www.xxxfiles.com/videos/227642/af993d72d39971480a1f0d85bcc06647/?sid=12320
172.67.194.240301 Moved Permanently 0 B URL HTTP/1.1 www.xxxfiles.com/videos/227642/af993d72d39971480a1f0d85bcc06647/?sid=12320
IP 172.67.194.240:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /videos/227642/af993d72d39971480a1f0d85bcc06647/?sid=12320 HTTP/1.1
Host: www.xxxfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 03 Feb 2023 01:33:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 03 Feb 2023 02:33:33 GMT
Location: https://www.xxxfiles.com/videos/227642/af993d72d39971480a1f0d85bcc06647/?sid=12320
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M3TvaNZyRsaIOGAi6rrK6kb2bnLsMV1bg4heS6YxJpm0E2pNImF%2FVtmHCEF8OfU3JdEIj1OeMcD%2BgX%2FbQnV5g4Qh30UkxHlm8JIV2INaRKpiJopbtUnk%2BqFVajxGajbgI5ug"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79376b493f2bb4f3-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6541
Expires: Fri, 03 Feb 2023 03:22:34 GMT
Date: Fri, 03 Feb 2023 01:33:33 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ec47f9eed203ae063b9c210009de54a9
19ff156471b9cffbc2432c5b65543bdd18e36271
3974208ce1840f6c9467287b7e220379ed881d76db64939f411dbc500c103d48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3974208CE1840F6C9467287B7E220379ED881D76DB64939F411DBC500C103D48"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16539
Expires: Fri, 03 Feb 2023 06:09:12 GMT
Date: Fri, 03 Feb 2023 01:33:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 00:36:08 GMT
content-type: application/json
age: 3445
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10088
Expires: Fri, 03 Feb 2023 04:21:41 GMT
Date: Fri, 03 Feb 2023 01:33:33 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: sa6sJBMXBvg8huu/JwzOvmSjrbgAafQlOvgUxh5Ud36K2TfTfWN7j4WvaEROzD3/x1zUVY/2CqM=
x-amz-request-id: N6GBKQSPK843RY3R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 01:23:20 GMT
age: 613
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e58bcc41193585d198c782f30ac3cdf9
dd1dedb524cf49524f316721bf819fdbc72c3cac
0486ebf4d3483e376f5a856657068c021ed15ff3d40467c7fed03c96038d3a1c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=110015
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:33 GMT
Etag: "63db6f2c-117"
Expires: Sat, 04 Feb 2023 08:07:08 GMT
Last-Modified: Thu, 02 Feb 2023 08:07:08 GMT
Server: nginx
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:33 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 00:49:05 GMT
age: 2668
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4356
Expires: Fri, 03 Feb 2023 02:46:09 GMT
Date: Fri, 03 Feb 2023 01:33:33 GMT
Connection: keep-alive
push.services.mozilla.com/
52.43.253.52101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.253.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GMDGRGOj0/+cq97r7u+h7w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3FgHv+k3cQ2wZ4kYtpkiTp6Q8Ko=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4801
Expires: Fri, 03 Feb 2023 02:53:36 GMT
Date: Fri, 03 Feb 2023 01:33:35 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4801
Expires: Fri, 03 Feb 2023 02:53:36 GMT
Date: Fri, 03 Feb 2023 01:33:35 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4801
Expires: Fri, 03 Feb 2023 02:53:36 GMT
Date: Fri, 03 Feb 2023 01:33:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feed96488-989b-49ab-8eef-5c9dea89a5ca.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feed96488-989b-49ab-8eef-5c9dea89a5ca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5314f1087266189144982b464f4aa7a6
438b5a17b9060f6825331348aa3797ab1c15895d
fb7d5ec834d28c99f6430703c002c24a9caf50b7701a369cbd69e51576f1e73c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feed96488-989b-49ab-8eef-5c9dea89a5ca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5898
x-amzn-requestid: 50d6181d-6804-48ab-bc38-9fcaf4da1bc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fZALWF5IIAMFv5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d37a48-2e2e53124ce2f9eb31290ec4;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:16:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9Jus6UYlOGiDdqLBxJ387FMtEAST6THfW-oz6gjgFzKzchCdwUCcvQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 04:00:11 GMT
etag: "438b5a17b9060f6825331348aa3797ab1c15895d"
content-type: image/jpeg
age: 77604
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02b3a6ce-4c58-4537-b381-4408c9d874e0.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02b3a6ce-4c58-4537-b381-4408c9d874e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d6ea028ef77181355868bb36e11a7b88
158bbc1deaf9becfab7a022140881c7cdfa569ba
639d95e5e0d47333b64456d10fdf58a6b08fc0534bdbefd0fbf1f95a3114aae2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02b3a6ce-4c58-4537-b381-4408c9d874e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13256
x-amzn-requestid: 80e76cde-e3b4-4561-9dd5-41ed978b5179
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpc79HgtoAMFnxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63da0eb2-79750d82126858473cdaab70;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 07:03:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: M8V4C2TS29wrxVDbhXjneMEOx7lAfv9vVklCosiY5gZLas-MaVuO5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 07:29:10 GMT
age: 65065
etag: "158bbc1deaf9becfab7a022140881c7cdfa569ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 13534
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02123eef9faa8560ff66b058d4e13a28
decf26282993d7f0b14cf4112d14fa39c97fa89f
28889ff20f1b2fe0b73f8f97e6569f1d68d77fe436eeb47cc06ee4f0822ff239
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9130
x-amzn-requestid: 09ad3fbb-1e71-4455-82df-6e59f65239a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuxiYEkqIAMFVZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2fa8-1dca116e4317f9bd14f6d45a;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:48:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _Bc2svrG-wX63DK9RPUyjh-n6AHVHaQe3QRmEL27L-amwCH2I_f_9g==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:38 GMT
age: 12957
etag: "decf26282993d7f0b14cf4112d14fa39c97fa89f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d005c4-44bd-4c69-b179-e966a5e62bc4.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d005c4-44bd-4c69-b179-e966a5e62bc4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 08efac01fbe2d2949d81cfa427e8f360
e354cd76c38a72a10eddad9298b43415f8f04ed1
a5edf287aefdfb2f4c33d19b322b2574553fc9f5646f147359a3dcf8c1d75cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d005c4-44bd-4c69-b179-e966a5e62bc4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7700
x-amzn-requestid: 11dd2ef1-f809-4a95-aeef-361cfa745eea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYyFIHUVIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d363ba-7841e2a6249f0e5d7aa91c8d;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 05:40:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gYmuJEgMngPXgeLlAQfRoP-EtCgH--hkvSt6OPTUlYXxetmf5zAtVg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 13534
etag: "e354cd76c38a72a10eddad9298b43415f8f04ed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fc553a8677d9c0bf4835a0c29a7345c
ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8
e821faf86e44f2b9c9d5bd8cd3575c0a99acfc58774077034c413e345a7c0c0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7451
x-amzn-requestid: d671a7f1-56f3-42c4-825a-46b327c11c84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ftSoIHQ7oAMFYpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db97cd-0699ddd77f1402cd1cc03081;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 11:00:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cma6U9Vdmt5kH-BOhhrC1JW4cetPEBibEt7eSJCZHSVssE017jc66Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 13534
etag: "ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e58bcc41193585d198c782f30ac3cdf9
dd1dedb524cf49524f316721bf819fdbc72c3cac
0486ebf4d3483e376f5a856657068c021ed15ff3d40467c7fed03c96038d3a1c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4
Cache-Control: max-age=110015
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:37 GMT
Etag: "63db6f2c-117"
Expires: Sat, 04 Feb 2023 08:07:12 GMT
Last-Modified: Thu, 02 Feb 2023 08:07:08 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.css
104.17.24.14200 OK 256 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.css
IP 104.17.24.14:0
Hash 098110bd3ec60e725e6ac659dec292f3
2079d41c25bec276e4dcd4dcbc3c2cdd5c8cad25
13a4726b6560cb70580a6535e9b165bf3c0a447ea054c844043668d1e2ef5e6e
GET /ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: text/css; charset=utf-8
content-length: 256
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04020-36a"
last-modified: Mon, 04 May 2020 16:17:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 614268
expires: Wed, 24 Jan 2024 01:33:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0w%2BmnUA6vPnjtc203TYGgicUYrfG4rXH%2BvVBV3bIEAqDGJqjW3vJCny4V%2BN5mvIldH%2FNhn4Mtk9Rn5nJRqPSFKjkrQNSuLmLrSYF41RlKKDhiNgAMXJ3XIrqdrsQCVhNwbgVgZ05"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79376b65ce0d0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.js
104.17.24.14200 OK 1.7 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.js
IP 104.17.24.14:0
Hash 25262966b8186937356da73b4437077e
119334d19971c98dbb41ed0a074df6f9ee76414c
550053ac2111a284edfc27b8c6ed672dea9d9ae72e389e555620e1ab53e3fd78
GET /ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 1675
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04020-18dd"
last-modified: Mon, 04 May 2020 16:17:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 14024556
expires: Wed, 24 Jan 2024 01:33:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cbAkXG3cF8RCf9AGKDqIv4gNcJQhTEv657IMN6kcnNx0kpD43A0ptKu0MnZbYXQ%2BI%2FhO3UUEfXa%2F9M8933YIwsowCYofAPN1LQarUtoGzZnOv5VMdFoFbbcc1XUP2FMbgtE2JXLb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79376b65ee180b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/silvermine-videojs-quality-selector@1.1.2/dist/css/quality-selector.min.css
151.101.129.229200 OK 373 B URL HTTP/2 cdn.jsdelivr.net/npm/silvermine-videojs-quality-selector@1.1.2/dist/css/quality-selector.min.css
IP 151.101.129.229:0
File type ASCII text, with very long lines (449)
Hash 713a835376f717af04161e5edb84afd5
c98e5c3b2ed59274a3a53d4c0f5e77a826c7c64a
df0337185e5b8cec5027e548fd4d3b7230ffb0f9783ba4cd2dd72058a3ec2c86
GET /npm/silvermine-videojs-quality-selector@1.1.2/dist/css/quality-selector.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.1.2
x-jsd-version-type: version
etag: W/"299-rLWKZXMtTX2vbGY6rnhXUEYaKx8"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 01:33:37 GMT
age: 5510417
x-served-by: cache-fra-eddf8230050-FRA, cache-bma1637-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 373
X-Firefox-Spdy: h2
vjs.zencdn.net/7.5.5/video-js.css
151.101.66.217200 OK 10 kB URL HTTP/2 vjs.zencdn.net/7.5.5/video-js.css
IP 151.101.66.217:0
File type ASCII text, with very long lines (5636)
Hash 63ef1aa5ef8f1bb4fcb8019a9ad157cd
9cbb2b320cce447d40e3af5118042587263158d5
d5b5c765198056aece9fbee1b43a9873a8a6e0fe6a954f48d001bc030e106146
GET /7.5.5/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 13 Jun 2019 18:18:21 GMT
etag: "29daa9b197765c0111b16939ce1264a9"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Fri, 03 Feb 2023 01:33:37 GMT
x-served-by: cache-bma1672-BMA
x-cache: HIT
x-cache-hits: 2208
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10533
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
151.101.129.229200 OK 1.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
IP 151.101.129.229:0
File type ASCII text, with very long lines (1619)
Hash 0216b1edd2fa7ad9cfa258108fd95af4
39c12f744959428d391ab0593dcc69295e63fd18
ae34cfdf4075a9766062b578ca857f1b10e53ea9979d87769b37bc388daf1138
GET /npm/js-cookie@2/src/js.cookie.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.2.1
x-jsd-version-type: version
etag: W/"79f-7pVBzxqV0qiF+LFDoQXKqgjKnJ0"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 01:33:37 GMT
age: 25769
x-served-by: cache-fra-eddf8230059-FRA, cache-bma1637-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1062
X-Firefox-Spdy: h2
vjs.zencdn.net/7.5.5/video.js
151.101.66.217200 OK 425 kB URL HTTP/2 vjs.zencdn.net/7.5.5/video.js
IP 151.101.66.217:0
File type ASCII text, with very long lines (320)
Size 425 kB (425400 bytes)
Hash 27d95d95415e0e0c9998b88556837a98
be3f6b4f9eabec23d020293080c0398ddeb1b282
acebe3bf6d9fea91719845f6e0ab65ca822188593d68c478276df7d18390498a
GET /7.5.5/video.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 13 Jun 2019 18:18:22 GMT
etag: "865887bf5b49dc505cb0268884734c12"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Fri, 03 Feb 2023 01:33:37 GMT
x-served-by: cache-bma1672-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 425400
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash e10a5f5b880974184fc02eb5c7ce1714
35020ffdbe2d4d1a2fecf1deac4ef429bebafe70
08015e88fe5ee6cb147b53efe2f99e4c1b550af57d75fca4678e409ccc159e54
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 01:33:37 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "C5000F447B47E5EB9098D3C66ED7543791C54EC0"
Expires: Fri, 03 Feb 2023 12:00:00 GMT
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2008
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79376b66ff8b0b69-OSL
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 471 B IP 142.250.74.99:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d1nubxdgom3wqt.cloudfront.net/?xbund=831295
143.204.42.190200 OK 99 kB URL HTTP/2 d1nubxdgom3wqt.cloudfront.net/?xbund=831295
IP 143.204.42.190:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash eee73feb0b2dca65e74775a0cc994429
e4627e522787a450ac9f3a10306cd7ea01e65773
f5fd3cade725a08ef14cc1f4585d6aca1165a32093d54d3d2420f3d154a94a83
GET /?xbund=831295 HTTP/1.1
Host: d1nubxdgom3wqt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 98977
date: Fri, 03 Feb 2023 01:33:37 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8bq5pWmSV930oI_kfFhK4hS9bYXykHtMe4gd6zQMWLkeuYhbYrpktA==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 471 B IP 142.250.74.99:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 358298
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 471 B IP 142.250.74.99:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 471 B IP 142.250.74.99:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 217472
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/settings/377391
135.181.208.216200 OK 16 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/settings/377391
