOEAQFDQ9DVE1YDl8bW0AhCAoeGWZWXRRFUA4MEEZPRFBFZlgSQRtbQCEICh4ZZlZdFEVQDgwQRk9EUEVmUBJfG1tXU1dTUhUXUEE%2BUEoPPQwWBEQDF3tdCEkZMg0PERcPVltKESBiG01AChQ8BVZbV1QCRVAODDwQGhZcFwMTIlBbDQdMIDAqGxkbWBFuTBIHETsXH0lQGwtDQ1wSCwcBDRJQVFUTTRNLBBMWARASZkVYRQkTA0NNBgkBA10aVFASWVgYAw0DTEQVF05dPllWEhZBXkEFUVRNRBNTWBUHTQcMCxsZG0IIRVw%2BCwdGWVcVF0pYFVRmBQ0OBQoIGw8bUglQTRQQAQUXAxdWVlxDHRsTBxIRBhVNalFeEkUbW0AADAISTEdbUBVUFwINDkZPRFtHVkYSVEs%2BCwdGWURbU1xSAAALVU9UAABTFAEPV1YcAVBWWklXU18BDwMCBA1RV1FGT0RLUF9UE1RLQ1hBDBcSSQ8WHhVCQA8GCgcCElwbWl4MHhtNQBEBEhNcRk1uDFRNCQ0HRllEfnBtE00TSRgWCwsNOU9QS0IIXldDWEFXTVEbGRtEAG5dBBQKBwY5X1RUWA1IG1tALBALA0sXFRMUUGYFBxUNAANmQUBBBBMDQwYGFwgSVkUbHUNEWD4NEDsFB1RcVUhDCxs2Cw0ADBFKFxUTFFBmDhE8EgYUSlxWX0MLG1BSQUhBE1hqW0MORkoEEDwCAgtQWUATWxN/CBAGAgweGxkbRABuWxMNFBcGFGZDXEMSWFYPQFlGUlYMGwkTTRNMAD0QEBEPV1IbC0N8VhsLDwgCSQwbCRFJZlAPBgwTEEZ3YRkAUR8JWkI0DQ1QDQ4ZSVcFAkEQFV5SVgwbCRhBdlwCCQxLUVYIBQkAUQAZJwsRAQUJQRoIAVQfCUNOQQMKEmZWVlwMWE1DWEEFVVFcAA4EVlIPB1NBSEEWWEdYXBITA0MZP0YJCVBbZl4XVEsNAxo4QVwZaRsAPRMVQT5BEAwTS2kbC0FtG1cNUwY/RBUVZRMCUFQRAwoDDTobDxltQ399MiFQOEFKGWkbVQhCWAMOBjsQCUxbXW1DCxk9QFI4QUoZaRtcDlNQDQcxAQcPS1BaRT0TA0E%2BQQUWElZpGx1BbRsEDwEBBzlPXF1UDm5WDw4aOEFcGWkbAD0TRENOQQcCC2ZBWFZDCxsRFwEICgUbGRtSDl1WEz0OCwcDGw8bXQhWURUPDAAGRBUXS14OXGYSFgIQFhUbDxtdCEdcQx8e&jsonp=NREUM.setToken
162.247.243.29200 OK 49 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1225.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3324&ck=0&s=e73cbc4e48625b93&ref=https://chaturbate.com/embed/mashayang/&ap=168&be=1010&fe=1856&dc=754&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1677765022902,%22n%22:0,%22f%22:497,%22dn%22:497,%22dne%22:497,%22c%22:497,%22s%22:497,%22ce%22:497,%22rq%22:511,%22rp%22:848,%22rpe%22:852,%22dl%22:879,%22di%22:1715,%22ds%22:1763,%22de%22:1770,%22dc%22:2863,%22l%22:2863,%22le%22:2874%7D,%22navigation%22:%7B%7D%7D&fcp=2650&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAcIVAhTAgkABFoGBlcAABh2Yi0TFUMhJTshCU0XAwBNE3onPSELFyNBQUtQQwsbBwMPFwZKX1RVQgQTFUMQBgUPOVBFGwtDCAhPW1NKV1QXBAwFQx0bAAwMCjwAVVReQkMLG0NOQQYGFU1qXkQEQko%2BCxNGWUQABBcIUR8NU0xSUVdEFRdbVBJFZgYXBhcQOV5QVhNbE3cuQE9GChZmVlZED0VLGEBZRi0pGxkbWBFuWg4XDRARH2ZWVl8HWF0EDAABQVwbDAATTRNQET0NARcRVkdSE1sTWw0LG0oACVQXFRMIQWYOEAQFDQ9DVE1YDl8bW0AhCAoeGWZWXRRFUA4MEEZPRFBFZlgSQRtbQCEICh4ZZlZdFEVQDgwQRk9EUEVmUBJfG1tXU1dTUhUXUEE%2BUEoPPQwWBEQDF3tdCEkZMg0PERcPVltKESBiG01AChQ8BVZbV1QCRVAODDwQGhZcFwMTIlBbDQdMIDAqGxkbWBFuTBIHETsXH0lQGwtDQ1wSCwcBDRJQVFUTTRNLBBMWARASZkVYRQkTA0NNBgkBA10aVFASWVgYAw0DTEQVF05dPllWEhZBXkEFUVRNRBNTWBUHTQcMCxsZG0IIRVw%2BCwdGWVcVF0pYFVRmBQ0OBQoIGw8bUglQTRQQAQUXAxdWVlxDHRsTBxIRBhVNalFeEkUbW0AADAISTEdbUBVUFwINDkZPRFtHVkYSVEs%2BCwdGWURbU1xSAAALVU9UAABTFAEPV1YcAVBWWklXU18BDwMCBA1RV1FGT0RLUF9UE1RLQ1hBDBcSSQ8WHhVCQA8GCgcCElwbWl4MHhtNQBEBEhNcRk1uDFRNCQ0HRllEfnBtE00TSRgWCwsNOU9QS0IIXldDWEFXTVEbGRtEAG5dBBQKBwY5X1RUWA1IG1tALBALA0sXFRMUUGYFBxUNAANmQUBBBBMDQwYGFwgSVkUbHUNEWD4NEDsFB1RcVUhDCxs2Cw0ADBFKFxUTFFBmDhE8EgYUSlxWX0MLG1BSQUhBE1hqW0MORkoEEDwCAgtQWUATWxN/CBAGAgweGxkbRABuWxMNFBcGFGZDXEMSWFYPQFlGUlYMGwkTTRNMAD0QEBEPV1IbC0N8VhsLDwgCSQwbCRFJZlAPBgwTEEZ3YRkAUR8JWkI0DQ1QDQ4ZSVcFAkEQFV5SVgwbCRhBdlwCCQxLUVYIBQkAUQAZJwsRAQUJQRoIAVQfCUNOQQMKEmZWVlwMWE1DWEEFVVFcAA4EVlIPB1NBSEEWWEdYXBITA0MZP0YJCVBbZl4XVEsNAxo4QVwZaRsAPRMVQT5BEAwTS2kbC0FtG1cNUwY/RBUVZRMCUFQRAwoDDTobDxltQ399MiFQOEFKGWkbVQhCWAMOBjsQCUxbXW1DCxk9QFI4QUoZaRtcDlNQDQcxAQcPS1BaRT0TA0E%2BQQUWElZpGx1BbRsEDwEBBzlPXF1UDm5WDw4aOEFcGWkbAD0TRENOQQcCC2ZBWFZDCxsRFwEICgUbGRtSDl1WEz0OCwcDGw8bXQhWURUPDAAGRBUXS14OXGYSFgIQFhUbDxtdCEdcQx8e&jsonp=NREUM.setToken
IP 162.247.243.29:0
File type ASCII text, with no line terminators
Hash ada33e5b8877e743ff658bf4bfa1867c
5a78662243dac43c0ee48bcb7e05a536b84c2e38
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
GET /1/6f524845d1?a=24279235&v=1225.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3324&ck=0&s=e73cbc4e48625b93&ref=https://chaturbate.com/embed/mashayang/&ap=168&be=1010&fe=1856&dc=754&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1677765022902,%22n%22:0,%22f%22:497,%22dn%22:497,%22dne%22:497,%22c%22:497,%22s%22:497,%22ce%22:497,%22rq%22:511,%22rp%22:848,%22rpe%22:852,%22dl%22:879,%22di%22:1715,%22ds%22:1763,%22de%22:1770,%22dc%22:2863,%22l%22:2863,%22le%22:2874%7D,%22navigation%22:%7B%7D%7D&fcp=2650&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAcIVAhTAgkABFoGBlcAABh2Yi0TFUMhJTshCU0XAwBNE3onPSELFyNBQUtQQwsbBwMPFwZKX1RVQgQTFUMQBgUPOVBFGwtDCAhPW1NKV1QXBAwFQx0bAAwMCjwAVVReQkMLG0NOQQYGFU1qXkQEQko%2BCxNGWUQABBcIUR8NU0xSUVdEFRdbVBJFZgYXBhcQOV5QVhNbE3cuQE9GChZmVlZED0VLGEBZRi0pGxkbWBFuWg4XDRARH2ZWVl8HWF0EDAABQVwbDAATTRNQET0NARcRVkdSE1sTWw0LG0oACVQXFRMIQWYOEAQFDQ9DVE1YDl8bW0AhCAoeGWZWXRRFUA4MEEZPRFBFZlgSQRtbQCEICh4ZZlZdFEVQDgwQRk9EUEVmUBJfG1tXU1dTUhUXUEE%2BUEoPPQwWBEQDF3tdCEkZMg0PERcPVltKESBiG01AChQ8BVZbV1QCRVAODDwQGhZcFwMTIlBbDQdMIDAqGxkbWBFuTBIHETsXH0lQGwtDQ1wSCwcBDRJQVFUTTRNLBBMWARASZkVYRQkTA0NNBgkBA10aVFASWVgYAw0DTEQVF05dPllWEhZBXkEFUVRNRBNTWBUHTQcMCxsZG0IIRVw%2BCwdGWVcVF0pYFVRmBQ0OBQoIGw8bUglQTRQQAQUXAxdWVlxDHRsTBxIRBhVNalFeEkUbW0AADAISTEdbUBVUFwINDkZPRFtHVkYSVEs%2BCwdGWURbU1xSAAALVU9UAABTFAEPV1YcAVBWWklXU18BDwMCBA1RV1FGT0RLUF9UE1RLQ1hBDBcSSQ8WHhVCQA8GCgcCElwbWl4MHhtNQBEBEhNcRk1uDFRNCQ0HRllEfnBtE00TSRgWCwsNOU9QS0IIXldDWEFXTVEbGRtEAG5dBBQKBwY5X1RUWA1IG1tALBALA0sXFRMUUGYFBxUNAANmQUBBBBMDQwYGFwgSVkUbHUNEWD4NEDsFB1RcVUhDCxs2Cw0ADBFKFxUTFFBmDhE8EgYUSlxWX0MLG1BSQUhBE1hqW0MORkoEEDwCAgtQWUATWxN/CBAGAgweGxkbRABuWxMNFBcGFGZDXEMSWFYPQFlGUlYMGwkTTRNMAD0QEBEPV1IbC0N8VhsLDwgCSQwbCRFJZlAPBgwTEEZ3YRkAUR8JWkI0DQ1QDQ4ZSVcFAkEQFV5SVgwbCRhBdlwCCQxLUVYIBQkAUQAZJwsRAQUJQRoIAVQfCUNOQQMKEmZWVlwMWE1DWEEFVVFcAA4EVlIPB1NBSEEWWEdYXBITA0MZP0YJCVBbZl4XVEsNAxo4QVwZaRsAPRMVQT5BEAwTS2kbC0FtG1cNUwY/RBUVZRMCUFQRAwoDDTobDxltQ399MiFQOEFKGWkbVQhCWAMOBjsQCUxbXW1DCxk9QFI4QUoZaRtcDlNQDQcxAQcPS1BaRT0TA0E%2BQQUWElZpGx1BbRsEDwEBBzlPXF1UDm5WDw4aOEFcGWkbAD0TRENOQQcCC2ZBWFZDCxsRFwEICgUbGRtSDl1WEz0OCwcDGw8bXQhWURUPDAAGRBUXS14OXGYSFgIQFhUbDxtdCEdcQx8e&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 49
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/javascript
cross-origin-resource-policy: cross-origin
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: *
x-served-by: cache-bma1674-BMA
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 2.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2537), with no line terminators
Hash a24bb547013b98290363e8fa53a604f9
1ec0e01b1c6fc839fadfae10a2f7b954bb10ebdf
1a78f53745a7edd23a80738d5065395131d3409cb936cf6d7095b8c4e3d1d7f0
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2537
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-205
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b062c330f0036011c34311e0f49102e29082049000d134b5454544b50515d4b545d554b5754573b555454544a0e1403
139.99.56.17200 62 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b062c330f0036011c34311e0f49102e29082049000d134b5454544b50515d4b545d554b5754573b555454544a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 750x1000, components 3\012- data
Hash 24bc2ab457bef03ba441e17c81ae7291
6f44f91fcb3467dca7d320358594131dc1ce1418
503f128ac543002545773ea0a81dba8163ddde8c892b3e0e5fb308599dff4acd
GET /viewImage3?data=0c101014175e4b4b100c1109064914574a1c0c07000a4a070b094b054b062c330f0036011c34311e0f49102e29082049000d134b5454544b50515d4b545d554b5754573b555454544a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Length: 62113
Connection: keep-alive
Cache-Control: max-age=31418383
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.38672429071268133
131.153.88.93200 OK 29 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.38672429071268133
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 1a905bf323f8f5a5cd7c81243938ff62
ea8400a7a55301affb3cf5c7da613de694cec57c
8939863cf533d53b26c0ea49e0b12ecdc11bbbf547ed8b1a854814899135f4db
GET /stream?room=mashayang&f=0.38672429071268133 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: image/jpeg
content-length: 29439
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
173.233.137.44200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
IP 173.233.137.44:0
File type exported SGML document, ASCII text, with very long lines (27002), with no line terminators
Hash 532bafba637063a01b3ea63889d46fc9
21c9c6293d88d2db2e62ff2a7b2cf91e5416db01
5f4703e7eaa8506e98c361fec23fafd0b77753bed79ebad163c08d8871391a62
GET /11115435c35e6b966b90a5f936e0edcc/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2b58310011f6288101e6f2a08029fc00
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765026
104.18.100.40301 Moved Permanently 0 B URL HTTP/1.1 chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765026
IP 104.18.100.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765026 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: https://chaturbate.com:443/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765026
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=j5PDF5fgoi.0Up7FwHYhjd6mp1NtNyXmtfox7jhBeXw-1677765027-0-Af/d6K8SPRc3HoJ3KhNIHC10bKm4sxvawAraKH5Hhmz9XFpIL/JLu3rCkUjJAxnc43h8f4vNMNuRuMjUUzYlPpU=; path=/; expires=Thu, 02-Mar-23 14:20:27 GMT; domain=.chaturbate.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UFW%2BFE9P22o5vupLME9g0LU3Nlp3VsW1Imtyk5nB2ISUGxfuPN4THtbccG%2F5Vsd%2Fw%2BOk7dKX9bR18J3Jo18NcYCP6sps4tT6uc6B8%2Bd9w6S%2FuEUwBWJjvUOqD5kXmveJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7a1a1bdbbd200b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
i.jads.co/network/user47819/8605-1583019933-0770893001583019933.gif
69.16.175.10200 OK 711 kB URL HTTP/1.1 i.jads.co/network/user47819/8605-1583019933-0770893001583019933.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 250 x 250\012- data
Size 711 kB (711003 bytes)
Hash 5e7254a66113022c0fd65a2d5070b3a7
169bb6176e1d5cdd21cda631cc0b467916289e19
44c1e3c9379b41feca5e134a70bf08bf336f99b495fa748a0ebe20b07ddc4fe3
GET /network/user47819/8605-1583019933-0770893001583019933.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:27 GMT
Connection: Keep-Alive
ETag: "1583019933"
Cache-Control: max-age=9517885
Content-Length: 711003
Content-Type: image/gif
Last-Modified: Sat, 29 Feb 2020 23:45:33 GMT
Accept-Ranges: bytes
X-HW: 1677765027.dop021.sk1.t,1677765027.cds018.sk1.c
riotousunspeakablestreet.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 riotousunspeakablestreet.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37133), with no line terminators
Hash 54767471a3f678ad12b4e5f74ada0a3e
f8df88ca3fcd1f318d7c626b692cc4970924eb16
031e3b951236dd7b7fd964cf5ce8a69113c237ddfb40a1ff1ca18fb3ca941943
GET /8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js HTTP/1.1
Host: riotousunspeakablestreet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a3c35eeb89ec51f13450d417c1d69ad3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Thu, 14 Jul 2022 11:57:00 GMT
If-None-Match: W/"62d0048c-18fbf"
HTTP/1.1 304 Not Modified
Date: Fri, 15 Jul 2022 19:08:50 GMT
Connection: keep-alive
Last-Modified: Thu, 14 Jul 2022 11:57:00 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62d0048c-18fbf"
Age: 19852897
poweredby.jads.co/adshow.php?adzone=940998
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=940998
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (416), with CRLF, LF line terminators
Hash 479eb5bc0c73a7e781e81c666334ac3b
af4a8ffa83ecf0563ad79761627a7eb644e8cc31
218817ae1089367a2dc09cc6bd520b87fac39a8f15ae2d866175b6ace46de18b
GET /adshow.php?adzone=940998 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=53e84fe34b7bd4d0c97262f2ece13c2e; expires=Fri, 01-Mar-2024 13:50:26 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps8605=1; expires=Fri, 03-Mar-2023 13:50:26 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjg4NDM5ODtpOjE2NzgwMjQyMjY7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:26 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:26 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
136.243.51.205200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.7401111804780518
131.153.88.93200 OK 29 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.7401111804780518
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash d3062a327c81416cf82748ab7c50f960
1920b6e77dfd71f111409fc23b11cbad5a66089b
d49c36a8c709b0cc7ad4c4f78eea32be893976bbee31e55fe66f596d1f5a2504
GET /stream?room=mashayang&f=0.7401111804780518 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: image/jpeg
content-length: 28927
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569819
static.eabids.com/data/bannerpools/112022/33983.jpg
217.22.19.195200 OK 24 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/33983.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 0c64aeaa2e981550d56330e6de55acce
b964f2adad22b61f3ae02dd42fc91e74bdbb7c0f
e464cb46cb83ad8fc0d3927a448b990d0ca738d80964904c26e1a2323728f75f
GET /data/bannerpools/112022/33983.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: image/jpeg
Content-Length: 23540
Last-Modified: Thu, 28 Apr 2022 14:46:16 GMT
Connection: keep-alive
ETag: "626aa8b8-5bf4"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=940998
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=940998
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (416), with CRLF, LF line terminators
Hash c6aa7cbca5b23dfe8e15bd8a0c5f3ccb
25e28204bf0ce1763b4b6cbf290ebafdc098ecd7
fb1c784564899db85d9a63f477a861292636cb3fac874a20596e31bc934d9892
GET /adshow.php?adzone=940998 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=53e84fe34b7bd4d0c97262f2ece13c2e; expires=Fri, 01-Mar-2024 13:50:26 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps8605=1; expires=Fri, 03-Mar-2023 13:50:26 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjg4NDM5ODtpOjE2NzgwMjQyMjY7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:26 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:26 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
static.eabids.com/data/bannerpools/112022/33938.gif
217.22.19.195200 OK 110 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/33938.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 110 kB (109556 bytes)
Hash 99f045953da4944734a2a4825652c0a5
888990bf3f6a32d59b38440527791513ec4e62da
39828e6917808e286373a5da9965cddaf4ea5604417c2d390efa2bf0530603b2
GET /data/bannerpools/112022/33938.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: image/gif
Content-Length: 109556
Last-Modified: Thu, 28 Apr 2022 14:46:16 GMT
Connection: keep-alive
ETag: "626aa8b8-1abf4"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes
static-assets.highwebmedia.com/cachebust/theatermode-react-b96e8c8a59a58b99e93a.js
104.16.94.42200 OK 20 kB URL HTTP/2 static-assets.highwebmedia.com/cachebust/theatermode-react-b96e8c8a59a58b99e93a.js
IP 104.16.94.42:0
File type ASCII text, with very long lines (22727), with no line terminators
Hash 61334f084944b660d39db2f1ef80f67c
d6ec10e7d66e5fff9440a0236f61164de31bfdbb
cba4427c72932ca1f00e0948b60d43c05b806aeeae4d51ece7314d1fbc61d95a
GET /cachebust/theatermode-react-b96e8c8a59a58b99e93a.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=22794
etag: W/"48bdf5737fd4d30cacaa33fdf2d543e9"
last-modified: Tue, 07 Feb 2023 01:02:23 GMT
x-amz-id-2: zxVQ+KZwzZ9gGokLLxSLdQhS4msEWXF+qQOqUtJmtyvvLlSFAuhYWkQvooYJPn/C4D+0jUG0wQI=
x-amz-meta-s3cmd-attrs: md5:48bdf5737fd4d30cacaa33fdf2d543e9
x-amz-request-id: SAJZDTV2YHF7DDTZ
cf-cache-status: HIT
age: 2033119
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdBrY25gRRPS0fxtxSmwrzN9ch0P6ryG%2FFynqe%2FxiSQxAxTHPrDTVoCriN4CNlEn%2FOPXqKLByUdN9fjX6UWdq%2B5d1vL2HDWolR0hnjbKZZWG6vOeK5CIkCJ%2FwuhuCEaPb2T78eyKneL6LFe2wdEBhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=x4MyEc2SgL_K0fHmFNMjNmso7K.bmf..zs9D_mazFoE-1677765024674-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc19b1fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.51.205200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 1d99311a3e84df4a