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 7e02f5e35df09790c1b8e623103c5416
96dee2d7dfc3a1fa0bac2f8175477325ccd84e1f
bd164058a44554806f44fd30beb48183de754eb8bfe24e86901e9bde2ce3d2a0
GET /api/settings/377391 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 471 B IP 142.250.74.99:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
142.250.74.99200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
IP 142.250.74.99:0
Hash bb996bfb8a858ecd05a2428121b1837b
f038902eb9d1ffe474531280ec3be1b5a74bb579
3258a8c2ea7f9d4a779c6c9df530ea3fa47ffe2b74a5395a390080cb22493702
POST /s/gts1p5/QJ2XgEbwD7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hatwasallo.com/MVRmemtQNgUXVFBpBFweQzhbX1l3cVQ8DwA6ExgTVTMJF1hGJRJUCF07Ex4NQzsIDkVfMRJfWXcwK0o9cwAhKDp6PV4LPAE3FTAzdzcnMjlLMDA/PX0uLxAoWhpSOS9aEwUQHGYWNRJSdy1TCy50Pw4cI0kXPgM6Rx9XET14F14MPGAeDDMoVhMiFC1fGyQoCH06ERcvdxFUNi9CEzMTMks1Djw4VBcRECNdOxY2OAAWJyslAQ0KKzxVZyARLgA7FDA4fAA3PSlLMicKI2gcKEI9YBoUGTxdDAUtKUsyJDQKemcCTjpgFS4gIwQBNUklADUwHhNoHEs0U3c/MB0IVmUwO1hzIgA/W2YwVT8ZcAInDydcODEeM1UsACw6dTAuPFJgBSBLIUgBMSwCfCEoPy5zFVU4U2QGV0sxSzg8OwwXPhUVBUFpLw8JcC0xMyd/Bgk
54.230.111.62200 OK 1.2 kB URL HTTP/2 hatwasallo.com/MVRmemtQNgUXVFBpBFweQzhbX1l3cVQ8DwA6ExgTVTMJF1hGJRJUCF07Ex4NQzsIDkVfMRJfWXcwK0o9cwAhKDp6PV4LPAE3FTAzdzcnMjlLMDA/PX0uLxAoWhpSOS9aEwUQHGYWNRJSdy1TCy50Pw4cI0kXPgM6Rx9XET14F14MPGAeDDMoVhMiFC1fGyQoCH06ERcvdxFUNi9CEzMTMks1Djw4VBcRECNdOxY2OAAWJyslAQ0KKzxVZyARLgA7FDA4fAA3PSlLMicKI2gcKEI9YBoUGTxdDAUtKUsyJDQKemcCTjpgFS4gIwQBNUklADUwHhNoHEs0U3c/MB0IVmUwO1hzIgA/W2YwVT8ZcAInDydcODEeM1UsACw6dTAuPFJgBSBLIUgBMSwCfCEoPy5zFVU4U2QGV0sxSzg8OwwXPhUVBUFpLw8JcC0xMyd/Bgk
IP 54.230.111.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Hash 08b1176bd198012a7456465463a8985a
f7347a86fb2ff15088dbaf7cfecb13b1b45e8552
a8b4ebd9df00e769c1ab74ee77bb61aae7baf12f869a8ca08affb5009f05627d
GET /MVRmemtQNgUXVFBpBFweQzhbX1l3cVQ8DwA6ExgTVTMJF1hGJRJUCF07Ex4NQzsIDkVfMRJfWXcwK0o9cwAhKDp6PV4LPAE3FTAzdzcnMjlLMDA/PX0uLxAoWhpSOS9aEwUQHGYWNRJSdy1TCy50Pw4cI0kXPgM6Rx9XET14F14MPGAeDDMoVhMiFC1fGyQoCH06ERcvdxFUNi9CEzMTMks1Djw4VBcRECNdOxY2OAAWJyslAQ0KKzxVZyARLgA7FDA4fAA3PSlLMicKI2gcKEI9YBoUGTxdDAUtKUsyJDQKemcCTjpgFS4gIwQBNUklADUwHhNoHEs0U3c/MB0IVmUwO1hzIgA/W2YwVT8ZcAInDydcODEeM1UsACw6dTAuPFJgBSBLIUgBMSwCfCEoPy5zFVU4U2QGV0sxSzg8OwwXPhUVBUFpLw8JcC0xMyd/Bgk HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1194
date: Fri, 03 Feb 2023 01:33:38 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: X_PhIDILppfvDiuldjz1O4UbyORn5jGudfOiKIOSS9hA-lr8DbCyAA==
X-Firefox-Spdy: h2
hatwasallo.com/MERKdGlRJikZVlF5KFIcQih3UVt2YXgyDQEqPxYRVCMlGVpHNT5aClwrPxAPQiskAEdeIT5RW3YWHyIZXx4wJRB+FRM2KkkRMDAvXwoQMyNUEj0+Wn0GOT0+WQIkNjsECggwWXoSDS0/dxJzNjhzN29GK2YSKSc5ZDcNNShcdxoDMHUHHTZRcxUEIwt3cQUxWWFheDYkZhEZIwNlYXgyLVdxKzotBQsPGD9DCj0XDWgQekYqZQ0NMlsJAxwML1olITU4aBByUVtyBjI2IVQDIi0qZQZ6FS9YEwg8UEEQHCZbVAMiLSx2dG9GL1ICMjcrSApvRi9nKC45MwJxBCIhanQrMkRXEhsaO0APHC0sagwYLT1YAiAVDggHHA4GARAcIhBpdjouP0cWLRUFXAcIGSwIBRgiO34+HyU4Vx0SFVhYFw0ZLwgMHBsvFi45GwdAeScNUGUjK0c7dAd9
54.230.111.62200 OK 1.2 kB URL HTTP/2 hatwasallo.com/MERKdGlRJikZVlF5KFIcQih3UVt2YXgyDQEqPxYRVCMlGVpHNT5aClwrPxAPQiskAEdeIT5RW3YWHyIZXx4wJRB+FRM2KkkRMDAvXwoQMyNUEj0+Wn0GOT0+WQIkNjsECggwWXoSDS0/dxJzNjhzN29GK2YSKSc5ZDcNNShcdxoDMHUHHTZRcxUEIwt3cQUxWWFheDYkZhEZIwNlYXgyLVdxKzotBQsPGD9DCj0XDWgQekYqZQ0NMlsJAxwML1olITU4aBByUVtyBjI2IVQDIi0qZQZ6FS9YEwg8UEEQHCZbVAMiLSx2dG9GL1ICMjcrSApvRi9nKC45MwJxBCIhanQrMkRXEhsaO0APHC0sagwYLT1YAiAVDggHHA4GARAcIhBpdjouP0cWLRUFXAcIGSwIBRgiO34+HyU4Vx0SFVhYFw0ZLwgMHBsvFi45GwdAeScNUGUjK0c7dAd9
IP 54.230.111.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3038), with no line terminators
Hash 12833f138d79d90509dce8fe3aa3b41a
93bd85e85c3f85ef937aea3ee990e623b47792d5
6e1dce3abd92cc3174db18e74b7ddc57dfc5b289c538d8c6b3a0c0f86f0af983
GET /MERKdGlRJikZVlF5KFIcQih3UVt2YXgyDQEqPxYRVCMlGVpHNT5aClwrPxAPQiskAEdeIT5RW3YWHyIZXx4wJRB+FRM2KkkRMDAvXwoQMyNUEj0+Wn0GOT0+WQIkNjsECggwWXoSDS0/dxJzNjhzN29GK2YSKSc5ZDcNNShcdxoDMHUHHTZRcxUEIwt3cQUxWWFheDYkZhEZIwNlYXgyLVdxKzotBQsPGD9DCj0XDWgQekYqZQ0NMlsJAxwML1olITU4aBByUVtyBjI2IVQDIi0qZQZ6FS9YEwg8UEEQHCZbVAMiLSx2dG9GL1ICMjcrSApvRi9nKC45MwJxBCIhanQrMkRXEhsaO0APHC0sagwYLT1YAiAVDggHHA4GARAcIhBpdjouP0cWLRUFXAcIGSwIBRgiO34+HyU4Vx0SFVhYFw0ZLwgMHBsvFi45GwdAeScNUGUjK0c7dAd9 HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1188
date: Fri, 03 Feb 2023 01:33:38 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6eJ2itKpsVqVsbyDB-vFPpiY5vZW_GslZ76opAOVbV0p4BEhJlwnlg==
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/329587?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.5 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/329587?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash b1415413091b3747d485924e3b58ae36
e8eb816328eb46ddf3999d7514eaefc282cb3098
2fb69da8e7e40bc14e6c5e51c30b872d89407b1dd527ca6fcd014ea9d6f82cd9
GET /api/spots/329587?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=ijOdr9lgOEmJLc6xiCGG; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/329591?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.5 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/329591?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash 7caed9dec40e1439eb179d6eec168cfb
462f8097cdc5b9407640522c57accf322c2ef2c7
1a2abf6ff6289e37259f97287a9c2bae5f8c9a5895d8361ebe81c8f758aa5c42
GET /api/spots/329591?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
142.250.74.99200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
IP 142.250.74.99:0
Hash bb996bfb8a858ecd05a2428121b1837b
f038902eb9d1ffe474531280ec3be1b5a74bb579
3258a8c2ea7f9d4a779c6c9df530ea3fa47ffe2b74a5395a390080cb22493702
POST /s/gts1p5/QJ2XgEbwD7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hegdcrxavrtk.cdnvideo3.com/api/click/15961020229662720095?c=90
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/click/15961020229662720095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/15961020229662720095?c=90 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/api/spots/329584?p=1&s1=%subid1%&kw=
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:38 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 16e1d2a076a7ce529d7206e1a11b7df6
e25825370d0676b6cfd71d3f5c462872b1ee48e1
7f3e2a31fc6844c9eac49ca627b86e73fca8413e47a291646e60f1cc5483ecbd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7F3E2A31FC6844C9EAC49CA627B86E73FCA8413E47A291646E60F1CC5483ECBD"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 03 Feb 2023 07:33:38 GMT
Date: Fri, 03 Feb 2023 01:33:38 GMT
Connection: keep-alive
lehebraverooper.xyz/QzA2ZG9sD1UXUhVcWhEOcwVABTkraVMJCzFnBxxKcXJUCS0bZwVcSTdZUllWdggDVFllQF8AUnACEBcbIkRDF1JxAAZTSSpeUAtScRZAWV9tCRhVQXMWQ1leZURGBQh+ARAUGzdcC1VZdAUFXFdzBABdXHE
104.21.68.94204 No Content 0 B URL HTTP/2 lehebraverooper.xyz/QzA2ZG9sD1UXUhVcWhEOcwVABTkraVMJCzFnBxxKcXJUCS0bZwVcSTdZUllWdggDVFllQF8AUnACEBcbIkRDF1JxAAZTSSpeUAtScRZAWV9tCRhVQXMWQ1leZURGBQh+ARAUGzdcC1VZdAUFXFdzBABdXHE
IP 104.21.68.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QzA2ZG9sD1UXUhVcWhEOcwVABTkraVMJCzFnBxxKcXJUCS0bZwVcSTdZUllWdggDVFllQF8AUnACEBcbIkRDF1JxAAZTSSpeUAtScRZAWV9tCRhVQXMWQ1leZURGBQh+ARAUGzdcC1VZdAUFXFdzBABdXHE HTTP/1.1
Host: lehebraverooper.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 01:33:38 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OXIDG6n0i%2BbGu%2FoCQ4YQwjheaD%2FqmwqKD4UCojmEY7GX7bL4%2B4opxJpJvOtRtulvaSB1hL1mm1kZ0%2F4WloAXTyQDdxWHi1tTSC4ybMMwm%2BXb6enxRbikBskl1h1AoYMcLj9xxiXU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79376b6aa8e5b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
142.250.74.99200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
IP 142.250.74.99:0
Hash bb996bfb8a858ecd05a2428121b1837b
f038902eb9d1ffe474531280ec3be1b5a74bb579
3258a8c2ea7f9d4a779c6c9df530ea3fa47ffe2b74a5395a390080cb22493702
POST /s/gts1p5/QJ2XgEbwD7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hegdcrxavrtk.cdnvideo3.com/api/spots/377391?v2=1&fill=0&kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25&s2=%25subid2%25
135.181.208.216200 OK 62 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/377391?v2=1&fill=0&kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25&s2=%25subid2%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash cb7c13262cdde5e2674a8048c3675a88
58d3b77a6036845716224a3cc91471ad8c19e082
1c787773727e8c7184f48a2bec10cafb340045f5361ae5cd03ba08866b9e97aa
GET /api/spots/377391?v2=1&fill=0&kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25&s2=%25subid2%25 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
access-control-expose-headers: X-Asg-Config, X-t
x-t: 0
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
lehebraverooper.xyz/dVF6cm1abhkBUBRjEiojRDUgJyo4EyMeVBAIOygHID0SHixHHFwGBBFsQkFcR2hPVB0cNUdDSwYlGwYYBmxLVAQbNxVPSwNsS1xeQX9JQ0NHdw9PXFMlChMKSGBcAhkBPUdDW0JkSUpVRWVMS11B
104.21.68.94204 No Content 0 B URL HTTP/2 lehebraverooper.xyz/dVF6cm1abhkBUBRjEiojRDUgJyo4EyMeVBAIOygHID0SHixHHFwGBBFsQkFcR2hPVB0cNUdDSwYlGwYYBmxLVAQbNxVPSwNsS1xeQX9JQ0NHdw9PXFMlChMKSGBcAhkBPUdDW0JkSUpVRWVMS11B
IP 104.21.68.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dVF6cm1abhkBUBRjEiojRDUgJyo4EyMeVBAIOygHID0SHixHHFwGBBFsQkFcR2hPVB0cNUdDSwYlGwYYBmxLVAQbNxVPSwNsS1xeQX9JQ0NHdw9PXFMlChMKSGBcAhkBPUdDW0JkSUpVRWVMS11B HTTP/1.1
Host: lehebraverooper.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 01:33:38 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SupwnlU6Bhj9Wn0oHzP92ayvZJtJLtkQoTn8wKzTIsCE1KqrzWXzGtisVDmPUD6wv3g0ELy%2FDngl80nnDFc6s9DLOv%2FW3qQzlHICf9lWnVvR1QDi3izG0CdsfsmtGbOyOP0DkE4s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79376b6b6931b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lehebraverooper.xyz/VU5WRG16cTU3UDYgPik7ZgAaFysXJQR0Ix4bZAYpBiUQIjdlB3AwBDFzb3FVYH5gYh08Kmt3X3M9IiUZID1rdUs8IDArUHM4a3RDbGBnal1zO2t1SyE+NyNQZGgmMBk5c2dyWmB9bnxdYXhvdlU
104.21.68.94204 No Content 675 B URL HTTP/2 lehebraverooper.xyz/VU5WRG16cTU3UDYgPik7ZgAaFysXJQR0Ix4bZAYpBiUQIjdlB3AwBDFzb3FVYH5gYh08Kmt3X3M9IiUZID1rdUs8IDArUHM4a3RDbGBnal1zO2t1SyE+NyNQZGgmMBk5c2dyWmB9bnxdYXhvdlU
IP 104.21.68.94:0
Hash abf4dc625fedbdc8d659bcd141af5331
9eb77af59b5b9df876bfc8d00f41bbdce65432a0
1c96592c04d1a6a243d686974c5512491b542213f3949558f9f59f7e2e614d38
GET /VU5WRG16cTU3UDYgPik7ZgAaFysXJQR0Ix4bZAYpBiUQIjdlB3AwBDFzb3FVYH5gYh08Kmt3X3M9IiUZID1rdUs8IDArUHM4a3RDbGBnal1zO2t1SyE+NyNQZGgmMBk5c2dyWmB9bnxdYXhvdlU HTTP/1.1
Host: lehebraverooper.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 01:33:38 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yag1AWCV%2F9YzzIDgX1v1MSdEsr4G9SJQXr8WYwpidSpmAi%2BR9vHtvwjjtcypmYsv0s%2FKU9HRDQsosLlVS17l8LkEOXbD%2FcrTbTc1t8jcKvtyJCVtGXKeXAiJVhi%2B3zwZ%2BxzOZiQS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79376b6b893db521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d1nubxdgom3wqt.cloudfront.net/dM0VBTGRQKi8qW0csJXFcAHRzdVEVLzIjCkN4CDkGcjwWBSh9Fy5qEEkhfHxCXyQvK1kVIC8vWQJjICgGDnFnOBRcLnwmDFE2LDsGUiYzahFSeCwjHlopLS1BAQN0YlQWd3FkE1orJSMTQGBzfApHYHN8VQNrcWlXcWBzfBNaK3d4QQAHZH5US3N1aVdxYH-N8FkVgcg1VA3BvfE0Wd3ErAVAuLmlWdXdxfVQDdHF9QQF1JyUWViMuNEEBA3B8UR11ZzlZAg
143.204.42.190200 OK 485 B URL HTTP/2 d1nubxdgom3wqt.cloudfront.net/dM0VBTGRQKi8qW0csJXFcAHRzdVEVLzIjCkN4CDkGcjwWBSh9Fy5qEEkhfHxCXyQvK1kVIC8vWQJjICgGDnFnOBRcLnwmDFE2LDsGUiYzahFSeCwjHlopLS1BAQN0YlQWd3FkE1orJSMTQGBzfApHYHN8VQNrcWlXcWBzfBNaK3d4QQAHZH5US3N1aVdxYH-N8FkVgcg1VA3BvfE0Wd3ErAVAuLmlWdXdxfVQDdHF9QQF1JyUWViMuNEEBA3B8UR11ZzlZAg
IP 143.204.42.190:0
File type ASCII text, with very long lines (655), with no line terminators
Hash e6887849327db672b04777c29a662a51
961334658b3a1a2b4dc129d2edd2632aa000ef7d
c14aac0c84888833933cff25de69917e12b9a58044014bbc3b79299a5c5d6389
GET /dM0VBTGRQKi8qW0csJXFcAHRzdVEVLzIjCkN4CDkGcjwWBSh9Fy5qEEkhfHxCXyQvK1kVIC8vWQJjICgGDnFnOBRcLnwmDFE2LDsGUiYzahFSeCwjHlopLS1BAQN0YlQWd3FkE1orJSMTQGBzfApHYHN8VQNrcWlXcWBzfBNaK3d4QQAHZH5US3N1aVdxYH-N8FkVgcg1VA3BvfE0Wd3ErAVAuLmlWdXdxfVQDdHF9QQF1JyUWViMuNEEBA3B8UR11ZzlZAg HTTP/1.1
Host: d1nubxdgom3wqt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatwasallo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 485
date: Fri, 03 Feb 2023 01:33:38 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GaUEzIlMCiJEelzeVSsL4RTMTHflRVjz49B5iiaKhfCrZHEz0C887A==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash c0e6bca24dafa9a16f64e59afdf8b0af
1bbf4c2e0d1ef3b6ec4ae3935ca192693ffd55b8
a38e1b43b839ac2a57d09189dffcc00e12ca3a0f3dea2064551018e8f5eb6e5a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1967
Cache-Control: max-age=145827
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:38 GMT
Etag: "63dbf366-116"
Expires: Sat, 04 Feb 2023 18:04:05 GMT
Last-Modified: Thu, 02 Feb 2023 17:31:18 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 278
d1nubxdgom3wqt.cloudfront.net/RUVpoZzQyNQYBCyUzDFoNZGJdVwJ3MBsIWiFnBR4NBD0JVGYVGV9BQCs+VVcSPTsGAAl3PwYECWB8CQNWbG5OE0Q+MVUSWjU/Dg5aND5OElVsNwcdXT02CUIGF29GVxFjakAQXT8+BxBHdGhYCUB0aFhWBH9qTVR2dGhYEF0/bFxCBxN/WldMZ25NVHZ0aF-gVQnRpKVYEZHRYThFjag8CVzo1TVVyY2pZVwRgallCBmE8ARVRNzUQQgYXa1hSGmF8HVoF
143.204.42.190200 OK 366 B URL HTTP/2 d1nubxdgom3wqt.cloudfront.net/RUVpoZzQyNQYBCyUzDFoNZGJdVwJ3MBsIWiFnBR4NBD0JVGYVGV9BQCs+VVcSPTsGAAl3PwYECWB8CQNWbG5OE0Q+MVUSWjU/Dg5aND5OElVsNwcdXT02CUIGF29GVxFjakAQXT8+BxBHdGhYCUB0aFhWBH9qTVR2dGhYEF0/bFxCBxN/WldMZ25NVHZ0aF-gVQnRpKVYEZHRYThFjag8CVzo1TVVyY2pZVwRgallCBmE8ARVRNzUQQgYXa1hSGmF8HVoF
IP 143.204.42.190:0
File type ASCII text, with very long lines (455), with no line terminators
Hash 27ce438ee99aedeb50893dfe15af04ef
8a2b07cd84ddedbd136b1c74051753b01b7e24a5
d55a9acabd81b3837bd623d97dc02e3b1edc4ec34afc572119c5117ffd2d00b8
GET /RUVpoZzQyNQYBCyUzDFoNZGJdVwJ3MBsIWiFnBR4NBD0JVGYVGV9BQCs+VVcSPTsGAAl3PwYECWB8CQNWbG5OE0Q+MVUSWjU/Dg5aND5OElVsNwcdXT02CUIGF29GVxFjakAQXT8+BxBHdGhYCUB0aFhWBH9qTVR2dGhYEF0/bFxCBxN/WldMZ25NVHZ0aF-gVQnRpKVYEZHRYThFjag8CVzo1TVVyY2pZVwRgallCBmE8ARVRNzUQQgYXa1hSGmF8HVoF HTTP/1.1
Host: d1nubxdgom3wqt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatwasallo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 366
date: Fri, 03 Feb 2023 01:33:38 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: H4VlRSFwnnBKIh_sSnJElGv97bqKIG8dp05fnl02j87YEje80-dcnQ==
X-Firefox-Spdy: h2
badgegirdle.com/63/d4/5b/63d45b685911cef3b8cc3d1d1550bf85.js
173.233.137.44200 OK 21 kB URL HTTP/1.1 badgegirdle.com/63/d4/5b/63d45b685911cef3b8cc3d1d1550bf85.js
IP 173.233.137.44:0
File type HTML document, ASCII text, with very long lines (60189), with no line terminators
Hash a61dc127378901028b7461c8d2238f25
d4cc8b3ea25d03aee868dbbde94a0b031834fb52
af059f1e4f98733ac00c33cb9aa5c69e77c1b02f7a4c99196d396267873650e3
Analyzer Verdict Alert quad9 Sinkholed
GET /63/d4/5b/63d45b685911cef3b8cc3d1d1550bf85.js HTTP/1.1