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
173.233.137.44200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
IP 173.233.137.44:0
File type exported SGML document, ASCII text, with very long lines (26986), with no line terminators
Hash 800360c8d18f0c8b5c807c1316aeb4f3
9d8a279326a9560e5ec4f810d39e2d65bc1cc3a5
39091f0a24bbaf1f4c299e00f06b1cb69c35289d4f0d91f84de24fea3b0741b3
GET /539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 33e5fabe9789c250c83325e95cfb3765
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.eabids.com/data/bannerpools/94553/24637.jpg
217.22.19.195200 OK 26 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/24637.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 9181561ea8db4963a2c2ac41e1dc1566
45c42a77b9559cd5e3489a020faa63e93b811d90
9e59a5bd4da5c46dca8777c244682e927505dbaf6b4ec26b42fdc6799b74f794
GET /data/bannerpools/94553/24637.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: image/jpeg
Content-Length: 26232
Last-Modified: Thu, 28 Apr 2022 14:45:49 GMT
Connection: keep-alive
ETag: "626aa89d-6678"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=xxxlongmove.gigixo.com&et=153
136.243.51.205200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=xxxlongmove.gigixo.com&et=153
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=xxxlongmove.gigixo.com&et=153 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5755514b51555557525057534b51555557525057533b5454563b070505064a0e1403
139.99.56.17200 19 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5755514b51555557525057534b51555557525057533b5454563b070505064a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16\012- data
Hash cf965d28f267ded521848d3d7a21b67e
9bbbf12016f3738ffcd7285fb1376a476818f4da
41bc98791e85f98b0e5c05f260b321222b520b2c5b84ea7fa09dcea44d2c6cbb
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b5755514b51555557525057534b51555557525057533b5454563b070505064a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Length: 18745
Connection: keep-alive
Cache-Control: max-age=31418383
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.8662097554933115
131.153.88.93200 OK 30 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.8662097554933115
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash db0bcc0ccdb0b02a8dfa58da2944077d
13c63565fad8a3b326d725f8f4cacf7949585d65
43b5aaac3f21c54dabc8e4e77857564a404ddedb01b518778770516948d63fbd
GET /stream?room=mashayang&f=0.8662097554933115 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: image/jpeg
content-length: 29810
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
bam.nr-data.net/ins/1/6f524845d1?a=24279235&v=1225.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3845&ck=0&s=e73cbc4e48625b93&ref=https://chaturbate.com/embed/mashayang/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAcIVAhTAgkABFoGBlcAABh2Yi0TFUMhJTshCU0XAwBNE3onPSELFyNBQUtQQwsbBwMPFwZKX1RVQgQTFUMQBgUPOVBFGwtDCAhPW1NKV1QXBAwFQx0bAAwMCjwAVVReQkMLG0NOQQYGFU1qXkQEQko%2BCxNGWUQABBcIUR8NU0xSUVdEFRdbVBJFZgYXBhcQOV5QVhNbE3cuQE9GChZmVlZED0VLGEBZRi0pGxkbWBFuWg4XDRARH2ZWVl8HWF0EDAABQVwbDAATTRNQET0NARcRVkdSE1sTWw0LG0oACVQXFRMIQWYOEAQFDQ9DVE1YDl8bW0AhCAoeGWZWXRRFUA4MEEZPRFBFZlgSQRtbQCEICh4ZZlZdFEVQDgwQRk9EUEVmUBJfG1tXU1dTUhUXUEE%2BUEoPPQwWBEQDF3tdCEkZMg0PERcPVltKESBiG01AChQ8BVZbV1QCRVAODDwQGhZcFwMTIlBbDQdMIDAqGxkbWBFuTBIHETsXH0lQGwtDQ1wSCwcBDRJQVFUTTRNLBBMWARASZkVYRQkTA0NNBgkBA10aVFASWVgYAw0DTEQVF05dPllWEhZBXkEFUVRNRBNTWBUHTQcMCxsZG0IIRVw%2BCwdGWVcVF0pYFVRmBQ0OBQoIGw8bUglQTRQQAQUXAxdWVlxDHRsTBxIRBhVNalFeEkUbW0AADAISTEdbUBVUFwINDkZPRFtHVkYSVEs%2BCwdGWURbU1xSAAALVU9UAABTFAEPV1YcAVBWWklXU18BDwMCBA1RV1FGT0RLUF9UE1RLQ1hBDBcSSQ8WHhVCQA8GCgcCElwbWl4MHhtNQBEBEhNcRk1uDFRNCQ0HRllEfnBtE00TSRgWCwsNOU9QS0IIXldDWEFXTVEbGRtEAG5dBBQKBwY5X1RUWA1IG1tALBALA0sXFRMUUGYFBxUNAANmQUBBBBMDQwYGFwgSVkUbHUNEWD4NEDsFB1RcVUhDCxs2Cw0ADBFKFxUTFFBmDhE8EgYUSlxWX0MLG1BSQUhBE1hqW0MORkoEEDwCAgtQWUATWxN/CBAGAgweGxkbRABuWxMNFBcGFGZDXEMSWFYPQFlGUlYMGwkTTRNMAD0QEBEPV1IbC0N8VhsLDwgCSQwbCRFJZlAPBgwTEEZ3YRkAUR8JWkI0DQ1QDQ4ZSVcFAkEQFV5SVgwbCRhBdlwCCQxLUVYIBQkAUQAZJwsRAQUJQRoIAVQfCUNOQQMKEmZWVlwMWE1DWEEFVVFcAA4EVlIPB1NBSEEWWEdYXBITA0MZP0YJCVBbZl4XVEsNAxo4QVwZaRsAPRMVQT5BEAwTS2kbC0FtG1cNUwY/RBUVZRMCUFQRAwoDDTobDxltQ399MiFQOEFKGWkbVQhCWAMOBjsQCUxbXW1DCxk9QFI4QUoZaRtcDlNQDQcxAQcPS1BaRT0TA0E%2BQQUWElZpGx1BbRsEDwEBBzlPXF1UDm5WDw4aOEFcGWkbAD0TRENOQQcCC2ZBWFZDCxsRFwEICgUbGRtSDl1WEz0OCwcDGw8bXQhWURUPDAAGRBUXS14OXGYSFgIQFhUbDxtdCEdcQx8e
162.247.243.29204 No Content 0 B URL HTTP/1.1 bam.nr-data.net/ins/1/6f524845d1?a=24279235&v=1225.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3845&ck=0&s=e73cbc4e48625b93&ref=https://chaturbate.com/embed/mashayang/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAcIVAhTAgkABFoGBlcAABh2Yi0TFUMhJTshCU0XAwBNE3onPSELFyNBQUtQQwsbBwMPFwZKX1RVQgQTFUMQBgUPOVBFGwtDCAhPW1NKV1QXBAwFQx0bAAwMCjwAVVReQkMLG0NOQQYGFU1qXkQEQko%2BCxNGWUQABBcIUR8NU0xSUVdEFRdbVBJFZgYXBhcQOV5QVhNbE3cuQE9GChZmVlZED0VLGEBZRi0pGxkbWBFuWg4XDRARH2ZWVl8HWF0EDAABQVwbDAATTRNQET0NARcRVkdSE1sTWw0LG0oACVQXFRMIQWYOEAQFDQ9DVE1YDl8bW0AhCAoeGWZWXRRFUA4MEEZPRFBFZlgSQRtbQCEICh4ZZlZdFEVQDgwQRk9EUEVmUBJfG1tXU1dTUhUXUEE%2BUEoPPQwWBEQDF3tdCEkZMg0PERcPVltKESBiG01AChQ8BVZbV1QCRVAODDwQGhZcFwMTIlBbDQdMIDAqGxkbWBFuTBIHETsXH0lQGwtDQ1wSCwcBDRJQVFUTTRNLBBMWARASZkVYRQkTA0NNBgkBA10aVFASWVgYAw0DTEQVF05dPllWEhZBXkEFUVRNRBNTWBUHTQcMCxsZG0IIRVw%2BCwdGWVcVF0pYFVRmBQ0OBQoIGw8bUglQTRQQAQUXAxdWVlxDHRsTBxIRBhVNalFeEkUbW0AADAISTEdbUBVUFwINDkZPRFtHVkYSVEs%2BCwdGWURbU1xSAAALVU9UAABTFAEPV1YcAVBWWklXU18BDwMCBA1RV1FGT0RLUF9UE1RLQ1hBDBcSSQ8WHhVCQA8GCgcCElwbWl4MHhtNQBEBEhNcRk1uDFRNCQ0HRllEfnBtE00TSRgWCwsNOU9QS0IIXldDWEFXTVEbGRtEAG5dBBQKBwY5X1RUWA1IG1tALBALA0sXFRMUUGYFBxUNAANmQUBBBBMDQwYGFwgSVkUbHUNEWD4NEDsFB1RcVUhDCxs2Cw0ADBFKFxUTFFBmDhE8EgYUSlxWX0MLG1BSQUhBE1hqW0MORkoEEDwCAgtQWUATWxN/CBAGAgweGxkbRABuWxMNFBcGFGZDXEMSWFYPQFlGUlYMGwkTTRNMAD0QEBEPV1IbC0N8VhsLDwgCSQwbCRFJZlAPBgwTEEZ3YRkAUR8JWkI0DQ1QDQ4ZSVcFAkEQFV5SVgwbCRhBdlwCCQxLUVYIBQkAUQAZJwsRAQUJQRoIAVQfCUNOQQMKEmZWVlwMWE1DWEEFVVFcAA4EVlIPB1NBSEEWWEdYXBITA0MZP0YJCVBbZl4XVEsNAxo4QVwZaRsAPRMVQT5BEAwTS2kbC0FtG1cNUwY/RBUVZRMCUFQRAwoDDTobDxltQ399MiFQOEFKGWkbVQhCWAMOBjsQCUxbXW1DCxk9QFI4QUoZaRtcDlNQDQcxAQcPS1BaRT0TA0E%2BQQUWElZpGx1BbRsEDwEBBzlPXF1UDm5WDw4aOEFcGWkbAD0TRENOQQcCC2ZBWFZDCxsRFwEICgUbGRtSDl1WEz0OCwcDGw8bXQhWURUPDAAGRBUXS14OXGYSFgIQFhUbDxtdCEdcQx8e
IP 162.247.243.29:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ins/1/6f524845d1?a=24279235&v=1225.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3845&ck=0&s=e73cbc4e48625b93&ref=https://chaturbate.com/embed/mashayang/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAcIVAhTAgkABFoGBlcAABh2Yi0TFUMhJTshCU0XAwBNE3onPSELFyNBQUtQQwsbBwMPFwZKX1RVQgQTFUMQBgUPOVBFGwtDCAhPW1NKV1QXBAwFQx0bAAwMCjwAVVReQkMLG0NOQQYGFU1qXkQEQko%2BCxNGWUQABBcIUR8NU0xSUVdEFRdbVBJFZgYXBhcQOV5QVhNbE3cuQE9GChZmVlZED0VLGEBZRi0pGxkbWBFuWg4XDRARH2ZWVl8HWF0EDAABQVwbDAATTRNQET0NARcRVkdSE1sTWw0LG0oACVQXFRMIQWYOEAQFDQ9DVE1YDl8bW0AhCAoeGWZWXRRFUA4MEEZPRFBFZlgSQRtbQCEICh4ZZlZdFEVQDgwQRk9EUEVmUBJfG1tXU1dTUhUXUEE%2BUEoPPQwWBEQDF3tdCEkZMg0PERcPVltKESBiG01AChQ8BVZbV1QCRVAODDwQGhZcFwMTIlBbDQdMIDAqGxkbWBFuTBIHETsXH0lQGwtDQ1wSCwcBDRJQVFUTTRNLBBMWARASZkVYRQkTA0NNBgkBA10aVFASWVgYAw0DTEQVF05dPllWEhZBXkEFUVRNRBNTWBUHTQcMCxsZG0IIRVw%2BCwdGWVcVF0pYFVRmBQ0OBQoIGw8bUglQTRQQAQUXAxdWVlxDHRsTBxIRBhVNalFeEkUbW0AADAISTEdbUBVUFwINDkZPRFtHVkYSVEs%2BCwdGWURbU1xSAAALVU9UAABTFAEPV1YcAVBWWklXU18BDwMCBA1RV1FGT0RLUF9UE1RLQ1hBDBcSSQ8WHhVCQA8GCgcCElwbWl4MHhtNQBEBEhNcRk1uDFRNCQ0HRllEfnBtE00TSRgWCwsNOU9QS0IIXldDWEFXTVEbGRtEAG5dBBQKBwY5X1RUWA1IG1tALBALA0sXFRMUUGYFBxUNAANmQUBBBBMDQwYGFwgSVkUbHUNEWD4NEDsFB1RcVUhDCxs2Cw0ADBFKFxUTFFBmDhE8EgYUSlxWX0MLG1BSQUhBE1hqW0MORkoEEDwCAgtQWUATWxN/CBAGAgweGxkbRABuWxMNFBcGFGZDXEMSWFYPQFlGUlYMGwkTTRNMAD0QEBEPV1IbC0N8VhsLDwgCSQwbCRFJZlAPBgwTEEZ3YRkAUR8JWkI0DQ1QDQ4ZSVcFAkEQFV5SVgwbCRhBdlwCCQxLUVYIBQkAUQAZJwsRAQUJQRoIAVQfCUNOQQMKEmZWVlwMWE1DWEEFVVFcAA4EVlIPB1NBSEEWWEdYXBITA0MZP0YJCVBbZl4XVEsNAxo4QVwZaRsAPRMVQT5BEAwTS2kbC0FtG1cNUwY/RBUVZRMCUFQRAwoDDTobDxltQ399MiFQOEFKGWkbVQhCWAMOBjsQCUxbXW1DCxk9QFI4QUoZaRtcDlNQDQcxAQcPS1BaRT0TA0E%2BQQUWElZpGx1BbRsEDwEBBzlPXF1UDm5WDw4aOEFcGWkbAD0TRENOQQcCC2ZBWFZDCxsRFwEICgUbGRtSDl1WEz0OCwcDGw8bXQhWURUPDAAGRBUXS14OXGYSFgIQFhUbDxtdCEdcQx8e HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 2461
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Connection: keep-alive
date: Thu, 02 Mar 2023 13:50:27 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
x-served-by: cache-bma1674-BMA
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiY2I2NWExMTZkNWIzM2YyOWU2ZjVlMzNiZWU0OWQzZmMifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI2MTE0fX0=
116.202.60.158200 OK 1.0 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiY2I2NWExMTZkNWIzM2YyOWU2ZjVlMzNiZWU0OWQzZmMifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI2MTE0fX0=
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash f8318595f62145dded06e146bf85cbb0
94ce47c02675ff347fa93cd20559acf862cb30db
f2231c9a80c8415a609a5150516d2e6942da7aa02808a85459fc3cfd8afb5b39
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiY2I2NWExMTZkNWIzM2YyOWU2ZjVlMzNiZWU0OWQzZmMifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI2MTE0fX0= HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Thu, 14 Jul 2022 11:57:00 GMT
If-None-Match: W/"62d0048c-18fbf"
HTTP/1.1 304 Not Modified
Date: Fri, 15 Jul 2022 19:08:50 GMT
Connection: keep-alive
Last-Modified: Thu, 14 Jul 2022 11:57:00 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62d0048c-18fbf"
Age: 19852897
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 6569823
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
136.243.51.205200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36404 Not Found 0 B URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://xxxlongmove.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: application/javascript
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
217.22.19.194200 OK 752 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (752), with no line terminators
Hash 3accc8f03e81700313f9661f6fb13808
e339218b6c1efe28aa5969ec870c6f8d3c8c8c81
c9bf03a92c7e953a64d38f8badce6dda8ee6a4aceb1fbeee1cfc6c99836783d4
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 752
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-205
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 613 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash c5682b9474869cd9af7324131a195a7f
c5f5f99662c1b75c99901e60bc7b6f5e32ec8e4c
503e0a36a266fd1a76db53f9b16b90621a5e17d4e93695fe6aa8561505d2a13e
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030764
comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
173.233.137.44200 OK 9.8 kB URL HTTP/1.1 comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
IP 173.233.137.44:0
File type exported SGML document, ASCII text, with very long lines (26980), with no line terminators
Hash 06c1085f01f7d387f57716f51bf4ecf1
8faa661b6b8f929e6818077e384619e6377276d1
40b817047adf6d77c8a26b928612e935c968703edd95e9df86e56822daec41e8
GET /11115435c35e6b966b90a5f936e0edcc/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 83d60c903626a30fcca232501cd177fe
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
rtbrennab.com/banner/in/show/?mid=8554628641824567278&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-1&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
116.202.60.158302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=8554628641824567278&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-1&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=8554628641824567278&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-1&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 02 Mar 2023 13:50:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.5412102903245226
131.153.88.93200 OK 29 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.5412102903245226
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash c19189d80841df786c34acac868556f1
6c8f7987cdd6069fd31d8dc33a25f9e1164688c5
ac8d4f5a181a7ddae11fe9ab95afa04b6e33f5478a7921fb49373338d7b58189
GET /stream?room=mashayang&f=0.5412102903245226 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: image/jpeg
content-length: 29307
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/7/b/f0c150057ad2f54d8958b330d404556e4e605a.png
8.254.252.211200 OK 18 kB URL HTTP/2 lcdn.tsyndicate.com/images/7/b/f0c150057ad2f54d8958b330d404556e4e605a.png
IP 8.254.252.211:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash f0b41328d01337c57fe07340a1a8a786
c8785ca6e740b868114125b1e2eeca96e992bc6a
dd74ebacdf272f21a95dc7114315665e2bef84f0bffe95768b81bf294c1efd08
GET /images/7/b/f0c150057ad2f54d8958b330d404556e4e605a.png HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: image/png
content-length: 17996
last-modified: Fri, 22 Jul 2022 12:28:19 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"62da97e3-4d10"
age: 12221687
accept-ranges: bytes
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZmE0MDVkNDQ2YmJiZTE2YWIxMzIyMDc5MmM1ZjBjMmEifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI2MjIyfX0=
116.202.60.158200 OK 3.4 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZmE0MDVkNDQ2YmJiZTE2YWIxMzIyMDc5MmM1ZjBjMmEifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI2MjIyfX0=
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash 5c4e0b77f2cee6507c3e704c2ee4039d
7dc7de6f10d9cfb4d2c89bc168c4845f124e2521
3b59d64d29244c2bfbc194d56dde4945b25d79cd1399a7994e1b63abc062dbcb
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZmE0MDVkNDQ2YmJiZTE2YWIxMzIyMDc5MmM1ZjBjMmEifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI2MjIyfX0= HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=5685024702610838355&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.008&ecpm=0.006356&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-3&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=IAB24&min_cpm=0.00012586532410320956&placement_type_id=0&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
116.202.60.158302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=5685024702610838355&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.008&ecpm=0.006356&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-3&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=IAB24&min_cpm=0.00012586532410320956&placement_type_id=0&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=5685024702610838355&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.008&ecpm=0.006356&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-3&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=IAB24&min_cpm=0.00012586532410320956&placement_type_id=0&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 02 Mar 2023 13:50:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://preroll.hostave3.net/notifications/zeropixel.png
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZmE0MDVkNDQ2YmJiZTE2YWIxMzIyMDc5MmM1ZjBjMmEifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI2NDg3fX0=
116.202.60.158200 OK 2.2 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZmE0MDVkNDQ2YmJiZTE2YWIxMzIyMDc5MmM1ZjBjMmEifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI2NDg3fX0=
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash 88dab51c5a8c5d82086395819b514d48
53e9286329154fe77d2550420bb289079e3ad3bd
b84bb4832f4277f8b5a9390e22910829313eca7ffa3f20e87bbb1f01a1be1de2