Host: badgegirdle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 01:33:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6843bb7b178cc1dd3cd4ce43755abeb2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
syndication.realsrv.com/splash.php?idzone=4646896
95.211.229.247200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4646896
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1526)
Hash 2d38a63104b3ce039f67cdab4a4e783d
0e1691800ae4beff845343704bb2808d44112eb0
3fa2e7c5019b3177fab7588b4317599cdd43994518dbce96de9d4e92b0e8fd2a
GET /splash.php?idzone=4646896 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 01:33:38 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc6472a3b420.954304731677681516%22%3B%7D; expires=Sun, 02 Feb 2025 01:33:38 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4646896%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cxxxfiles.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 04 Feb 2023 01:33:38 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://www.xxxfiles.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/10337140945576633095/1635934?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
135.181.208.216200 OK 3.5 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/10337140945576633095/1635934?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (6336)
Hash 69079b04409766e0b865ada61f7b5f3c
91652ab773ef6c872183c3029a76b2d4ebadd67d
6504da40bd74953376f66a6ee2938eb2c3543b77f12c001e6c3703cc33b8909a
GET /api/spots/10337140945576633095/1635934?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 1.2 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1522), with no line terminators
Hash a2ae52241c0fc7403fa5a5b3fb5c1140
0ae93897143e8a8ab9babe6ae15091952b21b911
77d13931209db659422b824f79180b9bfff0e2ad9f788712ba5472e0c9a723b1
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 01:33:38 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc647295a8c6.660638452886589561%22%3B%7D; expires=Sun, 02-Feb-2025 01:33:38 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 1.2 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1521), with no line terminators
Hash 5b268bffaefd7c83c8a861de299a35dc
7938a0cf2d0ebac9bafead2d4251c6198be3ce11
8f260e2aba3bf9265317f1e41f6cff691017fe00f5076f9ae66894e95c9645f2
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 01:33:38 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc64729c6648.022852351306098061%22%3B%7D; expires=Sun, 02-Feb-2025 01:33:38 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 852 B URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1119), with no line terminators
Hash eba053a052270c5df7c2c89d95ae35ba
3d2d904f88d74a5ecc4d6a8b61b8a5b01aa71f53
86e27809f61ae4b6b2df9b3efabaeb0ba391a37412f9106e46062241d2ac681e
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 01:33:38 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc64729ee914.775323201356844125%22%3B%7D; expires=Sun, 02-Feb-2025 01:33:38 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/10337140945576633095/1636027?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
135.181.208.216200 OK 2.0 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/10337140945576633095/1636027?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1528)
Hash ae98e250e882377abb5f959680f643b8
776b362764f5d3f04c93a4ffc007dcec5dcd776b
53d00fc85f04f45694c63a561b5cedf9148bfa0d8141dd6c38561c09df0a82a3
GET /api/spots/10337140945576633095/1636027?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash c0e6bca24dafa9a16f64e59afdf8b0af
1bbf4c2e0d1ef3b6ec4ae3935ca192693ffd55b8
a38e1b43b839ac2a57d09189dffcc00e12ca3a0f3dea2064551018e8f5eb6e5a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1967
Cache-Control: max-age=145827
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:38 GMT
Etag: "63dbf366-116"
Expires: Sat, 04 Feb 2023 18:04:05 GMT
Last-Modified: Thu, 02 Feb 2023 17:31:18 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 278
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 3f11c62617c2bee07a8ed3cf82151243
ba58aa99e6fda4e73216a5b6a382dfd4f1f5b33a
a0b39826bd54ed8244e2c90f71d51146feaba0b9100446256479344837c50228
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=132440
Date: Fri, 03 Feb 2023 01:33:38 GMT
Etag: "63dbbb1a-1d7"
Expires: Sat, 04 Feb 2023 14:20:58 GMT
Last-Modified: Thu, 02 Feb 2023 13:31:06 GMT
Server: ECS (bsa/EB15)
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TcQYGKP62j_Pc-EKtb1C9TCuC7YY-nL9AsYmLXIXh_KAAG1JMFicCQ==
Age: 2992
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 5b77faa2f37e0de70b0a0f6e580c9ca4
d9ff308f6df75e48ed185bb84ad3184062b46915
1b6caff9587e39b783b4b61e5ce7251c182ad959d806d622895380f47c826a01
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
set-cookie: uid_id2=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89:3:1; expires=Mon, 31 Jan 2033 01:33:38 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 75dacccecf5ef2fe6e09064286d28bef
5999b7f18231578d90e2e1721429438e887aa29d
baf792c4082fb0842e865b9301db1577d333aab0aabfd1587a9e76ca9c1bcad3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4179
Cache-Control: max-age=143715
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:38 GMT
Etag: "63dbe282-118"
Expires: Sat, 04 Feb 2023 17:28:53 GMT
Last-Modified: Thu, 02 Feb 2023 16:19:14 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1P0U7DMAz8FX5gke04cbJneAVpaB/Qpu1AaCsaaBrSfTxOkYiT+GTd5S5CEnckvh+E9jHuY0HlUCmoBE6K55cDlPG5Xi+nNbT1jGzZaoVENhMUqqUYNLJqLUjUj1guBca1GDtQQgR5SYqqHQUiVsnOKXg6HnB8ffRh5SpgCMHvbtyhOqZ7V9M45rkMpE1yHCjPtdHiTmYLDWrWiXibT1O73ofb9fsjtOlye5/mNW7BCcmFBCbKPUZgztz9tmx/teOt+SJsaPj6uTTgn6B5a2lTeVr1zzHQZn/V0iSLThy1tZwacRplarnFuf4CIMP+QGgBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1P0U7DMAz8FX5gke04cbJneAVpaB/Qpu1AaCsaaBrSfTxOkYiT+GTd5S5CEnckvh+E9jHuY0HlUCmoBE6K55cDlPG5Xi+nNbT1jGzZaoVENhMUqqUYNLJqLUjUj1guBca1GDtQQgR5SYqqHQUiVsnOKXg6HnB8ffRh5SpgCMHvbtyhOqZ7V9M45rkMpE1yHCjPtdHiTmYLDWrWiXibT1O73ofb9fsjtOlye5/mNW7BCcmFBCbKPUZgztz9tmx/teOt+SJsaPj6uTTgn6B5a2lTeVr1zzHQZn/V0iSLThy1tZwacRplarnFuf4CIMP+QGgBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1P0U7DMAz8FX5gke04cbJneAVpaB/Qpu1AaCsaaBrSfTxOkYiT+GTd5S5CEnckvh+E9jHuY0HlUCmoBE6K55cDlPG5Xi+nNbT1jGzZaoVENhMUqqUYNLJqLUjUj1guBca1GDtQQgR5SYqqHQUiVsnOKXg6HnB8ffRh5SpgCMHvbtyhOqZ7V9M45rkMpE1yHCjPtdHiTmYLDWrWiXibT1O73ofb9fsjtOlye5/mNW7BCcmFBCbKPUZgztz9tmx/teOt+SJsaPj6uTTgn6B5a2lTeVr1zzHQZn/V0iSLThy1tZwacRplarnFuf4CIMP+QGgBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263dc64729cc1f6.45943107225453033%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4646896%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cxxxfiles.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 01:33:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 02 Feb 2025 01:33:38 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01O0U7DMAz8FX5g0cV2GmfP8ArS0D6gS9uBEC0qaCqSPx6nSIhcLJ/ss30E4gPI/x3hyHxktRJDQRAKMYk9Pp1Mon0s63xdQl3eTUQlRSOOOZMpimo24Ri1qCV4eEMBy6qCTGoCY4ODEos0FgAqyRX2cD7Z+fneSyUWMt9rDGyU4LwdN4KJc2xtA7STCVPkviAL5YEoXWrkYcwdqkxNaC/jdajr1t/Wr7dQh/n2OowL7+bxi4Dkvtox/OEQ9+QPtrP+83uuZv8kDWkfckcizaJFrqmrAuqJlKhIyoUVdcrjiDRefgBqgBYaYgEAAA==
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01O0U7DMAz8FX5g0cV2GmfP8ArS0D6gS9uBEC0qaCqSPx6nSIhcLJ/ss30E4gPI/x3hyHxktRJDQRAKMYk9Pp1Mon0s63xdQl3eTUQlRSOOOZMpimo24Ri1qCV4eEMBy6qCTGoCY4ODEos0FgAqyRX2cD7Z+fneSyUWMt9rDGyU4LwdN4KJc2xtA7STCVPkviAL5YEoXWrkYcwdqkxNaC/jdajr1t/Wr7dQh/n2OowL7+bxi4Dkvtox/OEQ9+QPtrP+83uuZv8kDWkfckcizaJFrqmrAuqJlKhIyoUVdcrjiDRefgBqgBYaYgEAAA==
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01O0U7DMAz8FX5g0cV2GmfP8ArS0D6gS9uBEC0qaCqSPx6nSIhcLJ/ss30E4gPI/x3hyHxktRJDQRAKMYk9Pp1Mon0s63xdQl3eTUQlRSOOOZMpimo24Ri1qCV4eEMBy6qCTGoCY4ODEos0FgAqyRX2cD7Z+fneSyUWMt9rDGyU4LwdN4KJc2xtA7STCVPkviAL5YEoXWrkYcwdqkxNaC/jdajr1t/Wr7dQh/n2OowL7+bxi4Dkvtox/OEQ9+QPtrP+83uuZv8kDWkfckcizaJFrqmrAuqJlKhIyoUVdcrjiDRefgBqgBYaYgEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263dc64729cc1f6.45943107225453033%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4646896%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cxxxfiles.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 01:33:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 02 Feb 2025 01:33:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOprprturdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VylK47.3LHqH9znSuldK6V0rpXSuldK4Ps-&sourceId=4646896&p1=4581850&skipOffset=00:00:05
104.18.51.106302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOprprturdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VylK47.3LHqH9znSuldK6V0rpXSuldK4Ps-&sourceId=4646896&p1=4581850&skipOffset=00:00:05
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOprprturdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VylK47.3LHqH9znSuldK6V0rpXSuldK4Ps-&sourceId=4646896&p1=4581850&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 03 Feb 2023 01:33:39 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOprprturdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VylK47.3LHqH9znSuldK6V0rpXSuldK4Ps-&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4646896&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.30208; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCg3Rc4wrBy1LXpo94iWSY8pf4hgQ; SameSite=None; Secure; path=/; expires=Sat, 04-Feb-23 00:33:39 GMT; HttpOnly
server: cloudflare
cf-ray: 79376b6e9976b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01O7UoEMQx8FV/gyiRNv+63/lU4uQfotruniLuyynFCHt7sCmKnkCGZZIbB/gC2f8c4en/0WQu5AifsKIg+Pp1USD+Wdb4sri3vKpIlkLKnlFgzSs5JxRMVQAOyBhtk4ylnQeKsAvUKAwcvsjEHcEnBJPpwPun5+d56hQqrHVYP3DjA+OauDBXjuG0nxtZ7rm2KXEEx9VKDlGkkMVPqiJtQX8ZLb+utXtevN9f6fH3t4+L39PiFg63tZvjDgfZiD7qz+vk9N9V/kg1hX7JEIltErRGUWp1iCsMAmqqPTA0h0TT0QdoPKmOPAWMBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01O7UoEMQx8FV/gyiRNv+63/lU4uQfotruniLuyynFCHt7sCmKnkCGZZIbB/gC2f8c4en/0WQu5AifsKIg+Pp1USD+Wdb4sri3vKpIlkLKnlFgzSs5JxRMVQAOyBhtk4ylnQeKsAvUKAwcvsjEHcEnBJPpwPun5+d56hQqrHVYP3DjA+OauDBXjuG0nxtZ7rm2KXEEx9VKDlGkkMVPqiJtQX8ZLb+utXtevN9f6fH3t4+L39PiFg63tZvjDgfZiD7qz+vk9N9V/kg1hX7JEIltErRGUWp1iCsMAmqqPTA0h0TT0QdoPKmOPAWMBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01O7UoEMQx8FV/gyiRNv+63/lU4uQfotruniLuyynFCHt7sCmKnkCGZZIbB/gC2f8c4en/0WQu5AifsKIg+Pp1USD+Wdb4sri3vKpIlkLKnlFgzSs5JxRMVQAOyBhtk4ylnQeKsAvUKAwcvsjEHcEnBJPpwPun5+d56hQqrHVYP3DjA+OauDBXjuG0nxtZ7rm2KXEEx9VKDlGkkMVPqiJtQX8ZLb+utXtevN9f6fH3t4+L39PiFg63tZvjDgfZiD7qz+vk9N9V/kg1hX7JEIltErRGUWp1iCsMAmqqPTA0h0TT0QdoPKmOPAWMBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263dc64729cc1f6.45943107225453033%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4646896%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cxxxfiles.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 01:33:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 02 Feb 2025 01:33:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Q0UoDQQz8FX+gS5Ld3CZ91leFSj/g3N2rIr2TKqXCfLx7J4iZQIYww4QISdyR9L4T2se4jwbn4BSSBNaEx6cDEuNjucynJZTlDGVWS5DIOQuM3CwjRWYngZJBIyV2Qx5EzPoiESKoQzSmtLJAzF1geDgecHy+7xtnFzAEWezm1OkaDR6QOqfb5qdaq7NNqlVHKyLNlHWooiW25qsQr+1Uy+U2Xi9f76HU+fpW2xK30+kXgdTzlkV/2PE2ehE2Nn5+zwX4J1mhm4nBKa0DU6OWyzgNxGMT1fGlv6NVdq3mddIfkUG+zGABAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Q0UoDQQz8FX+gS5Ld3CZ91leFSj/g3N2rIr2TKqXCfLx7J4iZQIYww4QISdyR9L4T2se4jwbn4BSSBNaEx6cDEuNjucynJZTlDGVWS5DIOQuM3CwjRWYngZJBIyV2Qx5EzPoiESKoQzSmtLJAzF1geDgecHy+7xtnFzAEWezm1OkaDR6QOqfb5qdaq7NNqlVHKyLNlHWooiW25qsQr+1Uy+U2Xi9f76HU+fpW2xK30+kXgdTzlkV/2PE2ehE2Nn5+zwX4J1mhm4nBKa0DU6OWyzgNxGMT1fGlv6NVdq3mddIfkUG+zGABAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01Q0UoDQQz8FX+gS5Ld3CZ91leFSj/g3N2rIr2TKqXCfLx7J4iZQIYww4QISdyR9L4T2se4jwbn4BSSBNaEx6cDEuNjucynJZTlDGVWS5DIOQuM3CwjRWYngZJBIyV2Qx5EzPoiESKoQzSmtLJAzF1geDgecHy+7xtnFzAEWezm1OkaDR6QOqfb5qdaq7NNqlVHKyLNlHWooiW25qsQr+1Uy+U2Xi9f76HU+fpW2xK30+kXgdTzlkV/2PE2ehE2Nn5+zwX4J1mhm4nBKa0DU6OWyzgNxGMT1fGlv6NVdq3mddIfkUG+zGABAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263dc64729cc1f6.45943107225453033%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4646896%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cxxxfiles.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 01:33:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 02 Feb 2025 01:33:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01O7UrEMBB8FV/gwuxXm95v/atwcg+QJu0pYitVjhP24U0qgjuBTDYzs8tgOYDruWMcRY4SfaAwICgHMvXHp5Mr+ce6LZc15PXdVaMaOQv1PXvEEGPvKqQGdUN0qx8R8D5GRc/RFS6OCjZRbSwAArYq8Yfzyc/P97U30MBOTlUN3NhQH228M1wrx61lFJRR5tTlPKYiI2HKJjKYznOWpM0Ef5kuJW+3dN2+3kIuy/W1TKvs6+MXAWYtlP8aFQfar1rwnaXP7yW7/5M02G6qZt2nOSSxZdMcmWbkLCLjFDvSlNTGTn8AgLNNPGQBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01O7UrEMBB8FV/gwuxXm95v/atwcg+QJu0pYitVjhP24U0qgjuBTDYzs8tgOYDruWMcRY4SfaAwICgHMvXHp5Mr+ce6LZc15PXdVaMaOQv1PXvEEGPvKqQGdUN0qx8R8D5GRc/RFS6OCjZRbSwAArYq8Yfzyc/P97U30MBOTlUN3NhQH228M1wrx61lFJRR5tTlPKYiI2HKJjKYznOWpM0Ef5kuJW+3dN2+3kIuy/W1TKvs6+MXAWYtlP8aFQfar1rwnaXP7yW7/5M02G6qZt2nOSSxZdMcmWbkLCLjFDvSlNTGTn8AgLNNPGQBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01O7UrEMBB8FV/gwuxXm95v/atwcg+QJu0pYitVjhP24U0qgjuBTDYzs8tgOYDruWMcRY4SfaAwICgHMvXHp5Mr+ce6LZc15PXdVaMaOQv1PXvEEGPvKqQGdUN0qx8R8D5GRc/RFS6OCjZRbSwAArYq8Yfzyc/P97U30MBOTlUN3NhQH228M1wrx61lFJRR5tTlPKYiI2HKJjKYznOWpM0Ef5kuJW+3dN2+3kIuy/W1TKvs6+MXAWYtlP8aFQfar1rwnaXP7yW7/5M02G6qZt2nOSSxZdMcmWbkLCLjFDvSlNTGTn8AgLNNPGQBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263dc64729cc1f6.45943107225453033%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4646896%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cxxxfiles.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 01:33:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Sun, 02 Feb 2025 01:33:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
go.xlivrdr.com/smartpop/50b9925e88f6daf2eabd88c0fb66ee5504f4db44cc1c7d25b3959304ad843f5a?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304198&memberId=ooddNHdLHTPHNVS4ASOpommulndZXPPbbLa6V1k9qrpXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6eXbba6a3iqrarO3Wefe2qaqvaerWjfe50rut.dtSKzQQ3seuwEd7bhoj1D.5zpXSuldK6V0rpXSulcH2A-&p1=5304198&trackOff=1&kbLimit=1000
104.18.51.106302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/50b9925e88f6daf2eabd88c0fb66ee5504f4db44cc1c7d25b3959304ad843f5a?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304198&memberId=ooddNHdLHTPHNVS4ASOpommulndZXPPbbLa6V1k9qrpXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6eXbba6a3iqrarO3Wefe2qaqvaerWjfe50rut.dtSKzQQ3seuwEd7bhoj1D.5zpXSuldK6V0rpXSulcH2A-&p1=5304198&trackOff=1&kbLimit=1000