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZmE0MDVkNDQ2YmJiZTE2YWIxMzIyMDc5MmM1ZjBjMmEifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI2NDg3fX0= HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
109.206.163.116302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
IP 109.206.163.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
vary: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: 912.0=1; expires=Fri, 03 Mar 2023 13:50:27 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 734 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (734), with no line terminators
Hash 3dd4f7cbb94cb8ca295d22f8ed316204
42690e9f6cd22d66c26957024c38a16241d28b36
38f55a0bfc5eea706ee7ff47daa0ca22cc8a6d62f8d2bd3e7fc725d3037d6b73
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 734
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-205
cleavepreoccupation.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
192.243.59.13200 OK 13 kB URL HTTP/1.1 cleavepreoccupation.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37130), with no line terminators
Hash 8d27ec30efb8a03e1cd43f05eae4e4ee
6a16642f73f1290efd9edd6828d7994d129bc35e
0f16f64a367ecf5b61704a976e2b72d94bd1ae7d5c82c903746a9a3c0dcaa566
Analyzer Verdict Alert quad9 Sinkholed
GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: cleavepreoccupation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f66ec9613c689c114520da77ba4cd327
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFInKQuWEDx40xYVqUIVMDRwsaYcSYzFHGho0WY8jIEDOmBhkbM8SECSPC4Rwxacgo1LFFRAwYMWbUyJHjhgwYIro4HONmaI2jDsPUGYOxRscaMGTQuBHWxlEcM9DWqNFTBFAyGNPQKdPmS4y2Bu0stEGjhkM4dcQsrKFURlY4cCYmVeoTjkQdM2zk6CvDr4gyeOh8meMYo0E9b9yU-YJjadsxbRLroEFjhgwZObKSMTPRoRg3bhbKwNGRr2ERbdxcXE0DBo7fcIIPj0EWhg2HdeSwWTgjaQ3YsUXUkYERDR06cOboePFiDuY8bcqUoVMnvIs3cs6Un-MCDho4P4iUsZNmTJke-s2xBh1vwMFFHTCUNUQYqYWRxhluJEFED6y5BtuBCcpgwxRvROdfD0VggWFZQoSBG0I9xDCihk70RxCAYdCRhnAr2kBFGPGtl-IXkU12XQ01BkGGEfC1EWMPJZ4oR41DvDEHHT3AUCMUcvQ34xlNvHEQGz0MAUUTNRLBRJRMhkZFHnD8FwQTTJRZhxt0yJFHD048USMVckC0BooxsOUQGW-0gREehLIR2hltvGFHGS6c8WAaeLzhwhiBnhbjQltUJ5UIcMjBlQ4xlNECDJaJQZsOMLiQoGVjJPdFp5-mmiAODslhh2pPOVRGq4KiqipF2tWRBkZmhFGcTazZIMayZcRgQ0pJvQbDDTnIUJMZMIwhA08OpaFaRjG4kEOqNMjgQp80tFUHTzqIkKUeabDBRhgv1KAqCChcMSOgd8wBghNUgHCUqjuAoK8bfBWMR8Ig2AoqqaqmAMIRu67xxgtPHYUUUiAYkYYcZZjxBh4vHGUvVFN9KkKdbcH3xRgqs-wQGyoX4URbB9nxBcjTgVrDDTeg1VGCtUKoW0kNiZDzF2LIsRAOtCq93xeJwqXDbmb9Kccb1Dnk5EI0_LU1HnmAXWvI3X0Hx3gvEIqHocIlumijj0Y6aaAvtDWHrRhtTUeM8LXwplwnhUvGGDfgrPJBXxyeeEW9Ogs0R2DJkDQdbXAHqg2T21D5DTG8JtvOZXD2xaWbd_65rjqHwQZCdAyVaQ2bpvSY1MXWwYZEf9G8EAxTDQdDHwoEBA%3D%3D&r=1&s=569ece48dc4e1bd9a4be3c0efedaabe7b52db0f3cf0e2aeee49d5c23c3edfd721677765027&w=t
136.243.51.205200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFInKQuWEDx40xYVqUIVMDRwsaYcSYzFHGho0WY8jIEDOmBhkbM8SECSPC4Rwxacgo1LFFRAwYMWbUyJHjhgwYIro4HONmaI2jDsPUGYOxRscaMGTQuBHWxlEcM9DWqNFTBFAyGNPQKdPmS4y2Bu0stEGjhkM4dcQsrKFURlY4cCYmVeoTjkQdM2zk6CvDr4gyeOh8meMYo0E9b9yU-YJjadsxbRLroEFjhgwZObKSMTPRoRg3bhbKwNGRr2ERbdxcXE0DBo7fcIIPj0EWhg2HdeSwWTgjaQ3YsUXUkYERDR06cOboePFiDuY8bcqUoVMnvIs3cs6Un-MCDho4P4iUsZNmTJke-s2xBh1vwMFFHTCUNUQYqYWRxhluJEFED6y5BtuBCcpgwxRvROdfD0VggWFZQoSBG0I9xDCihk70RxCAYdCRhnAr2kBFGPGtl-IXkU12XQ01BkGGEfC1EWMPJZ4oR41DvDEHHT3AUCMUcvQ34xlNvHEQGz0MAUUTNRLBRJRMhkZFHnD8FwQTTJRZhxt0yJFHD048USMVckC0BooxsOUQGW-0gREehLIR2hltvGFHGS6c8WAaeLzhwhiBnhbjQltUJ5UIcMjBlQ4xlNECDJaJQZsOMLiQoGVjJPdFp5-mmiAODslhh2pPOVRGq4KiqipF2tWRBkZmhFGcTazZIMayZcRgQ0pJvQbDDTnIUJMZMIwhA08OpaFaRjG4kEOqNMjgQp80tFUHTzqIkKUeabDBRhgv1KAqCChcMSOgd8wBghNUgHCUqjuAoK8bfBWMR8Ig2AoqqaqmAMIRu67xxgtPHYUUUiAYkYYcZZjxBh4vHGUvVFN9KkKdbcH3xRgqs-wQGyoX4URbB9nxBcjTgVrDDTeg1VGCtUKoW0kNiZDzF2LIsRAOtCq93xeJwqXDbmb9Kccb1Dnk5EI0_LU1HnmAXWvI3X0Hx3gvEIqHocIlumijj0Y6aaAvtDWHrRhtTUeM8LXwplwnhUvGGDfgrPJBXxyeeEW9Ogs0R2DJkDQdbXAHqg2T21D5DTG8JtvOZXD2xaWbd_65rjqHwQZCdAyVaQ2bpvSY1MXWwYZEf9G8EAxTDQdDHwoEBA%3D%3D&r=1&s=569ece48dc4e1bd9a4be3c0efedaabe7b52db0f3cf0e2aeee49d5c23c3edfd721677765027&w=t
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFInKQuWEDx40xYVqUIVMDRwsaYcSYzFHGho0WY8jIEDOmBhkbM8SECSPC4Rwxacgo1LFFRAwYMWbUyJHjhgwYIro4HONmaI2jDsPUGYOxRscaMGTQuBHWxlEcM9DWqNFTBFAyGNPQKdPmS4y2Bu0stEGjhkM4dcQsrKFURlY4cCYmVeoTjkQdM2zk6CvDr4gyeOh8meMYo0E9b9yU-YJjadsxbRLroEFjhgwZObKSMTPRoRg3bhbKwNGRr2ERbdxcXE0DBo7fcIIPj0EWhg2HdeSwWTgjaQ3YsUXUkYERDR06cOboePFiDuY8bcqUoVMnvIs3cs6Un-MCDho4P4iUsZNmTJke-s2xBh1vwMFFHTCUNUQYqYWRxhluJEFED6y5BtuBCcpgwxRvROdfD0VggWFZQoSBG0I9xDCihk70RxCAYdCRhnAr2kBFGPGtl-IXkU12XQ01BkGGEfC1EWMPJZ4oR41DvDEHHT3AUCMUcvQ34xlNvHEQGz0MAUUTNRLBRJRMhkZFHnD8FwQTTJRZhxt0yJFHD048USMVckC0BooxsOUQGW-0gREehLIR2hltvGFHGS6c8WAaeLzhwhiBnhbjQltUJ5UIcMjBlQ4xlNECDJaJQZsOMLiQoGVjJPdFp5-mmiAODslhh2pPOVRGq4KiqipF2tWRBkZmhFGcTazZIMayZcRgQ0pJvQbDDTnIUJMZMIwhA08OpaFaRjG4kEOqNMjgQp80tFUHTzqIkKUeabDBRhgv1KAqCChcMSOgd8wBghNUgHCUqjuAoK8bfBWMR8Ig2AoqqaqmAMIRu67xxgtPHYUUUiAYkYYcZZjxBh4vHGUvVFN9KkKdbcH3xRgqs-wQGyoX4URbB9nxBcjTgVrDDTeg1VGCtUKoW0kNiZDzF2LIsRAOtCq93xeJwqXDbmb9Kccb1Dnk5EI0_LU1HnmAXWvI3X0Hx3gvEIqHocIlumijj0Y6aaAvtDWHrRhtTUeM8LXwplwnhUvGGDfgrPJBXxyeeEW9Ogs0R2DJkDQdbXAHqg2T21D5DTG8JtvOZXD2xaWbd_65rjqHwQZCdAyVaQ2bpvSY1MXWwYZEf9G8EAxTDQdDHwoEBA%3D%3D&r=1&s=569ece48dc4e1bd9a4be3c0efedaabe7b52db0f3cf0e2aeee49d5c23c3edfd721677765027&w=t HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 15687771
rtbrennab.com/banner/in/show/?mid=3776041288654916190&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-7&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
116.202.60.158302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=3776041288654916190&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-7&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=3776041288654916190&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-7&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 02 Mar 2023 13:50:27 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 6569824
cdn.tsyndicate.com/sdk/v1/bi.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:56 GMT
If-None-Match: W/"639c6794-1e83"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:24 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:56 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6794-1e83"
Age: 6569824
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.7681969697727753
131.153.88.93200 OK 31 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.7681969697727753
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
Hash a5c084455b4dab1393f6d60d324e7d47
7149605fc71da02777b48cb900f5dbccea519567
0751d4d66a26bd4e7eb3f44d38847a9515fdda6b93f71bdbd6a4fe485a49bad3
GET /stream?room=mashayang&f=0.7681969697727753 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: image/jpeg
content-length: 29494
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
217.22.19.194200 OK 2.7 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2658), with no line terminators
Hash d08606d74768a3389aa292fa5158d222
1bdc4f8e269ce78280fd341b9c60c83282a4ce16
af6b72207cb8f6105d3ee9c0cab268a537854a89908d36b42f0d52239099fc3e
GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2658
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:28 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-205
cdn.tubecorp.com/i/b.html?spot=1929&src=353082707&pid=17794&width=160&height=600&spaceid=1010
45.133.44.24200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=1929&src=353082707&pid=17794&width=160&height=600&spaceid=1010
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=1929&src=353082707&pid=17794&width=160&height=600&spaceid=1010 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d021cf80"
X-Request-ID: 4e38eb78a22e5074f3bedbdba1f42da7
Content-Encoding: gzip
Expires: Thu, 02 Mar 2023 14:50:28 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
109.206.163.116302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
IP 109.206.163.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Cookie: 912.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Thu, 02 Mar 2023 13:50:27 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Fri, 03 Mar 2023 13:50:27 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
bngpt.com/promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|1677765027&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192301 Moved Permanently 0 B URL HTTP/1.1 bngpt.com/promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|1677765027&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|1677765027&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://bngpt.com/promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|1677765027&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914544a1c0c07000a4a070b094b054b1e00573c262117495d0c203b1c1026532025545101134b5454544b5057504b555d574b5d53543b555454544a0e1403
139.99.56.17200 58 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914544a1c0c07000a4a070b094b054b1e00573c262117495d0c203b1c1026532025545101134b5454544b5057504b555d574b5d53543b555454544a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 660x440, components 3\012- data
Hash ddc38a0f9319038867c4a2cbf50046c5
6bdd5f4fd292e61327248195e90d6b9423a12bf7
c9762717c9fa3bbbc651546c2ed3fc96a574419f41f65e75ed2949e00e0aa38a
GET /viewImage3?data=0c101014175e4b4b100c1109064914544a1c0c07000a4a070b094b054b1e00573c262117495d0c203b1c1026532025545101134b5454544b5057504b555d574b5d53543b555454544a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Length: 57701
Connection: keep-alive
Cache-Control: max-age=31418383
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030765
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914504a1c0c07000a4a070b094b054b081302345d2c2751325222065c5d335522490f2b54134b5454544b565d514b5d54524b5d5c503b555454544a0e1403
139.99.56.17200 54 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914504a1c0c07000a4a070b094b054b081302345d2c2751325222065c5d335522490f2b54134b5454544b565d514b5d54524b5d5c503b555454544a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 600x450, components 3\012- data
Hash 24f9f610673c153d4e04c6b88291092d
0c6937802339c32cd06a68c18af43159d007911b
c7dd593042f51712d2bc6b29ab56f9d6d0e490b2902880731c12d2d557d7ff2c
GET /viewImage3?data=0c101014175e4b4b100c1109064914504a1c0c07000a4a070b094b054b081302345d2c2751325222065c5d335522490f2b54134b5454544b565d514b5d54524b5d5c503b555454544a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Length: 54418
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
go.eabids.com/banner.go?spaceid=2194679&keywords=&maincat=
217.22.19.194200 OK 2.5 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=2194679&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2536), with no line terminators
Hash 80d7be682c17cc230aa5a3295257532c
7892d184d1351d9da32bb3cf65dfba85df55e71b
4f69281538911fd97017249f93ed1b3b2a7acdb713d72b5c9cdf68044715232c
GET /banner.go?spaceid=2194679&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2536
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 02 03 2023 13:50:28 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-205
tsyndicate.com/iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.51.205200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/58b27ab589cd4f6fb77ba36de8de2cad.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: ae10cf41ddfafbc1
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.51.205200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/663422ed4341433597d6546506d00321.html?keywords=Best,porn,videos,daily,updates,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,2392,dubbele,phone,stylez,fists,blu,ysis,but,averagejoe,partouze,avn,bus,members,brazilian,newest,site,wish,elle,lauren,video,undergound,number,army,dominno,found,nude,amateurs,play,games,festival,clip,full,dee,hub,dvds,christmas,bleach,ass,sara,dreams,sites,breasts,frmom,long,ribeiro,kane,penthouse,rosalyn,squirting,vid,cuckold,stay,incsest,vanity,illegal,titles,amature,midget,rhodes,glasses,tits,wast,snowwhite,body,gzames,type,schlong,and,taylor,utube,clips,cantrell,lactation,pantyhose,panties,vietnam,assorted,ebay,women,twinks,indiana,sweet,kiss,frilly,megan,brainwashing,party,fum,maid,brother,housewifes,ducky,amateur,japanhdv,graney,coughlan,big,sweaty,pot,cream,23&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 0e9ff895a58560da
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
xxxlongmove.gigixo.com/s3/wc_oct20/0024.gif
139.99.56.17200 OK 49 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/wc_oct20/0024.gif
IP 139.99.56.17:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash d9edcb482b16967b42df12a493192a31
2c7c5e511c658729e49e352a294e236a44bc861d
aadcc36ffe7e428426063af6ef78aff786553830b71ee59e71325ef63955da11
GET /s3/wc_oct20/0024.gif HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Type: image/gif
Content-Length: 48636
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:49:43 GMT
ETag: "5f80cce7-bdfc"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: HIT
Age: 11
CF-RAY: 7a1844bc8a104a83-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
preroll.hostave3.net/notifications/zeropixel.png
104.21.235.3200 OK 42 B URL HTTP/2 preroll.hostave3.net/notifications/zeropixel.png
IP 104.21.235.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /notifications/zeropixel.png HTTP/1.1
Host: preroll.hostave3.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: image/png
content-length: 42
last-modified: Tue, 11 Sep 2018 08:40:52 GMT
etag: "5b977f94-2a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 1174774
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rsMgZyDaT8QucCInzKm%2Bvi44FQQ1KZQbC9Un6TDfpdHp%2FtYgDJzHMBbMzdeyGKqkcRW5qzkJhjLp4kc5qLM2%2B4a1c7wzr0AB0zur9lX9LCt%2F4v8rRm9JBRmcMc1nVsv6LCJIldpN9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 7a1a1be21cb123d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=941000
185.94.237.102200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=941000
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1589), with CRLF, LF line terminators
Hash 01c0a1470a8a3bad02ce0951676c6381
c516cff1ad5d3ae519199e0182854a5c9866c5a4
179834469db018c9e8996a8b19f7f7348112eb74ff29ee2450d961afa8215d74
GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=aac27c5dbc8c0f4809b8003e52c0cc0a; expires=Fri, 01-Mar-2024 13:50:27 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 03-Mar-2023 13:50:27 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3NjtpOjE2NzgwMjQyMjc7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:27 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:27 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
stinglackingrent.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
192.243.59.13200 OK 13 kB URL HTTP/1.1 stinglackingrent.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37157), with no line terminators
Hash cb243751f97aa47abea5174538dea507
1135783dd7d6126d0bb33bf5cb2273b38f7cb12e
6e77f9ccfdb9edbbd6e7eb444ce0a71ed819a2528a66ed31cc90ea12d691ca0c
GET /8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js HTTP/1.1
Host: stinglackingrent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: efd735864d14b2bf3892ed4b66a95324
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.2584352285067323
131.153.88.93200 OK 30 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.2584352285067323
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash c0854600008521c3ddcd40b34d173ce7
83b99c6e609a3fac4c6e3dc6499e6710e9b70e78
bc256e8f45c3e78deb0b171e8cca33653941f6a3e105d20fc1618ffe2d837089
GET /stream?room=mashayang&f=0.2584352285067323 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: image/jpeg
content-length: 29870
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569820
bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765027&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192301 Moved Permanently 0 B URL HTTP/1.1 bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765027&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765027&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765027&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash 4d7f554738ae07936d2a8e668e43af18
0ba6382a3b6240b4a91496caba5f7c81ecc4be71
be3ef600f6147b2abfd790f498eea35197a7cdde879e031d1c0204531e5d062b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: uid_id2=835c363e-5fbb-4a78-b7e1-f61320a9d52c:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xxxlongmove.gigixo.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
bngpt.com/promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|1677765027&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192200 OK 429 B URL HTTP/2 bngpt.com/promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|1677765027&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (594)
Hash 5487734e316b9166fd7d1e0f2e486cc1
61cdfbdd397fecc1324bb99d9ffb9107195e564a
32f1818d5d044bb2ec814bb91bd8271d36c01fc9f0046a7ac7bd3326e72e9e71
GET /promo.php?c=688955&subid=2|159343|7017784|no|112022|40568594|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|1677765027&subid2=7017784&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Thu, 02 Mar 2023 13:50:27 GMT
x-bcs: ded7724
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 105
X-Firefox-Spdy: h2
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b535c4b5150545c5051555d4b5150545c5051555d3b5454563b5c5706064a0e1403
139.99.56.17200 183 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b535c4b5150545c5051555d4b5150545c5051555d3b5454563b5c5706064a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 851x1280, components 3\012- data
Size 183 kB (183009 bytes)
Hash ac5d0adf034da6709760ab2a374118ee
4ac97eb9a608a3547a57cebaf7d62ba17515e9a4
7918c2b74fe407629f0287b3724cb105e705d9db0d829f67fba669ff6dc856d7
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b535c4b5150545c5051555d4b5150545c5051555d3b5454563b5c5706064a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:27 GMT
Content-Length: 183009
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
static.eabids.com/data/bannerpools/119449/56523.jpg
217.22.19.195200 OK 25 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/119449/56523.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash dc8340c191deee6728b1efd523528cd8
58a035d6e46bea9a5d28590a934d85e0edc5262d
86c0a554a26f0ebe028969b31b3d79db937efd9f6c297539caf6edcaf262c24b
GET /data/bannerpools/119449/56523.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: image/jpeg
Content-Length: 25413
Last-Modified: Thu, 28 Apr 2022 14:29:41 GMT
Connection: keep-alive
ETag: "626aa4d5-6345"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=e2c343a2-3596-411b-a36f-0d87e166e8f0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 31030765
accept-ranges: bytes
X-Firefox-Spdy: h2
xxxlongmove.gigixo.com/xo1/xo-am1?&se_referrer=&default_keyword=Sex%20Pics%2C%20Free%20Porn%20Galleries%2C%20Hot%20Girls%20Pictures&&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb29342
139.99.56.17200 OK 181 B URL HTTP/1.1 xxxlongmove.gigixo.com/xo1/xo-am1?&se_referrer=&default_keyword=Sex%20Pics%2C%20Free%20Porn%20Galleries%2C%20Hot%20Girls%20Pictures&&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb29342
IP 139.99.56.17:0
File type HTML document, ASCII text
Hash 055a15c0dfca84ff3dbfa7f0305e0cb6
8abfe503ec9b323d22970c303cd9793768f5b6a6
c57067c3a1b6de5c1e164446390c0623bb7fa8679e0da2642d597baec51794cd
GET /xo1/xo-am1?&se_referrer=&default_keyword=Sex%20Pics%2C%20Free%20Porn%20Galleries%2C%20Hot%20Girls%20Pictures&&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb29342 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: _subid=s8hnpa26cc8m; 61f26=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNjc3NzY1MTE2fSxcImNhbXBhaWduc1wiOntcIjRcIjoxNjc3NzY1MTE2fSxcInRpbWVcIjoxNjc3NzY1MTE2fSJ9.4XbLCjmULp4RBknefdb2C3UcfN4KZZEUaY9Ewst_gHA; _token=uuid_s8hnpa26cc8m_s8hnpa26cc8m6400a9fc879e79.59781726
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 181
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Set-Cookie: _subid=s8hnpa26cca7;Expires=Sunday, 02-Apr-2023 13:52:00 GMT;Max-Age=2678400;Path=/
61f26=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNjc3NzY1MTE2fSxcImNhbXBhaWduc1wiOntcIjRcIjoxNjc3NzY1MTE2fSxcInRpbWVcIjoxNjc3NzY1MTE2fSJ9.4XbLCjmULp4RBknefdb2C3UcfN4KZZEUaY9Ewst_gHA;Expires=Saturday, 02-May-2076 03:44:00 GMT;Max-Age=1677851520;Path=/
_token=uuid_s8hnpa26cca7_s8hnpa26cca76400aa002b2bd7.22047397;Expires=Sunday, 02-Apr-2023 13:52:00 GMT;Max-Age=2678400;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030765
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 31030765
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
136.243.51.205200 OK 32 kB URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash 7488e3417c0197c8c1ca369d6dd87535
8d04bf6f8656f799642c992d16bb093475cb34dd
e0299c2fab84f22bc527bdebd3b9088bb6467acd431841b96cfed426f6ab5efb
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}} HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 96af49ec362231fd
set-cookie: ts_uid=e2c343a2-3596-411b-a36f-0d87e166e8f0; expires=Sat, 02 Sep 2023 13:50:28 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.7605178563721495
131.153.88.93200 OK 30 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.7605178563721495
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 1646bfcd3d5499ab7b2b1f885b052f7d
190b4c6bbc82f80120babc555a584ee9e4e6b301
a5914d53462ce43454613e7a4174a88899a907f9fc5e5d261337952785a5a055
GET /stream?room=mashayang&f=0.7605178563721495 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: image/jpeg
content-length: 30268
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Thu, 14 Jul 2022 11:57:00 GMT
If-None-Match: W/"62d0048c-18fbf"
HTTP/1.1 304 Not Modified
Date: Fri, 15 Jul 2022 19:08:50 GMT
Connection: keep-alive
Last-Modified: Thu, 14 Jul 2022 11:57:00 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62d0048c-18fbf"
Age: 19852898
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
136.243.51.205200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
i.bngprm.com/banners/300x250/st_dali/no.gif
64.210.135.149200 OK 149 kB URL HTTP/2 i.bngprm.com/banners/300x250/st_dali/no.gif
IP 64.210.135.149:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 149 kB (149042 bytes)
Hash f364fad03b451b12db4a5076293e1391
1756f8028917f06886a2342828c5553d5b78f887
751f4c1f80ee57cd0ae815e98feff98cc502e47dd98752cfdefa8f0e771825ab
GET /banners/300x250/st_dali/no.gif HTTP/1.1
Host: i.bngprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bngpt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: image/gif
content-length: 149042
last-modified: Wed, 20 May 2020 10:39:46 GMT
cache-control: max-age=2592000
x-bcs-o: 1
expires: Sat, 11 Dec 2021 10:30:21 GMT
x-o1-bcs-ban: HIT
access-control-allow-origin: *
access-control-allow-methods: GET
accept-ranges: bytes
x-cdn-diag: ams5-7270-6-56948-h-0-0---;7734-25-9481----0-1-0
X-Firefox-Spdy: h2
static.eabids.com/data/bannerpools/94553/23811.jpg
217.22.19.195200 OK 23 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/23811.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x600, components 3\012- data
Hash d7a2d00364beff51cdbdeccd22b9a216
723d1952d84fdd26315481c3c8c33eb1e25a035e
0f0845bace5c7ba7763fe6510b4d59a21fc8331fab9eb5534c2b21cb5830dbeb
GET /data/bannerpools/94553/23811.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: image/jpeg
Content-Length: 23307
Last-Modified: Thu, 28 Apr 2022 14:45:37 GMT
Connection: keep-alive
ETag: "626aa891-5b0b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes
rtbrennab.com/banner/in/show/?mid=8645312724662331329&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-1&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
116.202.60.158302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=8645312724662331329&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-1&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=8645312724662331329&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-1&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 02 Mar 2023 13:50:28 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
X-Firefox-Spdy: h2
xxxlongmove.gigixo.com/s3/ad_amt1_v-01/1372.jpg
139.99.56.17200 OK 34 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/ad_amt1_v-01/1372.jpg
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 122x600, components 3\012- data
Hash d9ef6660f924dc94d3738afbe5ce789a
dc1febb6417919b9142b7c2f44ecd6b41183d144
1b8235f839c5d8e5d88230a33e3c7687a970376e900ff6ee63737faf881aec3d
GET /s3/ad_amt1_v-01/1372.jpg HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: image/jpeg
Content-Length: 34288
Connection: keep-alive
Last-Modified: Wed, 31 Mar 2021 20:30:42 GMT
ETag: "6064dbf2-85f0"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 7a1a1bdf3972110b-HKG
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
109.206.163.116302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
IP 109.206.163.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Cookie: 912.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Fri, 03 Mar 2023 13:50:29 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=961490
185.94.237.102200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=961490
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (420), with CRLF, LF line terminators
Hash 0f85b696457fc2d41a091f052f09d5b9
7dd581644da1a3b30f1b8f12e363b3ec239293fe
2cd52c80689722c137f939d5500e5efb9769a57d6bb215ef7c0b3f32db3356ba
GET /adshow.php?adzone=961490 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=b7f182cc81c62aedeb635677e8101f4a; expires=Fri, 01-Mar-2024 13:50:28 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps52802=1; expires=Fri, 03-Mar-2023 13:50:28 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE2MjU5MTg7aToxNjc4MDI0MjI4O30%3D; expires=Sun, 05-Mar-2023 13:50:28 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:28 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
136.243.51.205200 OK 4.4 kB URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4368), with CRLF, LF line terminators
Hash f5bd0bd5f56443c4340dfaa136e0fac7
9309f1eaf6a612cfbf774963805a4169a602fdcc
8a234be42ef7016a122b2a961220b6542f7d445c2c1d54f171a0540f5bc6ed81
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}} HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: f822a597d70bf1e8
set-cookie: ts_uid=f8821aff-754e-4405-8dff-7961eedd65ee; expires=Sat, 02 Sep 2023 13:50:28 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
xxxlongmove.gigixo.com/s3/wc_oct20/0002.gif
139.99.56.17200 OK 262 kB URL HTTP/1.1 xxxlongmove.gigixo.com/s3/wc_oct20/0002.gif
IP 139.99.56.17:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 262 kB (261973 bytes)
Hash 4d273f5c78e989ae79cbe76b5648fc38
8a4e9216b2a38ac9d43677df212dbfa5ca8ca78a
73662379e660ebbd33d24862da8c56064086384450c236cbede180c36c54cf8e
GET /s3/wc_oct20/0002.gif HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Type: image/gif
Content-Length: 261973
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:04:48 GMT
ETag: "5f80c260-3ff55"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 7a17f5f07f686beb-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914554a1c0c07000a4a070b094b054b2928152b281e3d3e025020351125292806143c5727354b5454544b5052534b5654524b5256553b555454544a0e1403
139.99.56.17200 76 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914554a1c0c07000a4a070b094b054b2928152b281e3d3e025020351125292806143c5727354b5454544b5052534b5654524b5256553b555454544a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x640, components 3\012- data
Hash e323badf44be9afeb0f09538f3db7b12
8833ee5f0120b3a2c0f856c189ecb38b1e5b3e67
aad483b5084734b626545110d7d175cb3d2ee9bb5770eff7a13ec37ad2b6b136
GET /viewImage3?data=0c101014175e4b4b100c1109064914554a1c0c07000a4a070b094b054b2928152b281e3d3e025020351125292806143c5727354b5454544b5052534b5654524b5256553b555454544a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Length: 75807
Connection: keep-alive
Cache-Control: max-age=31418383
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 15687773
lcdn.tsyndicate.com/error/banner.html
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 28 Jul 2022 14:10:05 GMT
If-None-Match: W/"62e298bd-297"
HTTP/1.1 304 Not Modified
Date: Fri, 02 Sep 2022 00:07:36 GMT
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 15687773
cbjpeg.stream.highwebmedia.com/stream?room=oxxme&f=0.7108514925007983
131.153.88.93200 OK 32 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=oxxme&f=0.7108514925007983
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash c4de421904dfc061fb71e0efb8344a42
3862e593dda916b7e37c02065b095d4285b28337
af73347be4883b26d0712e428e4af4fa1d2a7d1f3f0cfdbe519e52d0a7c16375
GET /stream?room=oxxme&f=0.7108514925007983 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/jpeg
content-length: 31543
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.1713151603479981
131.153.88.93200 OK 28 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.1713151603479981
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 5674a45e5ed26771e8bb9f51f0d5a5f3
905556f895138c0abc45b064de7f8a0a1de471ce
29cb90fde1bc2265adb9ba7e4b680da2bea201995145b44b2a3786fbe5e23eac
GET /stream?room=mashayang&f=0.1713151603479981 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/jpeg
content-length: 27817
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b0a135c02070c0c3257021d515c55293b2f1215282f134b5454544b5056564b56565d4b5553563b555454544a0e1403
139.99.56.17200 49 kB URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b0a135c02070c0c3257021d515c55293b2f1215282f134b5454544b5056564b56565d4b5553563b555454544a0e1403
IP 139.99.56.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 797x529, components 3\012- data
Hash 8ec71519ff7c448bef95f412b059e955
f1f1a37d5dfcb6a59c59f75bbe86bfa31dd91569
c130be765557be23da032359a7b7994ad173496b7ec67f14db024679648e5707
GET /viewImage3?data=0c101014175e4b4b100c1109064914564a1c0c07000a4a070b094b054b0a135c02070c0c3257021d515c55293b2f1215282f134b5454544b5056564b56565d4b5553563b555454544a0e1403 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:28 GMT
Content-Length: 48748
Connection: keep-alive
Cache-Control: max-age=31418383
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569821
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL3h4eGxvbmdtb3ZlLmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImZhNDA1ZDQ0NmJiYmUxNmFiMTMyMjA3OTJjNWYwYzJhIn0sImV4dCI6eyJkdCI6MTY3Nzc2NTAyODEyNn19
116.202.60.158200 OK 76 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL3h4eGxvbmdtb3ZlLmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImZhNDA1ZDQ0NmJiYmUxNmFiMTMyMjA3OTJjNWYwYzJhIn0sImV4dCI6eyJkdCI6MTY3Nzc2NTAyODEyNn19
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash 676a8c529ae0f65590382fd3170ebd39
c048aba2a53690a328debafdbc85eb71665e8a8a
c63064e7418223728f1341c051fab9ef30ac134ea6111c0f2f795f87deffaee1
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL3h4eGxvbmdtb3ZlLmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImZhNDA1ZDQ0NmJiYmUxNmFiMTMyMjA3OTJjNWYwYzJhIn0sImV4dCI6eyJkdCI6MTY3Nzc2NTAyODEyNn19 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=oxxme&f=0.09860320145387014
131.153.88.93200 OK 32 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=oxxme&f=0.09860320145387014
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 2b4f4226a5f10f15acc3e05513467ef0
37a5191f62382399f00e78772c6cd47d07e027b9
668e0737b3748a14edf285342028cfa477ceed2165c3a84bb5958927245c562f
GET /stream?room=oxxme&f=0.09860320145387014 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/jpeg
content-length: 31874
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=962243
185.94.237.102200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=962243
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (419), with CRLF, LF line terminators
Hash daeb5b26bbbd31860de3f5a1a8b217e0
5a82b68d39cc35a1e1365b41e966a4f9d7e9901b
a28d3cfaac17c0e6525660f2751418698b77f25d6ffa1eef5efce3504523a54b
GET /adshow.php?adzone=962243 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=b7f182cc81c62aedeb635677e8101f4a; expires=Fri, 01-Mar-2024 13:50:28 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps30216=1; expires=Fri, 03-Mar-2023 13:50:28 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps52802=1; expires=Fri, 03-Mar-2023 13:50:28 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjc2NzkzMTtpOjE2NzgwMjQyMjg7aToxNDY3NDIyO2k6MTY3ODAyNDIyODt9; expires=Sun, 05-Mar-2023 13:50:28 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:28 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.211304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=e2c343a2-3596-411b-a36f-0d87e166e8f0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Thu, 02 Mar 2023 13:50:29 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 31030766
X-Firefox-Spdy: h2
cdn.tsyndicate.com/imges/backup/banner/300x250.png
8.247.219.249304 Not Modified 308 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/300x250.png
IP 8.247.219.249:0
Hash 8f4b1dfd4e657a01aa09a46839738041
a20853505dbc16b026966f599306f45129407328
8a32ce7c9b7dc93e40b0f833e3ff9010c58df77a74031b38eeea69b3dfd437ef
GET /imges/backup/banner/300x250.png HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Thu, 14 Jul 2022 11:57:00 GMT
If-None-Match: W/"62d0048c-18fbf"
HTTP/1.1 304 Not Modified
Date: Fri, 15 Jul 2022 19:08:50 GMT
Connection: keep-alive
Last-Modified: Thu, 14 Jul 2022 11:57:00 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62d0048c-18fbf"
Age: 19852899
rtbrennab.com/banner/in/show/?mid=7572967734411500428&pid=0&site=1929&sc=NO&usage_type=DCH&subid=353082707&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=1929&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D353082707%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D1929%26utm1%3Dtcban_i%26utm2%3D1929%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
116.202.60.158302 Found 308 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=7572967734411500428&pid=0&site=1929&sc=NO&usage_type=DCH&subid=353082707&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=1929&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D353082707%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D1929%26utm1%3Dtcban_i%26utm2%3D1929%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash 8f4b1dfd4e657a01aa09a46839738041
a20853505dbc16b026966f599306f45129407328
8a32ce7c9b7dc93e40b0f833e3ff9010c58df77a74031b38eeea69b3dfd437ef
GET /banner/in/show/?mid=7572967734411500428&pid=0&site=1929&sc=NO&usage_type=DCH&subid=353082707&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xxxlongmove.gigixo.com&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=1929&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB24&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D353082707%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D1929%26utm1%3Dtcban_i%26utm2%3D1929%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fxxxlongmove.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D1%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 02 Mar 2023 13:50:29 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
136.243.51.205200 OK 31 kB URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}}
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash b43121fb86be0a7d88e6c81de0bae351
910c94ac644eaa543e0ca6d7c27cd51a5d92cfc3
20b9d0b9a3b1c5fea464c6b93f5fba1bd1750ea832bd125fb1b21b38dd921f27
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1013599720&categories={{ad_tags}} HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Cookie: ts_uid=e2c343a2-3596-411b-a36f-0d87e166e8f0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: bc31d9da30fd4bf4
set-cookie: ts_uid=e2c343a2-3596-411b-a36f-0d87e166e8f0; expires=Sat, 02 Sep 2023 13:50:29 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569821
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Fri, 16 Dec 2022 12:41:09 GMT
If-None-Match: W/"639c6765-b48"
HTTP/1.1 304 Not Modified
Date: Fri, 16 Dec 2022 12:53:28 GMT
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 12:41:09 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"639c6765-b48"
Age: 6569821
btds.zog.link/in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
109.206.163.116302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001
IP 109.206.163.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=353082707&idzone=3902650&w=160&h=600&mo=&ve=&site_id=1929&utm1=tcban_i&utm2=1929&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fxxxlongmove.gigixo.com%2F&katds_labels=&btype=0&score=1&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Cookie: 912.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Fri, 03 Mar 2023 13:50:29 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
136.243.51.205200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:29 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
mybettermb.com/adServe/banners?tid=395024_794246_2
52.116.53.155403 Forbidden 389 B URL HTTP/2 mybettermb.com/adServe/banners?tid=395024_794246_2
IP 52.116.53.155:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (614), with no line terminators
Hash ffc5d30267c8d48352d0447975f30e82
c63f357953279c0c6cce59ff036ea999b628e120
c259c4f5ea62f8b7778240730db7a7cd39fe656dbb4b7bcef21251d7f1481684
GET /adServe/banners?tid=395024_794246_2 HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://xxxlongmove.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
server: nginx
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-language: en
content-encoding: gzip
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=oxxme&f=0.8740921386490458
131.153.88.93200 OK 31 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=oxxme&f=0.8740921386490458
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 702e7fe95bf381294478e059f3f1131a
c5105399552e84ee689faa26cde51db6322e4747
f820e199948941d14d84b74a2b6232ad2ffecf3a1933ffc5f39fa3efe5716510
GET /stream?room=oxxme&f=0.8740921386490458 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/jpeg
content-length: 31167
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
8.247.219.249304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/imges/backup/banner/250x150.jpeg
IP 8.247.219.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /imges/backup/banner/250x150.jpeg HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Wed, 22 Jun 2022 09:24:43 GMT
If-None-Match: W/"62b2dfdb-5180"
HTTP/1.1 304 Not Modified
Date: Wed, 22 Jun 2022 09:42:10 GMT
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 09:24:43 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"62b2dfdb-5180"
Age: 21874099
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 02 Mar 2023 11:53:25 GMT
expires: Thu, 02 Mar 2023 13:53:25 GMT
cache-control: public, max-age=7200
age: 7024
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 582da0f31f4a3c12da8906a8227f370b
d6c3a1966ca2241b4a04b1042b625adeaff9ca2e
1b4e31f0cd9706f6541d1f7e51e0049da26c2b13299da9420517e0a23c80fb4f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1B4E31F0CD9706F6541D1F7E51E0049DA26C2B13299DA9420517E0A23C80FB4F"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11631
Expires: Thu, 02 Mar 2023 17:04:20 GMT
Date: Thu, 02 Mar 2023 13:50:29 GMT
Connection: keep-alive
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.7947200818041121
131.153.88.93200 OK 30 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.7947200818041121
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 7cb3b42eb410187e0098e3dec89d3206
2ae5c9f1ef5eff43b1ba599d0332ede3282d6691
53e68c17fb582a72179c3da68a5b6555223115170a66334caeca7528b9b48975
GET /stream?room=mashayang&f=0.7947200818041121 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/jpeg
content-length: 30018
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
136.243.51.205200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:29 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
poweredby.jads.co/adshow.php?adzone=961910
185.94.237.102200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=961910
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1307), with CRLF, LF line terminators
Hash e195ac631acf85441a2124cdf5ca6b29
36a0b8832cd5658376ccc64fe8883f0e2427189d
69be0908ec7d959ef71a477d0a9247f32d67fb8fc9a4dc28260494f313d69af1
GET /adshow.php?adzone=961910 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=b7f182cc81c62aedeb635677e8101f4a; expires=Fri, 01-Mar-2024 13:50:28 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps52802=1; expires=Fri, 03-Mar-2023 13:50:28 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 03-Mar-2023 13:50:28 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjE0Njc0MjI7aToxNjc4MDI0MjI4O2k6NTkyOTgxO2k6MTY3ODAyNDIyODt9; expires=Sun, 05-Mar-2023 13:50:28 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:28 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=xxxlongmove.gigixo.com&et=153
136.243.51.205200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=xxxlongmove.gigixo.com&et=153
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=xxxlongmove.gigixo.com&et=153 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:29 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
i.jads.co/network/user500/30216-1558204831-0663824001558204831.gif
69.16.175.10200 OK 290 kB URL HTTP/1.1 i.jads.co/network/user500/30216-1558204831-0663824001558204831.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 290 kB (289560 bytes)
Hash 8f4a44b33aa343dd97d2a3e716b38ce6
7f5d9259b3d93256b532758b3e92396d4508f471
5318e6bb5665435e5e74dd214b4502eed6ecc087059a36c1f794585d51b19cf8
GET /network/user500/30216-1558204831-0663824001558204831.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:29 GMT
Connection: Keep-Alive
ETag: "1558204831"
Cache-Control: max-age=14143067
Content-Length: 289560
Content-Type: image/gif
Last-Modified: Sat, 18 May 2019 18:40:31 GMT
Accept-Ranges: bytes
X-HW: 1677765029.dop021.sk1.t,1677765029.cds016.sk1.c
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZmE0MDVkNDQ2YmJiZTE2YWIxMzIyMDc5MmM1ZjBjMmEifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI3MjQ1fX0=
116.202.60.158200 OK 51 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZmE0MDVkNDQ2YmJiZTE2YWIxMzIyMDc5MmM1ZjBjMmEifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI3MjQ1fX0=
IP 116.202.60.158:0
ASN #24940 Hetzner Online GmbH
Hash 733b6f7b8b4b33ee22390beeb553166d
02cd27ee3b24011a32bea65858af2c10e7fdaf8f
e839dbd159f4023b57648766a83a8f3c9a1744abf5bade582b61fb8655dbecb0
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8veHh4bG9uZ21vdmUuZ2lnaXhvLmNvbS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZmE0MDVkNDQ2YmJiZTE2YWIxMzIyMDc5MmM1ZjBjMmEifSwiZXh0Ijp7ImR0IjoxNjc3NzY1MDI3MjQ1fX0= HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
go.xliirdr.com/abc.gif?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef&iterationId=402088&masterSmartpopId=1605&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sourceId=349000&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30279&modelsLimit=6&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=6&segment=hls-newAPI&landing=WidgetV4Universal&referrer=http%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A281%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A141%2C%22duration%22%3A19%2C%22transferSize%22%3A4653%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A142%2C%22duration%22%3A37%2C%22transferSize%22%3A79470%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A522%2C%22duration%22%3A187%2C%22transferSize%22%3A1824%7D%2C%7B%22type%22%3A%22first-contentful-paint%22%2C%22startTime%22%3A552%2C%22duration%22%3A0%7D%5D&mh=-1056545774
104.18.59.150200 OK 103 B URL HTTP/2 go.xliirdr.com/abc.gif?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef&iterationId=402088&masterSmartpopId=1605&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sourceId=349000&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30279&modelsLimit=6&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=6&segment=hls-newAPI&landing=WidgetV4Universal&referrer=http%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A281%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A141%2C%22duration%22%3A19%2C%22transferSize%22%3A4653%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A142%2C%22duration%22%3A37%2C%22transferSize%22%3A79470%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A522%2C%22duration%22%3A187%2C%22transferSize%22%3A1824%7D%2C%7B%22type%22%3A%22first-contentful-paint%22%2C%22startTime%22%3A552%2C%22duration%22%3A0%7D%5D&mh=-1056545774
IP 104.18.59.150:0
Hash 8c99886486b9a004383cb4df29011c43
d79ca4754481fc59598bc08fcdf354900918bffe
bda00b0f6892b1c6991e793b42654ad1807694e2ffabcbc4eb1399379737ef6c
GET /abc.gif?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef&iterationId=402088&masterSmartpopId=1605&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sourceId=349000&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30279&modelsLimit=6&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=6&segment=hls-newAPI&landing=WidgetV4Universal&referrer=http%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A281%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A141%2C%22duration%22%3A19%2C%22transferSize%22%3A4653%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A142%2C%22duration%22%3A37%2C%22transferSize%22%3A79470%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A522%2C%22duration%22%3A187%2C%22transferSize%22%3A1824%7D%2C%7B%22type%22%3A%22first-contentful-paint%22%2C%22startTime%22%3A552%2C%22duration%22%3A0%7D%5D&mh=-1056545774 HTTP/1.1
Host: go.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xliirdr.com/
Cookie: __cflb=02DiuDfsBaY2bRYJiCddNhqGgfsRfgxdZ2mp5U69osiya
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/gif
content-length: 103
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7a1a1beb7970b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1677764941/69492248
104.18.63.132200 OK 51 kB URL HTTP/2 img.strpst.com/thumbs/1677764941/69492248
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 620ee793929e105a30cf79f2d008693f
c1b8552542ce6e8c624e48eee18261e0733057cc
847331d270e9b4fe9dc50bc63e7f5c0c8a032084d3fbde18aa6dca04b6714439
GET /thumbs/1677764941/69492248 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xliirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/jpeg
content-length: 50558
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=52601, status=webp_bigger
etag: "3b56fd76381900158924dd00f1787305"
last-modified: Thu, 02 Mar 2023 13:49:29 GMT
cf-cache-status: HIT
age: 41
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bebdb880afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1677764941/75357674
104.18.63.132200 OK 35 kB URL HTTP/2 img.strpst.com/thumbs/1677764941/75357674
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 035a859dd9b893c6ec18fa42f3b21e4a