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/50b9925e88f6daf2eabd88c0fb66ee5504f4db44cc1c7d25b3959304ad843f5a?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304198&memberId=ooddNHdLHTPHNVS4ASOpommulndZXPPbbLa6V1k9qrpXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6eXbba6a3iqrarO3Wefe2qaqvaerWjfe50rut.dtSKzQQ3seuwEd7bhoj1D.5zpXSuldK6V0rpXSulcH2A-&p1=5304198&trackOff=1&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 03 Feb 2023 01:33:39 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=50b9925e88f6daf2eabd88c0fb66ee5504f4db44cc1c7d25b3959304ad843f5a&campaignType=smartpop&creativeId=37acc769fa476626fe6b90aec4a1f923bc4ff59b110ff874761e96a2a9218620&iterationId=380093&kbLimit=1000&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOpommulndZXPPbbLa6V1k9qrpXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6eXbba6a3iqrarO3Wefe2qaqvaerWjfe50rut.dtSKzQQ3seuwEd7bhoj1D.5zpXSuldK6V0rpXSulcH2A-&p1=5304198&quality=optimal&ruleId=17&smartpopId=7197&sourceId=5304198&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30009
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=67569691.30009; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatG1zEFtJUY5yqN; SameSite=None; Secure; path=/; expires=Sat, 04-Feb-23 00:33:39 GMT; HttpOnly
server: cloudflare
cf-ray: 79376b6ed9a4b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 75dacccecf5ef2fe6e09064286d28bef
5999b7f18231578d90e2e1721429438e887aa29d
baf792c4082fb0842e865b9301db1577d333aab0aabfd1587a9e76ca9c1bcad3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4180
Cache-Control: max-age=143715
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Etag: "63dbe282-118"
Expires: Sat, 04 Feb 2023 17:28:54 GMT
Last-Modified: Thu, 02 Feb 2023 16:19:14 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
hegdcrxavrtk.cdnvideo3.com/cZAjeQ7.js
135.181.208.216200 OK 53 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/cZAjeQ7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash a68a9ff08576887bccaa5a5d62fb94df
90ea4b10c20eefb8e32f2393af4b95fc1aae6682
d21c4d83b336ab3ebf3fb173c84b2c5fa46e4c3f4bf01f5f670dfeb0a08d9b91
GET /cZAjeQ7.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: application/javascript
last-modified: Thu, 02 Feb 2023 11:45:01 GMT
etag: W/"63dba23d-2a581"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0d795eafd076030e534112fa223d138a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: SrI2BRjABKWOdt7VqFs61W-EHPLn6wYJvjf4JPAUBOfirt5z5wnQ5g==
age: 193
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/448451/0823ddfbbed3b0112ae4193bff0044adfaef5759.gif
185.76.9.14200 OK 72 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/448451/0823ddfbbed3b0112ae4193bff0044adfaef5759.gif
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type GIF image data, version 89a, 300 x 250\012- data
Hash cf340b46c32f856a3d3682fa07bc7ad1
0823ddfbbed3b0112ae4193bff0044adfaef5759
1c2bacc7a287a9e6dee066c2bdb857cb42c2f1ea92130312c7e61e5db3950da3
GET /library/448451/0823ddfbbed3b0112ae4193bff0044adfaef5759.gif HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: image/gif
content-length: 71800
last-modified: Sat, 28 Jan 2023 20:21:35 GMT
etag: "63d583cf-11878"
expires: Sun, 28 Jan 2024 20:35:41 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1706474463
server: CDN77-Turbo
x-77-nzt: AblMCQ1az6z/FNwGAA
x-77-nzt-ray: c0a4cc2822faaed97364dc632d1cb703
x-cache: HIT
x-age: 449556
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=4248590
95.211.229.247200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4248590
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1570)
Hash 8cd0d5d56163e64938c6363e4680a5a7
d21c2bd6d023bf464597696acca9443143f2d2eb
125843411bc9014bb945ba3bfb581d00ae0e09b88e0017feb41a5d83f899f713
GET /splash.php?idzone=4248590 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263dc64729cc1f6.45943107225453033%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4646896%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cxxxfiles.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 01:33:39 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263dc64729cc1f6.45943107225453033%22%3B%7D; expires=Sun, 02 Feb 2025 01:33:39 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4248590%7C69865530%7C119488%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63dc64729cc1f6.45943107225453033%7C%7C0%7Cxxxfiles.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 04 Feb 2023 01:33:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://www.xxxfiles.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
inflectedminimalbits.com/cc/48/f4/cc48f4cc72bd1ab0cd76dca8048a896c.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 inflectedminimalbits.com/cc/48/f4/cc48f4cc72bd1ab0cd76dca8048a896c.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37137), with no line terminators
Hash d1555ee96f090a8ca2830ebd27cc0ce1
65c5a93cfd784b82d9c22f303a147d558eb41a1e
75fc2f7f341b6945dc5f021f10bd18e98a083db5e24cb2e3813dc83795ad3ca5
Analyzer Verdict Alert quad9 Sinkholed
GET /cc/48/f4/cc48f4cc72bd1ab0cd76dca8048a896c.js HTTP/1.1
Host: inflectedminimalbits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 01:33:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9bfd47a4a509814d309c6377848cd0f4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/9612890897030451095/997869?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
135.181.208.216200 OK 604 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/9612890897030451095/997869?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (305)
Hash 00b3380dd589f73a81c1838652e261c3
e5f7337b851dfa9823090705bbdffedaf6bb0ab1
d13aa292d7d9200eb9ed32f134be3fe69172a3bf24f68569933a76dbfe02829a
GET /api/spots/9612890897030451095/997869?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 6.1 kB IP 93.184.220.29:0
Hash 2deeeb172e8b53306f09d419c433c56d
41f4614cef83cf6cbbab134f77b52f02e95939d0
7dc95144945da5a89492ced0dbd4cb208799113760416727241fd2d707b54ff8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 780
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Last-Modified: Fri, 03 Feb 2023 01:20:39 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
inflectedminimalbits.com/pixel/purst?dl=0&th=0&sc=0&rs=5740&rd=5740&fd=1202&bv=22.10.v.9&tmpl=70
173.233.137.60200 OK 0 B URL HTTP/1.1 inflectedminimalbits.com/pixel/purst?dl=0&th=0&sc=0&rs=5740&rd=5740&fd=1202&bv=22.10.v.9&tmpl=70
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=5740&rd=5740&fd=1202&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: inflectedminimalbits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 01:33:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.99200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.99:0
Hash d761e1c07d308221dc376a1f736b2ed7
db08f84371e46e5129f491bfa85cc1364983ecad
2a8aa8c64b3eb1cf49095f697a652a5270ec1d7068d0d482af1b14c5d20ab140
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hegdcrxavrtk.cdnvideo3.com/api/spots/9612890897030451095/997745?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
135.181.208.216200 OK 3.1 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/9612890897030451095/997745?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 26ba03542a0348e4bb6a66c3383c135a
5a9f1408178f7d0329097b110467a995b4b46e55
aae4ab619a5365a0bff646b092e3706027ba472ccc633d6e617106ca0f491df7
GET /api/spots/9612890897030451095/997745?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 16382f274c17c25978a5f3e291ef984b
1856f18164fbd4e355bc334d7b356249a8dcdbe3
f3e69b4a9c485b22ad35edda40c653b5b40f4477354e6c4554eb8ba60511547e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3E69B4A9C485B22AD35EDDA40C653B5B40F4477354E6C4554EB8BA60511547E"
Last-Modified: Thu, 02 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15537
Expires: Fri, 03 Feb 2023 05:52:36 GMT
Date: Fri, 03 Feb 2023 01:33:39 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 66549050cb78bb4fd953ab9fb5cd453d
0f3d71bc10c76aa872f4ac05e1732f180cbc1809
d6f4c312d1beb5e0d43215c7c578c82e5ee6df8b92d5934cc02d9fe2a1ff842e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 780
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Last-Modified: Fri, 03 Feb 2023 01:20:39 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
go.xlirdr.com/easy?campaignId=56887531e20ffc8ec4b32f114752cd5e087f0e1a66a28e88fe82ad1f38a4c7c1&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&skipOffset=00:00:05&memberId=ff747ab0-eb00-4fdf-8602-1d7161686d29&contentType=video/mp4&no_bb=1
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/easy?campaignId=56887531e20ffc8ec4b32f114752cd5e087f0e1a66a28e88fe82ad1f38a4c7c1&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&skipOffset=00:00:05&memberId=ff747ab0-eb00-4fdf-8602-1d7161686d29&contentType=video/mp4&no_bb=1
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /easy?campaignId=56887531e20ffc8ec4b32f114752cd5e087f0e1a66a28e88fe82ad1f38a4c7c1&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&skipOffset=00:00:05&memberId=ff747ab0-eb00-4fdf-8602-1d7161686d29&contentType=video/mp4&no_bb=1 HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 03 Feb 2023 01:33:39 GMT
content-length: 0
location: https://go.xlirdr.com/api/models/vast?campaignId=56887531e20ffc8ec4b32f114752cd5e087f0e1a66a28e88fe82ad1f38a4c7c1&campaignType=easylink&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397726&masterSmartpopId=2683&memberId=ff747ab0-eb00-4fdf-8602-1d7161686d29&no_bb=1&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=5347&tag=-girls%2Findian&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=67247758.30208; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1XYMARUwdYFVsfpHKBeJhWWKBa; SameSite=None; Secure; path=/; expires=Sat, 04-Feb-23 00:33:39 GMT; HttpOnly
server: cloudflare
cf-ray: 79376b70ad9f1c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 87d54698146c2c72847a2189e8337a27
a08ed833fd5e97f7f64569b4e7eb5d217aad741e
aa815009cfdc2a4e1d6def732904b2104d3b885dc80756534d273a9804f61ebc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA815009CFDC2A4E1D6DEF732904B2104D3B885DC80756534D273A9804F61EBC"
Last-Modified: Wed, 01 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20009
Expires: Fri, 03 Feb 2023 07:07:08 GMT
Date: Fri, 03 Feb 2023 01:33:39 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9853cdf762d617058e15a6ebf8cf6007
bac2b32ed54e1efb9e4006b74704ae972bbf3a47
31d0fd314bad4bb07426823578583418b6f84de540c23afc0b9a280b531e1d78
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2938
Cache-Control: max-age=105399
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Etag: "63db51b0-118"
Expires: Sat, 04 Feb 2023 06:50:18 GMT
Last-Modified: Thu, 02 Feb 2023 06:01:20 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9853cdf762d617058e15a6ebf8cf6007
bac2b32ed54e1efb9e4006b74704ae972bbf3a47
31d0fd314bad4bb07426823578583418b6f84de540c23afc0b9a280b531e1d78
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2938
Cache-Control: max-age=105399
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Etag: "63db51b0-118"
Expires: Sat, 04 Feb 2023 06:50:18 GMT
Last-Modified: Thu, 02 Feb 2023 06:01:20 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
hegdcrxavrtk.cdnvideo3.com/api/spots/329585?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 33 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/329585?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 81861125e9db29f1cf247fa8779821ff
0d720da5dc02295841d9ee196af21d65db303deb
c200795304b0837cca2b8f12fec91f688f3b28de9c58e62bd9a13f1c51ca70b9
GET /api/spots/329585?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=2VtUm0F54OCUbXXOTHam; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9853cdf762d617058e15a6ebf8cf6007
bac2b32ed54e1efb9e4006b74704ae972bbf3a47
31d0fd314bad4bb07426823578583418b6f84de540c23afc0b9a280b531e1d78
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2997
Cache-Control: max-age=105458
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Etag: "63db51b0-118"
Expires: Sat, 04 Feb 2023 06:51:17 GMT
Last-Modified: Thu, 02 Feb 2023 06:01:20 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dde2c749c196c5c411a2ceed2cd1da07
5ac939841ebacdace7e97e900056fcacdce1ee51
a153214f1fe422c54f64ba0e259c63c010f97ae9dca05ab953fcac10a4706946
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "A153214F1FE422C54F64BA0E259C63C010F97AE9DCA05AB953FCAC10A4706946"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4306
Expires: Fri, 03 Feb 2023 02:45:25 GMT
Date: Fri, 03 Feb 2023 01:33:39 GMT
Connection: keep-alive
hegdcrxavrtk.cdnvideo3.com/api/spots/10337140945576633095/1636039?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
135.181.208.216200 OK 12 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/10337140945576633095/1636039?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 22847ce229428b454a2226790d3ed580
fddf8f663d08ea4c19e071b180bf1f7ea5e3a984
44f9ae67db1cd0e802dccbaa4c7b43b284398eb64705366015cc20bc22f40899
GET /api/spots/10337140945576633095/1636039?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675387921/98440820
104.18.63.124200 OK 34 kB URL HTTP/2 img.strpst.com/thumbs/1675387921/98440820
IP 104.18.63.124:0
Hash 07e9b43a6c28a106148c8b3cba74ad63
04802ea3b3982040aae5826f7147624c2958fbfe
1461e422bc4d952ed106226f664eb3d01517195526b1bbbee2e8585372a5c2dc
GET /thumbs/1675387921/98440820 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: image/jpeg
content-length: 32050
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=33383, status=webp_bigger
etag: "d561b436dd778df7a3c8c7d5b43eed2d"
last-modified: Fri, 03 Feb 2023 01:31:59 GMT
cf-cache-status: HIT
age: 66
expires: Fri, 03 Feb 2023 02:03:39 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b71b921b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675387921/86188148
104.18.63.124200 OK 58 kB URL HTTP/2 img.strpst.com/thumbs/1675387921/86188148
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash cfb7a57c770fcb43ff3cd16781188f8c
42befafbf02c4068c148e9602a4c2b7d84bb7222
139c095baa89668f15a10c9345c97147a1b1c9d8a1c9e9ce75d694c3f8e1f4a2
GET /thumbs/1675387921/86188148 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: image/jpeg
content-length: 57673
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=59486, status=webp_bigger
etag: "fcad4ff34411135bd878d886a8c36638"
last-modified: Fri, 03 Feb 2023 01:31:30 GMT
cf-cache-status: HIT
age: 66
expires: Fri, 03 Feb 2023 02:03:39 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b71d92ab529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.99200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.99:0
Hash d761e1c07d308221dc376a1f736b2ed7
db08f84371e46e5129f491bfa85cc1364983ecad
2a8aa8c64b3eb1cf49095f697a652a5270ec1d7068d0d482af1b14c5d20ab140
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img.strpst.com/thumbs/1675387921/7326913
104.18.63.124200 OK 40 kB URL HTTP/2 img.strpst.com/thumbs/1675387921/7326913
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 648x360, components 3\012- data
Hash ed83aabdfa15f2226148db479d4a7dab
a8707e131da83f6ece0de53a708174a91074bcf9
4658ef2c85db954e31ebdc07e9d8018e63cfa295c4e1285fee13f61877103d87
GET /thumbs/1675387921/7326913 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: image/jpeg
content-length: 40219
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=41848, status=webp_bigger
etag: "5fd356f665f36cd57d3fcf7e7a62c70a"
last-modified: Fri, 03 Feb 2023 01:32:12 GMT
cf-cache-status: HIT
age: 60
expires: Fri, 03 Feb 2023 02:03:39 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b71d92cb529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9853cdf762d617058e15a6ebf8cf6007
bac2b32ed54e1efb9e4006b74704ae972bbf3a47
31d0fd314bad4bb07426823578583418b6f84de540c23afc0b9a280b531e1d78
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2938
Cache-Control: max-age=105399
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Etag: "63db51b0-118"
Expires: Sat, 04 Feb 2023 06:50:18 GMT
Last-Modified: Thu, 02 Feb 2023 06:01:20 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
img.strpst.com/thumbs/1675387921/26554060
104.18.63.124200 OK 20 kB URL HTTP/2 img.strpst.com/thumbs/1675387921/26554060
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 2a3086ae3ca93aac1bf9fc0dbbb05e34
8bfda97e8df85e0a84be38cee7eec9c430b8ca63
84cb0278a699de74ff5cdcff8e2b717d6f43e17e3c8773a70a08402c464f60da
GET /thumbs/1675387921/26554060 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: image/jpeg
content-length: 20048
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=20974, status=webp_bigger
etag: "af043f162216508799b9faded2f02914"
last-modified: Fri, 03 Feb 2023 01:31:12 GMT
cf-cache-status: HIT
age: 61
expires: Fri, 03 Feb 2023 02:03:39 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b71c923b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.59.12200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 01:33:39 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 942ae0c2e10574d803619c3bc32242a3
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ede42358dbe8cf2e6b7e6a2653774d01
5dc8ca0b929f04fb15c7ff81d0a9decda023b7fb
8e841815d41c4ade06e328cb1ffb9be342640167ec6acb658f6b4b373e23a52a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6417
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Last-Modified: Thu, 02 Feb 2023 23:46:43 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 472 B IP 142.250.74.99:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 471 B IP 142.250.74.99:0
Hash 8d777e9406316814b36e3c580cccd4c8
7653df86c61ff7c801e35da9eeca3ecc70c7d7e8
2c4bb952aa3359712306a7c20b845627ee26689aacdb2560a61fc175e7c0c731
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOprprturdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VylK47.3LHqH9znSuldK6V0rpXSuldK4Ps-&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4646896&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
104.18.51.106200 OK 81 kB URL HTTP/2 go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOprprturdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VylK47.3LHqH9znSuldK6V0rpXSuldK4Ps-&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4646896&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
IP 104.18.51.106:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (2074), with no line terminators
Hash 774b45f8e22c4bca4eb771ada95d9191
e3508a52f57cb876c2f0efb1628a1277169794c2
672e20b13b5bbbe15772210753c774bbe446781f277c63772d04be8fc5860b3b
GET /api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOprprturdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VylK47.3LHqH9znSuldK6V0rpXSuldK4Ps-&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4646896&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Referer: https://www.xxxfiles.com/
Connection: keep-alive
Cookie: __cflb=02DiuDfsBaY2bRYJiCg3Rc4wrBy1LXpo94iWSY8pf4hgQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79376b6f09cbb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dde2c749c196c5c411a2ceed2cd1da07
5ac939841ebacdace7e97e900056fcacdce1ee51
a153214f1fe422c54f64ba0e259c63c010f97ae9dca05ab953fcac10a4706946
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "A153214F1FE422C54F64BA0E259C63C010F97AE9DCA05AB953FCAC10A4706946"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4306
Expires: Fri, 03 Feb 2023 02:45:25 GMT
Date: Fri, 03 Feb 2023 01:33:39 GMT
Connection: keep-alive
crprt.livejasmin.com/vast/v3?psid=ed_dpronvbdtno&utm_source=tr&ms_notrack=1&pstour=t1&psprogram=REVS&site=jsm&utm_medium=network&categoryName=girl&subaffid=7407&sub_source=pornpapa.com&utm_campaign=RON_Preroll_Contract
93.93.51.191200 OK 24 kB URL HTTP/2 crprt.livejasmin.com/vast/v3?psid=ed_dpronvbdtno&utm_source=tr&ms_notrack=1&pstour=t1&psprogram=REVS&site=jsm&utm_medium=network&categoryName=girl&subaffid=7407&sub_source=pornpapa.com&utm_campaign=RON_Preroll_Contract
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash 7c9791f2b6320653d7da25617a5a3fae
7169a4c3e3a439900a36046c59dbcbcd6dedcb18
63fbb8d995a7d0a35e38a880ab34699a4edf86930c42ea7015c45a2197175227
GET /vast/v3?psid=ed_dpronvbdtno&utm_source=tr&ms_notrack=1&pstour=t1&psprogram=REVS&site=jsm&utm_medium=network&categoryName=girl&subaffid=7407&sub_source=pornpapa.com&utm_campaign=RON_Preroll_Contract HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/xml; charset=utf-8
cache-control: no-cache
date: Fri, 03 Feb 2023 01:33:39 GMT
x-target-pstool: 401_1
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sun, 05-Mar-23 01:33:39 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2
hatwasallo.com/utx?cb=6VvtrilMNbpT&top=www.xxxfiles.com&tid=831295
54.230.111.62204 No Content 0 B URL HTTP/2 hatwasallo.com/utx?cb=6VvtrilMNbpT&top=www.xxxfiles.com&tid=831295
IP 54.230.111.62:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=6VvtrilMNbpT&top=www.xxxfiles.com&tid=831295 HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 01:33:39 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 03 Feb 2023 01:34:39 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SxZai50RV2kfpm2oPV-Sj5BkntEf7VArJIMIKBZKoii8ybGKVEdjkQ==
X-Firefox-Spdy: h2
hatwasallo.com/utx?cb=GfTdhS4JQUaf&top=www.xxxfiles.com&tid=958506
54.230.111.62204 No Content 0 B URL HTTP/2 hatwasallo.com/utx?cb=GfTdhS4JQUaf&top=www.xxxfiles.com&tid=958506
IP 54.230.111.62:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=GfTdhS4JQUaf&top=www.xxxfiles.com&tid=958506 HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 01:33:39 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 03 Feb 2023 01:34:39 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: imdVvAjfLz15ZUlO6wKQcVXNYmJr-j3x84vDY_RBXJB61h4xbaq2oQ==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.173302 Found 391 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.173:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash ecc9e4b6fa4ec07c2c6d1dd3a2b43a38
35f89cb5e6e7218f46497dabb6a20f78bd9ccfe8
72ebee2f72952a735bce799e5413001858488421c6f94b328c2a32030ec4dfcc
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 01:33:39 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-503193225%3A1675388019702809&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdXGY1mM1XDbR6JoG8-lNAMvFvtuPPRKqW27otKfyhczq1_0RWjfENveoPTOmEoGvHSbIf9Yg
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-3uZ4JlKuDvpxdaBwnVNrBw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:dMlS8_EPGRRMEFSTo3v8Dw4_fd8ypQ:VjlHt2KLyR6DvfNv;Path=/;Expires=Sun, 02-Feb-2025 01:33:39 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&_v=j99&a=207908650&t=event&_s=2&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F227642%2Faf993d72d39971480a1f0d85bcc06647%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Sara%20back%20for%20some%20black%20cock%20%2F%20Bangbros%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=12320&ea=pageview&el=xxxfiles&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=1772005082.1675388048&tid=UA-154720556-1&_gid=1461753580.1675388048&z=1410537061
142.250.74.46200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&_v=j99&a=207908650&t=event&_s=2&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F227642%2Faf993d72d39971480a1f0d85bcc06647%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Sara%20back%20for%20some%20black%20cock%20%2F%20Bangbros%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=12320&ea=pageview&el=xxxfiles&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=1772005082.1675388048&tid=UA-154720556-1&_gid=1461753580.1675388048&z=1410537061
IP 142.250.74.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j99&a=207908650&t=event&_s=2&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F227642%2Faf993d72d39971480a1f0d85bcc06647%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Sara%20back%20for%20some%20black%20cock%20%2F%20Bangbros%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=12320&ea=pageview&el=xxxfiles&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=1772005082.1675388048&tid=UA-154720556-1&_gid=1461753580.1675388048&z=1410537061 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 02 Feb 2023 02:06:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 84406
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b1a7b37ab41ab2c241ca4b4a3bb3319a
daf83e4a20f0849dc16777ed18d21806f978c555
4b423ec7676253213ed3bab15af479edcfa43ee8bd23da39b5ee34589020e033
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4B423EC7676253213ED3BAB15AF479EDCFA43EE8BD23DA39B5EE34589020E033"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8302
Expires: Fri, 03 Feb 2023 03:52:01 GMT
Date: Fri, 03 Feb 2023 01:33:39 GMT
Connection: keep-alive
www.google-analytics.com/j/collect?v=1&_v=j99&a=207908650&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F227642%2Faf993d72d39971480a1f0d85bcc06647%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Sara%20back%20for%20some%20black%20cock%20%2F%20Bangbros%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1819913233&gjid=1124584361&cid=1772005082.1675388048&tid=UA-154720556-1&_gid=1461753580.1675388048&_r=1&_slc=1&z=1642232618
142.250.74.46200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=207908650&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F227642%2Faf993d72d39971480a1f0d85bcc06647%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Sara%20back%20for%20some%20black%20cock%20%2F%20Bangbros%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1819913233&gjid=1124584361&cid=1772005082.1675388048&tid=UA-154720556-1&_gid=1461753580.1675388048&_r=1&_slc=1&z=1642232618
IP 142.250.74.46:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=207908650&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F227642%2Faf993d72d39971480a1f0d85bcc06647%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Sara%20back%20for%20some%20black%20cock%20%2F%20Bangbros%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1819913233&gjid=1124584361&cid=1772005082.1675388048&tid=UA-154720556-1&_gid=1461753580.1675388048&_r=1&_slc=1&z=1642232618 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.xxxfiles.com
date: Fri, 03 Feb 2023 01:33:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 472 B IP 142.250.74.99:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b1a7b37ab41ab2c241ca4b4a3bb3319a
daf83e4a20f0849dc16777ed18d21806f978c555
4b423ec7676253213ed3bab15af479edcfa43ee8bd23da39b5ee34589020e033
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4B423EC7676253213ED3BAB15AF479EDCFA43EE8BD23DA39B5EE34589020E033"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8302
Expires: Fri, 03 Feb 2023 03:52:01 GMT
Date: Fri, 03 Feb 2023 01:33:39 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 475 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash baea75a2190dac4ac99486e785b3b450
02f7ab9b0cf14138ab9b10ea2c6e10ffbc44fbb4
091e925da742515e641eb91759cc1d06a57a8adfd70b3cf7805d65306385bdc2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4B423EC7676253213ED3BAB15AF479EDCFA43EE8BD23DA39B5EE34589020E033"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8302
Expires: Fri, 03 Feb 2023 03:52:01 GMT
Date: Fri, 03 Feb 2023 01:33:39 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.173302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.173:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 03e095a53ece7e76f75f717ae475e96f
389774f11014f36fa212174e7bb80508affa9a4a
591fd4358a3f3eefdec63e40c93a4fb22480237cc4461a0c274aef95757f5d35
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 01:33:39 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S990687060%3A1675388019745936&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfJTSV5aEtk_zEb4_5bUPmamDFhP1My3mj0uxnArHZGtMoT9ugZYWpDSo2WYLdUFgS1mBL3Yg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-pKi5ljusYWsoFnP8v9hhrg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:it_VuiIREiYgdRbXk8Wf8oi-gyJAfA:El92GsF1Xh9eK_O5;Path=/;Expires=Sun, 02-Feb-2025 01:33:39 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 472 B IP 142.250.74.99:0
Hash 0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hatwasallo.com/floater?cs=c1loY05KaV5QekJrXVR%2BS2BRU38&abt=0&red=1&sm=83&k=sara%20back%20some%20black%20cock%20bangbros&v=0.9.1.0&sts=0&prn=0&emb=0&tid=958506&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F227642%2Faf993d72d39971480a1f0d85bcc06647%2F%3Fsid%3D12320&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_cF61=1675388047835&crc=1
54.230.111.62200 OK 2.6 kB URL HTTP/2 hatwasallo.com/floater?cs=c1loY05KaV5QekJrXVR%2BS2BRU38&abt=0&red=1&sm=83&k=sara%20back%20some%20black%20cock%20bangbros&v=0.9.1.0&sts=0&prn=0&emb=0&tid=958506&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F227642%2Faf993d72d39971480a1f0d85bcc06647%2F%3Fsid%3D12320&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_cF61=1675388047835&crc=1
IP 54.230.111.62:0
File type ASCII text, with very long lines (4111), with no line terminators
Hash 5971946e9bea81b7d56cf4f3762260c7
97c9e4329f8d4f0c35a2d3dff99ffdf23cad6b9c
012953066221ccaf1644b7363334b071374fa42f8b33d68b8310cef374c05e5b
GET /floater?cs=c1loY05KaV5QekJrXVR%2BS2BRU38&abt=0&red=1&sm=83&k=sara%20back%20some%20black%20cock%20bangbros&v=0.9.1.0&sts=0&prn=0&emb=0&tid=958506&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F227642%2Faf993d72d39971480a1f0d85bcc06647%2F%3Fsid%3D12320&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_cF61=1675388047835&crc=1 HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2566