5a579f39daa81206ba0b640aefff32cb90450676
6b179f025828e58c637fddd0962fd81ccf84b02f5ee10731d2d6a42abb300a79
GET /thumbs/1677764941/75357674 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xliirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/jpeg
content-length: 34797
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=35771, status=webp_bigger
etag: "e3e25ef271cef6e020841823232a781f"
last-modified: Thu, 02 Mar 2023 13:49:29 GMT
cf-cache-status: HIT
age: 32
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bebdb900afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1677764941/66949709
104.18.63.132200 OK 39 kB URL HTTP/2 img.strpst.com/thumbs/1677764941/66949709
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 387ceb36ea41e5fc2bf522479e7b220f
b66e7ce765f775651ad2d46ed1f409908e24b8b8
cc9de876e28cb83f4573080dc694aae9beef43db9ad5ab6708faef95ec199978
GET /thumbs/1677764941/66949709 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xliirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/jpeg
content-length: 39415
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=40440, status=webp_bigger
etag: "d38e1e2989096c37e142dde48edb1d27"
last-modified: Thu, 02 Mar 2023 13:49:04 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bebbb670afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1677764941/91363439
104.18.63.132200 OK 46 kB URL HTTP/2 img.strpst.com/thumbs/1677764941/91363439
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash f85e9780bb4f12786a7071c4d649c70a
1517a1cf0b6abb0822e34c5961f8b7fe53b8034e
2893d3fb8b56f1acd52c61d59bad08c939d3b27a4d7bec11dd04bc3e5cf1891a
GET /thumbs/1677764941/91363439 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xliirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/jpeg
content-length: 45680
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=47388, status=webp_bigger
etag: "51bfcf9ab29ac900d063918d4b992183"
last-modified: Thu, 02 Mar 2023 13:49:29 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bebbb640afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1677764941/95872600
104.18.63.132200 OK 59 kB URL HTTP/2 img.strpst.com/thumbs/1677764941/95872600
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash c2ca4b31a4c3cfdfff0b04ba7f42ed84
c9d2c6dbe66d6ff9d33f5e80851749773a64dc3b
d7c29945e8a2f5a4d293c1602de13aeb2144138ace3892946822d8a1d537b6a4
GET /thumbs/1677764941/95872600 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xliirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: image/jpeg
content-length: 58579
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=61478, status=webp_bigger
etag: "f6811bf6dc00cddd6ad38e74582e694c"
last-modified: Thu, 02 Mar 2023 13:49:21 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bebcb780afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=xxxlongmove.gigixo.com&et=429
136.243.51.205200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=xxxlongmove.gigixo.com&et=429
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20250x150&sc=58b27ab589cd4f6fb77ba36de8de2cad&hn=xxxlongmove.gigixo.com&et=429 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:29 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
poweredby.jads.co/adshow.php?adzone=830938
185.94.237.102200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830938
IP 185.94.237.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (419), with CRLF, LF line terminators
Hash 5572e38f12b6c4e21dff6a17f013bdee
b98e006f743b63f4e68b45b4ffcda39e9141a202
29281daa50b52a97c16eecf8c1b32f3637f8904b4ab7712e33824e1a4eefdbfa
GET /adshow.php?adzone=830938 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=b7f182cc81c62aedeb635677e8101f4a; expires=Fri, 01-Mar-2024 13:50:28 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps52802=1; expires=Fri, 03-Mar-2023 13:50:28 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 03-Mar-2023 13:50:28 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Fri, 03-Mar-2023 13:50:28 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTozOntpOjE0Njc0MjI7aToxNjc4MDI0MjI4O2k6NTkyOTgxO2k6MTY3ODAyNDIyODtpOjU5Mjk4MDtpOjE2NzgwMjQyMjg7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:28 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-Mar-2023 13:50:28 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
go.xliirdr.com/config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DZNUzhYrh6VYl0M2F8UiFscgHh68zu-ma4hMPl72bk6KKJSCG_U00y6tEEggUQ-eECTRH2wDD8VJyW7ss8Q103iIN8hxfXcyr6G5tBsQ1bgX1O74_gUIDRUi%26p1%3D3761372%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D271333%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
104.18.59.150200 OK 66 kB URL HTTP/2 go.xliirdr.com/config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DZNUzhYrh6VYl0M2F8UiFscgHh68zu-ma4hMPl72bk6KKJSCG_U00y6tEEggUQ-eECTRH2wDD8VJyW7ss8Q103iIN8hxfXcyr6G5tBsQ1bgX1O74_gUIDRUi%26p1%3D3761372%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D271333%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
IP 104.18.59.150:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63161)
Hash 17b449021e3afb1fb1e495ac2ef97f7b
7594738127c8c37dead8490bdbaf48b5a27042ec
8af4955a15400f4e4a336bf82bb096d6fe048ba3fcb2fb19b35625b039d9b5ef
GET /config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DZNUzhYrh6VYl0M2F8UiFscgHh68zu-ma4hMPl72bk6KKJSCG_U00y6tEEggUQ-eECTRH2wDD8VJyW7ss8Q103iIN8hxfXcyr6G5tBsQ1bgX1O74_gUIDRUi%26p1%3D3761372%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D271333%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460 HTTP/1.1
Host: go.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xliirdr.com/
Origin: https://creative.xliirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Thu, 02 Mar 2023 13:50:29 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeRWUB3HBu9a5K9VJcb9KSKyBHKa; SameSite=None; Secure; path=/; expires=Fri, 03-Mar-23 12:50:29 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bebc9c7b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xliirdr.com/config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DiMWC7qtq5aUTCdZKmqgwmsJYaIAqS1QXhnfjBmLVvo-bqHdEOCwHoL7gXWpTmbDUVpis8aaIFC94eUotrjzWIkFL7MiwgLuHCsYHbDmC2x2NWx4_gUIDRUi%26p1%3D3761372%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D271333%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
104.18.59.150200 OK 32 kB URL HTTP/2 go.xliirdr.com/config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DiMWC7qtq5aUTCdZKmqgwmsJYaIAqS1QXhnfjBmLVvo-bqHdEOCwHoL7gXWpTmbDUVpis8aaIFC94eUotrjzWIkFL7MiwgLuHCsYHbDmC2x2NWx4_gUIDRUi%26p1%3D3761372%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D271333%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
IP 104.18.59.150:0
File type JSON data\012- , ASCII text
Hash 49e16daf79a79963b1b54dfef91f9383
12fd89fb6b79bb8d941cbae913e7db06d4c41ee2
f0407f4f88029369a3099ed7c5dac8254d3a0824b94895a345994a813081e5ac
GET /config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DiMWC7qtq5aUTCdZKmqgwmsJYaIAqS1QXhnfjBmLVvo-bqHdEOCwHoL7gXWpTmbDUVpis8aaIFC94eUotrjzWIkFL7MiwgLuHCsYHbDmC2x2NWx4_gUIDRUi%26p1%3D3761372%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D271333%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460 HTTP/1.1
Host: go.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xliirdr.com/
Origin: https://creative.xliirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Thu, 02 Mar 2023 13:50:29 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCdd1Ddb6YkKuSHYCP6zdb5vYPEy2; SameSite=None; Secure; path=/; expires=Fri, 03-Mar-23 12:50:29 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bec2a38b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUGUMGhpiINVrkiGFDRgsaMGLcECkGBo4WN2TggEGjBgwbMXKSEfFwjpg0ZBTq2CIiRsoZNXLkiAlDRJeHYeqMyUgjB5mSN2iUgXlDjI2THse0EIPDaIsxN8aUqVGVRpgcMMLwhEjGDkUcVXE8hFNHDEUZS6HCgUMxhtIZPeFM1DHjBs7GMh6OaUNYh4wbMWZohkrGDMWHYty4oZiDho3TkUW0cYOR4QwZMmDsXd06Bo2cekXUiZERDR06cOboePHizBsXeNiksSOHjBwXY960eTGnTRg5wN_AeRFDJgzAN3DYMCOmDJkc48vgmKnZY0scMzaqvV2mu4yPLstczgkXh5gxpeUQnxkz2AAfDTT8UMccCCVBRg_maTUDgjnEJkMYCIZhRhhlzdAQDDe8RUZ3YcQAYEmvxSAeDGXQIIYZY4xxYYliaFbiekt5xSIXdcDwnQ1zvFGHHGo52MN-ms3Ao48y2NBGGW2UJ4eRMOQRhRIxLGEEFGwosYYdc6ShREotFGGFGDQskQQdTCBhhR5vPGFFGC20EAUbWrBBgx5rNHGFDWjkYIQNebghBINU6FHHGkuokYMedyCRkBA1yEGEGmyccUUQRayBRxZZwBHGG0q0MYUYQphRxRJjDIGEEEq0oAcWV6QRBRpFyMFGDW7UYUQQX5xRRRJESFFFGkv-CEcMPTT2WEzJNilGHb-94cYQb7Dxhhw9lCDDDALedFO0NihnRxlCGHRGGdhqy623M5hhBoggzkWGdBlhJ0Zoz0XXxlxjhLHYFh4-JcKLC8Hggo8OiSCHHZUZ9lAddaSRkRnryRCDhmbAxNZWCMIQEg6ddXwDejGUYd5VNag8VxqViTCSC3C5QIMMLjREw1xyfAFzRjPXfHPObM1Vh1w6iNDEG3qkwQYbYbxQw8IgoFCrG_feMQcITlABglEL7wDC1TbQIDYeZYv9MEMiL5wCCEdstMYbL8RmVEopgWBEGnKUYcYbeHDXdlOSTZW0E0_Mte0XMWaE-FxsGC5CEU7YW4YdX_TNBkU13BBegTPJ5vAZo1lWAw43PHQQ5mLIsdB6ql_-RRtv7GSZeBWJ4NwbCyEmwhtC0bCXHIDnsZDwDvvd22_BDfeCvvxCJ90Lc83xcL5v0CHwti3U4UYadLQgw9RkjNGdvZIf9EX551v0L0M2eO6YTTK5LwNF8XtuA_0zlcRZ5mWYAxy-IDD8yW9_38mN7MLABoTQQSgEo4HBwiCGxejOb1Fhw0T2ErmESaY1MOiDAgIC&s=556628295688c2fefba025f290d5fcc675d5dd04aab7a0abf073457d0710f15e1677765028&w=t&r=1&d=849&priv=false
136.243.51.205200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUGUMGhpiINVrkiGFDRgsaMGLcECkGBo4WN2TggEGjBgwbMXKSEfFwjpg0ZBTq2CIiRsoZNXLkiAlDRJeHYeqMyUgjB5mSN2iUgXlDjI2THse0EIPDaIsxN8aUqVGVRpgcMMLwhEjGDkUcVXE8hFNHDEUZS6HCgUMxhtIZPeFM1DHjBs7GMh6OaUNYh4wbMWZohkrGDMWHYty4oZiDho3TkUW0cYOR4QwZMmDsXd06Bo2cekXUiZERDR06cOboePHizBsXeNiksSOHjBwXY960eTGnTRg5wN_AeRFDJgzAN3DYMCOmDJkc48vgmKnZY0scMzaqvV2mu4yPLstczgkXh5gxpeUQnxkz2AAfDTT8UMccCCVBRg_maTUDgjnEJkMYCIZhRhhlzdAQDDe8RUZ3YcQAYEmvxSAeDGXQIIYZY4xxYYliaFbiekt5xSIXdcDwnQ1zvFGHHGo52MN-ms3Ao48y2NBGGW2UJ4eRMOQRhRIxLGEEFGwosYYdc6ShREotFGGFGDQskQQdTCBhhR5vPGFFGC20EAUbWrBBgx5rNHGFDWjkYIQNebghBINU6FHHGkuokYMedyCRkBA1yEGEGmyccUUQRayBRxZZwBHGG0q0MYUYQphRxRJjDIGEEEq0oAcWV6QRBRpFyMFGDW7UYUQQX5xRRRJESFFFGkv-CEcMPTT2WEzJNilGHb-94cYQb7Dxhhw9lCDDDALedFO0NihnRxlCGHRGGdhqy623M5hhBoggzkWGdBlhJ0Zoz0XXxlxjhLHYFh4-JcKLC8Hggo8OiSCHHZUZ9lAddaSRkRnryRCDhmbAxNZWCMIQEg6ddXwDejGUYd5VNag8VxqViTCSC3C5QIMMLjREw1xyfAFzRjPXfHPObM1Vh1w6iNDEG3qkwQYbYbxQw8IgoFCrG_feMQcITlABglEL7wDC1TbQIDYeZYv9MEMiL5wCCEdstMYbL8RmVEopgWBEGnKUYcYbeHDXdlOSTZW0E0_Mte0XMWaE-FxsGC5CEU7YW4YdX_TNBkU13BBegTPJ5vAZo1lWAw43PHQQ5mLIsdB6ql_-RRtv7GSZeBWJ4NwbCyEmwhtC0bCXHIDnsZDwDvvd22_BDfeCvvxCJ90Lc83xcL5v0CHwti3U4UYadLQgw9RkjNGdvZIf9EX551v0L0M2eO6YTTK5LwNF8XtuA_0zlcRZ5mWYAxy-IDD8yW9_38mN7MLABoTQQSgEo4HBwiCGxejOb1Fhw0T2ErmESaY1MOiDAgIC&s=556628295688c2fefba025f290d5fcc675d5dd04aab7a0abf073457d0710f15e1677765028&w=t&r=1&d=849&priv=false
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUGUMGhpiINVrkiGFDRgsaMGLcECkGBo4WN2TggEGjBgwbMXKSEfFwjpg0ZBTq2CIiRsoZNXLkiAlDRJeHYeqMyUgjB5mSN2iUgXlDjI2THse0EIPDaIsxN8aUqVGVRpgcMMLwhEjGDkUcVXE8hFNHDEUZS6HCgUMxhtIZPeFM1DHjBs7GMh6OaUNYh4wbMWZohkrGDMWHYty4oZiDho3TkUW0cYOR4QwZMmDsXd06Bo2cekXUiZERDR06cOboePHizBsXeNiksSOHjBwXY960eTGnTRg5wN_AeRFDJgzAN3DYMCOmDJkc48vgmKnZY0scMzaqvV2mu4yPLstczgkXh5gxpeUQnxkz2AAfDTT8UMccCCVBRg_maTUDgjnEJkMYCIZhRhhlzdAQDDe8RUZ3YcQAYEmvxSAeDGXQIIYZY4xxYYliaFbiekt5xSIXdcDwnQ1zvFGHHGo52MN-ms3Ao48y2NBGGW2UJ4eRMOQRhRIxLGEEFGwosYYdc6ShREotFGGFGDQskQQdTCBhhR5vPGFFGC20EAUbWrBBgx5rNHGFDWjkYIQNebghBINU6FHHGkuokYMedyCRkBA1yEGEGmyccUUQRayBRxZZwBHGG0q0MYUYQphRxRJjDIGEEEq0oAcWV6QRBRpFyMFGDW7UYUQQX5xRRRJESFFFGkv-CEcMPTT2WEzJNilGHb-94cYQb7Dxhhw9lCDDDALedFO0NihnRxlCGHRGGdhqy623M5hhBoggzkWGdBlhJ0Zoz0XXxlxjhLHYFh4-JcKLC8Hggo8OiSCHHZUZ9lAddaSRkRnryRCDhmbAxNZWCMIQEg6ddXwDejGUYd5VNag8VxqViTCSC3C5QIMMLjREw1xyfAFzRjPXfHPObM1Vh1w6iNDEG3qkwQYbYbxQw8IgoFCrG_feMQcITlABglEL7wDC1TbQIDYeZYv9MEMiL5wCCEdstMYbL8RmVEopgWBEGnKUYcYbeHDXdlOSTZW0E0_Mte0XMWaE-FxsGC5CEU7YW4YdX_TNBkU13BBegTPJ5vAZo1lWAw43PHQQ5mLIsdB6ql_-RRtv7GSZeBWJ4NwbCyEmwhtC0bCXHIDnsZDwDvvd22_BDfeCvvxCJ90Lc83xcL5v0CHwti3U4UYadLQgw9RkjNGdvZIf9EX551v0L0M2eO6YTTK5LwNF8XtuA_0zlcRZ5mWYAxy-IDD8yW9_38mN7MLABoTQQSgEo4HBwiCGxejOb1Fhw0T2ErmESaY1MOiDAgIC&s=556628295688c2fefba025f290d5fcc675d5dd04aab7a0abf073457d0710f15e1677765028&w=t&r=1&d=849&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=e2c343a2-3596-411b-a36f-0d87e166e8f0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XIGHMjRo4YN8q0CIOjTI0WNMSIIdMCx0oaLWDMCEODxo0cZmLMgIFDxMM5YtKQUahji4gYMHTWyJHjhgwYIro8DFNnTMYbNcbYxLG0RcEcImnAyDFmZA4YJ83sHENmRo4ZMnDIoOETIhk7FHHQyIHjIZw6YijKaDoVDhyKHt_-hDNRx4wbNnQ6fTimzWEdMjrO2DyVjBmKD8W4cUMxBw0bqGU8bOMGI0O4T_2ydh2DRowYfUXUiZERDR06cOboePHizBsXeNiksSOHjBwXY960eTGnTRg5wN_AeREjLozBN3DYMCOmDJkc48vgwCFzp0qeM8qMGVPGdpnuMsSE4Vkm8-2zLo1h2ltlqGUDDjPU9EMdcyCUBBk9mEdDGQnu9ZQMNNEQhhkk6dQQDDeEkQMZ3YURg4A2yAAXbjbAUJ8YZsyHoYlibGbiek2J0WIZXNQBw3c2zPFGHXLQ92AP_m02Q48_ymBDG2W0UZ4cR8JAwxCGTcHSGOKpEYURNdQxhRVKKJHFE1FAUUMUTwxxhxEINeHGDUu4IVeaVsQgBRt4UKGiGkggkcMQQkQxQwtQ0IEGTF_gEAQOUMxghhpzTBEEG3_VgQQMVCxxBR43NBHDEDAgkYYWR8BhZ0pmfDEGFmq4IUMVSDABR0JfnFFFEkRIUUUaTAIJRww9PBbZYzIE66QYdfz2hhtDvMHGG3L0UIKKb8HQog3K2qCcHWUIYdAZZUQ7bbXXSmoGiCDWRYZ0GWGnkhvPRddGXWOE0dgWM8QglQgwLgSDCz86JIIcdlzm0UN11JFGRv2NkeBMMrQww1I2oHSbGCPNMF5MZOAQUgyoqbduXWlcJsJHLpzlAg0yuNAQXQ_J8UXKGbHsMswy10CzbmFk1MQbeqTBBhthvFADwSCgcEUabrx7xxwgOEEFCEgRvAMIT7thAw1b4_H11ggzhBbBKYBwhHxrvPHCU0gllRQIRqQhR4Fv4MHd2VBRZpUOIjjxRF3Uuvp34IM_xMbhRTjhbhl2fHE3GxTVcEN4HrMHQ81nkIZZDSI_dFDkYsix0HqiQ_5FG2-QsVBckYkuxxsLzfDQG0TR4NfseOSxkO4HF9jbb8EN94K8otUr3Qt1zYFwvG_QoS-1LdThRhp0oESDC2SM0Z27hx_0RfffW3QvQzZcDlkN3-VGRxsyUJT-5TawH1dtNnQmeRlzwPGFvvJTX_3a9xDVhYENCKEDUfhFg3-FQQyNEcFBOFQHNkzEL4sTGGVcA4M-KCAg&s=f05e0141e313e8493612e204231e6a519c411513fbac651adf55ca1ce9cbcefd1677765028&w=t&r=1&d=576&priv=false
136.243.51.205200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XIGHMjRo4YN8q0CIOjTI0WNMSIIdMCx0oaLWDMCEODxo0cZmLMgIFDxMM5YtKQUahji4gYMHTWyJHjhgwYIro8DFNnTMYbNcbYxLG0RcEcImnAyDFmZA4YJ83sHENmRo4ZMnDIoOETIhk7FHHQyIHjIZw6YijKaDoVDhyKHt_-hDNRx4wbNnQ6fTimzWEdMjrO2DyVjBmKD8W4cUMxBw0bqGU8bOMGI0O4T_2ydh2DRowYfUXUiZERDR06cOboePHizBsXeNiksSOHjBwXY960eTGnTRg5wN_AeREjLozBN3DYMCOmDJkc48vgwCFzp0qeM8qMGVPGdpnuMsSE4Vkm8-2zLo1h2ltlqGUDDjPU9EMdcyCUBBk9mEdDGQnu9ZQMNNEQhhkk6dQQDDeEkQMZ3YURg4A2yAAXbjbAUJ8YZsyHoYlibGbiek2J0WIZXNQBw3c2zPFGHXLQ92AP_m02Q48_ymBDG2W0UZ4cR8JAwxCGTcHSGOKpEYURNdQxhRVKKJHFE1FAUUMUTwxxhxEINeHGDUu4IVeaVsQgBRt4UKGiGkggkcMQQkQxQwtQ0IEGTF_gEAQOUMxghhpzTBEEG3_VgQQMVCxxBR43NBHDEDAgkYYWR8BhZ0pmfDEGFmq4IUMVSDABR0JfnFFFEkRIUUUaTAIJRww9PBbZYzIE66QYdfz2hhtDvMHGG3L0UIKKb8HQog3K2qCcHWUIYdAZZUQ7bbXXSmoGiCDWRYZ0GWGnkhvPRddGXWOE0dgWM8QglQgwLgSDCz86JIIcdlzm0UN11JFGRv2NkeBMMrQww1I2oHSbGCPNMF5MZOAQUgyoqbduXWlcJsJHLpzlAg0yuNAQXQ_J8UXKGbHsMswy10CzbmFk1MQbeqTBBhthvFADwSCgcEUabrx7xxwgOEEFCEgRvAMIT7thAw1b4_H11ggzhBbBKYBwhHxrvPHCU0gllRQIRqQhR4Fv4MHd2VBRZpUOIjjxRF3Uuvp34IM_xMbhRTjhbhl2fHE3GxTVcEN4HrMHQ81nkIZZDSI_dFDkYsix0HqiQ_5FG2-QsVBckYkuxxsLzfDQG0TR4NfseOSxkO4HF9jbb8EN94K8otUr3Qt1zYFwvG_QoS-1LdThRhp0oESDC2SM0Z27hx_0RfffW3QvQzZcDlkN3-VGRxsyUJT-5TawH1dtNnQmeRlzwPGFvvJTX_3a9xDVhYENCKEDUfhFg3-FQQyNEcFBOFQHNkzEL4sTGGVcA4M-KCAg&s=f05e0141e313e8493612e204231e6a519c411513fbac651adf55ca1ce9cbcefd1677765028&w=t&r=1&d=576&priv=false
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XIGHMjRo4YN8q0CIOjTI0WNMSIIdMCx0oaLWDMCEODxo0cZmLMgIFDxMM5YtKQUahji4gYMHTWyJHjhgwYIro8DFNnTMYbNcbYxLG0RcEcImnAyDFmZA4YJ83sHENmRo4ZMnDIoOETIhk7FHHQyIHjIZw6YijKaDoVDhyKHt_-hDNRx4wbNnQ6fTimzWEdMjrO2DyVjBmKD8W4cUMxBw0bqGU8bOMGI0O4T_2ydh2DRowYfUXUiZERDR06cOboePHizBsXeNiksSOHjBwXY960eTGnTRg5wN_AeREjLozBN3DYMCOmDJkc48vgwCFzp0qeM8qMGVPGdpnuMsSE4Vkm8-2zLo1h2ltlqGUDDjPU9EMdcyCUBBk9mEdDGQnu9ZQMNNEQhhkk6dQQDDeEkQMZ3YURg4A2yAAXbjbAUJ8YZsyHoYlibGbiek2J0WIZXNQBw3c2zPFGHXLQ92AP_m02Q48_ymBDG2W0UZ4cR8JAwxCGTcHSGOKpEYURNdQxhRVKKJHFE1FAUUMUTwxxhxEINeHGDUu4IVeaVsQgBRt4UKGiGkggkcMQQkQxQwtQ0IEGTF_gEAQOUMxghhpzTBEEG3_VgQQMVCxxBR43NBHDEDAgkYYWR8BhZ0pmfDEGFmq4IUMVSDABR0JfnFFFEkRIUUUaTAIJRww9PBbZYzIE66QYdfz2hhtDvMHGG3L0UIKKb8HQog3K2qCcHWUIYdAZZUQ7bbXXSmoGiCDWRYZ0GWGnkhvPRddGXWOE0dgWM8QglQgwLgSDCz86JIIcdlzm0UN11JFGRv2NkeBMMrQww1I2oHSbGCPNMF5MZOAQUgyoqbduXWlcJsJHLpzlAg0yuNAQXQ_J8UXKGbHsMswy10CzbmFk1MQbeqTBBhthvFADwSCgcEUabrx7xxwgOEEFCEgRvAMIT7thAw1b4_H11ggzhBbBKYBwhHxrvPHCU0gllRQIRqQhR4Fv4MHd2VBRZpUOIjjxRF3Uuvp34IM_xMbhRTjhbhl2fHE3GxTVcEN4HrMHQ81nkIZZDSI_dFDkYsix0HqiQ_5FG2-QsVBckYkuxxsLzfDQG0TR4NfseOSxkO4HF9jbb8EN94K8otUr3Qt1zYFwvG_QoS-1LdThRhp0oESDC2SM0Z27hx_0RfffW3QvQzZcDlkN3-VGRxsyUJT-5TawH1dtNnQmeRlzwPGFvvJTX_3a9xDVhYENCKEDUfhFg3-FQQyNEcFBOFQHNkzEL4sTGGVcA4M-KCAg&s=f05e0141e313e8493612e204231e6a519c411513fbac651adf55ca1ce9cbcefd1677765028&w=t&r=1&d=576&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=e2c343a2-3596-411b-a36f-0d87e166e8f0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
45.133.44.24200 OK 391 B URL HTTP/2 12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 18be7c35751aead7e793103f27bc4ccd
32d328e67b94fe85dd2c2d2ec0b27784337f2efb
7a82fde7afb24b945f8fa1272cf0bd901b6490c3587992f851d0130b42fbfaa4
GET /a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags= HTTP/1.1
Host: 12007250.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:29 GMT
content-type: text/html; charset=UTF-8
last-modified: Wed, 20 May 2020 13:08:32 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kPbh%2FxCBFmqEl08sHdhmlQ8kGoKeNgQaVze7ntoBEo2qNrgXVpW3elJAI17KNteq5d6NvFL069Y0WSQ0f6%2FS2pN0FLqJTjFFuc9XJFrl%2FPFDMc6qn%2BLSJT7gbHq8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 752345a2c96dcab1-HAM
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 02 Mar 2023 14:50:29 GMT
cache-control: max-age=3600
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
i.jads.co/network/user500/22340-1505050866.jpg
69.16.175.10200 OK 95 kB URL HTTP/1.1 i.jads.co/network/user500/22340-1505050866.jpg
IP 69.16.175.10:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x600, components 3\012- data
Hash 8747f3a714da73b9c7df64d9f3b22811
aa3844b7d6c0d66e4e01b5ea5be883624821caa1
4a0b3b26c25ea6006a00c75ebd284082dc90c0fbb088d530d5dc5818d790a0e9
GET /network/user500/22340-1505050866.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://poweredby.jads.co/
HTTP/1.1 200 OK
Date: Thu, 02 Mar 2023 13:50:30 GMT
Connection: Keep-Alive
ETag: "1505050866"
Cache-Control: max-age=2940687
Content-Length: 94590
Content-Type: image/jpeg
Last-Modified: Sun, 10 Sep 2017 13:41:06 GMT
Accept-Ranges: bytes
X-HW: 1677765029.dop021.sk1.t,1677765030.cds251.sk1.c
ads.realsrv.com/ads.js
185.76.9.14200 OK 930 B IP 185.76.9.14:0
ASN #60068 Datacamp Limited
Hash de4a3a8f79396d81dea263b4fe995f5a
7626f161d0c2d0b59d050150b37635818ac0a6bc
80c9c62f5c998baddfdbe7dbab8c68300b578602bd86308ffc235b089011caf9
GET /ads.js HTTP/1.1
Host: ads.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:30 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"f4fddb85b686269b678e3caf766"
expires: Thu, 02 Mar 2023 13:44:55 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1677775794
server: CDN77-Turbo
x-77-nzt: AblMCQ1+33f/JAAAAA
x-77-nzt-ray: c0a4cc285a52d72da6a90064de406b05
x-cache: HIT
x-age: 36
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1225.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2896&ck=0&s=e73cbc4e48625b93&ref=https://chaturbate.com/embed/oxxme/&ap=92&be=1086&fe=1164&dc=697&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1677765026436,%22n%22:0,%22f%22:439,%22dn%22:439,%22dne%22:439,%22c%22:439,%22s%22:439,%22ce%22:439,%22rq%22:445,%22rp%22:700,%22rpe%22:706,%22dl%22:959,%22di%22:1666,%22ds%22:1783,%22de%22:1787,%22dc%22:2246,%22l%22:2246,%22le%22:2256%7D,%22navigation%22:%7B%7D%7D&fcp=1912&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAcIVAhTBVQNAwMCBlcAABh2Yi0TFUMhJTshCU0XAwlXHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFl4ZSVQETUFIQRFValFeEkUbW0AADAISTEdbUBVUFwINDkZPREpcTVQ%2BWF1DWFJIQRVQQVxuBV5UAAsNRllEWl1YRRRDWwAWBkoACVQXFRMTVEgUBxAQPA5WRk0TWxNaCQMXEREEWEFcHwJeVENOQQYRCU5GXEM%2BWF1DWEEGVQQOAlsDAxwBVlBWSVdVCFcUUAQJD0xUUlYFB1oACAJZBwpDTkEWBgBcR1xDQwsbCRYXFFlJFlJWHwRQWwgGEEoACVQaGx1DQ1wQFwYXFzlUUE1ZDlUbW0AkITdEFRdJSBVZVg89FQERFVBaVxNbEwpPVUFIQRNYal1UF1haBD0FBQ4PVUwbC0N%2BTQkHEUZPRExUZlUER1ACBzwQGhZcFwMTBVRKChYMFEFKG0BYbg5CZgcDDg0PHxsPG2YIX10OFRBGT0RMVGZeEm5PBBAQDQwIGw8bAFETFUMXAjsBFFZCSlQTbl8ADwoIGkQDF39YE1RfDhpBSEETWGpbQw5GSgQQPBIGFEpcVl9DCxtQUlZKU0QVF0xQPkJNEwsNA0FcG3hWSwhdVQBNVkpTRhFiUF8FXk4SQi0wQ1cJGwkKQWZQD1RXX0MeDwECERNHA1BSVkpTTxlyXFIKXhZTUlJUU1cJBBl3CENcBw0bS1JWDBsJE00TXggWPAcMC1RcTRNbE1hXVQZRVFMOVg9XUBMVQxICFgILShcDExptGwsNCgo8CU9QS10ASGVDWEM4QVdlFxURPRNNDhcROEFcGWkbVTVcCT1AT0Q/RFpUVEEAWF4PPkFeQzobZAtSM2RlQ05DOEECUEZYUw1UZhINFgoHOhsPGW1DAGVDTkM4QQtWV1BdBGNcBQsRAQASZRcDET0TWBQWDDhBShlpG1QMU1wFPRUNBwNWalZfDUhlQ1hDOEFXZRcVET0TUAU%2BQV5DOhsHRQBXBQBWWh9VUlUBBA1ND15FWFZWUVAaDQUAAVEBDVIeVlJUUw0BCk1QTQkdVlUYVlYKBQ1NTR0VTU4fUB9WRQVFAE0HFVNWH1QfVkVQV01QTQBQTFpUTVILGwgEVU0JHVNVU1RRDwAJA1dtGxxAT0YAB1RqTVAGEwNDEhYGDw9aFxUTAl5VDhA8CQwCXBcDEw1YXgkWDgsHAxsZG0MOXlQ%2BERcFFxNKFwMTDVhPBEAeGQ%3D%3D&jsonp=NREUM.setToken
162.247.243.29200 OK 49 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1225.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2896&ck=0&s=e73cbc4e48625b93&ref=https://chaturbate.com/embed/oxxme/&ap=92&be=1086&fe=1164&dc=697&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1677765026436,%22n%22:0,%22f%22:439,%22dn%22:439,%22dne%22:439,%22c%22:439,%22s%22:439,%22ce%22:439,%22rq%22:445,%22rp%22:700,%22rpe%22:706,%22dl%22:959,%22di%22:1666,%22ds%22:1783,%22de%22:1787,%22dc%22:2246,%22l%22:2246,%22le%22:2256%7D,%22navigation%22:%7B%7D%7D&fcp=1912&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAcIVAhTBVQNAwMCBlcAABh2Yi0TFUMhJTshCU0XAwlXHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFl4ZSVQETUFIQRFValFeEkUbW0AADAISTEdbUBVUFwINDkZPREpcTVQ%2BWF1DWFJIQRVQQVxuBV5UAAsNRllEWl1YRRRDWwAWBkoACVQXFRMTVEgUBxAQPA5WRk0TWxNaCQMXEREEWEFcHwJeVENOQQYRCU5GXEM%2BWF1DWEEGVQQOAlsDAxwBVlBWSVdVCFcUUAQJD0xUUlYFB1oACAJZBwpDTkEWBgBcR1xDQwsbCRYXFFlJFlJWHwRQWwgGEEoACVQaGx1DQ1wQFwYXFzlUUE1ZDlUbW0AkITdEFRdJSBVZVg89FQERFVBaVxNbEwpPVUFIQRNYal1UF1haBD0FBQ4PVUwbC0N%2BTQkHEUZPRExUZlUER1ACBzwQGhZcFwMTBVRKChYMFEFKG0BYbg5CZgcDDg0PHxsPG2YIX10OFRBGT0RMVGZeEm5PBBAQDQwIGw8bAFETFUMXAjsBFFZCSlQTbl8ADwoIGkQDF39YE1RfDhpBSEETWGpbQw5GSgQQPBIGFEpcVl9DCxtQUlZKU0QVF0xQPkJNEwsNA0FcG3hWSwhdVQBNVkpTRhFiUF8FXk4SQi0wQ1cJGwkKQWZQD1RXX0MeDwECERNHA1BSVkpTTxlyXFIKXhZTUlJUU1cJBBl3CENcBw0bS1JWDBsJE00TXggWPAcMC1RcTRNbE1hXVQZRVFMOVg9XUBMVQxICFgILShcDExptGwsNCgo8CU9QS10ASGVDWEM4QVdlFxURPRNNDhcROEFcGWkbVTVcCT1AT0Q/RFpUVEEAWF4PPkFeQzobZAtSM2RlQ05DOEECUEZYUw1UZhINFgoHOhsPGW1DAGVDTkM4QQtWV1BdBGNcBQsRAQASZRcDET0TWBQWDDhBShlpG1QMU1wFPRUNBwNWalZfDUhlQ1hDOEFXZRcVET0TUAU%2BQV5DOhsHRQBXBQBWWh9VUlUBBA1ND15FWFZWUVAaDQUAAVEBDVIeVlJUUw0BCk1QTQkdVlUYVlYKBQ1NTR0VTU4fUB9WRQVFAE0HFVNWH1QfVkVQV01QTQBQTFpUTVILGwgEVU0JHVNVU1RRDwAJA1dtGxxAT0YAB1RqTVAGEwNDEhYGDw9aFxUTAl5VDhA8CQwCXBcDEw1YXgkWDgsHAxsZG0MOXlQ%2BERcFFxNKFwMTDVhPBEAeGQ%3D%3D&jsonp=NREUM.setToken
IP 162.247.243.29:0
File type ASCII text, with no line terminators
Hash ada33e5b8877e743ff658bf4bfa1867c
5a78662243dac43c0ee48bcb7e05a536b84c2e38
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
GET /1/6f524845d1?a=24279235&v=1225.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2896&ck=0&s=e73cbc4e48625b93&ref=https://chaturbate.com/embed/oxxme/&ap=92&be=1086&fe=1164&dc=697&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1677765026436,%22n%22:0,%22f%22:439,%22dn%22:439,%22dne%22:439,%22c%22:439,%22s%22:439,%22ce%22:439,%22rq%22:445,%22rp%22:700,%22rpe%22:706,%22dl%22:959,%22di%22:1666,%22ds%22:1783,%22de%22:1787,%22dc%22:2246,%22l%22:2246,%22le%22:2256%7D,%22navigation%22:%7B%7D%7D&fcp=1912&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVAcIVAhTBVQNAwMCBlcAABh2Yi0TFUMhJTshCU0XAwlXHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFl4ZSVQETUFIQRFValFeEkUbW0AADAISTEdbUBVUFwINDkZPREpcTVQ%2BWF1DWFJIQRVQQVxuBV5UAAsNRllEWl1YRRRDWwAWBkoACVQXFRMTVEgUBxAQPA5WRk0TWxNaCQMXEREEWEFcHwJeVENOQQYRCU5GXEM%2BWF1DWEEGVQQOAlsDAxwBVlBWSVdVCFcUUAQJD0xUUlYFB1oACAJZBwpDTkEWBgBcR1xDQwsbCRYXFFlJFlJWHwRQWwgGEEoACVQaGx1DQ1wQFwYXFzlUUE1ZDlUbW0AkITdEFRdJSBVZVg89FQERFVBaVxNbEwpPVUFIQRNYal1UF1haBD0FBQ4PVUwbC0N%2BTQkHEUZPRExUZlUER1ACBzwQGhZcFwMTBVRKChYMFEFKG0BYbg5CZgcDDg0PHxsPG2YIX10OFRBGT0RMVGZeEm5PBBAQDQwIGw8bAFETFUMXAjsBFFZCSlQTbl8ADwoIGkQDF39YE1RfDhpBSEETWGpbQw5GSgQQPBIGFEpcVl9DCxtQUlZKU0QVF0xQPkJNEwsNA0FcG3hWSwhdVQBNVkpTRhFiUF8FXk4SQi0wQ1cJGwkKQWZQD1RXX0MeDwECERNHA1BSVkpTTxlyXFIKXhZTUlJUU1cJBBl3CENcBw0bS1JWDBsJE00TXggWPAcMC1RcTRNbE1hXVQZRVFMOVg9XUBMVQxICFgILShcDExptGwsNCgo8CU9QS10ASGVDWEM4QVdlFxURPRNNDhcROEFcGWkbVTVcCT1AT0Q/RFpUVEEAWF4PPkFeQzobZAtSM2RlQ05DOEECUEZYUw1UZhINFgoHOhsPGW1DAGVDTkM4QQtWV1BdBGNcBQsRAQASZRcDET0TWBQWDDhBShlpG1QMU1wFPRUNBwNWalZfDUhlQ1hDOEFXZRcVET0TUAU%2BQV5DOhsHRQBXBQBWWh9VUlUBBA1ND15FWFZWUVAaDQUAAVEBDVIeVlJUUw0BCk1QTQkdVlUYVlYKBQ1NTR0VTU4fUB9WRQVFAE0HFVNWH1QfVkVQV01QTQBQTFpUTVILGwgEVU0JHVNVU1RRDwAJA1dtGxxAT0YAB1RqTVAGEwNDEhYGDw9aFxUTAl5VDhA8CQwCXBcDEw1YXgkWDgsHAxsZG0MOXlQ%2BERcFFxNKFwMTDVhPBEAeGQ%3D%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 49
date: Thu, 02 Mar 2023 13:50:30 GMT
content-type: text/javascript
cross-origin-resource-policy: cross-origin
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: *
x-served-by: cache-bma1674-BMA
syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1677765029432&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.248200 OK 52 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1677765029432&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with no line terminators
Hash c3743cf5e9e53705dc66056f1a34f6ec
740253d7fe753ab9b7d71e1832fd1af41c0677c1
c184a4ce5928e23f286176d3c76a8d5c12c67a8957554c92fb144b1cdd2fb17c
GET /ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1677765029432&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:30 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226400a9a62f81c2.605018651321525421%22%3B%7D; expires=Sat, 01 Mar 2025 13:50:30 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.36246659101440093
131.153.88.93200 OK 30 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.36246659101440093
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 46a7291ecbd802f32647235ff130c02d
a9e38fbcfb083cbf3c66682f34030c06e44dafe9
3057e8bc323898d28475d021cef0d985937956b28a1b784f7153c8c9cf39ef32
GET /stream?room=mashayang&f=0.36246659101440093 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:30 GMT
content-type: image/jpeg
content-length: 29550
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=oxxme&f=0.36523299979056423
131.153.88.93200 OK 33 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=oxxme&f=0.36523299979056423
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
Hash 4c1343294774841bdf9002a1cc50736b
227e417b8f971899b9238d2a80ed706a480cd9ff
13c368ebe92ba0fc07638710578eaedbe5962d3c9d40f5a5e7dcf19dbb82eae9
GET /stream?room=oxxme&f=0.36523299979056423 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:30 GMT
content-type: image/jpeg
content-length: 32202
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.9743748563696539
131.153.88.93200 OK 30 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.9743748563696539
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 2df4de1110a319fddcd17c22f8d3b002
71073e4a58a37521a38f3ebf635db8cd6ac3a919
9b272570ab438f58a1a4c1442b365d77a1f54ddd8d70c5dc420ef0266ebab8f6
GET /stream?room=mashayang&f=0.9743748563696539 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:30 GMT
content-type: image/jpeg
content-length: 29481
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0WYyRFDxhgzYWa0uFEGR40WNGiMudECh40xMlrYwEFjhhgyMA6S2Sni4Rwxacgo1LFFRAwYMWbUyJHjhgwYIro8DFNnTEYZZJ6aEdNR5hikKHGSaSFmho2xOFaWuZGDhgwxIXP0hEjGDkWaOXA8hFNHDEUZTafCgUMxBtMZPuFMZHjDRlKnD8e0IaxDxo2kMxDTNUPxoRg3bii2tUFaxsM2bjDqSCrj6V7UqmPQiBFDr4g6MTKioUMHzhwdL16ceeMCD5s0duSQkeNizJs2L-a0CSOn9xs4LzrigAH4hsutZcjksGGm5PbMMMSIgYFjRpkxY8rMLtPxbRj2ZSzTzsFezJi2ObhnhlntpfRDHXMglAQZPYRHQxkzpJTDUzKEkVIYIOGQVAw1wHBDGDmQ0VEYMfxngwwzyFCbDTDIJ4YZ8FVIYlkzkIgDDk2JwWIZXNQBA3c2zPFGHXLEt2AP-mU2Q48_ymBDG2W0IYaCDK6xxhtGUFGEG1VEYYMcS6xhgxI1EFGDFVIkYQMNLZgBwxhCEOGWGHKIsYYZdtAgxBJFIIEEHEfQUUQbeEgxRwxSfBFEHE7IUYYbVIyhRhZmXDEFFEkYsQYZWMxhhxZ04KBFFXk0AcWLMRwxhxl_GiFFHU9A0YQVONyxRg5PtIGEG3Gw0UIQa3xxRhVJECFFFWkwCSQcMfQwQ2OPyaCsk2LUwdsbbgzxBhtvyNFDCSgGCAOLNkxrw3F2lCGEQWeUoS233oI7gxlu3uDhXGQ8l1F16rnBnHNtzDVGGItt0ZBUIry4EAwu_FjDQ3LYQZlhD9VRRxoZ5TdGhDXGpNR4KNEmRgshkddCTjiQFANpJbk5VxqUicCRC_y54JYLHNIwlxxfwJzRzDXfnPNcdYSRURNv6JEGG2yE8UINDYOAwhVpuJHvHXOA4AQVIBzV8A4gUO3GmmDjQTYIEa8GA9QwpADCEe9d-cJTRyGFFAhGpOGoGW_gkd3aDQtslQ4iOPHEXN1-AV9Ghs_FxuAiFOEEvmXY8YWjbFBUww3eEfgjxGeEVlkNKT90kOV0LnSj6ZV_0cYbZCwkg0sVLffGQpq9MRQNe8nRdx4L8S7C3rrx5htwL_D72b_PvTDXHBHv-wYdBHfbQh1upEHHyTe4QMYYHeEL-UFffB_-Q3QEvJoNnDfWIWDotyEDRexzbsP7HG03FRmXlzEHHF8gGP3adz_u5OAhrQsDGxBCh6EYjAYIC4MYFiOCg4CkDmyYyF4et7DIqAYGfVBAQAA%3D&s=5581a58fa5532b1bfdf5877dbeef8464db96cb234ddf2835797d34d8c8db54ce1677765029&w=t&r=1&d=821&priv=false
136.243.51.205200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0WYyRFDxhgzYWa0uFEGR40WNGiMudECh40xMlrYwEFjhhgyMA6S2Sni4Rwxacgo1LFFRAwYMWbUyJHjhgwYIro8DFNnTEYZZJ6aEdNR5hikKHGSaSFmho2xOFaWuZGDhgwxIXP0hEjGDkWaOXA8hFNHDEUZTafCgUMxBtMZPuFMZHjDRlKnD8e0IaxDxo2kMxDTNUPxoRg3bii2tUFaxsM2bjDqSCrj6V7UqmPQiBFDr4g6MTKioUMHzhwdL16ceeMCD5s0duSQkeNizJs2L-a0CSOn9xs4LzrigAH4hsutZcjksGGm5PbMMMSIgYFjRpkxY8rMLtPxbRj2ZSzTzsFezJi2ObhnhlntpfRDHXMglAQZPYRHQxkzpJTDUzKEkVIYIOGQVAw1wHBDGDmQ0VEYMfxngwwzyFCbDTDIJ4YZ8FVIYlkzkIgDDk2JwWIZXNQBA3c2zPFGHXLEt2AP-mU2Q48_ymBDG2W0IYaCDK6xxhtGUFGEG1VEYYMcS6xhgxI1EFGDFVIkYQMNLZgBwxhCEOGWGHKIsYYZdtAgxBJFIIEEHEfQUUQbeEgxRwxSfBFEHE7IUYYbVIyhRhZmXDEFFEkYsQYZWMxhhxZ04KBFFXk0AcWLMRwxhxl_GiFFHU9A0YQVONyxRg5PtIGEG3Gw0UIQa3xxRhVJECFFFWkwCSQcMfQwQ2OPyaCsk2LUwdsbbgzxBhtvyNFDCSgGCAOLNkxrw3F2lCGEQWeUoS233oI7gxlu3uDhXGQ8l1F16rnBnHNtzDVGGItt0ZBUIry4EAwu_FjDQ3LYQZlhD9VRRxoZ5TdGhDXGpNR4KNEmRgshkddCTjiQFANpJbk5VxqUicCRC_y54JYLHNIwlxxfwJzRzDXfnPNcdYSRURNv6JEGG2yE8UINDYOAwhVpuJHvHXOA4AQVIBzV8A4gUO3GmmDjQTYIEa8GA9QwpADCEe9d-cJTRyGFFAhGpOGoGW_gkd3aDQtslQ4iOPHEXN1-AV9Ghs_FxuAiFOEEvmXY8YWjbFBUww3eEfgjxGeEVlkNKT90kOV0LnSj6ZV_0cYbZCwkg0sVLffGQpq9MRQNe8nRdx4L8S7C3rrx5htwL_D72b_PvTDXHBHv-wYdBHfbQh1upEHHyTe4QMYYHeEL-UFffB_-Q3QEvJoNnDfWIWDotyEDRexzbsP7HG03FRmXlzEHHF8gGP3adz_u5OAhrQsDGxBCh6EYjAYIC4MYFiOCg4CkDmyYyF4et7DIqAYGfVBAQAA%3D&s=5581a58fa5532b1bfdf5877dbeef8464db96cb234ddf2835797d34d8c8db54ce1677765029&w=t&r=1&d=821&priv=false
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0WYyRFDxhgzYWa0uFEGR40WNGiMudECh40xMlrYwEFjhhgyMA6S2Sni4Rwxacgo1LFFRAwYMWbUyJHjhgwYIro8DFNnTEYZZJ6aEdNR5hikKHGSaSFmho2xOFaWuZGDhgwxIXP0hEjGDkWaOXA8hFNHDEUZTafCgUMxBtMZPuFMZHjDRlKnD8e0IaxDxo2kMxDTNUPxoRg3bii2tUFaxsM2bjDqSCrj6V7UqmPQiBFDr4g6MTKioUMHzhwdL16ceeMCD5s0duSQkeNizJs2L-a0CSOn9xs4LzrigAH4hsutZcjksGGm5PbMMMSIgYFjRpkxY8rMLtPxbRj2ZSzTzsFezJi2ObhnhlntpfRDHXMglAQZPYRHQxkzpJTDUzKEkVIYIOGQVAw1wHBDGDmQ0VEYMfxngwwzyFCbDTDIJ4YZ8FVIYlkzkIgDDk2JwWIZXNQBA3c2zPFGHXLEt2AP-mU2Q48_ymBDG2W0IYaCDK6xxhtGUFGEG1VEYYMcS6xhgxI1EFGDFVIkYQMNLZgBwxhCEOGWGHKIsYYZdtAgxBJFIIEEHEfQUUQbeEgxRwxSfBFEHE7IUYYbVIyhRhZmXDEFFEkYsQYZWMxhhxZ04KBFFXk0AcWLMRwxhxl_GiFFHU9A0YQVONyxRg5PtIGEG3Gw0UIQa3xxRhVJECFFFWkwCSQcMfQwQ2OPyaCsk2LUwdsbbgzxBhtvyNFDCSgGCAOLNkxrw3F2lCGEQWeUoS233oI7gxlu3uDhXGQ8l1F16rnBnHNtzDVGGItt0ZBUIry4EAwu_FjDQ3LYQZlhD9VRRxoZ5TdGhDXGpNR4KNEmRgshkddCTjiQFANpJbk5VxqUicCRC_y54JYLHNIwlxxfwJzRzDXfnPNcdYSRURNv6JEGG2yE8UINDYOAwhVpuJHvHXOA4AQVIBzV8A4gUO3GmmDjQTYIEa8GA9QwpADCEe9d-cJTRyGFFAhGpOGoGW_gkd3aDQtslQ4iOPHEXN1-AV9Ghs_FxuAiFOEEvmXY8YWjbFBUww3eEfgjxGeEVlkNKT90kOV0LnSj6ZV_0cYbZCwkg0sVLffGQpq9MRQNe8nRdx4L8S7C3rrx5htwL_D72b_PvTDXHBHv-wYdBHfbQh1upEHHyTe4QMYYHeEL-UFffB_-Q3QEvJoNnDfWIWDotyEDRexzbsP7HG03FRmXlzEHHF8gGP3adz_u5OAhrQsDGxBCh6EYjAYIC4MYFiOCg4CkDmyYyF4et7DIqAYGfVBAQAA%3D&s=5581a58fa5532b1bfdf5877dbeef8464db96cb234ddf2835797d34d8c8db54ce1677765029&w=t&r=1&d=821&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=e2c343a2-3596-411b-a36f-0d87e166e8f0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:30 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