date: Fri, 03 Feb 2023 01:33:39 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=40c8c515-0659-4e4f-8df9-6775500b1694
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UwPWezv9_PCV7VnFIvgAaK6oINIAbJw7TPWdb3MKgPdJL98VznbA_Q==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ede42358dbe8cf2e6b7e6a2653774d01
5dc8ca0b929f04fb15c7ff81d0a9decda023b7fb
8e841815d41c4ade06e328cb1ffb9be342640167ec6acb658f6b4b373e23a52a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6417
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:39 GMT
Last-Modified: Thu, 02 Feb 2023 23:46:43 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
pogothere.xyz/asd100.bin
172.64.132.29200 OK 103 kB IP 172.64.132.29:0
Size 103 kB (102746 bytes)
Hash 1a00793c8b2b48014aa7e38e5210f26b
530ee17692c194056eb9e588999203b15217bc90
72302161fcce77692dc20519f582a71389ed66c75d4f732572130e24d06b6475
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 280
last-modified: Fri, 03 Feb 2023 01:28:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xwoizYii1s1Egp9Ng7ffG3GmseruqGtUi3iocpjC49dX4GJfV9aIxtL91U4IprjlLlE5tFgEDZcUUYHqxRDrdXlOENBIfnhOPVfts%2Fqlmql7DzaPdckcBvGF5AQrdooZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b737eebbc9a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fee867d660e7db4f404f9d19666d1a06
db98da7eacd4966c62c7f688e10921fc71579bce
6d54bae814fa49d7b9f10b42371f23af095338193032f711af9eef02dd814534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D54BAE814FA49D7B9F10B42371F23AF095338193032F711AF9EEF02DD814534"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17426
Expires: Fri, 03 Feb 2023 06:24:06 GMT
Date: Fri, 03 Feb 2023 01:33:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fee867d660e7db4f404f9d19666d1a06
db98da7eacd4966c62c7f688e10921fc71579bce
6d54bae814fa49d7b9f10b42371f23af095338193032f711af9eef02dd814534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D54BAE814FA49D7B9F10B42371F23AF095338193032F711AF9EEF02DD814534"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17426
Expires: Fri, 03 Feb 2023 06:24:06 GMT
Date: Fri, 03 Feb 2023 01:33:40 GMT
Connection: keep-alive
go.xlirdr.com/api/models/vast?campaignId=56887531e20ffc8ec4b32f114752cd5e087f0e1a66a28e88fe82ad1f38a4c7c1&campaignType=easylink&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397726&masterSmartpopId=2683&memberId=ff747ab0-eb00-4fdf-8602-1d7161686d29&no_bb=1&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=5347&tag=-girls%2Findian&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1
104.18.59.150200 OK 1.3 kB URL HTTP/2 go.xlirdr.com/api/models/vast?campaignId=56887531e20ffc8ec4b32f114752cd5e087f0e1a66a28e88fe82ad1f38a4c7c1&campaignType=easylink&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397726&masterSmartpopId=2683&memberId=ff747ab0-eb00-4fdf-8602-1d7161686d29&no_bb=1&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=5347&tag=-girls%2Findian&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1
IP 104.18.59.150:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1871), with no line terminators
Hash 6b82a73bfe4395b2924e2fe9849c1ec7
9fd2ba900cb1279435c9a3c713215a7a590ff05d
c91df55bb7c4bf747d11aa4a4da8bbca1017e441b27e78014f9fc058a326535c
GET /api/models/vast?campaignId=56887531e20ffc8ec4b32f114752cd5e087f0e1a66a28e88fe82ad1f38a4c7c1&campaignType=easylink&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397726&masterSmartpopId=2683&memberId=ff747ab0-eb00-4fdf-8602-1d7161686d29&no_bb=1&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=5347&tag=-girls%2Findian&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1 HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Referer: https://www.xxxfiles.com/
Connection: keep-alive
Cookie: __cflb=0H28uukSkGJRy5UBr1XYMARUwdYFVsfpHKBeJhWWKBa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79376b713dbb1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=63d45b685911cef3b8cc3d1d1550bf85&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=1
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=63d45b685911cef3b8cc3d1d1550bf85&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=63d45b685911cef3b8cc3d1d1550bf85&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=1 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 01:33:40 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9bc6401f119566a8e00f1ccb89007635
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cc48f4cc72bd1ab0cd76dca8048a896c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=1
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cc48f4cc72bd1ab0cd76dca8048a896c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cc48f4cc72bd1ab0cd76dca8048a896c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=1 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 01:33:40 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 47ac075d4e13409dec776af9eae26a4d
Strict-Transport-Security: max-age=0; includeSubdomains
pogothere.xyz/
172.64.132.29200 OK 1.5 kB IP 172.64.132.29:0
File type ASCII text, with no line terminators
Hash 9155b0a8fd63b23dc0a57e3ab477ab30
f0d2056728a812f2211e867dcf0be56d47c756bb
4ded3d074fbfc51fc5c6260be3dc5014d30bf48f31848cc3e3900b75f853720c
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: text/plain
set-cookie: csu=554596287283792@1@1675388019; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LtoKorpKEKib9tnTDEfMosYT39UJYUmrMDbY8%2FF0Tgg8WoJZJnJZsbsG12GIa%2BrE9HI28xlNw3m2f5SPwLK%2BRK4g3fEJ81qYVCNpK0YZ0QGBMI0uKhk1vURSPfvXb0uk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79376b746f2ebc9a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
peevishchasingstir.com/sbar.json?key=cc48f4cc72bd1ab0cd76dca8048a896c&uuid=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89%3A3%3A1
173.233.137.44200 OK 4.4 kB URL HTTP/1.1 peevishchasingstir.com/sbar.json?key=cc48f4cc72bd1ab0cd76dca8048a896c&uuid=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89%3A3%3A1
IP 173.233.137.44:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6093), with no line terminators
Hash 5ab690ebfcf58aab70984f2df2513275
02c6706ec4d1d6892fb7c93b4a6150d02cc40d8f
2762488d9d673f0355e7fd11134b377bdae8668bbf96122f8322f8915950b828
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=cc48f4cc72bd1ab0cd76dca8048a896c&uuid=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89%3A3%3A1 HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 01:33:40 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.xxxfiles.com
Access-Control-Allow-Origin: https://www.xxxfiles.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17371676; expires=Sat, 04 Feb 2023 01:33:40 GMT; secure; SameSite=None
uid_id2=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89:3:1; expires=Fri, 10 Feb 2023 01:33:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 04 Feb 2023 01:33:40 GMT; secure; SameSite=None
uncs=1; expires=Sat, 04 Feb 2023 01:33:40 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 04 Feb 2023 01:33:40 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 04 Feb 2023 01:33:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9be3c8a22836a382ca75b0dc28be23c6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
peevishchasingstir.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWskVRR9NR8LdTMGN4JiIy5GMJ2q%2FkhXzyCDcYwEYybMjGTj5n1V55nX9Yr3qro6ASE4IFmI07pyWTmdTFCDOD9AkIobCS7SLiSg%2BQFuRdfSnYbWu3j3nnfu4txz76f72QXxkdHz9ffNjtKaLjSrfuXmhoqFyV1l7WEl8Kv%2B7cqGihcbtyv98WN7twK%2FWfVfr7wr%2BZZZqPmB7wd%2BUFlWVkamvzBhoZLjdlBt%2B9VGrRo0G%2Bjb%2F2OXeXDUg%2BhdkDkoMbq%2B%2BfNTKF4i7n5%2FV7qt1CRvvNPNNE2NRU8cfRBvxSaP0Z2VkfUQxUfTbhg3IuSrKzDx0XQCmN7BeAIwNSLebwFYfDSVCdY7vFTKNGQMJp5D3ishdQlFS3DzCEqcEYALrN1D3H2yZmxOty9ZOmZH5No%2Ff0HlI3LtjxcQd79b0qpfeWB0lioTO%2FSjAqpfQnVKJNkJ0h0PKj8BTz%2BBEgRxt4AS56%2BFXEoe1aN5SmVzvhHJ2jxbFGI%2BbNV5yIMgEGF7Yo1SJVRUQssBqLuKzHnIlIcs8pAlHrrivEKb7cj3WxGL6vWwwTmv1zlvhouiKeqNMPKR8bH2AdJkAK4H4HYXid3FlvryrDl3troCm%2F0It1nACQ8uJeiJArkkyB1BTglyRZCnBHmvOBTa1VzxRGiXsWCaa9NcL4Ym7ezTQ5N2ZEz2kwvy%2FNg275m5l7AlzyucN8KowXmrxkRAmc9Fa1FwGvqNkIbtRQ6nCih3BdR52FEjcv3Pj5GoEblCfwGjJ3D6BFzdAM1eBs2HrZoPujlshD524uN%2Bvx8pLV2Vmy6EKZCk15Bue%2Fv6grw4Wd%2BtN29A8tM7o8cf3vy7fAxuCyS2wEfqJ4KO3hveNzk5uG9yR57eS1LVVTt0vNoHKU3l1W%2Fek9u5sWLlrht8%2FRYfE%2BPy%2BKF06SqNhYo7jny7pISQdtlYLskPK25DsvXMbS5lNs6S1fW3l1e6iZXOKROXoOrMfQauRuTZvc8nR%2FvKqxbKlrBZgW52SqYBZUrwZBcumal3hsDqWQ9LPORZMbQ1NvvUikDLGaasgPsPZrN63%2B2hYz3Q9NHkVHu2QE8XoHoAl10dpok9vfNrfRJg2hsybb0Dpq3%2B4tJap84rshn5kfRrkkVtFrWoL9pRo81oO5At1qQBUjfiv4v0XwAAAP%2F%2FAQAA%2F%2F8iPgJZjAQAAA%3D%3D
173.233.137.44200 OK 7 B URL HTTP/1.1 peevishchasingstir.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWskVRR9NR8LdTMGN4JiIy5GMJ2q%2FkhXzyCDcYwEYybMjGTj5n1V55nX9Yr3qro6ASE4IFmI07pyWTmdTFCDOD9AkIobCS7SLiSg%2BQFuRdfSnYbWu3j3nnfu4txz76f72QXxkdHz9ffNjtKaLjSrfuXmhoqFyV1l7WEl8Kv%2B7cqGihcbtyv98WN7twK%2FWfVfr7wr%2BZZZqPmB7wd%2BUFlWVkamvzBhoZLjdlBt%2B9VGrRo0G%2Bjb%2F2OXeXDUg%2BhdkDkoMbq%2B%2BfNTKF4i7n5%2FV7qt1CRvvNPNNE2NRU8cfRBvxSaP0Z2VkfUQxUfTbhg3IuSrKzDx0XQCmN7BeAIwNSLebwFYfDSVCdY7vFTKNGQMJp5D3ishdQlFS3DzCEqcEYALrN1D3H2yZmxOty9ZOmZH5No%2Ff0HlI3LtjxcQd79b0qpfeWB0lioTO%2FSjAqpfQnVKJNkJ0h0PKj8BTz%2BBEgRxt4AS56%2BFXEoe1aN5SmVzvhHJ2jxbFGI%2BbNV5yIMgEGF7Yo1SJVRUQssBqLuKzHnIlIcs8pAlHrrivEKb7cj3WxGL6vWwwTmv1zlvhouiKeqNMPKR8bH2AdJkAK4H4HYXid3FlvryrDl3troCm%2F0It1nACQ8uJeiJArkkyB1BTglyRZCnBHmvOBTa1VzxRGiXsWCaa9NcL4Ym7ezTQ5N2ZEz2kwvy%2FNg275m5l7AlzyucN8KowXmrxkRAmc9Fa1FwGvqNkIbtRQ6nCih3BdR52FEjcv3Pj5GoEblCfwGjJ3D6BFzdAM1eBs2HrZoPujlshD524uN%2Bvx8pLV2Vmy6EKZCk15Bue%2Fv6grw4Wd%2BtN29A8tM7o8cf3vy7fAxuCyS2wEfqJ4KO3hveNzk5uG9yR57eS1LVVTt0vNoHKU3l1W%2Fek9u5sWLlrht8%2FRYfE%2BPy%2BKF06SqNhYo7jny7pISQdtlYLskPK25DsvXMbS5lNs6S1fW3l1e6iZXOKROXoOrMfQauRuTZvc8nR%2FvKqxbKlrBZgW52SqYBZUrwZBcumal3hsDqWQ9LPORZMbQ1NvvUikDLGaasgPsPZrN63%2B2hYz3Q9NHkVHu2QE8XoHoAl10dpok9vfNrfRJg2hsybb0Dpq3%2B4tJap84rshn5kfRrkkVtFrWoL9pRo81oO5At1qQBUjfiv4v0XwAAAP%2F%2FAQAA%2F%2F8iPgJZjAQAAA%3D%3D
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWskVRR9NR8LdTMGN4JiIy5GMJ2q%2FkhXzyCDcYwEYybMjGTj5n1V55nX9Yr3qro6ASE4IFmI07pyWTmdTFCDOD9AkIobCS7SLiSg%2BQFuRdfSnYbWu3j3nnfu4txz76f72QXxkdHz9ffNjtKaLjSrfuXmhoqFyV1l7WEl8Kv%2B7cqGihcbtyv98WN7twK%2FWfVfr7wr%2BZZZqPmB7wd%2BUFlWVkamvzBhoZLjdlBt%2B9VGrRo0G%2Bjb%2F2OXeXDUg%2BhdkDkoMbq%2B%2BfNTKF4i7n5%2FV7qt1CRvvNPNNE2NRU8cfRBvxSaP0Z2VkfUQxUfTbhg3IuSrKzDx0XQCmN7BeAIwNSLebwFYfDSVCdY7vFTKNGQMJp5D3ishdQlFS3DzCEqcEYALrN1D3H2yZmxOty9ZOmZH5No%2Ff0HlI3LtjxcQd79b0qpfeWB0lioTO%2FSjAqpfQnVKJNkJ0h0PKj8BTz%2BBEgRxt4AS56%2BFXEoe1aN5SmVzvhHJ2jxbFGI%2BbNV5yIMgEGF7Yo1SJVRUQssBqLuKzHnIlIcs8pAlHrrivEKb7cj3WxGL6vWwwTmv1zlvhouiKeqNMPKR8bH2AdJkAK4H4HYXid3FlvryrDl3troCm%2F0It1nACQ8uJeiJArkkyB1BTglyRZCnBHmvOBTa1VzxRGiXsWCaa9NcL4Ym7ezTQ5N2ZEz2kwvy%2FNg275m5l7AlzyucN8KowXmrxkRAmc9Fa1FwGvqNkIbtRQ6nCih3BdR52FEjcv3Pj5GoEblCfwGjJ3D6BFzdAM1eBs2HrZoPujlshD524uN%2Bvx8pLV2Vmy6EKZCk15Bue%2Fv6grw4Wd%2BtN29A8tM7o8cf3vy7fAxuCyS2wEfqJ4KO3hveNzk5uG9yR57eS1LVVTt0vNoHKU3l1W%2Fek9u5sWLlrht8%2FRYfE%2BPy%2BKF06SqNhYo7jny7pISQdtlYLskPK25DsvXMbS5lNs6S1fW3l1e6iZXOKROXoOrMfQauRuTZvc8nR%2FvKqxbKlrBZgW52SqYBZUrwZBcumal3hsDqWQ9LPORZMbQ1NvvUikDLGaasgPsPZrN63%2B2hYz3Q9NHkVHu2QE8XoHoAl10dpok9vfNrfRJg2hsybb0Dpq3%2B4tJap84rshn5kfRrkkVtFrWoL9pRo81oO5At1qQBUjfiv4v0XwAAAP%2F%2FAQAA%2F%2F8iPgJZjAQAAA%3D%3D HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: u_pl=17371676; uid_id2=8ceecf3f-aae5-4fe2-b6dd-873c8c111d89:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 01:33:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 644b607eed73c6b78fc8d533161f8ce2
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 457864e11fc4c5c845ee893653bddcda
25dc67a41ed3eb3d4f33f6156c1f04d8a4d83979
239a36e625b16c94c1dbfbb2bad8c3c6bef71318db65cfa639bdcc00c391858d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "239A36E625B16C94C1DBFBB2BAD8C3C6BEF71318DB65CFA639BDCC00C391858D"
Last-Modified: Thu, 02 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2186
Expires: Fri, 03 Feb 2023 02:10:06 GMT
Date: Fri, 03 Feb 2023 01:33:40 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de6325424b40307b4855f6daf3a7e7f1
d14d016a2c49881108a3b5cbaa31fecc36a1be51
8ab91d0545f3a631d6c98dad704c8b3baeec8a3b39cd19efb6af9d426184a8b4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8AB91D0545F3A631D6C98DAD704C8B3BAEEC8A3B39CD19EFB6AF9D426184A8B4"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1791
Expires: Fri, 03 Feb 2023 02:03:32 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d62d6b1aa5d380b6cdbfae5d3dca5421
f715b643ffd374ace9695098eb3ed3a70de0fde1
04f32494a66d0cd2ed4b1a8078b86edcfca40190fedcf0334d9cd62ca2ca6d19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04F32494A66D0CD2ED4B1A8078B86EDCFCA40190FEDCF0334D9CD62CA2CA6D19"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6409
Expires: Fri, 03 Feb 2023 03:20:30 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
crjpgate.com/pu/?psid=ed_trronintdtno&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=postrttr&utm_medium=network&subaffid=10565_xxxfiles.com
93.93.51.223200 OK 856 B URL HTTP/2 crjpgate.com/pu/?psid=ed_trronintdtno&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=postrttr&utm_medium=network&subaffid=10565_xxxfiles.com
IP 93.93.51.223:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d48333ad2bbf1422ce26a90e6bdb61bb
b0506cc13606237d61fb2dbb562fd8146f11a8af
eac91633090ec1b4fff1d52165376d4635fc39a1acb25dee4aa1d0ff28639602
GET /pu/?psid=ed_trronintdtno&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=postrttr&utm_medium=network&subaffid=10565_xxxfiles.com HTTP/1.1
Host: crjpgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdsrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-target-pstool: 400_31
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sun, 05-Mar-23 01:33:40 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
k31u6.xyz/images/campaigns/creativity-2308521-16693108308667.png
172.67.211.70200 OK 25 kB URL HTTP/2 k31u6.xyz/images/campaigns/creativity-2308521-16693108308667.png
IP 172.67.211.70:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash c168c6b74312da308388c450def122b4
99a9c781305e19ad2134e843d25a4730c5485737
0f3dddc67a27688b19dc772302fd59dfaed3f16312d3ea6e7e0d31d515a56297
GET /images/campaigns/creativity-2308521-16693108308667.png HTTP/1.1
Host: k31u6.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: image/png
content-length: 24894
cdn-pullzone: 283898
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "637fa96f-613e"
last-modified: Thu, 24 Nov 2022 17:27:11 GMT
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/24/2022 17:34:52
cdn-edgestorageid: 860
cdn-status: 200
cdn-requestid: e149757b8c77ac005f22586586a3c7e3
cdn-cache: HIT
cf-cache-status: HIT
age: 5981950
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qa3HxEG8TuWC2%2BlLDEeFSGiEmCEdgDoK3cvJS%2FWm8XjgjXwjIZdQR9sYRyjXSkvsBGcFWm71mgYuYVrRnI7kZqoWHARO8Op2p7aE1Hk2JRqsyu6rtHFwVNj%2B4Ow%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b7bb9e50b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3680f204fbf5e3d66a2ffd123291a7b1
0cd547397c76c0afbcfef6d21ab2b9d96642526d
155ae6ea4c22072cd48c910a0e31ab0211d71b12e418cc6d3972a6a3cf4c428b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4445
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 01:33:41 GMT
Last-Modified: Fri, 03 Feb 2023 00:19:36 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e1326b1d0b68cc5f9b8efc40c36f9231
d3578c1a32fbc184b8169373299d315ca68b2f12
25c07b57c23f9ecc3499e3f95c6f44c74a532a1ac521562c689d665a29fc9614
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "25C07B57C23F9ECC3499E3F95C6F44C74A532A1AC521562C689D665A29FC9614"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4724
Expires: Fri, 03 Feb 2023 02:52:25 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e1326b1d0b68cc5f9b8efc40c36f9231
d3578c1a32fbc184b8169373299d315ca68b2f12
25c07b57c23f9ecc3499e3f95c6f44c74a532a1ac521562c689d665a29fc9614
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "25C07B57C23F9ECC3499E3F95C6F44C74A532A1AC521562C689D665A29FC9614"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4724
Expires: Fri, 03 Feb 2023 02:52:25 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e1326b1d0b68cc5f9b8efc40c36f9231
d3578c1a32fbc184b8169373299d315ca68b2f12
25c07b57c23f9ecc3499e3f95c6f44c74a532a1ac521562c689d665a29fc9614
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "25C07B57C23F9ECC3499E3F95C6F44C74A532A1AC521562C689D665A29FC9614"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4724
Expires: Fri, 03 Feb 2023 02:52:25 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
xml.serve-servee.com/thumbnail?i=0NvqHzV0Xm8_0&p=1675388019.221566&imgt=icon
172.64.163.38302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=0NvqHzV0Xm8_0&p=1675388019.221566&imgt=icon
IP 172.64.163.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=0NvqHzV0Xm8_0&p=1675388019.221566&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 03 Feb 2023 01:33:41 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/300x300_Wg3cKTLuRj8HdExmdUYY.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iehx38zNm0p%2FVYWmg5GinwK8OxlpCuU2uRYO9yaM3rzgGijSBXSGuzBd6te%2F0MNEPTSi9zP5ALic95P8ebtxt3AEOivSEqGopZudC14TW8WNOb9NOTbQ3c0peTxaBk%2FuKO1PcG24EA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79376b7bfe7f74b9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de6325424b40307b4855f6daf3a7e7f1
d14d016a2c49881108a3b5cbaa31fecc36a1be51
8ab91d0545f3a631d6c98dad704c8b3baeec8a3b39cd19efb6af9d426184a8b4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8AB91D0545F3A631D6C98DAD704C8B3BAEEC8A3B39CD19EFB6AF9D426184A8B4"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1791
Expires: Fri, 03 Feb 2023 02:03:32 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e1326b1d0b68cc5f9b8efc40c36f9231
d3578c1a32fbc184b8169373299d315ca68b2f12
25c07b57c23f9ecc3499e3f95c6f44c74a532a1ac521562c689d665a29fc9614
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "25C07B57C23F9ECC3499E3F95C6F44C74A532A1AC521562C689D665A29FC9614"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4724
Expires: Fri, 03 Feb 2023 02:52:25 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
crprt.livejasmin.com/post/play?ms_rnd=1675388020.62226&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&category=girl&site=jsm&utm_medium=network&subaffid=10565_xxxfiles.com&origin=twinrdsrv.com
93.93.51.191200 OK 65 kB URL HTTP/2 crprt.livejasmin.com/post/play?ms_rnd=1675388020.62226&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&category=girl&site=jsm&utm_medium=network&subaffid=10565_xxxfiles.com&origin=twinrdsrv.com
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash e8a966a2eb0fb76fd4b0d7d1d9d5138b
a97966601871b393ccffb5e09ddac06ddb43cd81
7e5c78a88792f6109585971297d16225b9e5b963ea0c67441708c07cd42df9ed
GET /post/play?ms_rnd=1675388020.62226&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&category=girl&site=jsm&utm_medium=network&subaffid=10565_xxxfiles.com&origin=twinrdsrv.com HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crjpgate.com/
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Fri, 03 Feb 2023 01:33:41 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sun, 05-Mar-23 01:33:41 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8cae5e4806530d35151da8a52f28f5ed
8a3b47f313b440c148395097f66c1df62d35a567
bd9eecb7bb0dff98bfc1fb3cebee4af30b08553f8663bc4329a655201f952aa4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD9EECB7BB0DFF98BFC1FB3CEBEE4AF30B08553F8663BC4329A655201F952AA4"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5038
Expires: Fri, 03 Feb 2023 02:57:39 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d1ede23ab1ddbc0d7fa930fd3810e49e
879f79b820606c514ae97d5a3c2be12533440a51
7ec120a673fc6ae1a147829269069666ef47b0258b832030906da7dc97ab2a14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7EC120A673FC6AE1A147829269069666EF47B0258B832030906DA7DC97AB2A14"
Last-Modified: Tue, 31 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16430
Expires: Fri, 03 Feb 2023 06:07:31 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8cae5e4806530d35151da8a52f28f5ed
8a3b47f313b440c148395097f66c1df62d35a567
bd9eecb7bb0dff98bfc1fb3cebee4af30b08553f8663bc4329a655201f952aa4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD9EECB7BB0DFF98BFC1FB3CEBEE4AF30B08553F8663BC4329A655201F952AA4"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5038
Expires: Fri, 03 Feb 2023 02:57:39 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8cae5e4806530d35151da8a52f28f5ed
8a3b47f313b440c148395097f66c1df62d35a567
bd9eecb7bb0dff98bfc1fb3cebee4af30b08553f8663bc4329a655201f952aa4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD9EECB7BB0DFF98BFC1FB3CEBEE4AF30B08553F8663BC4329A655201F952AA4"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5038
Expires: Fri, 03 Feb 2023 02:57:39 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
www.googletagmanager.com/gtm.js?id=GTM-MJ29FD7
216.58.211.8200 OK 83 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MJ29FD7
IP 216.58.211.8:0
File type ASCII text, with very long lines (59589)
Hash cd5b4eac29ed45a495a7595d0e73f856
5dbc67f5416177a90a1095b51ca907829504edac
117ee4ad6161c0c272d9dcda394f324790cb90845e1ba5b671aa972872e6b8bf
GET /gtm.js?id=GTM-MJ29FD7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 Feb 2023 01:33:41 GMT
expires: Fri, 03 Feb 2023 01:33:41 GMT
cache-control: private, max-age=900
last-modified: Fri, 03 Feb 2023 00:58:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 82572
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pt-static3.jsmsat.com/npe/_common/script/adblock/advertisement-v534930.js
93.93.51.201200 OK 21 B URL HTTP/2 pt-static3.jsmsat.com/npe/_common/script/adblock/advertisement-v534930.js
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with no line terminators
Hash 01c6e7ecb819ef28b0c9b962513a1596
1a49f493db7b91ed34a7040d36732352b9a5dc39
e97a9988dce8067f81f57557b349dd481e0335e75175179b6b01322be2ff13a5
GET /npe/_common/script/adblock/advertisement-v534930.js HTTP/1.1
Host: pt-static3.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: application/javascript
content-length: 21
last-modified: Thu, 02 Feb 2023 12:59:22 GMT
etag: "63dbb3aa-15"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/ae/aa/f6/aeaaf64c11bf62877f097a925a641d6b/1669388807.png
45.133.44.10200 OK 91 kB URL HTTP/2 cdn.cloudimagesb.com/si/ae/aa/f6/aeaaf64c11bf62877f097a925a641d6b/1669388807.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c1718772ca810c6c121fa1d02672bb44
22c20701dcd78b1bd41ada8b04576f73d3e42253
91561b48a3e4957afb6aaefbfa5c6463534db30a9bdc2a0f0aabbeef28486a33
GET /si/ae/aa/f6/aeaaf64c11bf62877f097a925a641d6b/1669388807.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: image/png
content-length: 91434
server: nginx/1.17.6
last-modified: Fri, 25 Nov 2022 15:06:56 GMT
etag: "6380da10-1652a"
expires: Sun, 05 Feb 2023 01:33:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7165a645d177fba2ded4bd46fd08b2d7
77255eabcce3fc8b27219c2677f6b3e5df800a35
0d41ba3d6cc71c3785d4867d5da506fce918301901c6f1bbb22d6ebc8113a74b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D41BA3D6CC71C3785D4867D5DA506FCE918301901C6F1BBB22D6EBC8113A74B"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17596
Expires: Fri, 03 Feb 2023 06:26:57 GMT
Date: Fri, 03 Feb 2023 01:33:41 GMT
Connection: keep-alive
pt-static1.jsmsat.com/npe/image/smilies_ex.png
93.93.51.201200 OK 8.5 kB URL HTTP/2 pt-static1.jsmsat.com/npe/image/smilies_ex.png
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type PNG image data, 536 x 138, 8-bit colormap, non-interlaced\012- data
Hash 53fc00ebf44066190d5faea2a7931e7c
21178ac1ffb10f958d26d17a0fe49d5d31a00720
63526a6642f64fadb44cd33d634bb626f8e96af3f850215cfdd78a9c609fc85c
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: image/png
content-length: 8533
last-modified: Tue, 17 Jan 2023 08:36:49 GMT
etag: "63c65e21-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pt-static4.jsmsat.com/npe/pu/play/css/play-v534930.css
93.93.51.201200 OK 13 kB URL HTTP/2 pt-static4.jsmsat.com/npe/pu/play/css/play-v534930.css
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash fe475ea597d026169a7f72339b003592
d2e1589eb30a6dd1709aaca9b83f980a503c9f18
47f287eb0536e9bf8364984e9c688fac2cfd2dc0224180c9c2a210d4fc315728
GET /npe/pu/play/css/play-v534930.css HTTP/1.1
Host: pt-static4.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: text/css
last-modified: Thu, 02 Feb 2023 12:59:23 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63dbb3ab-13491"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static4.jsmsat.com/npe/pu/play/script/pu.play-v534930.js
93.93.51.201200 OK 154 kB URL HTTP/2 pt-static4.jsmsat.com/npe/pu/play/script/pu.play-v534930.js
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 154 kB (154131 bytes)
Hash 500762cb70500e9de4184c56b466fcc9
b4990fd021e380b323167d5e5153659ae3884591
e9910ab2090840c6a1ce061247866aef255466b77c0e0f5cab15f3f2f672023f
GET /npe/pu/play/script/pu.play-v534930.js HTTP/1.1
Host: pt-static4.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: application/javascript
last-modified: Thu, 02 Feb 2023 12:59:23 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63dbb3ab-37112"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
crprt.livejasmin.com/o5DmH/Ua3.gif?ms_rnd=1675388020.62226&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&im=0
93.93.51.191200 OK 43 B URL HTTP/2 crprt.livejasmin.com/o5DmH/Ua3.gif?ms_rnd=1675388020.62226&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&im=0
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /o5DmH/Ua3.gif?ms_rnd=1675388020.62226&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&im=0 HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/post/play?ms_rnd=1675388020.62226&pstool=400_31&psid=ed_trronintdtno&utm_source=tr&category=girl&site=jsm&utm_medium=network&subaffid=10565_xxxfiles.com&origin=twinrdsrv.com
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sun, 05-Mar-23 01:33:41 GMT; SameSite=None; Secure
expires: Fri, 03 Feb 2023 01:33:40 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
pt-static2.jsmsat.com/npe/bonuscredit/css/bonuscredit-v534930.css
93.93.51.201200 OK 754 B URL HTTP/2 pt-static2.jsmsat.com/npe/bonuscredit/css/bonuscredit-v534930.css
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with very long lines (2401), with no line terminators
Hash 076ec1881fc8937302196b09b3aafde4
ad86749907a116af99917685f2d78b13181e3183
69f1264a6e0f77d4e76c1e7df6648fdc96fe8ec2acff893b4e20139cddcf8ecd
GET /npe/bonuscredit/css/bonuscredit-v534930.css HTTP/1.1
Host: pt-static2.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: text/css
last-modified: Thu, 02 Feb 2023 12:59:23 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63dbb3ab-961"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:49 GMT
age: 12953
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
crprt.livejasmin.com/3yEa9/sRY.gif?ms_rnd=1675388020.62226&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3&im=0
93.93.51.191200 OK 43 B URL HTTP/2 crprt.livejasmin.com/3yEa9/sRY.gif?ms_rnd=1675388020.62226&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3&im=0
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /3yEa9/sRY.gif?ms_rnd=1675388020.62226&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3&im=0 HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/post/fslf?ms_rnd=1675388020.62226&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:42 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Sun, 05-Mar-23 01:33:42 GMT; SameSite=None; Secure
expires: Fri, 03 Feb 2023 01:33:41 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ef27b197388a8836dc1ff8e653038a7a
3a804a0806c0f2d2c47197de71e2d988106175fc
f16fca5c3dfc60dcd979132951a7786d692bab4884a3ff76cf22366754739eac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F16FCA5C3DFC60DCD979132951A7786D692BAB4884A3FF76CF22366754739EAC"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17643
Expires: Fri, 03 Feb 2023 06:27:45 GMT
Date: Fri, 03 Feb 2023 01:33:42 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 03 Feb 2023 02:33:41 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.132.29200 OK 0 B IP 172.64.132.29:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: text/plain
set-cookie: csu=387390889494283@1@1675388019; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8Cmfd5dELzFFfNSaBqINsr3SyoBm7783p85YW%2BI94cYtBNuoiujMjFvunTwJ6rEZAly7HjKe601jm7%2FIyKPErqzR0Sqvv4OuKTJL3nXoW6epnQeqYlMuKebPssWudID"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79376b739ef1bc9a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.203.23200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: bca1900bf60c99c553c7b2724c7e1265
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 03 Feb 2023 01:33:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2hEMgRePqx6785gJG1vNjvms%2F9De7YHlXPxPS9dfyB1xG9ZrsDBigOZ%2FI5ZXokXrc4xR7j9BwRJeI5ctCkRUUzYt0z10bMTAU%2BaG2r0bWRbC8sKjILcKrI53IETbtVdlTUWEPyI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b71eb8f7198-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/do2/4f374a23cf56497b89d53e89be5502a2/vast?