go.xliirdr.com/config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DnDYIQkVZHj4hbd__uZFEOgQ1m1YXGYHTIO5910t3XCn1yJN18onkfKmAP6Nvp89CktTqM3uSHR5dt3cfihp35N_mwhx9Eo1XHOz6KJVxRP1vt_I_gUIDRUi%26p1%3D3761372%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D271333%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
104.18.59.150200 OK 32 kB URL HTTP/2 go.xliirdr.com/config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DnDYIQkVZHj4hbd__uZFEOgQ1m1YXGYHTIO5910t3XCn1yJN18onkfKmAP6Nvp89CktTqM3uSHR5dt3cfihp35N_mwhx9Eo1XHOz6KJVxRP1vt_I_gUIDRUi%26p1%3D3761372%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D271333%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460
IP 104.18.59.150:0
File type JSON data\012- , ASCII text
Hash 4943e000e71146b9e2a4ec2b0d683df8
7ada79dfd79d141dd5df01227e8429085031e0a7
8be9a7229b95cd5aaebad59784079da8304d4592aae3f75058e4ab3a1f756d83
GET /config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3D2f2cf8c271b310e6a7160563a0f1ee432fa665a116dc0c291a081b2515848ba9%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D1%26hideTitleOnSmallSpots%3D1%26iterationId%3D30231%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D0%26memberId%3DnDYIQkVZHj4hbd__uZFEOgQ1m1YXGYHTIO5910t3XCn1yJN18onkfKmAP6Nvp89CktTqM3uSHR5dt3cfihp35N_mwhx9Eo1XHOz6KJVxRP1vt_I_gUIDRUi%26p1%3D3761372%26ruleId%3D0%26showButton%3D1%26showModelName%3D1%26showTitle%3D%26smartpopId%3D1548%26sourceId%3D271333%26thumbSizeKey%3Dbig%26trackOff%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D22460 HTTP/1.1
Host: go.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xliirdr.com/
Origin: https://creative.xliirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:30 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Thu, 02 Mar 2023 13:50:30 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCddNhqGgfsRfgxdZ7CjCfU3ZVhv4; SameSite=None; Secure; path=/; expires=Fri, 03-Mar-23 12:50:30 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bef5d5bb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6d68e05c6661e407f8a6e3db7efe681f
ea0a471452338f602fc4a2e97cdc59f62c49e7cd
66cb009ee6a46d33c6f22f8cc582edd2c02e0839a95dd5c55d9cd2bf1ab9dd7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66CB009EE6A46D33C6F22F8CC582EDD2C02E0839A95DD5C55D9CD2BF1AB9DD7F"
Last-Modified: Wed, 01 Mar 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6662
Expires: Thu, 02 Mar 2023 15:41:32 GMT
Date: Thu, 02 Mar 2023 13:50:30 GMT
Connection: keep-alive
cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.5187015396896151
131.153.88.93200 OK 30 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=mashayang&f=0.5187015396896151
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash ca4b061f568b2939e9d64ced4e4fd688
5c661bddae604e2853ef42445fedd462032cd22d
b042ddf1783accf034b8c86d1afea05ecb1bb8b96231a561a4429c9c20dee1de
GET /stream?room=mashayang&f=0.5187015396896151 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:30 GMT
content-type: image/jpeg
content-length: 30433
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=oxxme&f=0.6612964437916967
131.153.88.93200 OK 33 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=oxxme&f=0.6612964437916967
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
Hash 263bfbd67af0e8c1a4578884655c0eef
269af551ab78564ede1f484e1a7343ad8d7730fc
9e47dc3105428b371fcf6e512ed2dc6d78810cfd56f7d0e46642833db88d48ab
GET /stream?room=oxxme&f=0.6612964437916967 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=9S5FE722boy9ZLYDHlvT6ZBDGRaM4PtmQNx9L10c5ew-1677765024669-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:30 GMT
content-type: image/jpeg
content-length: 32350
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
104.18.10.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
IP 104.18.10.207:0
GET /bootstrap/3.3.6/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:23 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"c5b5b2fa19bd66ff23211d9f844e0131"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 08/20/2022 02:30:10
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: d65cb3b6809354990f25b13767602306
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7a1a1bc21c8bb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/chatembed-prod-a67e5757c6f1.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/chatembed-prod-a67e5757c6f1.js
IP 104.16.94.42:0
GET /cachebust/chatembed-prod-a67e5757c6f1.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=1003931
etag: W/"9f754b1a21baf72d261481bc9d896039"
last-modified: Thu, 02 Mar 2023 06:29:59 GMT
x-amz-id-2: t/Zi4zRzyRyo5X6ovxpHxH30ggxfKh+FvVJv/7Nz5q8ZGe1oYWH8mBHucBkmyuCBeGeAOfoNHzE=
x-amz-meta-s3cmd-attrs: md5:9f754b1a21baf72d261481bc9d896039
x-amz-request-id: 37XA00911TFX1FHY
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 26212
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRrokFoLKxqvDrDhghYIIEM5RnJxmwpBd3NpT0UhqlawhHiqQ82X0kgZqUFS4JekeYWUf6qu0Rl9YoxpL5lqhsogWVOU0kYgjQ9sbh82BP8HW2qTdDkbWYYMFtfogGURIbOMUfyG%2F68ZdzSZaUELGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=MhJOUn0X0PmK9xKx4s7Wd1P86OYKsudqQtBEcSDFmk4-1677765024673-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc29b3fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xxxlongmove.gigixo.com/cdn-v3/xo-data/am1/947.jpg
139.99.56.17200 OK 0 B URL HTTP/1.1 xxxlongmove.gigixo.com/cdn-v3/xo-data/am1/947.jpg
IP 139.99.56.17:0
GET /cdn-v3/xo-data/am1/947.jpg HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Cookie: _subid=s8hnpa26cca7; 61f26=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNjc3NzY1MTE2fSxcImNhbXBhaWduc1wiOntcIjRcIjoxNjc3NzY1MTE2fSxcInRpbWVcIjoxNjc3NzY1MTE2fSJ9.4XbLCjmULp4RBknefdb2C3UcfN4KZZEUaY9Ewst_gHA; _token=uuid_s8hnpa26cca7_s8hnpa26cca76400aa002b2bd7.22047397
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 13:50:29 GMT
Content-Type: image/jpeg
Content-Length: 45537
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "1f65ca841c577b297b6d3eabf1a6f409"
Last-Modified: Sat, 17 Dec 2022 21:46:03 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Replication-Status: COMPLETED
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-version-id: 5496f061-6d69-4144-b782-53d2f3283830
X-CDN-Backend: cdn-v3-wrench
X-CDN: cdn-v3
alt-svc: h2=":443"; ma=60
X-Cache-Status: REVALIDATED, MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
bngpt.com/promo.php?c=688955&subid=2|159344|449252|no|112022|40568593|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|1677765024&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192200 OK 0 B URL HTTP/2 bngpt.com/promo.php?c=688955&subid=2|159344|449252|no|112022|40568593|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|1677765024&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
GET /promo.php?c=688955&subid=2|159344|449252|no|112022|40568593|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|1677765024&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Thu, 02 Mar 2023 13:50:23 GMT
x-bcs: ded7384
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 105
X-Firefox-Spdy: h2
go.xliirdr.com/thumbs/view
104.18.59.150200 OK 0 B URL HTTP/2 go.xliirdr.com/thumbs/view
IP 104.18.59.150:0
POST /thumbs/view HTTP/1.1
Host: go.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xliirdr.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://creative.xliirdr.com
Content-Length: 398
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:30 GMT
content-type: application/json
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatF3AufymZVAq5v; SameSite=None; Secure; path=/; expires=Fri, 03-Mar-23 12:50:30 GMT; HttpOnly
server: cloudflare
cf-ray: 7a1a1befcdd9b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xliirdr.com/widgets/v4/Universal/main.23a2bbd5e9cbce2acc40.css
104.18.59.150200 OK 0 B URL HTTP/2 creative.xliirdr.com/widgets/v4/Universal/main.23a2bbd5e9cbce2acc40.css
IP 104.18.59.150:0
GET /widgets/v4/Universal/main.23a2bbd5e9cbce2acc40.css HTTP/1.1
Host: creative.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xliirdr.com/widgets/v4/Universal?campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=f2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef&iterationId=402088&masterSmartpopId=1605&memberId=DA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sortBy=stripRanking&sourceId=349000&tag=men%2C-men&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=30279
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:23 GMT
content-type: text/css
last-modified: Thu, 02 Mar 2023 12:47:26 GMT
etag: W/"64009ade-3417"
expires: Thu, 02 Mar 2023 13:50:25 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 7
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bc72c8db50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xliirdr.com/config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FcampaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3Df2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef%26iterationId%3D402088%26masterSmartpopId%3D1605%26memberId%3DDA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi%26p1%3D3684770%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sortBy%3DstripRanking%26sourceId%3D349000%26tag%3Dmen%252C-men%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D30279
104.18.59.150200 OK 0 B URL HTTP/2 go.xliirdr.com/config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FcampaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3Df2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef%26iterationId%3D402088%26masterSmartpopId%3D1605%26memberId%3DDA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi%26p1%3D3684770%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sortBy%3DstripRanking%26sourceId%3D349000%26tag%3Dmen%252C-men%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D30279
IP 104.18.59.150:0
GET /config?url=https%3A%2F%2Fcreative.xliirdr.com%2Fwidgets%2Fv4%2FUniversal%3FcampaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3Df2c37d3ce0a9e8b72a9075d80280d06c1a27d44568b390936e99ecdc546eecef%26iterationId%3D402088%26masterSmartpopId%3D1605%26memberId%3DDA2KqOGqqk-XU6Rdytf3A4dqxV_XhAtgiyl1C3xCgWa-v7lDryfOcSMhVEEW6_SYF6KWxoFGTYO6a9TNYmZiT6CaYM1FPHXGz9EPcrCKXUb8tU6G_gUIDRUi%26p1%3D3684770%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sortBy%3DstripRanking%26sourceId%3D349000%26tag%3Dmen%252C-men%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D30279 HTTP/1.1
Host: go.xliirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xliirdr.com/
Origin: https://creative.xliirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Thu, 02 Mar 2023 13:50:24 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeS4Kkib9dpHBnha84mPbK3aHEXN; SameSite=None; Secure; path=/; expires=Fri, 03-Mar-23 12:50:24 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a1bc82d68b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765027&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
94.199.255.192200 OK 0 B URL HTTP/2 bngpt.com/promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765027&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP 94.199.255.192:0
ASN #48684 Viking Host B.V.
GET /promo.php?c=688955&subid=2|159343|113814|no|112022|40568594|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|1677765027&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:50:28 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Thu, 02 Mar 2023 13:50:27 GMT
x-bcs: ded7724
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 105
X-Firefox-Spdy: h2
xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914524a1c0c07000a4a070b094b054b2f2e295522535221262e3b3c233e2354350a2c2c36134b5454544b50575c4b5355544b5356523b555454544a030d02
139.99.56.17200 0 B URL HTTP/1.1 xxxlongmove.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914524a1c0c07000a4a070b094b054b2f2e295522535221262e3b3c233e2354350a2c2c36134b5454544b50575c4b5355544b5356523b555454544a030d02
IP 139.99.56.17:0
GET /viewImage3?data=0c101014175e4b4b100c1109064914524a1c0c07000a4a070b094b054b2f2e295522535221262e3b3c233e2354350a2c2c36134b5454544b50575c4b5355544b5356523b555454544a030d02 HTTP/1.1
Host: xxxlongmove.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
HTTP/1.1 200
Server: nginx
Date: Thu, 02 Mar 2023 13:50:26 GMT
Content-Length: 7160675
Connection: keep-alive
Cache-Control: max-age=31418383
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
104.18.10.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
IP 104.18.10.207:0
GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xxxlongmove.gigixo.com
Connection: keep-alive
Referer: http://xxxlongmove.gigixo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:23 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"2f624089c65f12185e79925bc5a7fc42"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 11/18/2022 06:18:39
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 755
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: cecdc82095246acc2a8c38a842b08567
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7a1a1bc1fc75b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/topembed/female/?join_overlay=1&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1
104.18.100.40302 Found 0 B URL HTTP/2 chaturbate.com/topembed/female/?join_overlay=1&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1
IP 104.18.100.40:0
GET /topembed/female/?join_overlay=1&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Cookie: __cf_bm=LJomrqXHXLPoW6Im5NfTmvoqjfVFSwgTHQ_n46utOic-1677765023-0-AbvlM4k1OMk6txR8sW2jUg00L1eE7VrPNJ5N17iMgw+QMzrwupElVUG8imHnxEIMvO1vSGqJ35Vpd7cq4PHMBH8=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: text/html; charset=utf-8
location: /embed/mashayang/?join_overlay=1&tour=6o0b&campaign=NDSC3&disable_sound=1&mobileRedirect=auto&embed_video_only=1
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
set-cookie: affkey=eJyrVipSslJQyigpKbDS1y8prsxLyUxOLEnVS87P1VeqBQChAAp5; Domain=.chaturbate.com; expires=Sat, 01 Apr 2023 13:50:24 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrfde5299a-3403-4dd2-ac99-ffeea06319f1:1pXjKC:MVgWuVgDrUQBQHyvwtwXXiu4iGc; Domain=.chaturbate.com; expires=Tue, 25 Nov 2025 13:50:24 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7a1a1bc738e2b521-OSL
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
IP 104.16.94.42:0
GET /CACHE/js/output.bc85e791cb2f.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:50:24 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=202270
etag: W/"7d90e856406997eee24123ea8a61c92d"
last-modified: Fri, 10 Sep 2021 01:29:44 GMT
x-amz-id-2: HJqgrzmpP8NIgQA+YW8wx4YmDeOFkE860/zZrYgEfEOOhSRenFjn4mxx7ChaQYvyWjZAxImMIY8=
x-amz-meta-s3cmd-attrs: md5:7d90e856406997eee24123ea8a61c92d
x-amz-request-id: EVKN10SQAKNB8VZG
cf-cache-status: HIT
age: 2470595
expires: Sat, 01 Apr 2023 13:50:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUyyAiYzQVqbA2g7tUBKIy6fhEiU1uT%2BX%2Fn7GQFGdC9bRT%2BJvz0QAyn0LySI%2BijOUUA4ZdD9wQi8trQuROZDRgAU0AWoGDyFD4L%2BtR6rdsASVKM087Tz4j3VhKKphHvnRhScl2zH2zNLbiJarPPPnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=m0jDS20PeEVMtYIYhxf3u3yIzZ1dT64suCSXrpcEA0Y-1677765024670-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a1a1bcc19b2fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2