136.243.134.97200 OK 0 B URL HTTP/2 tsyndicate.com/do2/4f374a23cf56497b89d53e89be5502a2/vast?
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
GET /do2/4f374a23cf56497b89d53e89be5502a2/vast? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: application/xml; charset=utf-8
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-vast: 3.0
x-request-id: b29e266a63c45e94
set-cookie: ts_uid=252f834a-bca3-4d71-862e-e34c8cef9146; expires=Thu, 03 Aug 2023 01:33:38 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMmTcmAEDRxcWIsYU3BLjoYgyE2PYuFGDxg0aNGI47KMg; expires=Sat, 04 Feb 2023 01:33:38 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/320559?v2=1&fill=0&kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25&s2=%25subid2%25
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/320559?v2=1&fill=0&kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25&s2=%25subid2%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/320559?v2=1&fill=0&kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25&s2=%25subid2%25 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
access-control-expose-headers: X-Asg-Config, X-t
x-t: 0
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
IP 172.64.166.9:0
GET /sb/ssp/utility/social-media/facebook/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5709125
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kBirIbUN9Oor%2FDp5wYNODMpv6B0HZuB%2BcIsLvidGDO8jnnqG2f2pLMqdLLlatsZ4vLi0r6BU4l5e8YUFwdZZppy3bdM1Ax18HprssWa%2F2fGbLNOl%2FsA5f0L9R6VkehgAwvgt6JfuRKr0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b7cb94776a3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/Ka0q1Ad.js
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/Ka0q1Ad.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /Ka0q1Ad.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: application/javascript
last-modified: Thu, 02 Feb 2023 11:45:01 GMT
etag: W/"63dba23d-47ec6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3bf14a720d62e0d1295d99086d103efa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 8AiPgco0kiTEzCMCRzMlUaOjUdvKWLMfBUY57Mi9jSS41OhKG4BxBQ==
age: 189
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/9612890897030451095/997762?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/9612890897030451095/997762?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/9612890897030451095/997762?fill=0&kw=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/329586?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/329586?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/329586?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/style.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/style.css
IP 172.64.166.9:0
GET /sb/ssp/utility/social-media/facebook/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: text/css
last-modified: Fri, 27 Aug 2021 12:19:14 GMT
etag: W/"6128d842-18be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5498291
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TwTJ1Vr%2B9cf9CxFfgTBgvGx4gYpj254t4hgwmp75Iluwjd%2FHKD%2FsiH313%2BBFWR4Jbxtet1Yhp8efHCb0XCi2qOoBA86VxLpQig4sH4MA84IgQ63N4nyYohcz%2FkS8RiqOV4ZLDS6vXRT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b7cb94476a3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/img/close.svg
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/img/close.svg
IP 172.64.166.9:0
GET /sb/ssp/utility/social-media/facebook/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: image/svg+xml
last-modified: Thu, 11 Feb 2021 15:13:59 GMT
etag: W/"602549b7-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6867756
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r65ufIS62fVPO1LS%2F7Xe8%2Fn3vfMNZzJhh2%2FxYn2fe9%2BeQIz1Y3zcVkGm8p6AQoSUZJPkheKKpOtIVGp%2FQQOI3X92uovURbkHQ%2FSyUiVgMDh9PEt6R4YWJBbxIYEdIw9A1YzifBWoBEiI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b7cb94976a3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&performerIds[]=9a684323-063b-4108-99a5-c8a2b5e42435
93.93.51.225200 OK 0 B URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&performerIds[]=9a684323-063b-4108-99a5-c8a2b5e42435
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&performerIds[]=9a684323-063b-4108-99a5-c8a2b5e42435 HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crprt.livejasmin.com/
Origin: https://crprt.livejasmin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:42 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
www.xxxfiles.com/videos/227642/af993d72d39971480a1f0d85bcc06647/?sid=12320
172.67.194.240200 OK 0 B URL HTTP/2 www.xxxfiles.com/videos/227642/af993d72d39971480a1f0d85bcc06647/?sid=12320
IP 172.67.194.240:0
GET /videos/227642/af993d72d39971480a1f0d85bcc06647/?sid=12320 HTTP/1.1
Host: www.xxxfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: text/html; charset=utf-8
set-cookie: PHPSESSID=3261m5efgho5loiocesi8v9edq; path=/; domain=.xxxfiles.com; SameSite=Lax
second_643539=true; expires=Fri, 03-Feb-2023 01:42:17 GMT; Max-Age=0; path=/
kt_qparams=id%3D227642%26dir%3Daf993d72d39971480a1f0d85bcc06647%26sid%3D12320; expires=Sat, 04-Feb-2023 01:42:18 GMT; Max-Age=86400; path=/; domain=.xxxfiles.com; SameSite=Lax
kt_ips=91.90.42.154; expires=Sat, 04-Feb-2023 01:42:22 GMT; Max-Age=86400; path=/; domain=.xxxfiles.com; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AlOkonYvF2JTndIuetlIwPIWkx363kh6DehHZegcO%2FKQjL4MDOovDBJnd%2BWRmw7O5Tig06QC6SISqxZJuRnacW0VdoiSlpm02Wddm38hNrJeyspR8LdBxS6RbTGgBuORyA8t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79376b4b6f25b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js
104.16.123.175200 OK 0 B URL HTTP/2 unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js
IP 104.16.123.175:0
GET /silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Wed, 10 Jan 2018 00:56:00 GMT
etag: W/"5329-e6FW82qZOTCVRh707R8p5aJnMuY"
via: 1.1 fly.io
fly-request-id: 01G7549ZE3WWN11S6HGDRQ6KSN-fra
cf-cache-status: HIT
age: 18432039
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 79376b65f9bab4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S990687060%3A1675388019745936&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfJTSV5aEtk_zEb4_5bUPmamDFhP1My3mj0uxnArHZGtMoT9ugZYWpDSo2WYLdUFgS1mBL3Yg
142.250.74.173403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S990687060%3A1675388019745936&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfJTSV5aEtk_zEb4_5bUPmamDFhP1My3mj0uxnArHZGtMoT9ugZYWpDSo2WYLdUFgS1mBL3Yg
IP 142.250.74.173:0
GET /v3/signin/identifier?dsh=S990687060%3A1675388019745936&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfJTSV5aEtk_zEb4_5bUPmamDFhP1My3mj0uxnArHZGtMoT9ugZYWpDSo2WYLdUFgS1mBL3Yg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 01:33:39 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-BQGvVt_PLtkl7rurofDzCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
IP 172.64.166.9:0
GET /sb/ssp/utility/social-media/facebook/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5709125
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K6QDtXj5Wp%2BFeX2qAQYQWVwr5xbjgRqNust6m6j3QGE6B2cJGO8PCi3hFKoiW3KWO%2FvHKpoBCeabf%2FAcASW6lvyQ72dIwYeZC3ANOqLPVowfDCWYReK7ISvOQ9IxhBMOif2%2B%2FRb9ESCX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b7ca93f76a3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/329584?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/329584?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/329584?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=uQDIXaKA2ZQunVPedwwn; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-503193225%3A1675388019702809&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdXGY1mM1XDbR6JoG8-lNAMvFvtuPPRKqW27otKfyhczq1_0RWjfENveoPTOmEoGvHSbIf9Yg
142.250.74.173403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-503193225%3A1675388019702809&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdXGY1mM1XDbR6JoG8-lNAMvFvtuPPRKqW27otKfyhczq1_0RWjfENveoPTOmEoGvHSbIf9Yg
IP 142.250.74.173:0
GET /v3/signin/identifier?dsh=S-503193225%3A1675388019702809&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdXGY1mM1XDbR6JoG8-lNAMvFvtuPPRKqW27otKfyhczq1_0RWjfENveoPTOmEoGvHSbIf9Yg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 01:33:39 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-zrgiM7Kf3QLtIJY0vk1vGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/XEXvawa.js
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/XEXvawa.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /XEXvawa.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: application/javascript
last-modified: Thu, 02 Feb 2023 11:45:01 GMT
etag: W/"63dba23d-47ec6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3bf14a720d62e0d1295d99086d103efa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 8AiPgco0kiTEzCMCRzMlUaOjUdvKWLMfBUY57Mi9jSS41OhKG4BxBQ==
age: 189
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
twinrdsrv.com/preroll.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&zid=52151&cvs={ClientVideoSupport}&time={TimeOffset}&stdtime={StdTimeOffset}&abr={IsAdblockRequest}&pageurl={PageUrl}&tid={TrackingId}&res={Resolution}&bw={BrowserWidth}&bh={BrowserHeight}&kw=Big+Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig+Ass%2Cbig+dick%2Cdeep+throat%2Cwhite+girl%2CInterracial%2Cshaved+pussy%2CBangbros+Network%2Cbangbros.com%2CMandingo%2CSarah+Vandella&referrerUrl={ReferrerUrl}&pw={PlayerWidth}&ph={PlayerHeight}
172.66.40.197200 OK 0 B URL HTTP/2 twinrdsrv.com/preroll.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&zid=52151&cvs={ClientVideoSupport}&time={TimeOffset}&stdtime={StdTimeOffset}&abr={IsAdblockRequest}&pageurl={PageUrl}&tid={TrackingId}&res={Resolution}&bw={BrowserWidth}&bh={BrowserHeight}&kw=Big+Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig+Ass%2Cbig+dick%2Cdeep+throat%2Cwhite+girl%2CInterracial%2Cshaved+pussy%2CBangbros+Network%2Cbangbros.com%2CMandingo%2CSarah+Vandella&referrerUrl={ReferrerUrl}&pw={PlayerWidth}&ph={PlayerHeight}
IP 172.66.40.197:0
GET /preroll.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&zid=52151&cvs={ClientVideoSupport}&time={TimeOffset}&stdtime={StdTimeOffset}&abr={IsAdblockRequest}&pageurl={PageUrl}&tid={TrackingId}&res={Resolution}&bw={BrowserWidth}&bh={BrowserHeight}&kw=Big+Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig+Ass%2Cbig+dick%2Cdeep+throat%2Cwhite+girl%2CInterracial%2Cshaved+pussy%2CBangbros+Network%2Cbangbros.com%2CMandingo%2CSarah+Vandella&referrerUrl={ReferrerUrl}&pw={PlayerWidth}&ph={PlayerHeight} HTTP/1.1
Host: twinrdsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:38 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
cache-control: private, no-transform
access-control-allow-credentials: true
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: https://www.xxxfiles.com
set-cookie: IKSR={}; path=/; SameSite=None; secure
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OO2KIx31BLMjhcpUv3h7VSPr%2F%2FJpZELgZqMtresJmlAxVrhO3dPVX2D1VaFhLN5PbJJC4ZW6%2FSfh%2F6PCdK1cgYaLB8AYxWuXadZJ5YVJpjnijJXBzUcZVsu7YkA34M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79376b6c9990b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/309159?host=www.xxxfiles.com&ev=204&wh=939&ww=1280&uuid=&kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/309159?host=www.xxxfiles.com&ev=204&wh=939&ww=1280&uuid=&kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/309159?host=www.xxxfiles.com&ev=204&wh=939&ww=1280&uuid=&kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/click/6457257980019948095?kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25&t=5&ab=0&keywords=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella&w=1280&h=1024&domain=www.xxxfiles.com&rnd=0.7992158789073578
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/click/6457257980019948095?kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25&t=5&ab=0&keywords=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella&w=1280&h=1024&domain=www.xxxfiles.com&rnd=0.7992158789073578
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/click/6457257980019948095?kw=Big%20Tits%2CBlowjob%2CHardcore%2CCumshot%2CHandjob%2CPornstar%2CBlonde%2CBig%20Ass%2Cbig%20dick%2Cdeep%20throat%2Cwhite%20girl%2CInterracial%2Cshaved%20pussy%2CBangbros%20Network%2Cbangbros.com%2CMandingo%2CSarah%20Vandella&s1=%25subid1%25&t=5&ab=0&keywords=Big%20Tits,Blowjob,Hardcore,Cumshot,Handjob,Pornstar,Blonde,Big%20Ass,big%20dick,deep%20throat,white%20girl,Interracial,shaved%20pussy,Bangbros%20Network,bangbros.com,Mandingo,Sarah%20Vandella&w=1280&h=1024&domain=www.xxxfiles.com&rnd=0.7992158789073578 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: nauid=2VtUm0F54OCUbXXOTHam
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static3.jsmsat.com/npe/bonuscredit/bonuscredit-v534930.js
93.93.51.201200 OK 0 B URL HTTP/2 pt-static3.jsmsat.com/npe/bonuscredit/bonuscredit-v534930.js
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/bonuscredit/bonuscredit-v534930.js HTTP/1.1
Host: pt-static3.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:41 GMT
content-type: application/javascript
last-modified: Thu, 02 Feb 2023 12:59:23 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63dbb3ab-61a9"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/8sq5gA5.js
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/8sq5gA5.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /8sq5gA5.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 01:33:37 GMT
content-type: application/javascript
last-modified: Thu, 02 Feb 2023 11:45:01 GMT
etag: W/"63dba23d-2a581"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0d795eafd076030e534112fa223d138a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: SrI2BRjABKWOdt7VqFs61W-EHPLn6wYJvjf4JPAUBOfirt5z5wnQ5g==
age: 193
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.132.29200 OK 0 B IP 172.64.132.29:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 Feb 2023 01:33:39 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 280
last-modified: Fri, 03 Feb 2023 01:28:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5fnFGTb7eU4PVGp1Tc7jZQuVKEi0ZWBwMPtgiegvA3CregYAtVthTokg7bEwZcYfLbl5gZoUuxt%2BIlDOZt3%2B09OnPli1duS4chViri617rMSLIz5385YBlolyRegDhj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79376b739ef2bc9a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2